Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems loading certain pages


  • This topic is locked This topic is locked
3 replies to this topic

#1 Mellow Out

Mellow Out

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:08 PM

Posted 08 July 2015 - 11:07 AM

Using internet explorer having trouble getting to certain sites ran FRST and it seems there are 2 that need attention just not sure what to do here is the full scan.

The 2 popping out with be 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
HKU\S-1-5-21-803821143-134996918-3111949932-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2015 01 (ATTENTION: ====> FRSTversion is 9 days old and could be outdated)
Ran by Ivan Voorhees (administrator) on IVANVOORHEES-PC on 07-07-2015 15:00:46
Running from E:\7-15 Virus
Loaded Profiles: Ivan Voorhees (Available Profiles: Ivan Voorhees)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Eastman Kodak Company) C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7858720 2009-10-20] (Realtek Semiconductor)
HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5088456 2015-01-28] (ESET)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKU\S-1-5-21-803821143-134996918-3111949932-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-803821143-134996918-3111949932-1000\...\Run: [Google+ Auto Backup] => C:\Users\Ivan Voorhees\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.)
HKU\S-1-5-21-803821143-134996918-3111949932-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SOFTST~1.SCR [160768 1999-05-03] (Softstuff Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2010-10-13]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk [2011-04-29]
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftStuff Wallpaper Changer.lnk [2010-10-13]
ShortcutTarget: SoftStuff Wallpaper Changer.lnk -> C:\Program Files\SoftStuff\softstrt.exe (Softstuff Corporation)
Startup: C:\Users\Ivan Voorhees\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Billminder.lnk [2011-01-20]
ShortcutTarget: Billminder.lnk -> C:\QUICKENW\billmind.exe (Intuit)
Startup: C:\Users\Ivan Voorhees\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SoftStuff Wallpaper Changer.lnk [2010-10-13]
ShortcutTarget: SoftStuff Wallpaper Changer.lnk -> C:\Program Files\SoftStuff\softstrt.exe (Softstuff Corporation)
Startup: C:\Users\Public\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windiags.bat [2010-07-12] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-803821143-134996918-3111949932-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://http://www.yahoo.com/?ilc=8.yahoo.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-803821143-134996918-3111949932-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-803821143-134996918-3111949932-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.ckt.net/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-803821143-134996918-3111949932-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-803821143-134996918-3111949932-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?p={searchTerms}&fr=mkg028
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-07-07] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-07] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Super%20Mah%20Jong%20Solitaire/Images/stg_drm.ocx
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Mah%20Jong%20Medley/Images/armhelper.ocx
Tcpip\Parameters: [DhcpNameServer] 192.168.3.1
Tcpip\..\Interfaces\{45B4948F-EE45-4130-87DC-A1C61AAF1B11}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{45B4948F-EE45-4130-87DC-A1C61AAF1B11}: [DhcpNameServer] 192.168.3.1
 
FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1218158.dll [2015-05-07] (Adobe Systems, Inc.)
FF Plugin: @ei.Webfetti.com/Plugin -> C:\Program Files\WebfettiEI\Installr\1.bin\NP7dEISB.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Users\Ivan Voorhees\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-07] (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-10-12] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40620.0\npctrl.dll [2015-06-19] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-803821143-134996918-3111949932-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ivan Voorhees\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-803821143-134996918-3111949932-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ivan Voorhees\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-07-12]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-10-13]
FF HKU\S-1-5-21-803821143-134996918-3111949932-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1349576 2015-01-28] (ESET)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [193464 2015-01-30] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [135808 2015-01-30] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [123424 2015-01-30] (ESET)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\IVANVO~1\AppData\Local\Temp\catchme.sys [X]
S3 ESETCleanersDriver; \??\C:\Windows\system32\Drivers\ESETCleanersDriver.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-07 15:00 - 2015-07-07 15:00 - 00000000 ____D C:\FRST
2015-07-07 14:56 - 2015-07-07 14:57 - 00003068 _____ C:\Users\Ivan Voorhees\Desktop\Rkill.txt
2015-07-07 13:21 - 2015-07-07 13:21 - 00000000 ____D C:\Windows\system32\Adobe
2015-07-07 13:20 - 2015-07-07 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-07 13:20 - 2015-07-07 13:20 - 00000000 ____D C:\Program Files\Common Files\Java
2015-07-07 12:43 - 2015-06-29 12:57 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-07 12:43 - 2015-06-29 12:56 - 00924160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-07 12:43 - 2015-06-29 12:56 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-07 12:43 - 2015-06-29 12:56 - 00587264 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-07 12:43 - 2015-06-29 12:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-07 12:43 - 2015-06-29 12:56 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-07 12:43 - 2015-06-29 12:56 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-07 12:43 - 2015-06-29 12:46 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-07 12:43 - 2015-06-26 12:56 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-07 12:43 - 2015-06-26 12:56 - 02057216 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-07 12:43 - 2015-06-26 12:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-07 12:43 - 2015-06-26 12:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-07 12:43 - 2015-06-26 12:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-07 12:43 - 2015-06-26 12:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-07 12:43 - 2015-06-26 12:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-07 12:43 - 2015-06-26 12:55 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-07 12:43 - 2015-06-26 12:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-07 12:43 - 2015-06-26 12:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-07 12:43 - 2015-06-26 12:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-07 12:42 - 2015-01-30 22:33 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-07 12:42 - 2015-01-30 22:33 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-07 12:42 - 2015-01-30 19:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-07-07 12:41 - 2014-12-11 12:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-07-07 12:26 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-07 12:18 - 2015-07-07 12:18 - 00000028 _____ C:\Windows\ICOA.INI
2015-07-07 12:02 - 2015-07-07 12:02 - 00013361 _____ C:\ComboFix.txt
2015-07-07 11:44 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-07 11:44 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-07 11:44 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-07 11:44 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-07 11:44 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-07 11:44 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-07 11:44 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-07 11:44 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-07 11:43 - 2015-07-07 12:02 - 00000000 ____D C:\Qoobox
2015-07-07 11:43 - 2015-07-07 12:00 - 00000000 ____D C:\Windows\erdnt
2015-07-07 10:14 - 2012-08-23 09:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-07-07 10:14 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-07-07 10:13 - 2013-10-01 19:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-07-07 10:13 - 2013-10-01 19:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-07-07 10:13 - 2013-10-01 19:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-07-07 10:13 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-07-07 10:13 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-07-07 10:13 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-07-07 10:13 - 2013-10-01 18:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-07-07 10:13 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-07-07 10:13 - 2013-10-01 17:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-07-07 10:13 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-07-07 10:02 - 2015-07-07 10:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-07-07 09:59 - 2015-05-09 13:09 - 00715200 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-07-07 09:59 - 2015-04-27 14:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-07 09:59 - 2015-04-27 14:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-07 09:59 - 2015-04-27 14:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-07 09:59 - 2015-04-27 14:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-07 09:59 - 2015-03-13 22:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-07-07 09:59 - 2015-03-13 22:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-07-06 17:18 - 2015-07-06 17:18 - 00000000 ____D C:\ProgramData\ESET
2015-07-06 17:18 - 2015-07-06 17:18 - 00000000 ____D C:\Program Files\ESET
2015-07-06 14:41 - 2015-07-06 14:48 - 00000000 ____D C:\AdwCleaner
2015-07-06 13:44 - 2015-07-06 13:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-19 15:35 - 2015-06-19 15:37 - 00000655 _____ C:\Users\Ivan Voorhees\Documents\MONTY.txt
2015-06-09 22:17 - 2015-06-02 14:35 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-09 22:17 - 2015-05-27 09:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-09 22:17 - 2015-05-25 12:00 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-09 22:17 - 2015-05-22 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-09 22:17 - 2015-05-22 22:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-09 22:17 - 2015-05-22 22:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-09 22:17 - 2015-05-22 22:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-09 22:17 - 2015-05-22 22:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-09 22:17 - 2015-05-22 22:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-09 22:17 - 2015-05-22 22:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-09 22:17 - 2015-05-22 22:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-09 22:17 - 2015-05-22 22:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-09 22:17 - 2015-05-22 22:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-09 22:17 - 2015-05-22 22:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-09 22:17 - 2015-05-22 22:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-09 22:17 - 2015-05-22 22:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-09 22:17 - 2015-05-22 22:05 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-09 22:17 - 2015-05-22 22:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-09 22:17 - 2015-05-22 22:00 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-09 22:17 - 2015-05-22 21:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-09 22:17 - 2015-05-22 21:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-09 22:17 - 2015-05-22 21:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-09 22:17 - 2015-05-22 21:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-09 22:17 - 2015-05-22 21:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-09 22:17 - 2015-05-22 21:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-09 22:17 - 2015-05-22 21:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-09 22:17 - 2015-05-22 21:38 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-09 22:17 - 2015-05-22 21:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-09 22:17 - 2015-05-22 21:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-09 22:17 - 2015-05-22 21:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-09 22:17 - 2015-05-22 21:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-09 22:17 - 2015-05-22 21:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-09 22:17 - 2015-05-22 21:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-09 22:17 - 2015-04-10 22:07 - 00054656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-09 22:16 - 2015-05-25 13:01 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-09 22:15 - 2015-05-25 13:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-06-09 22:15 - 2015-05-25 13:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-09 22:15 - 2015-05-25 13:07 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-09 22:15 - 2015-05-25 13:07 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-09 22:15 - 2015-05-25 13:04 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-09 22:15 - 2015-05-25 13:01 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-09 22:15 - 2015-05-25 13:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-09 22:15 - 2015-05-25 13:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-09 22:15 - 2015-05-25 13:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-09 22:15 - 2015-05-25 13:01 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-09 22:15 - 2015-05-25 13:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-09 22:15 - 2015-05-25 13:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-09 22:15 - 2015-05-25 13:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-09 22:15 - 2015-05-25 13:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-09 22:15 - 2015-05-25 13:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-09 22:15 - 2015-05-25 13:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-09 22:15 - 2015-05-25 13:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-09 22:15 - 2015-05-25 13:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-09 22:15 - 2015-05-25 13:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-09 22:15 - 2015-05-25 13:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-09 22:15 - 2015-05-25 13:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-09 22:15 - 2015-05-25 13:01 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-09 22:15 - 2015-05-25 13:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-09 22:15 - 2015-05-25 13:00 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-09 22:15 - 2015-05-25 13:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-09 22:15 - 2015-05-25 13:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-09 22:15 - 2015-05-25 13:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-09 22:15 - 2015-05-25 13:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-09 22:15 - 2015-05-25 13:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-09 22:15 - 2015-05-25 13:00 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-09 22:15 - 2015-05-25 13:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-09 22:15 - 2015-05-25 12:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-09 22:15 - 2015-05-25 12:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-09 22:15 - 2015-05-25 12:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-09 22:15 - 2015-05-25 12:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-09 22:15 - 2015-05-25 11:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-09 22:15 - 2015-05-08 22:14 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-09 22:15 - 2015-05-08 22:13 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-09 22:15 - 2015-05-08 22:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-09 22:15 - 2015-05-08 22:12 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-09 22:15 - 2015-05-08 22:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-09 22:15 - 2015-05-08 22:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-09 22:15 - 2015-05-08 22:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-09 22:15 - 2015-05-08 22:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-09 22:15 - 2015-05-08 22:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-09 22:15 - 2015-05-08 22:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-09 22:15 - 2015-05-08 22:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-09 22:15 - 2015-05-08 22:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-09 22:15 - 2015-05-08 22:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-09 22:15 - 2015-05-08 22:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-09 22:15 - 2015-05-08 22:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-09 22:15 - 2015-05-08 22:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-09 22:15 - 2015-05-08 22:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-09 22:15 - 2015-05-08 22:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-09 22:15 - 2015-05-08 22:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-09 22:15 - 2015-05-08 22:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-09 22:15 - 2015-05-08 22:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-09 22:15 - 2015-05-08 22:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-09 22:15 - 2015-05-08 22:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-09 22:15 - 2015-05-08 22:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-09 22:15 - 2015-05-08 22:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-09 22:15 - 2015-05-08 22:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-09 22:15 - 2015-05-08 22:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-09 22:15 - 2015-05-08 22:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-09 22:15 - 2015-05-08 20:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-09 22:15 - 2015-05-08 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-09 22:15 - 2015-05-08 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-09 22:15 - 2015-05-08 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-09 22:15 - 2015-04-29 13:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-09 22:15 - 2015-04-29 13:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-09 22:15 - 2015-04-29 13:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-09 22:15 - 2015-04-29 13:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-09 22:15 - 2015-04-29 13:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-09 22:15 - 2015-04-24 12:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-07 14:58 - 2009-07-13 23:34 - 00022016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-07 14:58 - 2009-07-13 23:34 - 00022016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-07 14:56 - 2010-07-12 18:20 - 00783360 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-07 14:55 - 2010-10-13 06:38 - 00000343 _____ C:\Windows\control.ini
2015-07-07 14:49 - 2010-10-13 09:20 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-07 14:49 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-07 14:49 - 2009-07-13 23:39 - 00082951 _____ C:\Windows\setupact.log
2015-07-07 14:38 - 2010-10-12 02:08 - 01285074 _____ C:\Windows\WindowsUpdate.log
2015-07-07 14:04 - 2015-02-26 14:49 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-803821143-134996918-3111949932-1000UA.job
2015-07-07 13:28 - 2010-10-13 09:20 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-07 13:25 - 2012-04-13 08:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-07 13:23 - 2010-07-12 18:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-07-07 13:19 - 2012-11-19 15:46 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-07-07 13:18 - 2013-04-18 13:44 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2015-07-07 13:18 - 2012-11-19 15:46 - 00000000 ____D C:\Program Files\Java
2015-07-07 13:17 - 2012-04-13 08:17 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-07 13:17 - 2011-05-20 07:31 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-07 13:17 - 2010-10-14 01:00 - 00000000 ____D C:\Users\Ivan Voorhees\AppData\Local\Adobe
2015-07-07 13:17 - 2010-07-12 18:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-07-07 12:49 - 2014-12-11 04:17 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-07 12:49 - 2014-04-30 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-07 12:23 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-07-07 12:18 - 2011-01-20 17:08 - 00000000 ____D C:\QUICKENW
2015-07-07 12:16 - 2010-10-13 02:41 - 00351830 _____ C:\Windows\PFRO.log
2015-07-07 12:02 - 2009-07-13 21:37 - 00000000 __RHD C:\Users\Default
2015-07-07 12:00 - 2009-07-13 21:04 - 00000215 _____ C:\Windows\system.ini
2015-07-07 11:38 - 2009-07-13 21:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-07 11:35 - 2009-07-13 23:52 - 00000000 ____D C:\Program Files\Windows Defender
2015-07-07 09:50 - 2010-10-13 06:38 - 00921654 _____ C:\Windows\softstuf.bmp
2015-07-07 05:04 - 2015-02-26 14:49 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-803821143-134996918-3111949932-1000Core.job
2015-07-06 14:48 - 2013-10-30 06:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler lišta
2015-07-06 10:37 - 2009-07-13 23:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-06-23 13:27 - 2010-07-12 18:19 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-10 08:05 - 2014-11-13 04:26 - 00000000 __SHD C:\Users\Ivan Voorhees\AppData\Local\EmieBrowserModeList
2015-06-10 08:05 - 2014-04-29 03:18 - 00000000 __SHD C:\Users\Ivan Voorhees\AppData\Local\EmieUserList
2015-06-10 08:05 - 2014-04-29 03:18 - 00000000 __SHD C:\Users\Ivan Voorhees\AppData\Local\EmieSiteList
2015-06-10 03:57 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2015-06-10 03:20 - 2009-07-13 23:33 - 00274136 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-10 03:01 - 2010-10-13 02:20 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2012-03-08 23:37 - 2012-03-09 18:56 - 0000183 _____ () C:\Users\Ivan Voorhees\AppData\Roaming\default.rss
2012-04-19 11:56 - 2012-04-30 15:30 - 0001940 _____ () C:\Users\Ivan Voorhees\AppData\Roaming\result.db
2010-10-13 18:51 - 2011-04-25 09:33 - 0010240 _____ () C:\Users\Ivan Voorhees\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-04-04 16:41 - 2011-04-04 16:41 - 0000017 _____ () C:\Users\Ivan Voorhees\AppData\Local\resmon.resmoncfg
2010-10-13 01:59 - 2010-10-13 06:37 - 0001308 _____ () C:\ProgramData\hpzinstall.log
2011-11-19 14:33 - 2014-12-18 15:37 - 0001331 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Some files in TEMP:
====================
C:\Users\Ivan Voorhees\AppData\Local\temp\_WUTL95.DLL
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-06 16:11
 
