Jump to content

Jeff....Need Help Again...:(


Recommended Posts

Ugh!  I've never had this much trouble.  Would you mind helping again?  I ran MBAM, then the DDS files as directed.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.18.10
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Owner :: MIKKI-PC [administrator]
 
3/18/2014 7:04:12 PM
mbam-log-2014-03-18 (19-04-12).txt
 
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 462224
Time elapsed: 1 day(s), 3 hour(s), 58 minute(s), 5 second(s)
 
Memory Processes Detected: 3
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\ValueApps\IE\ValueApps.exe_old (PUP.Optional.ValueApps.A) -> 12364 -> Delete on reboot.
C:\Program Files (x86)\Bench\BService\bservice.exe (PUP.Optional.Bench.A) -> 3608 -> Delete on reboot.
C:\Program Files (x86)\Bench\Wd\wd.exe (PUP.Optional.Bench.A) -> 2692 -> Delete on reboot.
 
Memory Modules Detected: 1
C:\Program Files (x86)\Bench\BService\bhelper.dll (PUP.Optional.Bench.A) -> Delete on reboot.
 
Registry Keys Detected: 8
HKCR\CLSID\{F63AAEDC-3602-49EF-AA45-262380A98980} (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C9A54DFE-051F-49C5-9FC7-ECB81DC6C69F} (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully.
HKCR\Interface\{8050556E-4AD3-40BD-B338-7DBB0D5C10C8} (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F63AAEDC-3602-49EF-AA45-262380A98980} (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F63AAEDC-3602-49EF-AA45-262380A98980} (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F63AAEDC-3602-49EF-AA45-262380A98980} (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F63AAEDC-3602-49EF-AA45-262380A98980} (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.bench.nmhost (PUP.Optional.Bench.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BService (PUP.Optional.Bench.A) -> Data: C:\Program Files (x86)\Bench\BService\bservice.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Wd (PUP.Optional.Bench.A) -> Data: C:\Program Files (x86)\Bench\Wd\wd.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|Start Savin-repairJob (PUP.Optional.SmartApps) -> Data: wscript.exe "C:\Users\Owner\AppData\Local\Start Savin\repair.js" "Start Savin-repairJob" -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Datamngr.A) -> Bad: (C:\PROGRA~3\Wincert\WIN32C~1.DLL) Good: () -> Quarantined and repaired successfully.
 
Folders Detected: 17
C:\Program Files (x86)\Bench\NmHost (PUP.Optional.BenchUpdater) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Bench\NmHost\data (PUP.Optional.BenchUpdater) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Bench\NmHost\data\installer (PUP.Optional.BenchUpdater) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\BenchUpdater (PUP.Optional.BenchUpdater.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\ValueApps\IE (PUP.Optional.ValueAppsplugin.A) -> Delete on reboot.
C:\Program Files (x86)\Bench\Updater (PUP.Optional.AdwarePlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Bench\Updater\1.7.0.0 (PUP.Optional.AdwarePlugin) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0 (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\AppFramework (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\CanvasFramework (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\framework (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\framework-ui (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\icons (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\includes (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Bench\BService (PUP.Optional.Bench.A) -> Delete on reboot.
C:\Program Files (x86)\Bench\Wd (PUP.Optional.Bench.A) -> Delete on reboot.
 
Files Detected: 73
C:\Program Files (x86)\Bench\BService\bservice.exe (PUP.Optional.Bench.A) -> No action taken.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\ValueApps\IE\ValueApps.exe_old (PUP.Optional.ValueApps.A) -> Quarantined and deleted successfully.
C:\Users\Owner\Downloads\SoftonicDownloader_for_lupas-rename.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.
C:\Users\Owner\Downloads\SoftonicDownloader_for_renamer.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.
C:\Users\Owner\Downloads\UltimateCodec.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\ValueApps\IE\ValueApps.exe (PUP.Optional.ValueApps.A) -> Delete on reboot.
C:\Windows\Temp\file_to_run551752.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Windows\Temp\verifier.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Windows\Temp\nsn11D6.tmp\embededstub_new.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Bench\NmHost\nmhost.exe (PUP.Optional.BenchUpdater) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Bench\NmHost\manifest.json (PUP.Optional.BenchUpdater) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Bench\NmHost\data\installer\imfpmncmbojnbdhnogcegojocabhpbnh (PUP.Optional.BenchUpdater) -> Quarantined and deleted successfully.
C:\Windows\Tasks\bench-S-1-5-21-2681166796-2007918134-1661358387-1000.job (PUP.Optional.BenchUpdater.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\bench-sys.job (PUP.Optional.BenchUpdater.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\BenchUpdater\products.xml (PUP.Optional.BenchUpdater.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\ValueApps\IE\settings.json (PUP.Optional.ValueAppsplugin.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\ValueApps\IE\ValueAppLog0.log (PUP.Optional.ValueAppsplugin.A) -> Delete on reboot.
C:\ProgramData\Wincert\win32cert.dll (PUP.Optional.Datamngr.A) -> Quarantined and deleted successfully.
C:\ProgramData\Wincert\win64cert.dll (PUP.Optional.Datamngr.A) -> Quarantined and deleted successfully.
C:\ProgramData\Wincert\win32prop.dll (PUP.Optional.Datamngr.A) -> Quarantined and deleted successfully.
C:\ProgramData\Wincert\win64prop.dll (PUP.Optional.Datamngr.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Bench\Wd\wd.exe (PUP.Optional.Bench.A) -> Delete on reboot.
C:\Users\Owner\AppData\Local\Start Savin\repair.js (PUP.Optional.SmartApps) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Bench\Updater\products.xml (PUP.Optional.AdwarePlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Bench\Updater\updater.exe (PUP.Optional.AdwarePlugin) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Bench\Updater\1.7.0.0\updater.exe (PUP.Optional.AdwarePlugin) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\background.html (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\extension_info.json (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\manifest.json (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\AppFramework\appAPI_bg.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\AppFramework\appAPI_browseraction.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\AppFramework\appAPI_common.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\AppFramework\appAPI_content.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\AppFramework\appAPI_settings.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\AppFramework\appAPI_webrequest.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\AppFramework\jquery.min.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\CanvasFramework\canvasscript_engine.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\CanvasFramework\canvas_bg.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\CanvasFramework\webrequest.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\framework\backgroundscript_engine.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\framework\base.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\framework\browser.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\framework\console.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\framework\framework.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\framework\i18n.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\framework\initialize.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\framework\invoke_async.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\framework\io.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\framework\lang.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\framework\legacy.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\framework\message_target.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\framework\messaging.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\framework\storage.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\framework\timer.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\framework\userscript_client.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\framework\userscript_engine.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\framework\utils.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\framework\xhr.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\framework-ui\browser_button.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\framework-ui\context_menu.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\framework-ui\framework_api.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\framework-ui\notifications.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\framework-ui\options.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\framework-ui\remote_popup_host.html (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\framework-ui\remote_popup_host.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\framework-ui\ui_base.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\icons\button.png (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\icons\icon100.png (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\icons\icon128.png (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\icons\icon32.png (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\icons\icon48.png (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfpmncmbojnbdhnogcegojocabhpbnh\1.0_0\includes\content.js (PUP.Optional.StartSaving.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Bench\BService\bhelper.dll (PUP.Optional.Bench.A) -> Delete on reboot.
 
(end)
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.45.2
Run by Owner at 1:22:05 on 2014-03-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3835.1719 [GMT -5:00]
.
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Auslogics\BoostSpeed\BoostSpeed.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe
C:\Program Files (x86)\Glary Utilities 4\x64\Win64ShellLink.exe
C:\Program Files (x86)\Settings Manager\systemk\systemku.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Box Sync\BoxSyncHelper.exe
C:\Users\Owner\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files\Box Sync\BoxSync.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Start Savin BHO: {181F2C09-56DD-4F98-86D7-59BA2BC59B5A} - C:\Program Files (x86)\Start Savin\FrameworkBHO.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll
BHO: Linkey: {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files (x86)\Linkey\IEExtension\iedll.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [MusicManager] "C:\Users\Owner\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [QuickenScheduledUpdates] C:\Program Files (x86)\Quicken\bagent.exe
uRun: [pcreg] C:\Program Files\pcreg\service.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [switchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [pcreg] C:\Program Files\pcreg\service.exe
dRunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect"
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BOXSYN~1.LNK - C:\Program Files\Box Sync\BoxSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYHO~1.LNK - C:\Program Files\MozyHome\mozystat.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: HideSCAHealth = dword:1
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{7435787B-D650-491A-A386-912BED018258} : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{7435787B-D650-491A-A386-912BED018258}\34C6561627023507F64702466336 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7435787B-D650-491A-A386-912BED018258}\3586562727972E0899370296D41636 : DHCPNameServer = 10.0.2.1
TCP: Interfaces\{7435787B-D650-491A-A386-912BED018258}\452554E444E65647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7435787B-D650-491A-A386-912BED018258}\84F4D454D254542423 : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{7435787B-D650-491A-A386-912BED018258}\D416D656474756D27657563747 : DHCPNameServer = 192.168.3.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll
AppInit_DLLs= C:\PROGRA~2\Linkey\IEEXTE~1\iedll.dll C:\PROGRA~2\SETTIN~1\systemk\syskldr.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator-cbfs4 - {B8FD60CF-9D65-44C7-BECA-891CB8C4D5AD} - C:\Windows\SysWOW64\cbfsMntNtf4.dll
STS: Virtual Storage Mount Notification - {B8FD60CF-9D65-44C7-BECA-891CB8C4D5AD} - C:\Windows\SysWOW64\cbfsMntNtf4.dll
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browsemngr.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
x64-BHO: Start Savin BHO: {181F2C09-56DD-4F98-86D7-59BA2BC59B5A} - C:\Program Files (x86)\Start Savin\FrameworkBHO64.dll
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll
x64-BHO: Linkey: {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\Program Files (x86)\Linkey\IEExtension\iedll64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe64.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-Run: [boxSyncHelper] "C:\Program Files\Box Sync\BoxSyncHelper.exe"
x64-Run: [pcreg] C:\Program Files\pcreg\service.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - <orphaned>
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1104\7.1.1104\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator-cbfs4 - {B8FD60CF-9D65-44C7-BECA-891CB8C4D5AD} - C:\Windows\System32\cbfsMntNtf4.dll
x64-STS: Virtual Storage Mount Notification - {B8FD60CF-9D65-44C7-BECA-891CB8C4D5AD} - C:\Windows\System32\cbfsMntNtf4.dll
x64-IFEO: bitguard.exe - tasklist.exe
x64-IFEO: bprotect.exe - tasklist.exe
x64-IFEO: bpsvc.exe - tasklist.exe
x64-IFEO: browsemngr.exe - tasklist.exe
x64-IFEO: browserdefender.exe - tasklist.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
Hosts: 54.225.95.126 imfpmncmbojnbdhnogcegojocabhpbnh
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ghug7evk.default\
FF - prefs.js: browser.search.selectedEngine - default-search.net
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
FF - ExtSQL: 2014-01-31 11:52; abb@amazon.com; C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ghug7evk.default\extensions\abb@amazon.com.xpi
FF - ExtSQL: 2014-02-10 22:13; {38783831-6098-4faa-A9C9-1EE1E343F4D2}; C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
FF - ExtSQL: 2014-02-13 03:46; {22C7F6C6-8D67-4534-92B5-529A0EC09405}; C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension
.
============= SERVICES / DRIVERS ===============
.
R1 cbfs4;cbfs4;C:\Windows\System32\drivers\cbfs4.sys [2013-12-29 387776]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2009-9-8 87600]
R1 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2011-11-23 77184]
R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2013/02/26 08:23:54];C:\Program Files (x86)\Cyberlink\PowerDVD12\Common\NavFilter\000.fcl [2012-12-28 130320]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-7-22 202752]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-11-23 275912]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2013-2-26 91248]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-7-22 325200]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-7-31 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-2 120728]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-6-28 255744]
R2 ntk_PowerDVD12;ntk_PowerDVD12;C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2013-2-26 83704]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-6-19 1907896]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-8-8 65657]
R2 SystemkService;Systemk Service;C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe [2014-3-16 3448848]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-7-22 243232]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-7-22 321064]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-7-22 1084448]
R3 tmeevw;tmeevw;C:\Windows\System32\drivers\tmeevw.sys [2011-11-23 67344]
R3 tmnciesc;tmnciesc;C:\Windows\System32\drivers\tmnciesc.sys [2011-11-23 210704]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-7-31 38456]
R3 vpnpbus;EldoS PnP Virtual Bus driver;C:\Windows\System32\drivers\vpnpbus.sys [2013-12-29 18624]
S2 1a34a8e0;GS.Supporter;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update --> C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [?]
S2 pcregservice;pcregservice Service;C:\Program Files\pcreg\pcreg.exe [2014-3-13 33864]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2013-7-19 112080]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]
S3 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2013-2-26 78960]
S3 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2013-2-26 296048]
S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [2013-12-15 276256]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-12 111616]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-2-12 36680]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2009-7-10 31744]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2012-6-11 22016]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2012-1-25 9728]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2012-6-8 27136]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-11-8 11776]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-2-12 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-7-22 239136]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-12 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-15 1255736]
.
=============== Created Last 30 ================
.
2014-03-21 06:03:50 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A13585A8-2968-446E-B402-734916AB7405}\mpengine.dll
2014-03-19 00:01:58 10521840 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-03-18 23:47:00 -------- d-----w- C:\Program Files (x86)\ValueApps
2014-03-18 23:46:21 -------- d-----w- C:\ProgramData\ValueApps
2014-03-16 23:09:09 -------- d-----w- C:\ProgramData\BrowserProtect
2014-03-16 23:09:08 -------- d-----w- C:\ProgramData\Browser Manager
2014-03-16 23:09:08 -------- d-----w- C:\ProgramData\BitGuard
2014-03-16 22:36:15 -------- d-----w- C:\Program Files (x86)\Start Savin
2014-03-16 22:31:28 -------- d-----w- C:\Program Files (x86)\Bench
2014-03-16 22:31:25 -------- d-----w- C:\Users\Owner\AppData\Local\Start Savin
2014-03-16 22:28:01 -------- d-----w- C:\Program Files\pcreg
2014-03-16 22:26:41 -------- d-----w- C:\ProgramData\Wincert
2014-03-16 22:25:40 -------- d-----w- C:\ProgramData\systemk
2014-03-16 22:25:18 -------- d-----w- C:\Program Files (x86)\Lupas Rename 2000
2014-03-16 22:25:00 -------- d-----w- C:\Program Files (x86)\Linkey
2014-03-16 22:23:54 -------- d-----w- C:\Program Files (x86)\Settings Manager
2014-03-16 22:21:57 -------- d-----w- C:\Program Files (x86)\ReNamer
2014-03-15 00:28:02 5 ----a-w- C:\Windows\SysWow64\lMMLDeleteUserData42107612FX.tmp
2014-03-13 02:21:45 -------- d-----w- C:\Users\Owner\AppData\Local\Intuit
2014-03-13 01:23:46 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-13 01:23:45 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-13 01:23:27 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-13 01:23:27 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-12 16:03:50 -------- d-----w- C:\Users\Owner\AppData\Roaming\.technic
2014-03-08 19:24:32 -------- d-----w- C:\Users\Owner\AppData\Local\Apple Computer
2014-03-08 19:23:30 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2014-03-08 19:20:50 -------- d-----w- C:\Program Files\iPod
2014-03-08 19:20:49 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-08 19:20:49 -------- d-----w- C:\Program Files\iTunes
2014-03-08 19:20:49 -------- d-----w- C:\Program Files (x86)\iTunes
2014-03-08 19:08:15 -------- d-----w- C:\Program Files\Bonjour
2014-03-08 19:08:15 -------- d-----w- C:\Program Files (x86)\Bonjour
2014-03-06 03:01:53 -------- d-----r- C:\Program Files (x86)\Skype
2014-03-01 02:36:50 -------- d-sh--w- C:\$RECYCLE.BIN
2014-03-01 01:03:49 -------- d-----w- C:\ComboFix
2014-02-25 22:06:37 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2014-02-25 22:06:37 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-02-24 13:15:01 -------- d-----w- C:\Users\Owner\AppData\Local\QuickenWindow
2014-02-24 12:43:13 -------- d-----w- C:\Users\Owner\AppData\Local\IsolatedStorage
2014-02-23 18:12:00 -------- d-----w- C:\Users\Owner\AppData\Roaming\ID3-TagIT 3
2014-02-23 18:10:12 -------- d-----w- C:\ProgramData\ID3-TagIT 3
2014-02-23 18:10:12 -------- d-----w- C:\Program Files (x86)\ID3-TagIT 3
2014-02-23 16:18:14 -------- d-----w- C:\Program Files (x86)\ESET
2014-02-23 16:13:00 -------- d--h--w- C:\OneDriveTemp
2014-02-20 01:45:19 -------- d-----w- C:\Program Files (x86)\Quicken
.
==================== Find3M  ====================
.
2014-03-12 01:58:36 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 01:58:36 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-26 05:39:42 117024 ----a-w- C:\Windows\System32\BootDefrag.exe
2014-02-17 00:01:59 30208 ----a-w- C:\Windows\System32\licmgr10.dll
2014-02-17 00:01:59 1228800 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-02-17 00:01:58 167424 ----a-w- C:\Windows\System32\iexpress.exe
2014-02-17 00:01:58 143872 ----a-w- C:\Windows\System32\wextract.exe
2014-02-17 00:01:58 13824 ----a-w- C:\Windows\System32\mshta.exe
2014-02-17 00:01:57 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-02-17 00:01:57 48128 ----a-w- C:\Windows\System32\imgutil.dll
2014-02-12 05:36:51 36680 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-01-21 16:43:43 238128 ----a-w- C:\Windows\RegBootClean64.exe
2014-01-21 11:49:15 4229120 ----a-w- C:\Program Files (x86)\GS_x64.Enabler
2014-01-06 19:23:36 4558848 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-21 09:53:45 548864 ----a-w- C:\Windows\System32\vbscript.dll
2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
.
============= FINISH:  1:24:52.61 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 10/15/2010 3:01:10 PM
System Uptime: 3/21/2014 12:50:07 AM (1 hours ago)
.
Motherboard: Gateway          |  | NV53A           
Processor: AMD Turion II P540 Dual-Core Processor | Socket S1G4 | 2400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 298.449 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
RP230: 3/10/2014 8:37:32 AM - Windows Update
RP231: 3/13/2014 7:00:32 PM - Windows Update
RP232: 3/14/2014 7:21:37 PM - Removed MotoCast
RP233: 3/16/2014 2:23:06 PM - Removed iSEEK AnswerWorks English Runtime
RP234: 3/16/2014 5:35:43 PM - Installed MozyHome
RP235: 3/16/2014 8:29:34 PM - Installed xVideoServiceThief
RP236: 3/18/2014 6:57:22 PM - Windows Update
RP237: 3/19/2014 8:39:25 PM - Windows Update
.
==== Image File Execution Options =============
.
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browsemngr.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browsermngr.exe - tasklist.exe
IFEO: browserprotect.exe - tasklist.exe
IFEO: browsersafeguard.exe - tasklist.exe
IFEO: bundlesweetimsetup.exe - tasklist.exe
IFEO: cltmngsvc.exe - tasklist.exe
IFEO: delta babylon.exe - tasklist.exe
IFEO: delta tb.exe - tasklist.exe
IFEO: delta2.exe - tasklist.exe
IFEO: deltainstaller.exe - tasklist.exe
IFEO: deltasetup.exe - tasklist.exe
IFEO: deltatb.exe - tasklist.exe
IFEO: deltatb_2501-c733154b.exe - tasklist.exe
IFEO: dprotectsvc.exe - tasklist.exe
IFEO: iminentsetup.exe - tasklist.exe
IFEO: protectedsearch.exe - tasklist.exe
IFEO: rjatydimofu.exe - tasklist.exe
IFEO: searchprotection.exe - tasklist.exe
IFEO: searchprotector.exe - tasklist.exe
IFEO: snapdo.exe - tasklist.exe
IFEO: stinst32.exe - tasklist.exe
IFEO: stinst64.exe - tasklist.exe
IFEO: sweetimsetup.exe - tasklist.exe
IFEO: tbdelta.exetoolbar783881609.exe - tasklist.exe
IFEO: utiljumpflip.exe - tasklist.exe
x64-IFEO: bitguard.exe - tasklist.exe
x64-IFEO: bprotect.exe - tasklist.exe
x64-IFEO: bpsvc.exe - tasklist.exe
x64-IFEO: browsemngr.exe - tasklist.exe
x64-IFEO: browserdefender.exe - tasklist.exe
x64-IFEO: browsermngr.exe - tasklist.exe
x64-IFEO: browserprotect.exe - tasklist.exe
x64-IFEO: browsersafeguard.exe - tasklist.exe
x64-IFEO: bundlesweetimsetup.exe - tasklist.exe
x64-IFEO: cltmngsvc.exe - tasklist.exe
x64-IFEO: delta babylon.exe - tasklist.exe
x64-IFEO: delta tb.exe - tasklist.exe
x64-IFEO: delta2.exe - tasklist.exe
x64-IFEO: deltainstaller.exe - tasklist.exe
x64-IFEO: deltasetup.exe - tasklist.exe
x64-IFEO: deltatb.exe - tasklist.exe
x64-IFEO: deltatb_2501-c733154b.exe - tasklist.exe
x64-IFEO: dprotectsvc.exe - tasklist.exe
x64-IFEO: iminentsetup.exe - tasklist.exe
x64-IFEO: protectedsearch.exe - tasklist.exe
x64-IFEO: rjatydimofu.exe - tasklist.exe
x64-IFEO: searchprotection.exe - tasklist.exe
x64-IFEO: searchprotector.exe - tasklist.exe
x64-IFEO: snapdo.exe - tasklist.exe
x64-IFEO: stinst32.exe - tasklist.exe
x64-IFEO: stinst64.exe - tasklist.exe
x64-IFEO: sweetimsetup.exe - tasklist.exe
x64-IFEO: tbdelta.exetoolbar783881609.exe - tasklist.exe
x64-IFEO: utiljumpflip.exe - tasklist.exe
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Photoshop CS6
Adobe Reader XI (11.0.06)
Advertising Center
AMD USB Filter Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASAP Utilities
ASUS WebStorage Sync
ATI Catalyst Install Manager
Auslogics BoostSpeed
Auslogics Disk Defrag
Backup Manager Basic
Best Buy pc app
Bonjour
Box Sync (64 bit)
calibre
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cisco AnyConnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client 
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
CyberLink PowerDVD 12
Dropbox
ESET Online Scanner v3
Evernote v. 5.1.2
Gateway InfoCentre
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway Updater
Glary Utilities 4.7
Google Apps Migration For Microsoft Outlook® 2.3.14.36
Google Apps Sync™ for Microsoft Outlook® 3.5.370.990
Google Chrome
Google Drive
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
Google+ Auto Backup
GoToMeeting 5.1.0.873
GS.Enabler
GS.Supporter 1.80
HD Video Converter Factory Pro
HP Deskjet 3520 series Basic Device Software
HP Deskjet 3520 series Setup Guide
HP Update
ID3-TagIT 3
Identity Card
ImagXpress
iSEEK AnswerWorks English Runtime
iTunes
Java 7 Update 45
Java Auto Updater
JavaFX 2.1.1
Juniper Networks Host Checker
Juniper Networks Network Connect 7.0.0
Juniper Networks Setup Client
Juniper Terminal Services Client
Junk Mail filter update
Launch Manager
Linkey
Lupas Rename 2000 v5.0 Release
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 365 Home Premium - en-us
Microsoft Office File Validation Add-In
Microsoft OneDrive
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
MotoHelper MergeModules
Motorola Device Manager
Motorola Device Software Update
Motorola Mobile Drivers Installation 5.9.0
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
MozyHome
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
Music Manager
my makeup makeover v2.4 update
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
NFO Reader version 1.0
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
ooVoo
PDF Settings CS6
Picasa 3
PlayReady PC Runtime x86
Quicken 2011
Quicken 2014
Quicken WillMaker Plus 2011
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Remote Drive 2.0.0.232
ReNamer
Revo Uninstaller 1.94
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Settings Manager
Shutterfly Express Uploader
Skitch
Skype™ 6.11
Start Savin
Stash
Storia
swMSM
Synaptics Pointing Device Driver
The Imagination Station (remove only)
Trend Micro Titanium
Trend Micro Titanium Internet Security 2012
ValueApps
Video Web Camera
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR archiver
WinX DVD Copy Pro 3.5.0
WinX DVD Ripper 5.5.14
WinX DVD Ripper Platinum 7.3.2
WinX HD Video Converter Deluxe 4.2.1
.
==== Event Viewer Messages From Past Week ========
.
3/21/2014 12:54:10 AM, Error: Service Control Manager [7034]  - The pcregservice Service service terminated unexpectedly.  It has done this 1 time(s).
3/21/2014 12:53:07 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.
3/21/2014 12:53:07 AM, Error: Service Control Manager [7000]  - The MBAMScheduler service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/20/2014 7:30:34 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the HOSTS Anti-PUPs service to connect.
3/20/2014 7:30:34 AM, Error: Service Control Manager [7000]  - The HOSTS Anti-PUPs service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/20/2014 7:29:54 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the GS.Supporter service to connect.
3/19/2014 11:28:39 PM, Error: bowser [8003]  - The master browser has received a server announcement from the computer JERRY that believes that it is the master browser for the domain on transport NetBT_Tcpip_{7435787B-D650-491A-A386-912BED018258}. The master browser is stopping or an election is being forced.
3/18/2014 9:46:40 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
3/18/2014 9:39:35 PM, Error: Schannel [36888]  - The following fatal alert was generated: 43. The internal error state is 252.
3/17/2014 11:00:29 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the DNS Client service to connect.
3/17/2014 11:00:29 AM, Error: Service Control Manager [7000]  - The DNS Client service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/16/2014 8:42:39 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the MozyHome Backup Service service to connect.
3/16/2014 8:42:39 PM, Error: Service Control Manager [7000]  - The MozyHome Backup Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/16/2014 8:42:39 PM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
3/16/2014 5:28:09 PM, Error: Service Control Manager [7030]  - The pcregservice Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
3/16/2014 5:27:15 PM, Error: Service Control Manager [7030]  - The Systemk Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
3/16/2014 4:58:11 PM, Error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/16/2014 4:57:37 PM, Error: Service Control Manager [7034]  - The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
3/14/2014 5:08:55 PM, Error: Microsoft-Windows-SharedAccess_NAT [30009]  - The DHCP allocator encountered a network error while attempting to reply on IP address 0.0.0.0 to a request from a client. The data is the error code.
3/14/2014 10:51:27 AM, Error: Service Control Manager [7043]  - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

