Jump to content

trovi.a keeps coming back


Recommended Posts

Hi & :welcome:

My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :excl:

  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please post up the last MBAM-Logs.

Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select "Run As Administrator"

  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[s#].txt) will open automatically.

    Copy and paste the contents of that logfile in your next reply.

Step 3

Download 51a612a8b27e2-Zoek.pngzoek.exe to your desktop

  • If Internet Explorer, any other browser, or a security program issues a warning indicating the file is unsafe, please ignore, since it is a false warning.
Using Zoek.exe
  • On the Desktop, double-click Zoek.exe to start the tool.

    Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.

    Give the program a few seconds to appear.

  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this system only, do not use it on any other computer even if the problems are similar.

    CHRdefaults;emptyclsid;autoclean;
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive.
  • Please post the logfile for further review in your next comment.
Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.

    Please copy and paste the log in your next reply.

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

 

Protection, 7/18/2014 9:23:35 AM, SYSTEM, JIM-LAPTOP, Protection, Malicious Website Protection, Starting, 

Protection, 7/18/2014 9:23:43 AM, SYSTEM, JIM-LAPTOP, Protection, Malicious Website Protection, Started, 

Protection, 7/18/2014 9:24:30 AM, SYSTEM, JIM-LAPTOP, Protection, Malware Protection, Starting, 

Protection, 7/18/2014 9:24:30 AM, SYSTEM, JIM-LAPTOP, Protection, Malware Protection, Started, 

 

(end)

 

 

This is the most recent log I could find in the history tab.

Link to post
Share on other sites

# AdwCleaner v3.216 - Report created 18/07/2014 at 12:56:21

# Updated 17/07/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Jim - JIM-LAPTOP

# Running from : C:\Users\Jim\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

[#] Service Deleted : globalUpdate

[#] Service Deleted : globalUpdatem

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer

Folder Deleted : C:\Program Files (x86)\predm

Folder Deleted : C:\Users\Jim\AppData\Local\globalUpdate

Folder Deleted : C:\Users\Jim\AppData\Roaming\Activeris

File Deleted : C:\END

File Deleted : C:\Windows\System32\roboot64.exe

File Deleted : C:\Users\Jim\Desktop\Continue VuuPC Installation.lnk

File Deleted : C:\Users\Jim\Desktop\NewPlayer.lnk

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\GlobalUpdate

Key Deleted : HKCU\Software\installedbrowserextensions

Key Deleted : HKCU\Software\Optimizer Pro

Key Deleted : HKCU\Software\TutoTag

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Deleted : HKLM\Software\GlobalUpdate

Key Deleted : HKLM\Software\installedbrowserextensions

Key Deleted : HKLM\Software\NewPlayer

Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions

Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll

Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17207

 

 

-\\ Google Chrome v35.0.1916.153

 

[ File : C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [startup_urls] : hxxps://mail.google.com/mail/ca/u/0/#inbox

Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3325277&octid=EB_ORIGINAL_CTID&ISID=M8F6ECD14-4E5E-4749-9C06-BCAEA8866F5D&SearchSource=55&CUI=&UM=2&UP=SP3DC2F962-4CFB-49DA-90FA-3245771B5F94&SSPV=SE3NTPBGF_sp_ch

Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl

Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

 

*************************

 

AdwCleaner[R0].txt - [3886 octets] - [18/07/2014 12:55:36]

AdwCleaner[s0].txt - [3685 octets] - [18/07/2014 12:56:21]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3745 octets] ##########


# AdwCleaner v3.216 - Report created 18/07/2014 at 12:56:21

# Updated 17/07/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Jim - JIM-LAPTOP

# Running from : C:\Users\Jim\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

[#] Service Deleted : globalUpdate

[#] Service Deleted : globalUpdatem

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer

Folder Deleted : C:\Program Files (x86)\predm

Folder Deleted : C:\Users\Jim\AppData\Local\globalUpdate

Folder Deleted : C:\Users\Jim\AppData\Roaming\Activeris

File Deleted : C:\END

File Deleted : C:\Windows\System32\roboot64.exe

File Deleted : C:\Users\Jim\Desktop\Continue VuuPC Installation.lnk

File Deleted : C:\Users\Jim\Desktop\NewPlayer.lnk

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\GlobalUpdate

Key Deleted : HKCU\Software\installedbrowserextensions

Key Deleted : HKCU\Software\Optimizer Pro

Key Deleted : HKCU\Software\TutoTag

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Deleted : HKLM\Software\GlobalUpdate

Key Deleted : HKLM\Software\installedbrowserextensions

Key Deleted : HKLM\Software\NewPlayer

Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions

Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll

Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17207

 

 

-\\ Google Chrome v35.0.1916.153

 