==================== End of log ============================


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:08 PM

Posted 12 July 2015 - 10:25 PM

Greetings Mellow Out and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do the following in the order listed.

===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Malwarebytes Anti-Malware Free and Malwarebytes Chameleon

----------
  • Download Malwarebytes Anti-Malware Free and save it to your desktop
  • Double click the desktop icon, click Run, then OK
  • Click Next
  • Select I accept the agreement then continue to click Next then finally click Install
  • Uncheck Enable free trial of Malwarebytes Anti-Malware Premium if you do not want the free trial of the paid version, then click Finish
  • If you are notified the Database is out of date click Update Now
  • Click Scan Now >>

----------
Note: If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
Click Start (Start, Search, All files and folders for Windows XP) then type mbam
Double click one of the four following files (if one does not work try the next one, and so on) - A black command window will open. Follow those instructions until the Malwarebytes program starts the scan

mbam-chameleon.scr
mbam-chameleon
mbam-chameleon.exe
mbam-chameleon.com

----------

  • When completed click Save Results in the lower right hand corner of the screen then select Text file (.txt)
  • Save the file to your desktop as MBAM
  • Click Apply Actions then restart your computer if requested
  • Copy and past the contents of MBAM.txt in your reply
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Delete any existing FRST.exe files off your computer
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Junkware log
  • Malwarebytes log
  • FRST log
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:08 PM

Posted 15 July 2015 - 10:42 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:08 PM

Posted 17 July 2015 - 06:24 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users