Hello awriternot! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall the following applications:

GS.Enabler

GS.Supporter 1.80

Linkey

Start Savin

Storia

ValueApps

Step 2

Please run a Quick Scan with Malwarebytes and post the log:

Open up Malwarebytes => Settings Tab => Scanner Settings => Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log
Link to post
Share on other sites

Oh.  Ok.  Well, Hi.

I was just asking for Jeff's help since he's been helping me with this pesky thing, but I appreciate your help too.

 

I was able to uninstall Linkey and start savin but I get the following for valueapps and GS Supporter.. I couldn't find GS Enabler.  Storia is a program that Scholastic books utilizes, we use that for my son's school.

 

 

 

When I tried to uninstall valueapps, I got this weird box

 

Capture.jpg

 

 

This pops up as soon as i try and uninstall the GS Supporter:

 

rundll.jpg

 

 

Should I wait until you see this before I run MBAM since it didn't catch it the first time?

Link to post
Share on other sites

OK - Here are the results:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.31.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Owner :: MIKKI-PC [administrator]
 
3/30/2014 8:29:51 PM
mbam-log-2014-03-30 (20-29-51).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 461788
Time elapsed: 3 hour(s), 17 minute(s), 58 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 8
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{181F2C09-56DD-4F98-86D7-59BA2BC59B5A} (PUP.Optional.StartSavin.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{181F2C09-56DD-4F98-86D7-59BA2BC59B5A} (PUP.Optional.StartSavin.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} (PUP.Optional.Linkey.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} (PUP.Optional.Linkey.A) -> Quarantined and deleted successfully.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SystemK\General (PUP.Optional.SettingsManager.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Update Mega Browse (PUP.Optional.MegaBrowse.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0M2P0U0F0B1O1O1G -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 2
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 2
C:\Users\Owner\AppData\Local\Temp\is357113909\52098320_stp\setup.exe (PUP.Optional.Crimsolite.A) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage (PUP.Optional.FunMoods.A) -> Quarantined and deleted successfully.
 
(end)
 
Link to post
Share on other sites

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
Link to post
Share on other sites

Alrighty:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Wed 04/02/2014 at  0:32:51.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Owner\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\Owner\documents\optimizer pro"
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\ghug7evk.default\user.js
Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\ghug7evk.default\searchplugins\mysearchdial.xml
Successfully deleted: [Folder] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\ghug7evk.default\extensions\staged
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/02/2014 at  0:43:17.33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# AdwCleaner v3.020 - Report created 09/03/2014 at 00:49:41
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - MIKKI-PC
# Running from : C:\Users\Owner\Desktop\adwcleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\House Of Soft
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Settings
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Mozilla Firefox v25.0.1 (en-US)
 
[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ghug7evk.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5629 octets] - [26/01/2014 14:00:20]
AdwCleaner[R1].txt - [907 octets] - [27/01/2014 06:31:28]
AdwCleaner[R2].txt - [1025 octets] - [28/01/2014 00:06:18]
AdwCleaner[R3].txt - [3228 octets] - [13/02/2014 04:14:40]
AdwCleaner[R4].txt - [2093 octets] - [09/03/2014 00:32:04]
AdwCleaner[s0].txt - [5211 octets] - [26/01/2014 14:02:20]
AdwCleaner[s1].txt - [619 octets] - [27/01/2014 06:37:19]
AdwCleaner[s2].txt - [1087 octets] - [28/01/2014 00:08:00]
AdwCleaner[s3].txt - [3101 octets] - [13/02/2014 04:17:30]
AdwCleaner[s4].txt - [2024 octets] - [09/03/2014 00:49:41]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s4].txt - [2084 octets] ##########
# AdwCleaner v3.023 - Report created 02/04/2014 at 00:51:29
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - MIKKI-PC
# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[#] Folder Deleted : C:\ProgramData\BitGuard
[#] Folder Deleted : C:\ProgramData\Browser Manager
[#] Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\ValueApps
Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\Program Files (x86)\Linkey
Folder Deleted : C:\Program Files (x86)\Mega Browse
Folder Deleted : C:\Program Files (x86)\ValueApps
Folder Deleted : C:\Users\Owner\AppData\Local\Temp\Mega Browse
Folder Deleted : C:\Users\Owner\AppData\Roaming\DigitalSites
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Bench
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\settin~1\systemk\x64\syskldr.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\wincert\win64c~1.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\linkey\ieexte~1\iedll64.dll
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]
 
-\\ Mozilla Firefox v27.0.1 (en-US)
 
[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ghug7evk.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5629 octets] - [26/01/2014 15:00:20]
AdwCleaner[R1].txt - [907 octets] - [27/01/2014 07:31:28]
AdwCleaner[R2].txt - [1025 octets] - [28/01/2014 01:06:18]
AdwCleaner[R3].txt - [3228 octets] - [13/02/2014 05:14:40]
AdwCleaner[R4].txt - [2093 octets] - [09/03/2014 01:32:04]
AdwCleaner[R5].txt - [5492 octets] - [02/04/2014 00:49:20]
AdwCleaner[s0].txt - [5211 octets] - [26/01/2014 15:02:20]
AdwCleaner[s1].txt - [619 octets] - [27/01/2014 07:37:19]
AdwCleaner[s2].txt - [1087 octets] - [28/01/2014 01:08:00]
AdwCleaner[s3].txt - [3101 octets] - [13/02/2014 05:17:30]
AdwCleaner[s4].txt - [2172 octets] - [09/03/2014 01:49:41]
AdwCleaner[s5].txt - [7121 octets] - [09/03/2014 09:53:48]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s5].txt - [7181 octets] ##########
 
Thanks!!
Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

OK doing that right now, but I have what is probaly a dumb question.  Yall always say to disable the virus protection during certain scans (which I do), but am I supposed to be doing that when I run MBAM and MBAR (root-kit)?

 

One other thing, I got a request from Windows to allow Safer Search, Inc access.  It is affiliated with a service.exe.  I did a search on this forum and didn't come up with an answer.  One guy asked but never got an answer to his specific wuestion.

 

Herdprotect seems to indicate that it's known for adware and is not necessary.  Here is the link to that:

 

http://www.herdprotect.com/updater.exe-e252818597ff21298a1a31cb3648be0f9f6c6009.aspx

 

If that is the case, how would I even get rid of it so that it doesn't keep asking me that?

Link to post
Share on other sites


C:\Program Files\Trend Micro\AMSP\temp\virus\VS4G1NBH.10L Win32/RiskWare.PEMalform.B application unable to clean

C:\Program Files\Trend Micro\AMSP\temp\virus\VS8085KU.002 Win32/RiskWare.PEMalform.B application unable to clean

C:\Users\Owner\AppData\Local\Temp\is357113909\52098323_stp\OptimizerPro.exe a variant of Win32/SpeedingUpMyPC.H application cleaned by deleting - quarantined

C:\Users\Owner\AppData\Local\Temp\is357113909\57752746_stp\OptimizerPro.exe a variant of Win32/SpeedingUpMyPC.H application cleaned by deleting - quarantined

C:\Users\Owner\AppData\Local\Temp\{06416317-34B0-4B8F-8A05-819259228716}\setup.exe multiple threats cleaned by deleting - quarantined

C:\Users\Owner\AppData\Local\Temp\{25FCD8CC-A7E2-423A-977A-7A7D234028A5}\setup.exe multiple threats cleaned by deleting - quarantined

 

Link to post
Share on other sites

No, you don't have to turn off your AV scanner when you run a scan with Malwarebytes.

Herdprotect is not reliable source.

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
How are things now?
Link to post
Share on other sites

  • 2 weeks later...

OK Just for grins since it's been so long since we've chatted - (and I don't have MBAM anymore), I re-did those first steps for you again:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 38 days old and could be outdated)
Ran by Owner (administrator) on MIKKI-PC on 20-04-2014 22:06:59
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
() C:\Program Files\pcreg\pcreg.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Acer Group) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
() C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Box, Inc.) C:\Program Files\Box Sync\BoxSync.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozystat.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(Box, Inc.) C:\Program Files\Box Sync\BoxSyncHelper.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 4\x64\Win64ShellLink.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1304296 2012-12-18] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [213824 2012-02-27] (Trend Micro Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [switchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [pcreg] - C:\Program Files\pcreg\service.exe [90184 2014-03-13] ()
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2681166796-2007918134-1661358387-1000\...\Run: [MusicManager] - C:\Users\Owner\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7382528 2014-03-03] (Google Inc.)
HKU\S-1-5-21-2681166796-2007918134-1661358387-1000\...\Run: [QuickenScheduledUpdates] - C:\Program Files (x86)\Quicken\bagent.exe [77096 2014-03-04] (Intuit Inc.)
HKU\S-1-5-21-2681166796-2007918134-1661358387-1000\...\Run: [Google Update] - C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-11-07] (Google Inc.)
HKU\S-1-5-21-2681166796-2007918134-1661358387-1000\...\Run: [HLBackupScheduler] - C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe [22871872 2014-02-26] ()
HKU\S-1-5-21-2681166796-2007918134-1661358387-1000\...\RunOnce: [uninstall C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217_1\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217_1\amd64"
HKU\S-1-5-21-2681166796-2007918134-1661358387-1000\...\RunOnce: [uninstall C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217_1] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217_1"
HKU\S-1-5-21-2681166796-2007918134-1661358387-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2681166796-2007918134-1661358387-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2681166796-2007918134-1661358387-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2681166796-2007918134-1661358387-1000\...\Policies\Explorer: [HideSCAHealth] 1
AppInit_DLLs-x32: c:\progra~2\settin~1\systemk\syskldr.dll => "c:\progra~2\settin~1\systemk\syskldr.dll" File Not Found
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk
ShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
SSODL: EldosMountNotificator-cbfs4 - {B8FD60CF-9D65-44C7-BECA-891CB8C4D5AD} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {B8FD60CF-9D65-44C7-BECA-891CB8C4D5AD} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2681166796-2007918134-1661358387-1006\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyC0DyD0BtC0FtDzztA0DtN0D0Tzu0SzztBtAtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyEzz0Czy0FyDzztGyB0FyC0AtGzyyD0E0AtG0Czy0C0AtGyEtCtCtCyC0D0C0EyDzz0EtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0E0BtByCtByByEtGyCyB0DzztG0DtByD0AtG0CyE0EzztGtDtD0EyDzzyDtB0B0CyDtDtA2Q&cr=2099165728&ir=
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=100&itype=u&ver=11471&tm=288&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=100&itype=u&ver=11471&tm=288&src=ds&p={searchTerms}
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = 
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll (Trend Micro Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://mdajun.mdanderson.org/dana-cached/sc/JuniperSetupClient.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ghug7evk.default
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ghug7evk.default\user.js
FF DefaultSearchEngine: default-search.net
FF SearchEngineOrder.1: default-search.net
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ghug7evk.default\Extensions\staged [2014-04-15]
FF Extension: Show my Password - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ghug7evk.default\Extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}.xpi [2014-03-11]
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension [2014-04-20]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ []
 
Chrome: 
=======
CHR Extension: (Lockify) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiigoloogeminempipceaikpnaimbekd [2014-02-16]
CHR Extension: (Task Timer) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomfjmibjhhfdenfkpaodhnlhkolngif [2014-02-16]
CHR Extension: (eBay) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom [2014-02-16]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2014-02-16]
CHR Extension: (UNO 3 3D Online) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkcdaicmkpfammeidmhpolmlgggokkmh [2014-01-28]
CHR Extension: (Box - 10GB of FREE storage) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2014-02-16]
CHR Extension: (UNO HD) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbiocfeggkcomnebamodmbngedojipdp [2014-01-28]
CHR Extension: (Wunderlist - To-do and Task list) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2014-02-16]
CHR Extension: (Save to Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-01-21]
CHR Extension: (Pin It Button) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-01-21]
CHR Extension: (PDF Mergy) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2014-04-02]
CHR Extension: (Word Game Trainer) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hndbgieifalnpdogdmpldfbahjnlamgi [2014-01-28]
CHR Extension: (VNC Viewer for Google Chrome™) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabmpiboiopbgfabjmgeedhcmjenhbla [2014-03-24]
CHR Extension: (Crackle) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2014-02-28]
CHR Extension: (Cloud Reader) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-02-16]
CHR Extension: (Google Play Music) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2014-01-21]
CHR Extension: (Word Wizard) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imhecaejbhpbamhhgffmialehafkaedk [2014-01-28]
CHR Extension: (PDF to Word Converter App) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jclipofobaadknkadkpgggmjkebddjam [2014-02-16]
CHR Extension: (UNO ONLINE!) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jffcjnoimmgcilbfgfhjkldapkdkicii [2014-01-28]
CHR Extension: (Google Play) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2014-02-16]
CHR Extension: (Evernote Web) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-01-21]
CHR Extension: (Pocket) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2014-01-21]
CHR Extension: (OneDrive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2014-01-21]
CHR Extension: (Pocket (formerly Read It Later)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-04-02]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Wunderlist for Chrome) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojcflmmmcfpacggndoaaflkmcoblhnbh [2014-02-16]
CHR Extension: (Picasa) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-01-21]
CHR Extension: (Evernote Web Clipper) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-01-21]
CHR HKCU\...\Chrome\Extension: [bpghhlfbjmmjohhnonhjgpbjdlbnmapf] - C:\Users\Owner\AppData\Local\CRE\bpghhlfbjmmjohhnonhjgpbjdlbnmapf.crx [2014-01-21]
CHR HKLM-x32\...\Chrome\Extension: [bpghhlfbjmmjohhnonhjgpbjdlbnmapf] - C:\Users\Owner\AppData\Local\CRE\bpghhlfbjmmjohhnonhjgpbjdlbnmapf.crx [2014-01-21]
CHR StartMenuInternet: Google Chrome - C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [91248 2012-12-28] (CyberLink Corp.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)
S3 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [78960 2012-12-28] (CyberLink)
S3 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296048 2012-12-28] (CyberLink)
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2014-01-27] ()
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-02] ()
R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [54040 2011-08-04] (Mozy, Inc.)
R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [33864 2014-03-13] ()
S2 1a34a8e0; "C:\Windows\system32\rundll32.exe" "c:\progra~2\GSSvc.dll",service
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=qb -dt=60000 -ad [X]
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-04-13] (Glarysoft Ltd)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [387776 2013-10-25] (EldoS Corporation)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2013-12-15] (Digiarty Software, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-20] (Malwarebytes Corporation)
R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [67808 2013-05-21] (Mozy, Inc.)
R2 ntk_PowerDVD12; C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-09-10] (Cyberlink Corp.)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [107048 2012-09-24] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [173504 2012-09-24] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [67344 2011-11-23] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [77184 2012-09-24] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [210704 2011-11-23] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-11-23] (Trend Micro Inc.)
R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18624 2013-10-25] (EldoS Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-07-19] (Cisco Systems, Inc.)
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61120 2014-03-29] (StdLib)
R2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [130320 2012-12-28] (CyberLink Corp.)
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-20 22:06 - 2014-04-20 22:08 - 00026319 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-04-20 22:06 - 2014-04-20 22:06 - 00000000 ____D () C:\FRST
2014-04-20 22:05 - 2014-04-20 22:05 - 01673896 _____ (Malwarebytes Corporation) C:\Users\Owner\Downloads\mbam-check-2.1.0.0002.exe
2014-04-20 22:05 - 2014-04-20 22:05 - 01673896 _____ (Malwarebytes Corporation) C:\Users\Owner\Desktop\mbam-check-2.1.0.0002.exe
2014-04-20 22:04 - 2014-04-20 22:04 - 02056704 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-04-20 22:01 - 2014-04-13 21:07 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-04-20 22:00 - 2014-04-20 21:58 - 06081224 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\OneDriveSetup (1).exe
2014-04-20 21:59 - 2014-04-20 21:59 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-04-20 21:58 - 2014-04-20 21:59 - 12484680 _____ () C:\Users\Owner\Downloads\gup4setup (1).exe
2014-04-20 19:43 - 2014-04-20 19:43 - 00015854 _____ () C:\Users\Owner\Downloads\Copy of Updated Inventory 1-11-13_FB (1).xlsx
2014-04-20 19:28 - 2014-04-20 19:28 - 00002612 _____ () C:\Users\Owner\Desktop\SearchMyFiles.cfg
2014-04-20 19:03 - 2014-04-20 19:03 - 00275536 _____ () C:\Windows\Minidump\042014-31637-01.dmp
2014-04-20 19:03 - 2014-04-20 19:03 - 00000000 ____D () C:\Windows\Minidump
2014-04-20 19:02 - 2014-04-20 19:02 - 348648563 _____ () C:\Windows\MEMORY.DMP
2014-04-20 18:56 - 2014-04-20 18:57 - 00000000 ____D () C:\Users\Owner\Desktop\coupon binder pics
2014-04-20 18:16 - 2014-04-20 18:16 - 00000000 ____D () C:\Users\Owner\AppData\LocalGoogle
2014-04-20 12:06 - 2014-04-20 12:07 - 17305528 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam_premium.exe
2014-04-19 13:56 - 2014-04-20 19:03 - 00000224 _____ () C:\Windows\setupact.log
2014-04-19 13:56 - 2014-04-19 13:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-19 13:55 - 2014-04-20 19:02 - 00004212 _____ () C:\Windows\PFRO.log
2014-04-18 23:27 - 2014-03-06 04:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-18 23:27 - 2014-03-06 04:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-18 23:27 - 2014-03-06 03:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-18 23:27 - 2014-03-06 03:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-18 23:27 - 2014-03-06 03:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-18 23:27 - 2014-03-06 03:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-18 23:27 - 2014-03-06 03:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-18 23:27 - 2014-03-06 03:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-18 23:27 - 2014-03-06 02:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-18 23:27 - 2014-03-06 02:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-18 23:26 - 2014-03-06 05:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-18 23:26 - 2014-03-06 04:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-18 23:26 - 2014-03-06 03:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-18 23:26 - 2014-03-06 03:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-18 23:26 - 2014-03-06 03:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-18 23:26 - 2014-03-06 03:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-18 23:26 - 2014-03-06 03:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-18 23:26 - 2014-03-06 03:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-18 23:26 - 2014-03-06 03:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-18 23:26 - 2014-03-06 03:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-18 23:26 - 2014-03-06 03:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-18 23:26 - 2014-03-06 03:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-18 23:26 - 2014-03-06 03:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-18 23:26 - 2014-03-06 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-18 23:26 - 2014-03-06 02:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-18 23:26 - 2014-03-06 02:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-18 23:26 - 2014-03-06 02:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-18 23:26 - 2014-03-06 02:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-18 23:26 - 2014-03-06 02:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-18 23:26 - 2014-03-06 02:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-18 23:26 - 2014-03-06 02:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-18 23:26 - 2014-03-06 02:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-18 23:26 - 2014-03-06 02:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-18 23:26 - 2014-03-06 02:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-18 23:26 - 2014-03-06 02:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-18 23:26 - 2014-03-06 02:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-18 23:26 - 2014-03-06 02:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-18 23:26 - 2014-03-06 02:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-18 23:26 - 2014-03-06 01:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-18 23:26 - 2014-03-06 01:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-18 23:26 - 2014-03-06 01:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-18 23:26 - 2014-03-06 01:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-18 23:26 - 2014-03-06 01:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-18 23:26 - 2014-03-06 00:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-18 23:26 - 2014-03-06 00:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-18 23:26 - 2014-03-06 00:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-18 23:26 - 2014-03-06 00:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-18 23:26 - 2014-03-06 00:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-16 23:02 - 2013-05-21 15:06 - 00067808 _____ (Mozy, Inc.) C:\Windows\system32\Drivers\mozy.sys
2014-04-16 22:40 - 2014-04-16 22:40 - 00001785 _____ () C:\Users\Owner\Desktop\Verizon Cloud.lnk
2014-04-16 22:40 - 2014-04-16 22:40 - 00000000 ____D () C:\ProgramData\Verizon
2014-04-16 22:39 - 2014-04-20 11:19 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-04-16 22:39 - 2014-04-16 22:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon Cloud
2014-04-16 22:38 - 2014-04-16 22:39 - 00000000 ____D () C:\Program Files\Verizon Cloud
2014-04-16 22:37 - 2014-04-16 22:37 - 51626544 _____ (Installation Program) C:\Users\Owner\Downloads\bapinstaller.exe
2014-04-16 22:37 - 2014-04-16 22:37 - 02402624 _____ () C:\Users\Owner\Downloads\VerizonWindowsInstaller.exe
2014-04-15 21:43 - 2014-04-15 21:43 - 00001060 _____ () C:\Users\Owner\Desktop\mbam4-14.txt
2014-04-15 01:01 - 2014-04-15 01:01 - 00010164 _____ () C:\Windows\SysWOW64\RegFile3.txt
2014-04-14 23:54 - 2014-04-14 23:54 - 12480432 _____ () C:\Users\Owner\Downloads\gup4setup.exe
2014-04-14 23:52 - 2014-04-14 23:52 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-10 22:59 - 2014-04-20 12:58 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-10 21:36 - 2014-04-10 21:37 - 05245480 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-10 21:27 - 2014-04-10 21:27 - 00448512 _____ (OldTimer Tools) C:\Users\Owner\Downloads\TFC (1).exe
2014-04-10 21:27 - 2014-04-10 21:27 - 00448512 _____ (OldTimer Tools) C:\Users\Owner\Desktop\TFC.exe
2014-04-08 19:21 - 2014-02-03 21:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-08 19:21 - 2014-02-03 21:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-08 19:21 - 2014-02-03 21:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-08 19:21 - 2014-02-03 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-08 19:21 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-08 19:20 - 2014-03-04 04:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-08 19:20 - 2014-03-04 04:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-08 19:20 - 2014-03-04 04:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-08 19:20 - 2014-03-04 04:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-08 19:20 - 2014-03-04 04:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-08 19:20 - 2014-03-04 04:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-08 19:20 - 2014-03-04 04:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 19:20 - 2014-03-04 04:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-08 19:20 - 2014-03-04 04:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-08 19:20 - 2014-03-04 03:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-08 19:20 - 2014-03-04 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-08 19:20 - 2014-01-23 21:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-07 21:10 - 2014-04-07 21:10 - 00076027 _____ () C:\Users\Owner\Downloads\Checking2.qfx
2014-04-07 20:36 - 2014-04-07 20:36 - 00145288 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-07 20:15 - 2014-04-07 20:15 - 00022250 _____ () C:\Users\Owner\Documents\cc_20140407_201517.reg
2014-04-07 20:07 - 2014-04-07 20:07 - 04787368 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup412.exe
2014-04-03 11:58 - 2014-04-03 11:58 - 00000000 ____D () C:\Program Files\Reason
2014-04-03 11:46 - 2014-04-03 11:46 - 02171728 _____ (Reason Company Software Inc.) C:\Users\Owner\Downloads\herdProtectScan_Setup.exe
2014-04-03 11:10 - 2014-04-03 11:12 - 00000000 ____D () C:\Users\Owner\Downloads\Chameleon
2014-04-03 09:55 - 2014-04-03 10:20 - 00000632 __RSH () C:\Users\Owner\ntuser.pol
2014-04-03 09:47 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-03 09:47 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-03 09:47 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-03 09:47 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-03 09:45 - 2014-04-03 09:47 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-04-02 23:36 - 2014-04-02 23:36 - 00000000 ____D () C:\Windows\SysWOW64\Log
2014-04-02 23:08 - 2014-04-02 23:08 - 04288000 _____ () C:\Users\Owner\Downloads\anyconnect-win-3.1.04063-pre-deploy-k9.msi
2014-04-02 19:17 - 2014-04-02 19:17 - 00000044 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2014-04-02 17:02 - 2014-04-02 17:02 - 00000000 ____D () C:\Users\Owner\Documents\Optimizer Pro
2014-04-02 16:56 - 2014-04-02 16:56 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DigitalSites
2014-04-02 16:54 - 2014-04-02 16:54 - 00685240 _____ () C:\Users\Owner\Downloads\ImageEditorSetup (3).exe
2014-04-02 00:48 - 2014-04-02 00:48 - 01426178 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe
2014-04-02 00:32 - 2014-04-02 00:32 - 01038974 _____ (Thisisu) C:\Users\Owner\Downloads\JRT (3).exe
2014-04-02 00:29 - 2014-04-02 00:29 - 01038974 _____ (Thisisu) C:\Users\Owner\Downloads\JRT (1).exe
2014-03-29 18:42 - 2014-03-29 18:42 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-03-29 17:29 - 2014-03-29 17:29 - 00000487 _____ () C:\Users\Owner\Desktop\Minecraft - Shortcut.lnk
2014-03-29 17:12 - 2014-03-29 17:12 - 00686056 _____ () C:\Users\Owner\Downloads\ImageEditorSetup (2).exe
2014-03-29 17:11 - 2014-03-29 17:11 - 00686056 _____ () C:\Users\Owner\Downloads\ImageEditorSetup (1).exe
2014-03-29 17:10 - 2014-03-29 17:10 - 00686056 _____ () C:\Users\Owner\Downloads\ImageEditorSetup.exe
2014-03-29 17:03 - 2014-03-29 17:03 - 00000000 ____D () C:\Program Files (x86)\Image Converter
2014-03-29 15:45 - 2014-03-29 15:44 - 00675988 _____ () C:\Users\Owner\Downloads\Minecraft.exe
2014-03-29 15:45 - 2014-03-29 15:44 - 00280212 _____ () C:\Users\Owner\Downloads\Minecraft (1).jar
2014-03-29 15:44 - 2014-03-29 15:44 - 00280212 _____ () C:\Users\Owner\Downloads\Minecraft.jar
2014-03-25 20:25 - 2014-03-25 20:26 - 12448960 _____ () C:\Users\Owner\Downloads\Glary_Utilities_v4.8.0.97.exe
2014-03-22 21:53 - 2014-03-22 21:55 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
2014-03-22 21:53 - 2014-03-22 21:53 - 02157056 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-03-21 01:20 - 2014-03-21 01:20 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
 
==================== One Month Modified Files and Folders =======
 
2014-04-20 22:08 - 2014-04-20 22:06 - 00026319 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-04-20 22:08 - 2012-10-04 20:36 - 00000000 ____D () C:\Users\Owner\AppData\Local\Backup Assistant Plus
2014-04-20 22:06 - 2014-04-20 22:06 - 00000000 ____D () C:\FRST
2014-04-20 22:05 - 2014-04-20 22:05 - 01673896 _____ (Malwarebytes Corporation) C:\Users\Owner\Downloads\mbam-check-2.1.0.0002.exe
2014-04-20 22:05 - 2014-04-20 22:05 - 01673896 _____ (Malwarebytes Corporation) C:\Users\Owner\Desktop\mbam-check-2.1.0.0002.exe
2014-04-20 22:04 - 2014-04-20 22:04 - 02056704 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-04-20 22:01 - 2014-01-28 01:51 - 00002972 _____ () C:\Windows\System32\Tasks\GU4SkipUAC
2014-04-20 22:01 - 2014-01-28 01:51 - 00002628 _____ () C:\Windows\System32\Tasks\GlaryInitialize 4
2014-04-20 22:01 - 2014-01-28 01:51 - 00001051 _____ () C:\Users\Public\Desktop\Glary Utilities 4.lnk
2014-04-20 22:01 - 2014-01-28 01:51 - 00000332 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-04-20 22:01 - 2014-01-28 01:50 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-04-20 22:01 - 2013-06-19 20:23 - 00000000 ___RD () C:\Users\Owner\SkyDrive
2014-04-20 22:00 - 2014-02-21 16:45 - 00002186 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-04-20 22:00 - 2013-08-14 22:01 - 00004974 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MIKKI-PC-Owner Mikki-PC
2014-04-20 21:59 - 2014-04-20 21:59 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-04-20 21:59 - 2014-04-20 21:58 - 12484680 _____ () C:\Users\Owner\Downloads\gup4setup (1).exe
2014-04-20 21:58 - 2014-04-20 22:00 - 06081224 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\OneDriveSetup (1).exe
2014-04-20 21:58 - 2013-02-28 13:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-20 21:55 - 2010-11-07 18:48 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2681166796-2007918134-1661358387-1000UA.job
2014-04-20 21:15 - 2010-11-07 19:02 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-20 20:06 - 2009-07-13 23:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-20 20:06 - 2009-07-13 23:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-20 19:43 - 2014-04-20 19:43 - 00015854 _____ () C:\Users\Owner\Downloads\Copy of Updated Inventory 1-11-13_FB (1).xlsx
2014-04-20 19:28 - 2014-04-20 19:28 - 00002612 _____ () C:\Users\Owner\Desktop\SearchMyFiles.cfg
2014-04-20 19:26 - 2011-08-04 15:15 - 00004668 _____ () C:\Windows\mozy.flt
2014-04-20 19:26 - 2011-08-04 15:15 - 00003744 _____ () C:\Windows\mozy.blk
2014-04-20 19:12 - 2010-07-31 12:39 - 02085183 _____ () C:\Windows\WindowsUpdate.log
2014-04-20 19:11 - 2013-09-22 18:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Box Sync
2014-04-20 19:06 - 2010-11-07 19:02 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-20 19:03 - 2014-04-20 19:03 - 00275536 _____ () C:\Windows\Minidump\042014-31637-01.dmp
2014-04-20 19:03 - 2014-04-20 19:03 - 00000000 ____D () C:\Windows\Minidump
2014-04-20 19:03 - 2014-04-19 13:56 - 00000224 _____ () C:\Windows\setupact.log
2014-04-20 19:03 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-20 19:02 - 2014-04-20 19:02 - 348648563 _____ () C:\Windows\MEMORY.DMP
2014-04-20 19:02 - 2014-04-19 13:55 - 00004212 _____ () C:\Windows\PFRO.log
2014-04-20 18:57 - 2014-04-20 18:56 - 00000000 ____D () C:\Users\Owner\Desktop\coupon binder pics
2014-04-20 18:16 - 2014-04-20 18:16 - 00000000 ____D () C:\Users\Owner\AppData\LocalGoogle
2014-04-20 12:58 - 2014-04-10 22:59 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-20 12:58 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-20 12:07 - 2014-04-20 12:06 - 17305528 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam_premium.exe
2014-04-20 11:19 - 2014-04-16 22:39 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-04-20 10:45 - 2010-11-07 18:48 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2681166796-2007918134-1661358387-1000Core.job
2014-04-19 15:15 - 2013-06-19 18:23 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-04-19 14:03 - 2009-07-14 00:13 - 00834834 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-19 13:56 - 2014-04-19 13:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-19 01:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-16 23:02 - 2011-08-05 18:07 - 00000000 ____D () C:\Program Files\MozyHome
2014-04-16 22:40 - 2014-04-16 22:40 - 00001785 _____ () C:\Users\Owner\Desktop\Verizon Cloud.lnk
2014-04-16 22:40 - 2014-04-16 22:40 - 00000000 ____D () C:\ProgramData\Verizon
2014-04-16 22:40 - 2014-04-16 22:39 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon Cloud
2014-04-16 22:39 - 2014-04-16 22:38 - 00000000 ____D () C:\Program Files\Verizon Cloud
2014-04-16 22:37 - 2014-04-16 22:37 - 51626544 _____ (Installation Program) C:\Users\Owner\Downloads\bapinstaller.exe
2014-04-16 22:37 - 2014-04-16 22:37 - 02402624 _____ () C:\Users\Owner\Downloads\VerizonWindowsInstaller.exe
2014-04-15 22:28 - 2010-10-15 17:08 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Adobe
2014-04-15 21:43 - 2014-04-15 21:43 - 00001060 _____ () C:\Users\Owner\Desktop\mbam4-14.txt
2014-04-15 02:15 - 2010-07-22 05:34 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-15 01:42 - 2014-01-21 06:48 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-04-15 01:42 - 2014-01-21 06:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-04-15 01:42 - 2013-11-20 08:17 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2014-04-15 01:42 - 2013-11-20 08:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-15 01:42 - 2013-10-01 22:01 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\dvdcss
2014-04-15 01:42 - 2013-09-22 19:01 - 00000000 ____D () C:\Users\Owner\Documents\My Box Files
2014-04-15 01:42 - 2013-09-08 19:52 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\ooVoo Details
2014-04-15 01:42 - 2013-08-14 08:10 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-04-15 01:42 - 2013-08-14 08:10 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-04-15 01:42 - 2013-05-26 21:30 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\.minecraft
2014-04-15 01:42 - 2013-04-17 02:22 - 00000000 ____D () C:\Users\Owner\4-15-13_Maxx files
2014-04-15 01:42 - 2013-04-05 01:57 - 00000000 ____D () C:\ProgramData\InstallMate
2014-04-15 01:42 - 2013-02-18 22:29 - 00000000 ____D () C:\Users\Owner\Documents\Storia
2014-04-15 01:42 - 2012-12-26 16:33 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\ASUS WebStorage
2014-04-15 01:42 - 2012-10-22 20:13 - 00000000 ____D () C:\Users\Owner\AAPC
2014-04-15 01:42 - 2012-08-18 17:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\ArcSoft
2014-04-15 01:42 - 2012-08-08 05:52 - 00000000 ____D () C:\ProgramData\Motorola
2014-04-15 01:42 - 2012-07-23 16:14 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Imagenomic
2014-04-15 01:42 - 2012-02-21 08:17 - 00000000 ___RD () C:\Users\Owner\Documents\Desktop stuff
2014-04-15 01:42 - 2012-02-13 22:02 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2014-04-15 01:42 - 2012-02-01 06:41 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-04-15 01:42 - 2011-12-30 15:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\calibre
2014-04-15 01:42 - 2011-07-08 20:59 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Apple Computer
2014-04-15 01:42 - 2011-07-08 20:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\V CAST Media Manager
2014-04-15 01:42 - 2011-07-08 20:19 - 00000000 ____D () C:\ProgramData\Apple
2014-04-15 01:42 - 2011-03-19 21:02 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox
2014-04-15 01:42 - 2011-01-25 21:51 - 00000000 ____D () C:\Users\Owner\Documents\CyberLink
2014-04-15 01:42 - 2011-01-25 21:51 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\CyberLink
2014-04-15 01:42 - 2011-01-25 21:51 - 00000000 ____D () C:\Users\Owner\AppData\Local\Cyberlink
2014-04-15 01:42 - 2011-01-05 01:33 - 00000000 ____D () C:\Users\Owner\Documents\CVs
2014-04-15 01:42 - 2011-01-02 14:45 - 00000000 ____D () C:\Users\Owner\AppData\Local\Quicken WillMaker Plus 2011
2014-04-15 01:42 - 2010-12-26 10:43 - 00000000 ____D () C:\Users\Owner\Documents\Books
2014-04-15 01:42 - 2010-11-19 20:34 - 00000000 ____D () C:\Users\Owner\AppData\Local\Digsby
2014-04-15 01:42 - 2010-11-10 20:41 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\ICAClient
2014-04-15 01:42 - 2010-11-07 19:54 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-04-15 01:42 - 2010-11-07 18:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Google
2014-04-15 01:42 - 2010-11-07 18:40 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-04-15 01:42 - 2010-10-15 15:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apps\2.0
2014-04-15 01:42 - 2010-10-15 15:01 - 00000000 ____D () C:\Users\Owner
2014-04-15 01:42 - 2010-07-22 05:40 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-15 01:42 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-04-15 01:01 - 2014-04-15 01:01 - 00010164 _____ () C:\Windows\SysWOW64\RegFile3.txt
2014-04-14 23:54 - 2014-04-14 23:54 - 12480432 _____ () C:\Users\Owner\Downloads\gup4setup.exe
2014-04-14 23:52 - 2014-04-14 23:52 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-14 03:05 - 2014-01-28 01:50 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-04-13 21:07 - 2014-04-20 22:01 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-04-10 22:58 - 2010-11-19 20:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-10 21:37 - 2014-04-10 21:36 - 05245480 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-10 21:34 - 2013-08-01 20:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 21:27 - 2014-04-10 21:27 - 00448512 _____ (OldTimer Tools) C:\Users\Owner\Downloads\TFC (1).exe
2014-04-10 21:27 - 2014-04-10 21:27 - 00448512 _____ (OldTimer Tools) C:\Users\Owner\Desktop\TFC.exe
2014-04-10 21:22 - 2010-10-15 16:40 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-07 21:10 - 2014-04-07 21:10 - 00076027 _____ () C:\Users\Owner\Downloads\Checking2.qfx
2014-04-07 20:36 - 2014-04-07 20:36 - 00145288 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-07 20:15 - 2014-04-07 20:15 - 00022250 _____ () C:\Users\Owner\Documents\cc_20140407_201517.reg
2014-04-07 20:08 - 2012-12-02 17:48 - 00000789 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-07 20:08 - 2012-12-02 17:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-07 20:07 - 2014-04-07 20:07 - 04787368 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup412.exe
2014-04-03 17:28 - 2013-12-23 21:01 - 00000000 ____D () C:\Users\Owner\Downloads\New folder (2)
2014-04-03 11:58 - 2014-04-03 11:58 - 00000000 ____D () C:\Program Files\Reason
2014-04-03 11:46 - 2014-04-03 11:46 - 02171728 _____ (Reason Company Software Inc.) C:\Users\Owner\Downloads\herdProtectScan_Setup.exe
2014-04-03 11:12 - 2014-04-03 11:10 - 00000000 ____D () C:\Users\Owner\Downloads\Chameleon
2014-04-03 11:03 - 2013-08-28 01:45 - 00007604 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2014-04-03 10:20 - 2014-04-03 09:55 - 00000632 __RSH () C:\Users\Owner\ntuser.pol
2014-04-03 09:47 - 2014-04-03 09:45 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-04-03 09:47 - 2013-05-26 21:14 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-02 23:36 - 2014-04-02 23:36 - 00000000 ____D () C:\Windows\SysWOW64\Log
2014-04-02 23:12 - 2013-04-08 16:25 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-04-02 23:08 - 2014-04-02 23:08 - 04288000 _____ () C:\Users\Owner\Downloads\anyconnect-win-3.1.04063-pre-deploy-k9.msi
2014-04-02 19:57 - 2010-07-22 05:34 - 00000000 ____D () C:\ProgramData\Google
2014-04-02 19:41 - 2010-10-15 15:01 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-02 19:17 - 2014-04-02 19:17 - 00000044 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2014-04-02 17:02 - 2014-04-02 17:02 - 00000000 ____D () C:\Users\Owner\Documents\Optimizer Pro
2014-04-02 16:56 - 2014-04-02 16:56 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DigitalSites
2014-04-02 16:54 - 2014-04-02 16:54 - 00685240 _____ () C:\Users\Owner\Downloads\ImageEditorSetup (3).exe
2014-04-02 00:51 - 2014-01-26 15:00 - 00000000 ____D () C:\AdwCleaner
2014-04-02 00:48 - 2014-04-02 00:48 - 01426178 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe
2014-04-02 00:32 - 2014-04-02 00:32 - 01038974 _____ (Thisisu) C:\Users\Owner\Downloads\JRT (3).exe
2014-04-02 00:29 - 2014-04-02 00:29 - 01038974 _____ (Thisisu) C:\Users\Owner\Downloads\JRT (1).exe
2014-03-31 09:35 - 2010-10-15 16:47 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-31 06:50 - 2010-11-07 18:48 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2681166796-2007918134-1661358387-1000UA
2014-03-31 06:50 - 2010-11-07 18:48 - 00003486 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2681166796-2007918134-1661358387-1000Core
2014-03-29 18:42 - 2014-03-29 18:42 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-03-29 18:42 - 2009-07-13 21:34 - 00000580 _____ () C:\Windows\win.ini
2014-03-29 17:29 - 2014-03-29 17:29 - 00000487 _____ () C:\Users\Owner\Desktop\Minecraft - Shortcut.lnk
2014-03-29 17:12 - 2014-03-29 17:12 - 00686056 _____ () C:\Users\Owner\Downloads\ImageEditorSetup (2).exe
2014-03-29 17:11 - 2014-03-29 17:11 - 00686056 _____ () C:\Users\Owner\Downloads\ImageEditorSetup (1).exe
2014-03-29 17:10 - 2014-03-29 17:10 - 00686056 _____ () C:\Users\Owner\Downloads\ImageEditorSetup.exe
2014-03-29 17:03 - 2014-03-29 17:03 - 00000000 ____D () C:\Program Files (x86)\Image Converter
2014-03-29 15:44 - 2014-03-29 15:45 - 00675988 _____ () C:\Users\Owner\Downloads\Minecraft.exe
2014-03-29 15:44 - 2014-03-29 15:45 - 00280212 _____ () C:\Users\Owner\Downloads\Minecraft (1).jar
2014-03-29 15:44 - 2014-03-29 15:44 - 00280212 _____ () C:\Users\Owner\Downloads\Minecraft.jar
2014-03-28 21:16 - 2010-07-22 05:25 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-25 22:10 - 2010-11-07 19:02 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-25 22:10 - 2010-11-07 19:02 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-25 20:26 - 2014-03-25 20:25 - 12448960 _____ () C:\Users\Owner\Downloads\Glary_Utilities_v4.8.0.97.exe
2014-03-24 00:32 - 2010-07-22 05:40 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-03-24 00:28 - 2014-03-16 17:21 - 00000000 ____D () C:\Program Files (x86)\ReNamer
2014-03-23 16:18 - 2011-01-02 14:41 - 00000000 ____D () C:\Users\Owner\Documents\zFinances
2014-03-23 14:34 - 2013-11-13 17:24 - 00000000 ____D () C:\Users\Owner\Documents\Outlook Files
2014-03-22 21:55 - 2014-03-22 21:53 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
2014-03-22 21:53 - 2014-03-22 21:53 - 02157056 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-03-22 21:44 - 2011-11-23 05:26 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-03-22 01:22 - 2013-10-20 12:06 - 00000000 ____D () C:\Users\Owner\Documents\Finance
2014-03-21 16:55 - 2010-11-07 18:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-21 01:20 - 2014-03-21 01:20 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
 
Files to move or delete:
====================
C:\Users\Owner\cc_20130408_145109.reg
C:\Users\Owner\setup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-17 08:16
 
==================== End Of Log ============================
Link to post
Share on other sites

This one doesn't look good AT ALL! :(

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 38 days old and could be outdated)
Ran by Owner (administrator) on MIKKI-PC on 20-04-2014 22:06:59
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
() C:\Program Files\pcreg\pcreg.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Acer Group) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
() C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Box, Inc.) C:\Program Files\Box Sync\BoxSync.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozystat.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(Box, Inc.) C:\Program Files\Box Sync\BoxSyncHelper.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 4\x64\Win64ShellLink.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1304296 2012-12-18] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [213824 2012-02-27] (Trend Micro Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [switchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [pcreg] - C:\Program Files\pcreg\service.exe [90184 2014-03-13] ()
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2681166796-2007918134-1661358387-1000\...\Run: [MusicManager] - C:\Users\Owner\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7382528 2014-03-03] (Google Inc.)
HKU\S-1-5-21-2681166796-2007918134-1661358387-1000\...\Run: [QuickenScheduledUpdates] - C:\Program Files (x86)\Quicken\bagent.exe [77096 2014-03-04] (Intuit Inc.)
HKU\S-1-5-21-2681166796-2007918134-1661358387-1000\...\Run: [Google Update] - C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-11-07] (Google Inc.)
HKU\S-1-5-21-2681166796-2007918134-1661358387-1000\...\Run: [HLBackupScheduler] - C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe [22871872 2014-02-26] ()
HKU\S-1-5-21-2681166796-2007918134-1661358387-1000\...\RunOnce: [uninstall C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217_1\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217_1\amd64"
HKU\S-1-5-21-2681166796-2007918134-1661358387-1000\...\RunOnce: [uninstall C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217_1] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217_1"
HKU\S-1-5-21-2681166796-2007918134-1661358387-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2681166796-2007918134-1661358387-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2681166796-2007918134-1661358387-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2681166796-2007918134-1661358387-1000\...\Policies\Explorer: [HideSCAHealth] 1
AppInit_DLLs-x32: c:\progra~2\settin~1\systemk\syskldr.dll => "c:\progra~2\settin~1\systemk\syskldr.dll" File Not Found
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk
ShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
SSODL: EldosMountNotificator-cbfs4 - {B8FD60CF-9D65-44C7-BECA-891CB8C4D5AD} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {B8FD60CF-9D65-44C7-BECA-891CB8C4D5AD} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2681166796-2007918134-1661358387-1006\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyC0DyD0BtC0FtDzztA0DtN0D0Tzu0SzztBtAtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyEzz0Czy0FyDzztGyB0FyC0AtGzyyD0E0AtG0Czy0C0AtGyEtCtCtCyC0D0C0EyDzz0EtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0E0BtByCtByByEtGyCyB0DzztG0DtByD0AtG0CyE0EzztGtDtD0EyDzzyDtB0B0CyDtDtA2Q&cr=2099165728&ir=
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=100&itype=u&ver=11471&tm=288&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=100&itype=u&ver=11471&tm=288&src=ds&p={searchTerms}
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = 
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll (Trend Micro Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://mdajun.mdanderson.org/dana-cached/sc/JuniperSetupClient.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ghug7evk.default
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ghug7evk.default\user.js
FF DefaultSearchEngine: default-search.net
FF SearchEngineOrder.1: default-search.net
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ghug7evk.default\Extensions\staged [2014-04-15]
FF Extension: Show my Password - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ghug7evk.default\Extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}.xpi [2014-03-11]
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension [2014-04-20]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ []
 
Chrome: 
=======
CHR Extension: (Lockify) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiigoloogeminempipceaikpnaimbekd [2014-02-16]
CHR Extension: (Task Timer) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomfjmibjhhfdenfkpaodhnlhkolngif [2014-02-16]
CHR Extension: (eBay) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom [2014-02-16]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2014-02-16]
CHR Extension: (UNO 3 3D Online) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkcdaicmkpfammeidmhpolmlgggokkmh [2014-01-28]
CHR Extension: (Box - 10GB of FREE storage) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2014-02-16]
CHR Extension: (UNO HD) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbiocfeggkcomnebamodmbngedojipdp [2014-01-28]
CHR Extension: (Wunderlist - To-do and Task list) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2014-02-16]
CHR Extension: (Save to Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-01-21]
CHR Extension: (Pin It Button) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-01-21]
CHR Extension: (PDF Mergy) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2014-04-02]
CHR Extension: (Word Game Trainer) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hndbgieifalnpdogdmpldfbahjnlamgi [2014-01-28]
CHR Extension: (VNC Viewer for Google Chrome™) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabmpiboiopbgfabjmgeedhcmjenhbla [2014-03-24]
CHR Extension: (Crackle) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2014-02-28]
CHR Extension: (Cloud Reader) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-02-16]
CHR Extension: (Google Play Music) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2014-01-21]
CHR Extension: (Word Wizard) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imhecaejbhpbamhhgffmialehafkaedk [2014-01-28]
CHR Extension: (PDF to Word Converter App) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jclipofobaadknkadkpgggmjkebddjam [2014-02-16]
CHR Extension: (UNO ONLINE!) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jffcjnoimmgcilbfgfhjkldapkdkicii [2014-01-28]
CHR Extension: (Google Play) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2014-02-16]
CHR Extension: (Evernote Web) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-01-21]
CHR Extension: (Pocket) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2014-01-21]
CHR Extension: (OneDrive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2014-01-21]
CHR Extension: (Pocket (formerly Read It Later)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-04-02]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Wunderlist for Chrome) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojcflmmmcfpacggndoaaflkmcoblhnbh [2014-02-16]
CHR Extension: (Picasa) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-01-21]
CHR Extension: (Evernote Web Clipper) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-01-21]
CHR HKCU\...\Chrome\Extension: [bpghhlfbjmmjohhnonhjgpbjdlbnmapf] - C:\Users\Owner\AppData\Local\CRE\bpghhlfbjmmjohhnonhjgpbjdlbnmapf.crx [2014-01-21]
CHR HKLM-x32\...\Chrome\Extension: [bpghhlfbjmmjohhnonhjgpbjdlbnmapf] - C:\Users\Owner\AppData\Local\CRE\bpghhlfbjmmjohhnonhjgpbjdlbnmapf.crx [2014-01-21]
CHR StartMenuInternet: Google Chrome - C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [91248 2012-12-28] (CyberLink Corp.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)
S3 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [78960 2012-12-28] (CyberLink)
S3 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296048 2012-12-28] (CyberLink)
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2014-01-27] ()
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-02] ()
R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [54040 2011-08-04] (Mozy, Inc.)
R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [33864 2014-03-13] ()
S2 1a34a8e0; "C:\Windows\system32\rundll32.exe" "c:\progra~2\GSSvc.dll",service
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=qb -dt=60000 -ad [X]
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-04-13] (Glarysoft Ltd)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [387776 2013-10-25] (EldoS Corporation)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2013-12-15] (Digiarty Software, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-20] (Malwarebytes Corporation)
R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [67808 2013-05-21] (Mozy, Inc.)
R2 ntk_PowerDVD12; C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-09-10] (Cyberlink Corp.)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [107048 2012-09-24] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [173504 2012-09-24] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [67344 2011-11-23] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [77184 2012-09-24] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [210704 2011-11-23] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-11-23] (Trend Micro Inc.)
R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18624 2013-10-25] (EldoS Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-07-19] (Cisco Systems, Inc.)
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61120 2014-03-29] (StdLib)
R2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [130320 2012-12-28] (CyberLink Corp.)
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-20 22:06 - 2014-04-20 22:08 - 00026319 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-04-20 22:06 - 2014-04-20 22:06 - 00000000 ____D () C:\FRST
2014-04-20 22:05 - 2014-04-20 22:05 - 01673896 _____ (Malwarebytes Corporation) C:\Users\Owner\Downloads\mbam-check-2.1.0.0002.exe
2014-04-20 22:05 - 2014-04-20 22:05 - 01673896 _____ (Malwarebytes Corporation) C:\Users\Owner\Desktop\mbam-check-2.1.0.0002.exe
2014-04-20 22:04 - 2014-04-20 22:04 - 02056704 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-04-20 22:01 - 2014-04-13 21:07 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-04-20 22:00 - 2014-04-20 21:58 - 06081224 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\OneDriveSetup (1).exe
2014-04-20 21:59 - 2014-04-20 21:59 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-04-20 21:58 - 2014-04-20 21:59 - 12484680 _____ () C:\Users\Owner\Downloads\gup4setup (1).exe
2014-04-20 19:43 - 2014-04-20 19:43 - 00015854 _____ () C:\Users\Owner\Downloads\Copy of Updated Inventory 1-11-13_FB (1).xlsx
2014-04-20 19:28 - 2014-04-20 19:28 - 00002612 _____ () C:\Users\Owner\Desktop\SearchMyFiles.cfg
2014-04-20 19:03 - 2014-04-20 19:03 - 00275536 _____ () C:\Windows\Minidump\042014-31637-01.dmp
2014-04-20 19:03 - 2014-04-20 19:03 - 00000000 ____D () C:\Windows\Minidump
2014-04-20 19:02 - 2014-04-20 19:02 - 348648563 _____ () C:\Windows\MEMORY.DMP
2014-04-20 18:56 - 2014-04-20 18:57 - 00000000 ____D () C:\Users\Owner\Desktop\coupon binder pics
2014-04-20 18:16 - 2014-04-20 18:16 - 00000000 ____D () C:\Users\Owner\AppData\LocalGoogle
2014-04-20 12:06 - 2014-04-20 12:07 - 17305528 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam_premium.exe
2014-04-19 13:56 - 2014-04-20 19:03 - 00000224 _____ () C:\Windows\setupact.log
2014-04-19 13:56 - 2014-04-19 13:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-19 13:55 - 2014-04-20 19:02 - 00004212 _____ () C:\Windows\PFRO.log
2014-04-18 23:27 - 2014-03-06 04:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-18 23:27 - 2014-03-06 04:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-18 23:27 - 2014-03-06 03:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-18 23:27 - 2014-03-06 03:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-18 23:27 - 2014-03-06 03:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-18 23:27 - 2014-03-06 03:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-18 23:27 - 2014-03-06 03:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-18 23:27 - 2014-03-06 03:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-18 23:27 - 2014-03-06 02:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-18 23:27 - 2014-03-06 02:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-18 23:26 - 2014-03-06 05:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-18 23:26 - 2014-03-06 04:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-18 23:26 - 2014-03-06 03:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-18 23:26 - 2014-03-06 03:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-18 23:26 - 2014-03-06 03:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-18 23:26 - 2014-03-06 03:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-18 23:26 - 2014-03-06 03:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-18 23:26 - 2014-03-06 03:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-18 23:26 - 2014-03-06 03:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-18 23:26 - 2014-03-06 03:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-18 23:26 - 2014-03-06 03:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-18 23:26 - 2014-03-06 03:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-18 23:26 - 2014-03-06 03:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-18 23:26 - 2014-03-06 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-18 23:26 - 2014-03-06 02:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-18 23:26 - 2014-03-06 02:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-18 23:26 - 2014-03-06 02:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-18 23:26 - 2014-03-06 02:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-18 23:26 - 2014-03-06 02:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-18 23:26 - 2014-03-06 02:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-18 23:26 - 2014-03-06 02:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-18 23:26 - 2014-03-06 02:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-18 23:26 - 2014-03-06 02:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-18 23:26 - 2014-03-06 02:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-18 23:26 - 2014-03-06 02:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-18 23:26 - 2014-03-06 02:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-18 23:26 - 2014-03-06 02:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-18 23:26 - 2014-03-06 02:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-18 23:26 - 2014-03-06 01:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-18 23:26 - 2014-03-06 01:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-18 23:26 - 2014-03-06 01:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-18 23:26 - 2014-03-06 01:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-18 23:26 - 2014-03-06 01:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-18 23:26 - 2014-03-06 00:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-18 23:26 - 2014-03-06 00:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-18 23:26 - 2014-03-06 00:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-18 23:26 - 2014-03-06 00:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-18 23:26 - 2014-03-06 00:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-16 23:02 - 2013-05-21 15:06 - 00067808 _____ (Mozy, Inc.) C:\Windows\system32\Drivers\mozy.sys
2014-04-16 22:40 - 2014-04-16 22:40 - 00001785 _____ () C:\Users\Owner\Desktop\Verizon Cloud.lnk
2014-04-16 22:40 - 2014-04-16 22:40 - 00000000 ____D () C:\ProgramData\Verizon
2014-04-16 22:39 - 2014-04-20 11:19 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-04-16 22:39 - 2014-04-16 22:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon Cloud
2014-04-16 22:38 - 2014-04-16 22:39 - 00000000 ____D () C:\Program Files\Verizon Cloud
2014-04-16 22:37 - 2014-04-16 22:37 - 51626544 _____ (Installation Program) C:\Users\Owner\Downloads\bapinstaller.exe
2014-04-16 22:37 - 2014-04-16 22:37 - 02402624 _____ () C:\Users\Owner\Downloads\VerizonWindowsInstaller.exe
2014-04-15 21:43 - 2014-04-15 21:43 - 00001060 _____ () C:\Users\Owner\Desktop\mbam4-14.txt
2014-04-15 01:01 - 2014-04-15 01:01 - 00010164 _____ () C:\Windows\SysWOW64\RegFile3.txt
2014-04-14 23:54 - 2014-04-14 23:54 - 12480432 _____ () C:\Users\Owner\Downloads\gup4setup.exe
2014-04-14 23:52 - 2014-04-14 23:52 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-10 22:59 - 2014-04-20 12:58 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-10 21:36 - 2014-04-10 21:37 - 05245480 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-10 21:27 - 2014-04-10 21:27 - 00448512 _____ (OldTimer Tools) C:\Users\Owner\Downloads\TFC (1).exe
2014-04-10 21:27 - 2014-04-10 21:27 - 00448512 _____ (OldTimer Tools) C:\Users\Owner\Desktop\TFC.exe
2014-04-08 19:21 - 2014-02-03 21:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-08 19:21 - 2014-02-03 21:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-08 19:21 - 2014-02-03 21:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-08 19:21 - 2014-02-03 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-08 19:21 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-08 19:20 - 2014-03-04 04:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-08 19:20 - 2014-03-04 04:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-08 19:20 - 2014-03-04 04:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-08 19:20 - 2014-03-04 04:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-08 19:20 - 2014-03-04 04:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-08 19:20 - 2014-03-04 04:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-08 19:20 - 2014-03-04 04:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 19:20 - 2014-03-04 04:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-08 19:20 - 2014-03-04 04:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-08 19:20 - 2014-03-04 03:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-08 19:20 - 2014-03-04 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-08 19:20 - 2014-01-23 21:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-07 21:10 - 2014-04-07 21:10 - 00076027 _____ () C:\Users\Owner\Downloads\Checking2.qfx
2014-04-07 20:36 - 2014-04-07 20:36 - 00145288 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-07 20:15 - 2014-04-07 20:15 - 00022250 _____ () C:\Users\Owner\Documents\cc_20140407_201517.reg
2014-04-07 20:07 - 2014-04-07 20:07 - 04787368 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup412.exe
2014-04-03 11:58 - 2014-04-03 11:58 - 00000000 ____D () C:\Program Files\Reason
2014-04-03 11:46 - 2014-04-03 11:46 - 02171728 _____ (Reason Company Software Inc.) C:\Users\Owner\Downloads\herdProtectScan_Setup.exe
2014-04-03 11:10 - 2014-04-03 11:12 - 00000000 ____D () C:\Users\Owner\Downloads\Chameleon
2014-04-03 09:55 - 2014-04-03 10:20 - 00000632 __RSH () C:\Users\Owner\ntuser.pol
2014-04-03 09:47 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-03 09:47 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-03 09:47 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-03 09:47 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-03 09:45 - 2014-04-03 09:47 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-04-02 23:36 - 2014-04-02 23:36 - 00000000 ____D () C:\Windows\SysWOW64\Log
2014-04-02 23:08 - 2014-04-02 23:08 - 04288000 _____ () C:\Users\Owner\Downloads\anyconnect-win-3.1.04063-pre-deploy-k9.msi
2014-04-02 19:17 - 2014-04-02 19:17 - 00000044 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2014-04-02 17:02 - 2014-04-02 17:02 - 00000000 ____D () C:\Users\Owner\Documents\Optimizer Pro
2014-04-02 16:56 - 2014-04-02 16:56 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DigitalSites
2014-04-02 16:54 - 2014-04-02 16:54 - 00685240 _____ () C:\Users\Owner\Downloads\ImageEditorSetup (3).exe
2014-04-02 00:48 - 2014-04-02 00:48 - 01426178 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe
2014-04-02 00:32 - 2014-04-02 00:32 - 01038974 _____ (Thisisu) C:\Users\Owner\Downloads\JRT (3).exe
2014-04-02 00:29 - 2014-04-02 00:29 - 01038974 _____ (Thisisu) C:\Users\Owner\Downloads\JRT (1).exe
2014-03-29 18:42 - 2014-03-29 18:42 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-03-29 17:29 - 2014-03-29 17:29 - 00000487 _____ () C:\Users\Owner\Desktop\Minecraft - Shortcut.lnk
2014-03-29 17:12 - 2014-03-29 17:12 - 00686056 _____ () C:\Users\Owner\Downloads\ImageEditorSetup (2).exe
2014-03-29 17:11 - 2014-03-29 17:11 - 00686056 _____ () C:\Users\Owner\Downloads\ImageEditorSetup (1).exe
2014-03-29 17:10 - 2014-03-29 17:10 - 00686056 _____ () C:\Users\Owner\Downloads\ImageEditorSetup.exe
2014-03-29 17:03 - 2014-03-29 17:03 - 00000000 ____D () C:\Program Files (x86)\Image Converter
2014-03-29 15:45 - 2014-03-29 15:44 - 00675988 _____ () C:\Users\Owner\Downloads\Minecraft.exe
2014-03-29 15:45 - 2014-03-29 15:44 - 00280212 _____ () C:\Users\Owner\Downloads\Minecraft (1).jar
2014-03-29 15:44 - 2014-03-29 15:44 - 00280212 _____ () C:\Users\Owner\Downloads\Minecraft.jar
2014-03-25 20:25 - 2014-03-25 20:26 - 12448960 _____ () C:\Users\Owner\Downloads\Glary_Utilities_v4.8.0.97.exe
2014-03-22 21:53 - 2014-03-22 21:55 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
2014-03-22 21:53 - 2014-03-22 21:53 - 02157056 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-03-21 01:20 - 2014-03-21 01:20 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
 
==================== One Month Modified Files and Folders =======
 
2014-04-20 22:08 - 2014-04-20 22:06 - 00026319 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-04-20 22:08 - 2012-10-04 20:36 - 00000000 ____D () C:\Users\Owner\AppData\Local\Backup Assistant Plus
2014-04-20 22:06 - 2014-04-20 22:06 - 00000000 ____D () C:\FRST
2014-04-20 22:05 - 2014-04-20 22:05 - 01673896 _____ (Malwarebytes Corporation) C:\Users\Owner\Downloads\mbam-check-2.1.0.0002.exe
2014-04-20 22:05 - 2014-04-20 22:05 - 01673896 _____ (Malwarebytes Corporation) C:\Users\Owner\Desktop\mbam-check-2.1.0.0002.exe
2014-04-20 22:04 - 2014-04-20 22:04 - 02056704 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-04-20 22:01 - 2014-01-28 01:51 - 00002972 _____ () C:\Windows\System32\Tasks\GU4SkipUAC
2014-04-20 22:01 - 2014-01-28 01:51 - 00002628 _____ () C:\Windows\System32\Tasks\GlaryInitialize 4
2014-04-20 22:01 - 2014-01-28 01:51 - 00001051 _____ () C:\Users\Public\Desktop\Glary Utilities 4.lnk
2014-04-20 22:01 - 2014-01-28 01:51 - 00000332 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-04-20 22:01 - 2014-01-28 01:50 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-04-20 22:01 - 2013-06-19 20:23 - 00000000 ___RD () C:\Users\Owner\SkyDrive
2014-04-20 22:00 - 2014-02-21 16:45 - 00002186 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-04-20 22:00 - 2013-08-14 22:01 - 00004974 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MIKKI-PC-Owner Mikki-PC
2014-04-20 21:59 - 2014-04-20 21:59 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-04-20 21:59 - 2014-04-20 21:58 - 12484680 _____ () C:\Users\Owner\Downloads\gup4setup (1).exe
2014-04-20 21:58 - 2014-04-20 22:00 - 06081224 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\OneDriveSetup (1).exe
2014-04-20 21:58 - 2013-02-28 13:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-20 21:55 - 2010-11-07 18:48 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2681166796-2007918134-1661358387-1000UA.job
2014-04-20 21:15 - 2010-11-07 19:02 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-20 20:06 - 2009-07-13 23:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-20 20:06 - 2009-07-13 23:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-20 19:43 - 2014-04-20 19:43 - 00015854 _____ () C:\Users\Owner\Downloads\Copy of Updated Inventory 1-11-13_FB (1).xlsx
2014-04-20 19:28 - 2014-04-20 19:28 - 00002612 _____ () C:\Users\Owner\Desktop\SearchMyFiles.cfg
2014-04-20 19:26 - 2011-08-04 15:15 - 00004668 _____ () C:\Windows\mozy.flt
2014-04-20 19:26 - 2011-08-04 15:15 - 00003744 _____ () C:\Windows\mozy.blk
2014-04-20 19:12 - 2010-07-31 12:39 - 02085183 _____ () C:\Windows\WindowsUpdate.log
2014-04-20 19:11 - 2013-09-22 18:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Box Sync
2014-04-20 19:06 - 2010-11-07 19:02 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-20 19:03 - 2014-04-20 19:03 - 00275536 _____ () C:\Windows\Minidump\042014-31637-01.dmp
2014-04-20 19:03 - 2014-04-20 19:03 - 00000000 ____D () C:\Windows\Minidump
2014-04-20 19:03 - 2014-04-19 13:56 - 00000224 _____ () C:\Windows\setupact.log
2014-04-20 19:03 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-20 19:02 - 2014-04-20 19:02 - 348648563 _____ () C:\Windows\MEMORY.DMP
2014-04-20 19:02 - 2014-04-19 13:55 - 00004212 _____ () C:\Windows\PFRO.log
2014-04-20 18:57 - 2014-04-20 18:56 - 00000000 ____D () C:\Users\Owner\Desktop\coupon binder pics
2014-04-20 18:16 - 2014-04-20 18:16 - 00000000 ____D () C:\Users\Owner\AppData\LocalGoogle
2014-04-20 12:58 - 2014-04-10 22:59 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-20 12:58 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-20 12:07 - 2014-04-20 12:06 - 17305528 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam_premium.exe
2014-04-20 11:19 - 2014-04-16 22:39 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-04-20 10:45 - 2010-11-07 18:48 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2681166796-2007918134-1661358387-1000Core.job
2014-04-19 15:15 - 2013-06-19 18:23 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-04-19 14:03 - 2009-07-14 00:13 - 00834834 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-19 13:56 - 2014-04-19 13:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-19 01:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-16 23:02 - 2011-08-05 18:07 - 00000000 ____D () C:\Program Files\MozyHome
2014-04-16 22:40 - 2014-04-16 22:40 - 00001785 _____ () C:\Users\Owner\Desktop\Verizon Cloud.lnk
2014-04-16 22:40 - 2014-04-16 22:40 - 00000000 ____D () C:\ProgramData\Verizon
2014-04-16 22:40 - 2014-04-16 22:39 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon Cloud
2014-04-16 22:39 - 2014-04-16 22:38 - 00000000 ____D () C:\Program Files\Verizon Cloud
2014-04-16 22:37 - 2014-04-16 22:37 - 51626544 _____ (Installation Program) C:\Users\Owner\Downloads\bapinstaller.exe
2014-04-16 22:37 - 2014-04-16 22:37 - 02402624 _____ () C:\Users\Owner\Downloads\VerizonWindowsInstaller.exe
2014-04-15 22:28 - 2010-10-15 17:08 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Adobe
2014-04-15 21:43 - 2014-04-15 21:43 - 00001060 _____ () C:\Users\Owner\Desktop\mbam4-14.txt
2014-04-15 02:15 - 2010-07-22 05:34 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-15 01:42 - 2014-01-21 06:48 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-04-15 01:42 - 2014-01-21 06:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-04-15 01:42 - 2013-11-20 08:17 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2014-04-15 01:42 - 2013-11-20 08:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-15 01:42 - 2013-10-01 22:01 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\dvdcss
2014-04-15 01:42 - 2013-09-22 19:01 - 00000000 ____D () C:\Users\Owner\Documents\My Box Files
2014-04-15 01:42 - 2013-09-08 19:52 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\ooVoo Details
2014-04-15 01:42 - 2013-08-14 08:10 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-04-15 01:42 - 2013-08-14 08:10 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-04-15 01:42 - 2013-05-26 21:30 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\.minecraft
2014-04-15 01:42 - 2013-04-17 02:22 - 00000000 ____D () C:\Users\Owner\4-15-13_Maxx files
2014-04-15 01:42 - 2013-04-05 01:57 - 00000000 ____D () C:\ProgramData\InstallMate
2014-04-15 01:42 - 2013-02-18 22:29 - 00000000 ____D () C:\Users\Owner\Documents\Storia
2014-04-15 01:42 - 2012-12-26 16:33 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\ASUS WebStorage
2014-04-15 01:42 - 2012-10-22 20:13 - 00000000 ____D () C:\Users\Owner\AAPC
2014-04-15 01:42 - 2012-08-18 17:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\ArcSoft
2014-04-15 01:42 - 2012-08-08 05:52 - 00000000 ____D () C:\ProgramData\Motorola
2014-04-15 01:42 - 2012-07-23 16:14 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Imagenomic
2014-04-15 01:42 - 2012-02-21 08:17 - 00000000 ___RD () C:\Users\Owner\Documents\Desktop stuff
2014-04-15 01:42 - 2012-02-13 22:02 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2014-04-15 01:42 - 2012-02-01 06:41 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-04-15 01:42 - 2011-12-30 15:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\calibre
2014-04-15 01:42 - 2011-07-08 20:59 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Apple Computer
2014-04-15 01:42 - 2011-07-08 20:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\V CAST Media Manager
2014-04-15 01:42 - 2011-07-08 20:19 - 00000000 ____D () C:\ProgramData\Apple
2014-04-15 01:42 - 2011-03-19 21:02 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox
2014-04-15 01:42 - 2011-01-25 21:51 - 00000000 ____D () C:\Users\Owner\Documents\CyberLink
2014-04-15 01:42 - 2011-01-25 21:51 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\CyberLink
2014-04-15 01:42 - 2011-01-25 21:51 - 00000000 ____D () C:\Users\Owner\AppData\Local\Cyberlink
2014-04-15 01:42 - 2011-01-05 01:33 - 00000000 ____D () C:\Users\Owner\Documents\CVs
2014-04-15 01:42 - 2011-01-02 14:45 - 00000000 ____D () C:\Users\Owner\AppData\Local\Quicken WillMaker Plus 2011
2014-04-15 01:42 - 2010-12-26 10:43 - 00000000 ____D () C:\Users\Owner\Documents\Books
2014-04-15 01:42 - 2010-11-19 20:34 - 00000000 ____D () C:\Users\Owner\AppData\Local\Digsby
2014-04-15 01:42 - 2010-11-10 20:41 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\ICAClient
2014-04-15 01:42 - 2010-11-07 19:54 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-04-15 01:42 - 2010-11-07 18:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Google
2014-04-15 01:42 - 2010-11-07 18:40 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-04-15 01:42 - 2010-10-15 15:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apps\2.0
2014-04-15 01:42 - 2010-10-15 15:01 - 00000000 ____D () C:\Users\Owner
2014-04-15 01:42 - 2010-07-22 05:40 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-15 01:42 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-04-15 01:01 - 2014-04-15 01:01 - 00010164 _____ () C:\Windows\SysWOW64\RegFile3.txt
2014-04-14 23:54 - 2014-04-14 23:54 - 12480432 _____ () C:\Users\Owner\Downloads\gup4setup.exe
2014-04-14 23:52 - 2014-04-14 23:52 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-14 03:05 - 2014-01-28 01:50 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-04-13 21:07 - 2014-04-20 22:01 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-04-10 22:58 - 2010-11-19 20:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-10 21:37 - 2014-04-10 21:36 - 05245480 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-10 21:34 - 2013-08-01 20:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 21:27 - 2014-04-10 21:27 - 00448512 _____ (OldTimer Tools) C:\Users\Owner\Downloads\TFC (1).exe
2014-04-10 21:27 - 2014-04-10 21:27 - 00448512 _____ (OldTimer Tools) C:\Users\Owner\Desktop\TFC.exe
2014-04-10 21:22 - 2010-10-15 16:40 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-07 21:10 - 2014-04-07 21:10 - 00076027 _____ () C:\Users\Owner\Downloads\Checking2.qfx
2014-04-07 20:36 - 2014-04-07 20:36 - 00145288 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-07 20:15 - 2014-04-07 20:15 - 00022250 _____ () C:\Users\Owner\Documents\cc_20140407_201517.reg
2014-04-07 20:08 - 2012-12-02 17:48 - 00000789 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-07 20:08 - 2012-12-02 17:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-07 20:07 - 2014-04-07 20:07 - 04787368 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup412.exe
2014-04-03 17:28 - 2013-12-23 21:01 - 00000000 ____D () C:\Users\Owner\Downloads\New folder (2)
2014-04-03 11:58 - 2014-04-03 11:58 - 00000000 ____D () C:\Program Files\Reason
2014-04-03 11:46 - 2014-04-03 11:46 - 02171728 _____ (Reason Company Software Inc.) C:\Users\Owner\Downloads\herdProtectScan_Setup.exe
2014-04-03 11:12 - 2014-04-03 11:10 - 00000000 ____D () C:\Users\Owner\Downloads\Chameleon
2014-04-03 11:03 - 2013-08-28 01:45 - 00007604 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2014-04-03 10:20 - 2014-04-03 09:55 - 00000632 __RSH () C:\Users\Owner\ntuser.pol
2014-04-03 09:47 - 2014-04-03 09:45 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-04-03 09:47 - 2013-05-26 21:14 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-02 23:36 - 2014-04-02 23:36 - 00000000 ____D () C:\Windows\SysWOW64\Log
2014-04-02 23:12 - 2013-04-08 16:25 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-04-02 23:08 - 2014-04-02 23:08 - 04288000 _____ () C:\Users\Owner\Downloads\anyconnect-win-3.1.04063-pre-deploy-k9.msi
2014-04-02 19:57 - 2010-07-22 05:34 - 00000000 ____D () C:\ProgramData\Google
2014-04-02 19:41 - 2010-10-15 15:01 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-02 19:17 - 2014-04-02 19:17 - 00000044 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2014-04-02 17:02 - 2014-04-02 17:02 - 00000000 ____D () C:\Users\Owner\Documents\Optimizer Pro
2014-04-02 16:56 - 2014-04-02 16:56 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DigitalSites
2014-04-02 16:54 - 2014-04-02 16:54 - 00685240 _____ () C:\Users\Owner\Downloads\ImageEditorSetup (3).exe
2014-04-02 00:51 - 2014-01-26 15:00 - 00000000 ____D () C:\AdwCleaner
2014-04-02 00:48 - 2014-04-02 00:48 - 01426178 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe
2014-04-02 00:32 - 2014-04-02 00:32 - 01038974 _____ (Thisisu) C:\Users\Owner\Downloads\JRT (3).exe
2014-04-02 00:29 - 2014-04-02 00:29 - 01038974 _____ (Thisisu) C:\Users\Owner\Downloads\JRT (1).exe
2014-03-31 09:35 - 2010-10-15 16:47 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-31 06:50 - 2010-11-07 18:48 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2681166796-2007918134-1661358387-1000UA
2014-03-31 06:50 - 2010-11-07 18:48 - 00003486 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2681166796-2007918134-1661358387-1000Core
2014-03-29 18:42 - 2014-03-29 18:42 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-03-29 18:42 - 2009-07-13 21:34 - 00000580 _____ () C:\Windows\win.ini
2014-03-29 17:29 - 2014-03-29 17:29 - 00000487 _____ () C:\Users\Owner\Desktop\Minecraft - Shortcut.lnk
2014-03-29 17:12 - 2014-03-29 17:12 - 00686056 _____ () C:\Users\Owner\Downloads\ImageEditorSetup (2).exe
2014-03-29 17:11 - 2014-03-29 17:11 - 00686056 _____ () C:\Users\Owner\Downloads\ImageEditorSetup (1).exe
2014-03-29 17:10 - 2014-03-29 17:10 - 00686056 _____ () C:\Users\Owner\Downloads\ImageEditorSetup.exe
2014-03-29 17:03 - 2014-03-29 17:03 - 00000000 ____D () C:\Program Files (x86)\Image Converter
2014-03-29 15:44 - 2014-03-29 15:45 - 00675988 _____ () C:\Users\Owner\Downloads\Minecraft.exe
2014-03-29 15:44 - 2014-03-29 15:45 - 00280212 _____ () C:\Users\Owner\Downloads\Minecraft (1).jar
2014-03-29 15:44 - 2014-03-29 15:44 - 00280212 _____ () C:\Users\Owner\Downloads\Minecraft.jar
2014-03-28 21:16 - 2010-07-22 05:25 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-25 22:10 - 2010-11-07 19:02 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-25 22:10 - 2010-11-07 19:02 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-25 20:26 - 2014-03-25 20:25 - 12448960 _____ () C:\Users\Owner\Downloads\Glary_Utilities_v4.8.0.97.exe
2014-03-24 00:32 - 2010-07-22 05:40 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-03-24 00:28 - 2014-03-16 17:21 - 00000000 ____D () C:\Program Files (x86)\ReNamer
2014-03-23 16:18 - 2011-01-02 14:41 - 00000000 ____D () C:\Users\Owner\Documents\zFinances
2014-03-23 14:34 - 2013-11-13 17:24 - 00000000 ____D () C:\Users\Owner\Documents\Outlook Files
2014-03-22 21:55 - 2014-03-22 21:53 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
2014-03-22 21:53 - 2014-03-22 21:53 - 02157056 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-03-22 21:44 - 2011-11-23 05:26 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-03-22 01:22 - 2013-10-20 12:06 - 00000000 ____D () C:\Users\Owner\Documents\Finance
2014-03-21 16:55 - 2010-11-07 18:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-21 01:20 - 2014-03-21 01:20 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
 
Files to move or delete:
====================
C:\Users\Owner\cc_20130408_145109.reg
C:\Users\Owner\setup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-17 08:16
 
==================== End Of Log ============================
Link to post
Share on other sites

mbam-check result log version:     2.1.0.0002

========================================

 

User Account type:                 Administrator

OS:                                Windows 7 Service Pack 1 Service Pack 1 64 bit Operating System

Current Build Number:              7601

Current Version Number:            6.1

Current CSDVersion:                Service Pack 1

mbam-check result log version: 2.1.0.0002

 

Malwarebytes Version: REG_SZ 1.75.0.1300

 

Malwarebytes Programbuild: REG_SZ consumer

 

Date Log Created: 04/20/14

Time Log Created: 22:19:34

 

Compatibility Flag Settings:

=================================

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

SIGN.IE=05039F8 g2m_codec.exe REG_SZ VISTARTM

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers

 

 

Malwarebytes Anti-Malware Shell Extension Block Check:

======================================================

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked:

 

MBAM Startup Entries: 

=====================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

 

Malwarebytes Anti-Malware Service and Driver Status:

=======================================================

 

--------------Driver File Info:--------------

C:\Windows\system32\drivers\mbamswissarmy.sys

File Size: 119512    BYTES FileVersion: 0.1.4.0 MD5: [6140163bfe9d8f2dfdba088ed5521c13]

 

--------------MBAMProtector:--------------

Type:                   N/A

State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector

WIN32_EXIT_CODE:        N/A

SERVICE_EXIT_CODE:      N/A

CHECKPOINT:             N/A

WAIT_HINT:              N/A

 

 

--------------MBAMService:--------------

Type:                   N/A

State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService

WIN32_EXIT_CODE:        N/A

SERVICE_EXIT_CODE:      N/A

CHECKPOINT:             N/A

WAIT_HINT:              N/A

 

 

--------------MBAMScheduler:--------------

Type:                   N/A

State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler

WIN32_EXIT_CODE:        N/A

SERVICE_EXIT_CODE:      N/A

CHECKPOINT:             N/A

WAIT_HINT:              N/A

 

 

--------------MBAMChameleon:--------------

Type:                   N/A

State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon

WIN32_EXIT_CODE:        N/A

SERVICE_EXIT_CODE:      N/A

CHECKPOINT:             N/A

WAIT_HINT:              N/A

 

 

--------------MBAMWebAccessControl:--------------

Type:                   N/A

State:                  0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MbamWebAccessControl

WIN32_EXIT_CODE:        N/A

SERVICE_EXIT_CODE:      N/A

CHECKPOINT:             N/A

WAIT_HINT:              N/A

 

 

Required Dependencies:

======================

 

--------------BFE:--------------

Type:                   32

State:                  4 (The service is running.)

WIN32_EXIT_CODE:        0

SERVICE_EXIT_CODE:      0

CHECKPOINT:             0

WAIT_HINT:              0

 

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

DisplayName                   REG_SZ @%SystemRoot%\system32\bfe.dll,-1001

Group                         REG_SZ NetworkProvider

ImagePath                     REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork

Description                   REG_SZ @%SystemRoot%\system32\bfe.dll,-1002

ObjectName                    REG_SZ NT AUTHORITY\LocalService

ErrorControl                  REG_DWORD 1

Start                         REG_DWORD 2

Type                          REG_DWORD 32

DependOnService               REG_MULTI_SZ RpcSs

 

ServiceSidType                REG_DWORD 3

RequiredPrivileges            REG_MULTI_SZ SeAuditPrivilege

 

FailureActions                REG_BINARY Binary Data

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters

ServiceDll                    REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll

ServiceDllUnloadOnStop        REG_DWORD 1

ServiceMain                   REG_SZ BfeServiceMain

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter

{dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data

 

{2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data

 

{2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data

 

{c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data

 

{0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data

 

{12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data

 

{c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data

 

{0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data

 

{074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data

 

{c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data

 

{a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data

 

{0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data

 

{935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data

 

{941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Callout

{729bea25-0c91-47c8-b159-9cdd4545c57c}REG_BINARY Binary Data

 

{11b00c19-9eea-4dc7-834e-7b02ef5f1a52}REG_BINARY Binary Data

 

{3db3d49c-1b85-4dd6-885e-fa9c32e6fbaa}REG_BINARY Binary Data

 

{1149a4ef-07f5-45df-ac3b-9f0f13110959}REG_BINARY Binary Data

 

{78e5e2fd-7400-42ff-8d6a-21086a6cfea5}REG_BINARY Binary Data

 

{4fe00f18-171c-48f4-8788-136e4d0d2fa3}REG_BINARY Binary Data

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter

{dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data

 

{f444c576-6e60-4ea2-9faa-80d57ed12cd2}REG_BINARY Binary Data

 

{0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data

 

{12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data

 

{c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data

 

{0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data

 

{4d9581d2-aef8-4993-84cd-b986ced80d42}REG_BINARY Binary Data

 

{be7cbdf4-b192-4aa5-94f8-1fb5c5ee07bc}REG_BINARY Binary Data

 

{716b48eb-0a35-4a76-92ab-1d987230d288}REG_BINARY Binary Data

 

{1165065e-4996-4338-abaf-4b8556b4d431}REG_BINARY Binary Data

 

{07a24961-a760-4e80-b263-6d275e1b09cb}REG_BINARY Binary Data

 

{5b0cb2e2-ab87-4974-9f1c-2f22a654eeb9}REG_BINARY Binary Data

 

{b6b2ca61-fb98-4422-adc2-e7cf56b3680c}REG_BINARY Binary Data

 

{0aa7fff8-919f-453c-928c-28a12122ba38}REG_BINARY Binary Data

 

{074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data

 

{c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data

 

{a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data

 

{0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data

 

{91ffecf0-0a9e-4572-95f1-a7111af86967}REG_BINARY Binary Data

 

{64e55933-15a5-495d-a928-ccca43d44875}REG_BINARY Binary Data

 

{13bfd422-6f75-4408-8924-9400ec0cb19c}REG_BINARY Binary Data

 

{cbfb56db-3c85-4543-9bc2-76ea28cdd74e}REG_BINARY Binary Data

 

{2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data

 

{375fb39b-08c6-40f2-bdf2-08fa63f970a2}REG_BINARY Binary Data

 

{2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data

 

{c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data

 

{b6fdab6b-dcc6-43e3-99ce-7aeca65063a4}REG_BINARY Binary Data

 

{3697a558-3ed3-49be-a4c1-c1a4448653b4}REG_BINARY Binary Data

 

{935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data

 

{941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data

 

{b02a4013-b6b5-4859-9168-1e3299e43b24}REG_BINARY Binary Data

 

{d870c96c-75ee-46a6-8a02-8e4401a73423}REG_BINARY Binary Data

 

{8b50e2ec-7cf0-4b71-b42e-5b0536f6cab8}REG_BINARY Binary Data

 

{4137b143-2770-43d4-91a2-55bb0a069830}REG_BINARY Binary Data

 

{3180114b-8338-4740-9a16-444134ad62f4}REG_BINARY Binary Data

 

{17043d46-fac2-4561-bca1-0c7a05e95f5f}REG_BINARY Binary Data

 

{567d3836-3f5b-4067-b9c4-952f677010a2}REG_BINARY Binary Data

 

{4e718c57-c397-4221-9fbb-14fd51701d6a}REG_BINARY Binary Data

 

{3a90a266-1519-4d23-911b-e84cd0f02ab8}REG_BINARY Binary Data

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider

{decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY Binary Data

 

{4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY Binary Data

 

{1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY Binary Data

 

{3ae7a917-2cb2-47b4-81be-5ab05b9fe98d}REG_BINARY Binary Data

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer

{b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY Binary Data

 

{b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY Binary Data

 

{b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY Binary Data

 

{9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY Binary Data

 

--------------fltmgr:--------------

Type:                   2

State:                  4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE:        0

SERVICE_EXIT_CODE:      0

CHECKPOINT:             0

WAIT_HINT:              0

 

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr

AttachWhenLoaded              REG_DWORD 1

DisplayName                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001

Group                         REG_SZ FSFilter Infrastructure

ImagePath                     REG_EXPAND_SZ system32\drivers\fltmgr.sys

Description                   REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000

ErrorControl                  REG_DWORD 3

Start                         REG_DWORD 0

Tag                           REG_DWORD 1

Type                          REG_DWORD 2

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum

0                             REG_SZ Root\LEGACY_FLTMGR\0000

Count                         REG_DWORD 1

NextInstance                  REG_DWORD 1

 

 

C:\Windows\system32\drivers\fltmgr.sys

File Size: 289664    BYTES FileVersion: 6.1.7601.17514 MD5: [da6b67270fd9db3697b20fce94950741]

C:\Windows\SysWOW64\olepro32.dll

File Size: 90112     BYTES FileVersion: 6.1.7601.17514 MD5: [703ffd301ab900b047337c5d40fd6f96]

 

 

MBAM Registry Settings and License Info:

========================================

 

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware

Affiliate                     REG_SZ https://store.malwarebytes.org/342/?scope=checkout&cart=29945

dbversion                     REG_SZ v2014.04.02.10

programversion                REG_SZ 1.75.0.1300

dbdate                        REG_SZ Wed, 02 Apr 2014 23:24:05 GMT

hidereg                       REG_DWORD 0

useproxy                      REG_DWORD 0

useauthentication             REG_DWORD 0

downloadprogram               REG_DWORD 1

updatewarn                    REG_DWORD 1

updatewarndays                REG_DWORD 1

notifyinstallprogram          REG_DWORD 1

silentipmode                  REG_DWORD 0

trialpromptshown              REG_DWORD 1

programbuild                  REG_SZ consumer

trialended                    REG_DWORD 1

SchedulerQueue                REG_MULTI_SZ 6148, 30348920, 2113589680, 1, 23 | 30360628, 308753410

 

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware\UUID

There is data here but it is hidden.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware\UUID

LicenseIdLastSent2            REG_SZ 30168360 3982904976

LicenseId                     REG_SZ 9a7990ea-7a9f-464d-967a-e20a0b9b12cb

LicenseIdVerification         REG_SZ c6d0e5c26fb58f6e8a90938573d69a70

LicenseIdLastSent1            REG_SZ 30147040 3754891869

 

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware (Trial)

TrialId                       There is data here but it is hidden.

StartDate                     REG_SZ Tue, 21 Jan 2014 12:27:49 UTC

EndDate                       REG_SZ Tue, 04 Feb 2014 12:27:49 UTC

 

Scheduler Queue:

================

 

Scheduled Item: Update Schedule Options: | Daily | Random

Start Time: 2014-10-21 70:14 Repeating Every: 1 Recover if missed by: 23

 

 

Last Ran: 2014-3-20-4 12:1:5

 

 

Pending File Rename Operations: 

================================

If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.

Pending File Rename Operations: 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\

PendingFileRenameOperations REG_MULTI_SZ \??\C:\Users\Owner\AppData\Local\Temp\_iu14D2N.tmp

 

 

 

MBAMProtector Registry Values:

==============================

 

 

 

MBAMService Registry Values:

============================

 

 

 

MBAMScheduler Registry Values:

==============================

 

 

 

Terminal Services Status for (null) entries in PM logs and GetUserToken errors:

===============================================================================

 

--------------TERMService:--------------

Type:                   32

State:                  1 (The service is not running.) (State is stopped)

WIN32_EXIT_CODE:        1077

SERVICE_EXIT_CODE:      0

CHECKPOINT:             0

WAIT_HINT:              0

 

 

TermService Start is set to: 3 (Manual Startup)

 

Proxy Status: No proxy is Set

 

Proxy Override: 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\

ProxyOverride REG_SZ 192.168.*.*

 

LAN Settings:

=============

 

only 'Automatically detect settings' is selected

 

SystemPartition:

================

 

HKEY_LOCAL_MACHINE\SYSTEM\Setup\

SystemPartition REG_SZ \Device\HarddiskVolume2

 

Balloon Tips Status:

====================

 

Enabled

 

Time Format Settings:

=====================

 

Should be:

h:mm:ss tt

AM 

PM 

:

 

Currently:

REG_SZ h:mm:ss tt

REG_SZ AM

REG_SZ PM

REG_SZ :

 

Language and Regional Settings:

===============================

 

ACP: Language is English (United States)

MACCP: Language is English (United States)

OEMCP: Language is English (United States)

 

Startup Folders for Error_Expanding_Variables Check:

====================================================

 

All Users Startup Folder Exists.

Current User's Startup Folder Exists.

 

 

 

MBAM DLL's and Runtime Files:

=============================

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

MBAM Registry Settings and License Info (part 2):

==================================================

 

HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware

selectedrives                 REG_SZ C:\|

terminateie                   REG_DWORD 1

openlog                       REG_DWORD 1

alwaysscanmemory              REG_DWORD 1

alwaysscanregistry            REG_DWORD 1

alwaysscanfiles               REG_DWORD 1

alwaysscanheuristics          REG_DWORD 1

defaultscan                   REG_DWORD 0

alwaysscanstartups            REG_DWORD 1

HKEY_USERS\S-1-5-18\SOFTWARE\Malwarebytes' Anti-Malware

alwaysscanfiles               REG_DWORD 1

alwaysscanheuristics          REG_DWORD 1

alwaysscanmemory              REG_DWORD 1

alwaysscanregistry            REG_DWORD 1

alwaysscanstartups            REG_DWORD 1

autosavelog                   REG_DWORD 1

openlog                       REG_DWORD 1

defaultscan                   REG_DWORD 0

terminateie                   REG_DWORD 0

HKEY_USERS\.DEFAULT\SOFTWARE\Malwarebytes' Anti-Malware

alwaysscanfiles               REG_DWORD 1

alwaysscanheuristics          REG_DWORD 1

alwaysscanmemory              REG_DWORD 1

alwaysscanregistry            REG_DWORD 1

alwaysscanstartups            REG_DWORD 1

autosavelog                   REG_DWORD 1

openlog                       REG_DWORD 1

defaultscan                   REG_DWORD 0

terminateie                   REG_DWORD 0

 

 

 

Context Menu Entries:

=====================

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

List of MBAM Related Directories:

=================================

 

===============================================================

END OF FILE
Link to post
Share on other sites

OK that first session said it was outdated - so I re-ran:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014 02
Ran by Owner (administrator) on MIKKI-PC on 20-04-2014 22:21:44
Running from C:\Users\Owner\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
() C:\Program Files\pcreg\pcreg.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Acer Group) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
() C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Box, Inc.) C:\Program Files\Box Sync\BoxSync.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozystat.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(Box, Inc.) C:\Program Files\Box Sync\BoxSyncHelper.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 4\x64\Win64ShellLink.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\NOTEPAD.EXE
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1304296 2012-12-18] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [213824 2012-02-27] (Trend Micro Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe [90184 2014-03-13] ()
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2681166796-2007918134-1661358387-1000\...\Run: [MusicManager] => C:\Users\Owner\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7382528 2014-03-03] (Google Inc.)
HKU\S-1-5-21-2681166796-2007918134-1661358387-1000\...\Run: [QuickenScheduledUpdates] => C:\Program Files (x86)\Quicken\bagent.exe [77096 2014-03-04] (Intuit Inc.)
HKU\S-1-5-21-2681166796-2007918134-1661358387-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-11-07] (Google Inc.)
HKU\S-1-5-21-2681166796-2007918134-1661358387-1000\...\Run: [HLBackupScheduler] => C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe [22871872 2014-02-26] ()
HKU\S-1-5-21-2681166796-2007918134-1661358387-1000\...\RunOnce: [uninstall C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217_1\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217_1\amd64"
HKU\S-1-5-21-2681166796-2007918134-1661358387-1000\...\RunOnce: [uninstall C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217_1] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217_1"
HKU\S-1-5-21-2681166796-2007918134-1661358387-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2681166796-2007918134-1661358387-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2681166796-2007918134-1661358387-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2681166796-2007918134-1661358387-1000\...\Policies\Explorer: [HideSCAHealth] 1
AppInit_DLLs-x32: c:\progra~2\settin~1\systemk\syskldr.dll => "c:\progra~2\settin~1\systemk\syskldr.dll" File Not Found
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk
ShortcutTarget: EvernoteTray.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
SSODL: EldosMountNotificator-cbfs4 - {B8FD60CF-9D65-44C7-BECA-891CB8C4D5AD} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {B8FD60CF-9D65-44C7-BECA-891CB8C4D5AD} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2681166796-2007918134-1661358387-1006\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyC0DyD0BtC0FtDzztA0DtN0D0Tzu0SzztBtAtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyCyEzz0Czy0FyDzztGyB0FyC0AtGzyyD0E0AtG0Czy0C0AtGyEtCtCtCyC0D0C0EyDzz0EtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0E0BtByCtByByEtGyCyB0DzztG0DtByD0AtG0CyE0EzztGtDtD0EyDzzyDtB0B0CyDtDtA2Q&cr=2099165728&ir=
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=100&itype=u&ver=11471&tm=288&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=100&itype=u&ver=11471&tm=288&src=ds&p={searchTerms}
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = 
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll (Trend Micro Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://mdajun.mdanderson.org/dana-cached/sc/JuniperSetupClient.cab
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ghug7evk.default
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ghug7evk.default\user.js
FF DefaultSearchEngine: default-search.net
FF SearchEngineOrder.1: default-search.net
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ghug7evk.default\Extensions\staged [2014-04-15]
FF Extension: Show my Password - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ghug7evk.default\Extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}.xpi [2014-03-11]
FF HKLM-x32\...\Firefox\Extensions: [{38783831-6098-4faa-A9C9-1EE1E343F4D2}] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension [2014-04-20]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ []
 
Chrome: 
=======
CHR StartupUrls: "https://www.yahoo.com/"
CHR Extension: (Lockify) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiigoloogeminempipceaikpnaimbekd [2014-02-16]
CHR Extension: (Task Timer) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomfjmibjhhfdenfkpaodhnlhkolngif [2014-02-16]
CHR Extension: (eBay) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnadbgmffcofipfljniafanjcafjlbom [2014-02-16]
CHR Extension: (HelloFax: 50 Free Fax Pages) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm [2014-02-16]
CHR Extension: (UNO 3 3D Online) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkcdaicmkpfammeidmhpolmlgggokkmh [2014-01-28]
CHR Extension: (Box - 10GB of FREE storage) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2014-02-16]
CHR Extension: (UNO HD) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbiocfeggkcomnebamodmbngedojipdp [2014-01-28]
CHR Extension: (Wunderlist - To-do and Task list) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2014-02-16]
CHR Extension: (Save to Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-01-21]
CHR Extension: (Pin It Button) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-01-21]
CHR Extension: (PDF Mergy) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2014-04-02]
CHR Extension: (Word Game Trainer) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hndbgieifalnpdogdmpldfbahjnlamgi [2014-01-28]
CHR Extension: (VNC Viewer for Google Chrome™) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabmpiboiopbgfabjmgeedhcmjenhbla [2014-03-24]
CHR Extension: (Crackle) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2014-02-28]
CHR Extension: (Cloud Reader) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-02-16]
CHR Extension: (Google Play Music) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2014-01-21]
CHR Extension: (Word Wizard) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\imhecaejbhpbamhhgffmialehafkaedk [2014-01-28]
CHR Extension: (PDF to Word Converter App) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jclipofobaadknkadkpgggmjkebddjam [2014-02-16]
CHR Extension: (UNO ONLINE!) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jffcjnoimmgcilbfgfhjkldapkdkicii [2014-01-28]
CHR Extension: (Google Play) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2014-02-16]
CHR Extension: (Evernote Web) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-01-21]
CHR Extension: (Pocket) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2014-01-21]
CHR Extension: (OneDrive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2014-01-21]
CHR Extension: (Pocket (formerly Read It Later)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-04-02]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Wunderlist for Chrome) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojcflmmmcfpacggndoaaflkmcoblhnbh [2014-02-16]
CHR Extension: (Picasa) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-01-21]
CHR Extension: (Evernote Web Clipper) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-01-21]
CHR HKCU\...\Chrome\Extension: [bpghhlfbjmmjohhnonhjgpbjdlbnmapf] - C:\Users\Owner\AppData\Local\CRE\bpghhlfbjmmjohhnonhjgpbjdlbnmapf.crx [2014-01-21]
CHR HKLM-x32\...\Chrome\Extension: [bpghhlfbjmmjohhnonhjgpbjdlbnmapf] - C:\Users\Owner\AppData\Local\CRE\bpghhlfbjmmjohhnonhjgpbjdlbnmapf.crx [2014-01-21]
CHR StartMenuInternet: Google Chrome - C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
R2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [91248 2012-12-28] (CyberLink Corp.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)
S3 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [78960 2012-12-28] (CyberLink)
S3 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296048 2012-12-28] (CyberLink)
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2014-01-27] ()
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-02] ()
R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [54040 2011-08-04] (Mozy, Inc.)
R2 pcregservice; C:\Program Files\pcreg\pcreg.exe [33864 2014-03-13] ()
S2 1a34a8e0; "C:\Windows\system32\rundll32.exe" "c:\progra~2\GSSvc.dll",service
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=qb -dt=60000 -ad [X]
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-04-13] (Glarysoft Ltd)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [387776 2013-10-25] (EldoS Corporation)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2013-12-15] (Digiarty Software, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-20] (Malwarebytes Corporation)
R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [67808 2013-05-21] (Mozy, Inc.)
R2 ntk_PowerDVD12; C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-09-10] (Cyberlink Corp.)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [107048 2012-09-24] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [173504 2012-09-24] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [67344 2011-11-23] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [77184 2012-09-24] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [210704 2011-11-23] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105744 2011-11-23] (Trend Micro Inc.)
R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [18624 2013-10-25] (EldoS Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-07-19] (Cisco Systems, Inc.)
R1 wStLibG64; C:\Windows\System32\drivers\wStLibG64.sys [61120 2014-03-29] (StdLib)
R2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [130320 2012-12-28] (CyberLink Corp.)
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-20 22:21 - 2014-04-20 22:21 - 02056704 _____ (Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe
2014-04-20 22:21 - 2014-04-20 22:21 - 00026185 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-04-20 22:19 - 2014-04-20 22:19 - 00016847 _____ () C:\Users\Owner\Desktop\CheckResults.txt
2014-04-20 22:09 - 2014-04-20 22:13 - 00049133 _____ () C:\Users\Owner\Desktop\Addition.txt
2014-04-20 22:06 - 2014-04-20 22:21 - 00000000 ____D () C:\FRST
2014-04-20 22:06 - 2014-04-20 22:13 - 00058066 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-04-20 22:05 - 2014-04-20 22:05 - 01673896 _____ (Malwarebytes Corporation) C:\Users\Owner\Downloads\mbam-check-2.1.0.0002.exe
2014-04-20 22:05 - 2014-04-20 22:05 - 01673896 _____ (Malwarebytes Corporation) C:\Users\Owner\Desktop\mbam-check-2.1.0.0002.exe
2014-04-20 22:04 - 2014-04-20 22:04 - 02056704 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-04-20 22:01 - 2014-04-13 21:07 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-04-20 22:00 - 2014-04-20 21:58 - 06081224 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\OneDriveSetup (1).exe
2014-04-20 21:59 - 2014-04-20 21:59 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-04-20 21:58 - 2014-04-20 21:59 - 12484680 _____ () C:\Users\Owner\Downloads\gup4setup (1).exe
2014-04-20 19:43 - 2014-04-20 19:43 - 00015854 _____ () C:\Users\Owner\Downloads\Copy of Updated Inventory 1-11-13_FB (1).xlsx
2014-04-20 19:28 - 2014-04-20 19:28 - 00002612 _____ () C:\Users\Owner\Desktop\SearchMyFiles.cfg
2014-04-20 19:03 - 2014-04-20 19:03 - 00275536 _____ () C:\Windows\Minidump\042014-31637-01.dmp
2014-04-20 19:03 - 2014-04-20 19:03 - 00000000 ____D () C:\Windows\Minidump
2014-04-20 19:02 - 2014-04-20 19:02 - 348648563 _____ () C:\Windows\MEMORY.DMP
2014-04-20 18:56 - 2014-04-20 18:57 - 00000000 ____D () C:\Users\Owner\Desktop\coupon binder pics
2014-04-20 18:16 - 2014-04-20 18:16 - 00000000 ____D () C:\Users\Owner\AppData\LocalGoogle
2014-04-20 12:06 - 2014-04-20 12:07 - 17305528 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam_premium.exe
2014-04-19 13:56 - 2014-04-20 19:03 - 00000224 _____ () C:\Windows\setupact.log
2014-04-19 13:56 - 2014-04-19 13:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-19 13:55 - 2014-04-20 19:02 - 00004212 _____ () C:\Windows\PFRO.log
2014-04-18 23:27 - 2014-03-06 04:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-18 23:27 - 2014-03-06 04:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-18 23:27 - 2014-03-06 03:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-18 23:27 - 2014-03-06 03:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-18 23:27 - 2014-03-06 03:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-18 23:27 - 2014-03-06 03:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-18 23:27 - 2014-03-06 03:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-18 23:27 - 2014-03-06 03:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-18 23:27 - 2014-03-06 02:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-18 23:27 - 2014-03-06 02:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-18 23:26 - 2014-03-06 05:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-18 23:26 - 2014-03-06 04:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-18 23:26 - 2014-03-06 03:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-18 23:26 - 2014-03-06 03:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-18 23:26 - 2014-03-06 03:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-18 23:26 - 2014-03-06 03:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-18 23:26 - 2014-03-06 03:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-18 23:26 - 2014-03-06 03:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-18 23:26 - 2014-03-06 03:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-18 23:26 - 2014-03-06 03:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-18 23:26 - 2014-03-06 03:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-18 23:26 - 2014-03-06 03:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-18 23:26 - 2014-03-06 03:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-18 23:26 - 2014-03-06 03:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-18 23:26 - 2014-03-06 02:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-18 23:26 - 2014-03-06 02:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-18 23:26 - 2014-03-06 02:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-18 23:26 - 2014-03-06 02:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-18 23:26 - 2014-03-06 02:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-18 23:26 - 2014-03-06 02:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-18 23:26 - 2014-03-06 02:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-18 23:26 - 2014-03-06 02:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-18 23:26 - 2014-03-06 02:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-18 23:26 - 2014-03-06 02:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-18 23:26 - 2014-03-06 02:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-18 23:26 - 2014-03-06 02:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-18 23:26 - 2014-03-06 02:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-18 23:26 - 2014-03-06 02:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-18 23:26 - 2014-03-06 01:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-18 23:26 - 2014-03-06 01:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-18 23:26 - 2014-03-06 01:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-18 23:26 - 2014-03-06 01:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-18 23:26 - 2014-03-06 01:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-18 23:26 - 2014-03-06 00:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-18 23:26 - 2014-03-06 00:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-18 23:26 - 2014-03-06 00:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-18 23:26 - 2014-03-06 00:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-18 23:26 - 2014-03-06 00:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-16 23:02 - 2013-05-21 15:06 - 00067808 _____ (Mozy, Inc.) C:\Windows\system32\Drivers\mozy.sys
2014-04-16 22:40 - 2014-04-16 22:40 - 00001785 _____ () C:\Users\Owner\Desktop\Verizon Cloud.lnk
2014-04-16 22:40 - 2014-04-16 22:40 - 00000000 ____D () C:\ProgramData\Verizon
2014-04-16 22:39 - 2014-04-20 11:19 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-04-16 22:39 - 2014-04-16 22:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon Cloud
2014-04-16 22:38 - 2014-04-16 22:39 - 00000000 ____D () C:\Program Files\Verizon Cloud
2014-04-16 22:37 - 2014-04-16 22:37 - 51626544 _____ (Installation Program) C:\Users\Owner\Downloads\bapinstaller.exe
2014-04-16 22:37 - 2014-04-16 22:37 - 02402624 _____ () C:\Users\Owner\Downloads\VerizonWindowsInstaller.exe
2014-04-15 21:43 - 2014-04-15 21:43 - 00001060 _____ () C:\Users\Owner\Desktop\mbam4-14.txt
2014-04-15 01:01 - 2014-04-15 01:01 - 00010164 _____ () C:\Windows\SysWOW64\RegFile3.txt
2014-04-14 23:54 - 2014-04-14 23:54 - 12480432 _____ () C:\Users\Owner\Downloads\gup4setup.exe
2014-04-14 23:52 - 2014-04-14 23:52 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-10 22:59 - 2014-04-20 12:58 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-10 21:36 - 2014-04-10 21:37 - 05245480 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-10 21:27 - 2014-04-10 21:27 - 00448512 _____ (OldTimer Tools) C:\Users\Owner\Downloads\TFC (1).exe
2014-04-10 21:27 - 2014-04-10 21:27 - 00448512 _____ (OldTimer Tools) C:\Users\Owner\Desktop\TFC.exe
2014-04-08 19:21 - 2014-02-03 21:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-08 19:21 - 2014-02-03 21:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-08 19:21 - 2014-02-03 21:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-08 19:21 - 2014-02-03 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-08 19:21 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-08 19:20 - 2014-03-04 04:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-08 19:20 - 2014-03-04 04:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-08 19:20 - 2014-03-04 04:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-08 19:20 - 2014-03-04 04:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-08 19:20 - 2014-03-04 04:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-08 19:20 - 2014-03-04 04:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-08 19:20 - 2014-03-04 04:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 19:20 - 2014-03-04 04:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-08 19:20 - 2014-03-04 04:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-08 19:20 - 2014-03-04 03:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-08 19:20 - 2014-03-04 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-08 19:20 - 2014-01-23 21:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-07 21:10 - 2014-04-07 21:10 - 00076027 _____ () C:\Users\Owner\Downloads\Checking2.qfx
2014-04-07 20:36 - 2014-04-07 20:36 - 00145288 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-07 20:15 - 2014-04-07 20:15 - 00022250 _____ () C:\Users\Owner\Documents\cc_20140407_201517.reg
2014-04-07 20:07 - 2014-04-07 20:07 - 04787368 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup412.exe
2014-04-03 11:58 - 2014-04-03 11:58 - 00000000 ____D () C:\Program Files\Reason
2014-04-03 11:46 - 2014-04-03 11:46 - 02171728 _____ (Reason Company Software Inc.) C:\Users\Owner\Downloads\herdProtectScan_Setup.exe
2014-04-03 11:10 - 2014-04-03 11:12 - 00000000 ____D () C:\Users\Owner\Downloads\Chameleon
2014-04-03 09:55 - 2014-04-03 10:20 - 00000632 __RSH () C:\Users\Owner\ntuser.pol
2014-04-03 09:47 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-03 09:47 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-03 09:47 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-03 09:47 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-03 09:45 - 2014-04-03 09:47 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-04-02 23:36 - 2014-04-02 23:36 - 00000000 ____D () C:\Windows\SysWOW64\Log
2014-04-02 23:08 - 2014-04-02 23:08 - 04288000 _____ () C:\Users\Owner\Downloads\anyconnect-win-3.1.04063-pre-deploy-k9.msi
2014-04-02 19:17 - 2014-04-02 19:17 - 00000044 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2014-04-02 17:02 - 2014-04-02 17:02 - 00000000 ____D () C:\Users\Owner\Documents\Optimizer Pro
2014-04-02 16:56 - 2014-04-02 16:56 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DigitalSites
2014-04-02 16:54 - 2014-04-02 16:54 - 00685240 _____ () C:\Users\Owner\Downloads\ImageEditorSetup (3).exe
2014-04-02 00:48 - 2014-04-02 00:48 - 01426178 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe
2014-04-02 00:32 - 2014-04-02 00:32 - 01038974 _____ (Thisisu) C:\Users\Owner\Downloads\JRT (3).exe
2014-04-02 00:29 - 2014-04-02 00:29 - 01038974 _____ (Thisisu) C:\Users\Owner\Downloads\JRT (1).exe
2014-03-29 18:42 - 2014-03-29 18:42 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-03-29 17:29 - 2014-03-29 17:29 - 00000487 _____ () C:\Users\Owner\Desktop\Minecraft - Shortcut.lnk
2014-03-29 17:12 - 2014-03-29 17:12 - 00686056 _____ () C:\Users\Owner\Downloads\ImageEditorSetup (2).exe
2014-03-29 17:11 - 2014-03-29 17:11 - 00686056 _____ () C:\Users\Owner\Downloads\ImageEditorSetup (1).exe
2014-03-29 17:10 - 2014-03-29 17:10 - 00686056 _____ () C:\Users\Owner\Downloads\ImageEditorSetup.exe
2014-03-29 17:03 - 2014-03-29 17:03 - 00000000 ____D () C:\Program Files (x86)\Image Converter
2014-03-29 15:45 - 2014-03-29 15:44 - 00675988 _____ () C:\Users\Owner\Downloads\Minecraft.exe
2014-03-29 15:45 - 2014-03-29 15:44 - 00280212 _____ () C:\Users\Owner\Downloads\Minecraft (1).jar
2014-03-29 15:44 - 2014-03-29 15:44 - 00280212 _____ () C:\Users\Owner\Downloads\Minecraft.jar
2014-03-25 20:25 - 2014-03-25 20:26 - 12448960 _____ () C:\Users\Owner\Downloads\Glary_Utilities_v4.8.0.97.exe
2014-03-22 21:53 - 2014-03-22 21:55 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
2014-03-22 21:53 - 2014-03-22 21:53 - 02157056 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-03-21 01:20 - 2014-03-21 01:20 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
 
==================== One Month Modified Files and Folders =======
 
2014-04-20 22:21 - 2014-04-20 22:21 - 02056704 _____ (Farbar) C:\Users\Owner\Downloads\FRST64 (1).exe
2014-04-20 22:21 - 2014-04-20 22:21 - 00026185 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-04-20 22:21 - 2014-04-20 22:06 - 00000000 ____D () C:\FRST
2014-04-20 22:19 - 2014-04-20 22:19 - 00016847 _____ () C:\Users\Owner\Desktop\CheckResults.txt
2014-04-20 22:15 - 2010-11-07 19:02 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-20 22:15 - 2010-11-07 19:02 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-20 22:14 - 2013-08-14 22:01 - 00004972 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MIKKI-PC-Owner Mikki-PC
2014-04-20 22:13 - 2014-04-20 22:09 - 00049133 _____ () C:\Users\Owner\Desktop\Addition.txt
2014-04-20 22:13 - 2014-04-20 22:06 - 00058066 _____ () C:\Users\Owner\Desktop\FRST.txt
2014-04-20 22:08 - 2012-10-04 20:36 - 00000000 ____D () C:\Users\Owner\AppData\Local\Backup Assistant Plus
2014-04-20 22:05 - 2014-04-20 22:05 - 01673896 _____ (Malwarebytes Corporation) C:\Users\Owner\Downloads\mbam-check-2.1.0.0002.exe
2014-04-20 22:05 - 2014-04-20 22:05 - 01673896 _____ (Malwarebytes Corporation) C:\Users\Owner\Desktop\mbam-check-2.1.0.0002.exe
2014-04-20 22:04 - 2014-04-20 22:04 - 02056704 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-04-20 22:01 - 2014-01-28 01:51 - 00002972 _____ () C:\Windows\System32\Tasks\GU4SkipUAC
2014-04-20 22:01 - 2014-01-28 01:51 - 00002628 _____ () C:\Windows\System32\Tasks\GlaryInitialize 4
2014-04-20 22:01 - 2014-01-28 01:51 - 00001051 _____ () C:\Users\Public\Desktop\Glary Utilities 4.lnk
2014-04-20 22:01 - 2014-01-28 01:51 - 00000332 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-04-20 22:01 - 2014-01-28 01:50 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-04-20 22:01 - 2013-06-19 20:23 - 00000000 ___RD () C:\Users\Owner\SkyDrive
2014-04-20 22:00 - 2014-02-21 16:45 - 00002186 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-04-20 21:59 - 2014-04-20 21:59 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-04-20 21:59 - 2014-04-20 21:58 - 12484680 _____ () C:\Users\Owner\Downloads\gup4setup (1).exe
2014-04-20 21:58 - 2014-04-20 22:00 - 06081224 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\OneDriveSetup (1).exe
2014-04-20 21:58 - 2013-02-28 13:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-20 21:55 - 2010-11-07 18:48 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2681166796-2007918134-1661358387-1000UA.job
2014-04-20 20:06 - 2009-07-13 23:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-20 20:06 - 2009-07-13 23:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-20 19:43 - 2014-04-20 19:43 - 00015854 _____ () C:\Users\Owner\Downloads\Copy of Updated Inventory 1-11-13_FB (1).xlsx
2014-04-20 19:28 - 2014-04-20 19:28 - 00002612 _____ () C:\Users\Owner\Desktop\SearchMyFiles.cfg
2014-04-20 19:26 - 2011-08-04 15:15 - 00004668 _____ () C:\Windows\mozy.flt
2014-04-20 19:26 - 2011-08-04 15:15 - 00003744 _____ () C:\Windows\mozy.blk
2014-04-20 19:12 - 2010-07-31 12:39 - 02085183 _____ () C:\Windows\WindowsUpdate.log
2014-04-20 19:11 - 2013-09-22 18:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Box Sync
2014-04-20 19:03 - 2014-04-20 19:03 - 00275536 _____ () C:\Windows\Minidump\042014-31637-01.dmp
2014-04-20 19:03 - 2014-04-20 19:03 - 00000000 ____D () C:\Windows\Minidump
2014-04-20 19:03 - 2014-04-19 13:56 - 00000224 _____ () C:\Windows\setupact.log
2014-04-20 19:03 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-20 19:02 - 2014-04-20 19:02 - 348648563 _____ () C:\Windows\MEMORY.DMP
2014-04-20 19:02 - 2014-04-19 13:55 - 00004212 _____ () C:\Windows\PFRO.log
2014-04-20 18:57 - 2014-04-20 18:56 - 00000000 ____D () C:\Users\Owner\Desktop\coupon binder pics
2014-04-20 18:16 - 2014-04-20 18:16 - 00000000 ____D () C:\Users\Owner\AppData\LocalGoogle
2014-04-20 12:58 - 2014-04-10 22:59 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-20 12:58 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-20 12:07 - 2014-04-20 12:06 - 17305528 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam_premium.exe
2014-04-20 11:19 - 2014-04-16 22:39 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2014-04-20 10:45 - 2010-11-07 18:48 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2681166796-2007918134-1661358387-1000Core.job
2014-04-19 15:15 - 2013-06-19 18:23 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-04-19 14:03 - 2009-07-14 00:13 - 00834834 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-19 13:56 - 2014-04-19 13:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-19 01:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-16 23:02 - 2011-08-05 18:07 - 00000000 ____D () C:\Program Files\MozyHome
2014-04-16 22:40 - 2014-04-16 22:40 - 00001785 _____ () C:\Users\Owner\Desktop\Verizon Cloud.lnk
2014-04-16 22:40 - 2014-04-16 22:40 - 00000000 ____D () C:\ProgramData\Verizon
2014-04-16 22:40 - 2014-04-16 22:39 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon Cloud
2014-04-16 22:39 - 2014-04-16 22:38 - 00000000 ____D () C:\Program Files\Verizon Cloud
2014-04-16 22:37 - 2014-04-16 22:37 - 51626544 _____ (Installation Program) C:\Users\Owner\Downloads\bapinstaller.exe
2014-04-16 22:37 - 2014-04-16 22:37 - 02402624 _____ () C:\Users\Owner\Downloads\VerizonWindowsInstaller.exe
2014-04-15 22:28 - 2010-10-15 17:08 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Adobe
2014-04-15 21:43 - 2014-04-15 21:43 - 00001060 _____ () C:\Users\Owner\Desktop\mbam4-14.txt
2014-04-15 02:15 - 2010-07-22 05:34 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-15 01:42 - 2014-01-21 06:48 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-04-15 01:42 - 2014-01-21 06:48 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-04-15 01:42 - 2013-11-20 08:17 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2014-04-15 01:42 - 2013-11-20 08:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-15 01:42 - 2013-10-01 22:01 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\dvdcss
2014-04-15 01:42 - 2013-09-22 19:01 - 00000000 ____D () C:\Users\Owner\Documents\My Box Files
2014-04-15 01:42 - 2013-09-08 19:52 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\ooVoo Details
2014-04-15 01:42 - 2013-08-14 08:10 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-04-15 01:42 - 2013-08-14 08:10 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-04-15 01:42 - 2013-05-26 21:30 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\.minecraft
2014-04-15 01:42 - 2013-04-17 02:22 - 00000000 ____D () C:\Users\Owner\4-15-13_Maxx files
2014-04-15 01:42 - 2013-04-05 01:57 - 00000000 ____D () C:\ProgramData\InstallMate
2014-04-15 01:42 - 2013-02-18 22:29 - 00000000 ____D () C:\Users\Owner\Documents\Storia
2014-04-15 01:42 - 2012-12-26 16:33 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\ASUS WebStorage
2014-04-15 01:42 - 2012-10-22 20:13 - 00000000 ____D () C:\Users\Owner\AAPC
2014-04-15 01:42 - 2012-08-18 17:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\ArcSoft
2014-04-15 01:42 - 2012-08-08 05:52 - 00000000 ____D () C:\ProgramData\Motorola
2014-04-15 01:42 - 2012-07-23 16:14 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Imagenomic
2014-04-15 01:42 - 2012-02-21 08:17 - 00000000 ___RD () C:\Users\Owner\Documents\Desktop stuff
2014-04-15 01:42 - 2012-02-13 22:02 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2014-04-15 01:42 - 2012-02-01 06:41 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-04-15 01:42 - 2011-12-30 15:06 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\calibre
2014-04-15 01:42 - 2011-07-08 20:59 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Apple Computer
2014-04-15 01:42 - 2011-07-08 20:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\V CAST Media Manager
2014-04-15 01:42 - 2011-07-08 20:19 - 00000000 ____D () C:\ProgramData\Apple
2014-04-15 01:42 - 2011-03-19 21:02 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox
2014-04-15 01:42 - 2011-01-25 21:51 - 00000000 ____D () C:\Users\Owner\Documents\CyberLink
2014-04-15 01:42 - 2011-01-25 21:51 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\CyberLink
2014-04-15 01:42 - 2011-01-25 21:51 - 00000000 ____D () C:\Users\Owner\AppData\Local\Cyberlink
2014-04-15 01:42 - 2011-01-05 01:33 - 00000000 ____D () C:\Users\Owner\Documents\CVs
2014-04-15 01:42 - 2011-01-02 14:45 - 00000000 ____D () C:\Users\Owner\AppData\Local\Quicken WillMaker Plus 2011
2014-04-15 01:42 - 2010-12-26 10:43 - 00000000 ____D () C:\Users\Owner\Documents\Books
2014-04-15 01:42 - 2010-11-19 20:34 - 00000000 ____D () C:\Users\Owner\AppData\Local\Digsby
2014-04-15 01:42 - 2010-11-10 20:41 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\ICAClient
2014-04-15 01:42 - 2010-11-07 19:54 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-04-15 01:42 - 2010-11-07 18:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Google
2014-04-15 01:42 - 2010-11-07 18:40 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-04-15 01:42 - 2010-10-15 15:03 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apps\2.0
2014-04-15 01:42 - 2010-10-15 15:01 - 00000000 ____D () C:\Users\Owner
2014-04-15 01:42 - 2010-07-22 05:40 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-15 01:42 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-04-15 01:01 - 2014-04-15 01:01 - 00010164 _____ () C:\Windows\SysWOW64\RegFile3.txt
2014-04-14 23:54 - 2014-04-14 23:54 - 12480432 _____ () C:\Users\Owner\Downloads\gup4setup.exe
2014-04-14 23:52 - 2014-04-14 23:52 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Owner\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-14 03:05 - 2014-01-28 01:50 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-04-13 21:07 - 2014-04-20 22:01 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-04-10 22:58 - 2010-11-19 20:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-10 21:37 - 2014-04-10 21:36 - 05245480 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-10 21:34 - 2013-08-01 20:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 21:27 - 2014-04-10 21:27 - 00448512 _____ (OldTimer Tools) C:\Users\Owner\Downloads\TFC (1).exe
2014-04-10 21:27 - 2014-04-10 21:27 - 00448512 _____ (OldTimer Tools) C:\Users\Owner\Desktop\TFC.exe
2014-04-10 21:22 - 2010-10-15 16:40 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-07 21:10 - 2014-04-07 21:10 - 00076027 _____ () C:\Users\Owner\Downloads\Checking2.qfx
2014-04-07 20:36 - 2014-04-07 20:36 - 00145288 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-07 20:15 - 2014-04-07 20:15 - 00022250 _____ () C:\Users\Owner\Documents\cc_20140407_201517.reg
2014-04-07 20:08 - 2012-12-02 17:48 - 00000789 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-07 20:08 - 2012-12-02 17:48 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-07 20:07 - 2014-04-07 20:07 - 04787368 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup412.exe
2014-04-03 17:28 - 2013-12-23 21:01 - 00000000 ____D () C:\Users\Owner\Downloads\New folder (2)
2014-04-03 11:58 - 2014-04-03 11:58 - 00000000 ____D () C:\Program Files\Reason
2014-04-03 11:46 - 2014-04-03 11:46 - 02171728 _____ (Reason Company Software Inc.) C:\Users\Owner\Downloads\herdProtectScan_Setup.exe
2014-04-03 11:12 - 2014-04-03 11:10 - 00000000 ____D () C:\Users\Owner\Downloads\Chameleon
2014-04-03 11:03 - 2013-08-28 01:45 - 00007604 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2014-04-03 10:20 - 2014-04-03 09:55 - 00000632 __RSH () C:\Users\Owner\ntuser.pol
2014-04-03 09:47 - 2014-04-03 09:45 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-04-03 09:47 - 2013-05-26 21:14 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-02 23:36 - 2014-04-02 23:36 - 00000000 ____D () C:\Windows\SysWOW64\Log
2014-04-02 23:12 - 2013-04-08 16:25 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-04-02 23:08 - 2014-04-02 23:08 - 04288000 _____ () C:\Users\Owner\Downloads\anyconnect-win-3.1.04063-pre-deploy-k9.msi
2014-04-02 19:57 - 2010-07-22 05:34 - 00000000 ____D () C:\ProgramData\Google
2014-04-02 19:41 - 2010-10-15 15:01 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-02 19:17 - 2014-04-02 19:17 - 00000044 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
2014-04-02 17:02 - 2014-04-02 17:02 - 00000000 ____D () C:\Users\Owner\Documents\Optimizer Pro
2014-04-02 16:56 - 2014-04-02 16:56 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DigitalSites
2014-04-02 16:54 - 2014-04-02 16:54 - 00685240 _____ () C:\Users\Owner\Downloads\ImageEditorSetup (3).exe
2014-04-02 00:51 - 2014-01-26 15:00 - 00000000 ____D () C:\AdwCleaner
2014-04-02 00:48 - 2014-04-02 00:48 - 01426178 _____ () C:\Users\Owner\Downloads\AdwCleaner.exe
2014-04-02 00:32 - 2014-04-02 00:32 - 01038974 _____ (Thisisu) C:\Users\Owner\Downloads\JRT (3).exe
2014-04-02 00:29 - 2014-04-02 00:29 - 01038974 _____ (Thisisu) C:\Users\Owner\Downloads\JRT (1).exe
2014-03-31 09:35 - 2010-10-15 16:47 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-31 06:50 - 2010-11-07 18:48 - 00003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2681166796-2007918134-1661358387-1000UA
2014-03-31 06:50 - 2010-11-07 18:48 - 00003486 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2681166796-2007918134-1661358387-1000Core
2014-03-29 18:42 - 2014-03-29 18:42 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\wStLibG64.sys
2014-03-29 18:42 - 2009-07-13 21:34 - 00000580 _____ () C:\Windows\win.ini
2014-03-29 17:29 - 2014-03-29 17:29 - 00000487 _____ () C:\Users\Owner\Desktop\Minecraft - Shortcut.lnk
2014-03-29 17:12 - 2014-03-29 17:12 - 00686056 _____ () C:\Users\Owner\Downloads\ImageEditorSetup (2).exe
2014-03-29 17:11 - 2014-03-29 17:11 - 00686056 _____ () C:\Users\Owner\Downloads\ImageEditorSetup (1).exe
2014-03-29 17:10 - 2014-03-29 17:10 - 00686056 _____ () C:\Users\Owner\Downloads\ImageEditorSetup.exe
2014-03-29 17:03 - 2014-03-29 17:03 - 00000000 ____D () C:\Program Files (x86)\Image Converter
2014-03-29 15:44 - 2014-03-29 15:45 - 00675988 _____ () C:\Users\Owner\Downloads\Minecraft.exe
2014-03-29 15:44 - 2014-03-29 15:45 - 00280212 _____ () C:\Users\Owner\Downloads\Minecraft (1).jar
2014-03-29 15:44 - 2014-03-29 15:44 - 00280212 _____ () C:\Users\Owner\Downloads\Minecraft.jar
2014-03-28 21:16 - 2010-07-22 05:25 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-25 22:10 - 2010-11-07 19:02 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-25 22:10 - 2010-11-07 19:02 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-25 20:26 - 2014-03-25 20:25 - 12448960 _____ () C:\Users\Owner\Downloads\Glary_Utilities_v4.8.0.97.exe
2014-03-24 00:32 - 2010-07-22 05:40 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-03-24 00:28 - 2014-03-16 17:21 - 00000000 ____D () C:\Program Files (x86)\ReNamer
2014-03-23 16:18 - 2011-01-02 14:41 - 00000000 ____D () C:\Users\Owner\Documents\zFinances
2014-03-23 14:34 - 2013-11-13 17:24 - 00000000 ____D () C:\Users\Owner\Documents\Outlook Files
2014-03-22 21:55 - 2014-03-22 21:53 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
2014-03-22 21:53 - 2014-03-22 21:53 - 02157056 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2014-03-22 21:44 - 2011-11-23 05:26 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-03-22 01:22 - 2013-10-20 12:06 - 00000000 ____D () C:\Users\Owner\Documents\Finance
2014-03-21 16:55 - 2010-11-07 18:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-21 01:20 - 2014-03-21 01:20 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
 
Files to move or delete:
====================
C:\Users\Owner\cc_20130408_145109.reg
C:\Users\Owner\setup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-17 08:16
 
==================== End Of Log ============================
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Home Premium x64

Ran by Owner on Mon 04/21/2014 at 19:27:51.12

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Users\Owner\documents\optimizer pro"
Link to post
Share on other sites

 # AdwCleaner v3.103 - Report created 21/04/2014 at 20:42:42

# Updated 21/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - MIKKI-PC
# Running from : C:\Users\Owner\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : wStLibG64
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\Owner\AppData\Roaming\DigitalSites
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilMegaBrowse_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilMegaBrowse_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-1824435291
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{1a34a8e0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49B4-9D64-90988571CECB}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\settin~1\systemk\syskldr.dll
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v27.0.1 (en-US)
 
[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ghug7evk.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5629 octets] - [26/01/2014 15:00:20]
AdwCleaner[R1].txt - [907 octets] - [27/01/2014 07:31:28]
AdwCleaner[R2].txt - [1025 octets] - [28/01/2014 01:06:18]
AdwCleaner[R3].txt - [3228 octets] - [13/02/2014 05:14:40]
AdwCleaner[R4].txt - [2093 octets] - [09/03/2014 01:32:04]
AdwCleaner[R5].txt - [5492 octets] - [02/04/2014 00:49:20]
AdwCleaner[R6].txt - [4113 octets] - [21/04/2014 20:09:05]
AdwCleaner[s0].txt - [5211 octets] - [26/01/2014 15:02:20]
AdwCleaner[s1].txt - [619 octets] - [27/01/2014 07:37:19]
AdwCleaner[s2].txt - [1087 octets] - [28/01/2014 01:08:00]
AdwCleaner[s3].txt - [3101 octets] - [13/02/2014 05:17:30]
AdwCleaner[s4].txt - [2172 octets] - [09/03/2014 01:49:41]
AdwCleaner[s5].txt - [7281 octets] - [09/03/2014 09:53:48]
AdwCleaner[s6].txt - [3794 octets] - [21/04/2014 20:42:42]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s6].txt - [3854 octets] ##########
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.