[ File : C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [startup_urls] : hxxps://mail.google.com/mail/ca/u/0/#inbox

Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3325277&octid=EB_ORIGINAL_CTID&ISID=M8F6ECD14-4E5E-4749-9C06-BCAEA8866F5D&SearchSource=55&CUI=&UM=2&UP=SP3DC2F962-4CFB-49DA-90FA-3245771B5F94&SSPV=SE3NTPBGF_sp_ch

Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl

Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

 

*************************

 

AdwCleaner[R0].txt - [3886 octets] - [18/07/2014 12:55:36]

AdwCleaner[s0].txt - [3685 octets] - [18/07/2014 12:56:21]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3745 octets] ##########


# AdwCleaner v3.216 - Report created 18/07/2014 at 12:56:21

# Updated 17/07/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Jim - JIM-LAPTOP

# Running from : C:\Users\Jim\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

[#] Service Deleted : globalUpdate

[#] Service Deleted : globalUpdatem

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer

Folder Deleted : C:\Program Files (x86)\predm

Folder Deleted : C:\Users\Jim\AppData\Local\globalUpdate

Folder Deleted : C:\Users\Jim\AppData\Roaming\Activeris

File Deleted : C:\END

File Deleted : C:\Windows\System32\roboot64.exe

File Deleted : C:\Users\Jim\Desktop\Continue VuuPC Installation.lnk

File Deleted : C:\Users\Jim\Desktop\NewPlayer.lnk

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\GlobalUpdate

Key Deleted : HKCU\Software\installedbrowserextensions

Key Deleted : HKCU\Software\Optimizer Pro

Key Deleted : HKCU\Software\TutoTag

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Deleted : HKLM\Software\GlobalUpdate

Key Deleted : HKLM\Software\installedbrowserextensions

Key Deleted : HKLM\Software\NewPlayer

Key Deleted : [x64] HKLM\SOFTWARE\installedbrowserextensions

Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll

Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17207

 

 

-\\ Google Chrome v35.0.1916.153

 

[ File : C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [startup_urls] : hxxps://mail.google.com/mail/ca/u/0/#inbox

Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3325277&octid=EB_ORIGINAL_CTID&ISID=M8F6ECD14-4E5E-4749-9C06-BCAEA8866F5D&SearchSource=55&CUI=&UM=2&UP=SP3DC2F962-4CFB-49DA-90FA-3245771B5F94&SSPV=SE3NTPBGF_sp_ch

Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl

Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb

 

*************************

 

AdwCleaner[R0].txt - [3886 octets] - [18/07/2014 12:55:36]

AdwCleaner[s0].txt - [3685 octets] - [18/07/2014 12:56:21]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3745 octets] ##########

 


Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 7/18/2014

Scan Time: 1:39:43 PM

Logfile: 

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.07.18.08

Rootkit Database: v2014.07.17.01

License: Premium

Malware Protection: Disabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Jim

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 279746

Time Elapsed: 5 min, 0 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01

Ran by Jim (administrator) on JIM-LAPTOP on 18-07-2014 14:02:39

Running from C:\Users\Jim\Desktop

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(FedEx Corporation) C:\Program Files (x86)\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(iAnywhere Solutions, Inc.) C:\Program Files (x86)\FedEx\ShipManager\SQLAnywhere\Bin32\dbsrv11.exe

(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe

(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe

(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe

() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

() C:\Program Files (x86)\FedEx\ShipManager\BIN\AdminService.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(FedEx Corporation) C:\Program Files (x86)\FedEx\ShipManager\BIN\ShipEngineService.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe

(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe

(Akamai Technologies, Inc.) C:\Users\Jim\AppData\Local\Akamai\netsession_win.exe

(Akamai Technologies, Inc.) C:\Users\Jim\AppData\Local\Akamai\netsession_win.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe

(FedEx Corporation) C:\Program Files (x86)\FedEx\ShipManager\BIN\TransEngineService.exe

(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [ASUSQuickGesture(x86)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe [20352 2012-09-11] (ASUSTeK Computer Inc.)

HKLM\...\Run: [ASUSTPLoader(x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe [169856 2012-09-11] (AsusTek)

HKLM\...\Run: [ASUSQuickGesture(x64)] => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe [22400 2012-09-11] (ASUSTeK Computer Inc.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.)

HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\S-1-5-21-3331341093-2676811913-1412392328-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Jim\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)

HKU\S-1-5-21-3331341093-2676811913-1412392328-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-07-03] (Glarysoft Ltd)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AddonNP.lnk

ShortcutTarget: AddonNP.lnk -> C:\Program Files (x86)\NewPlayer\AddonNP.exe (No File)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk

ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk

ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)

ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

BootExecute: autocheck autochk *  sdnclean64.exe

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7D9D2F6402B8CE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}

SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: ASUS Browser Extension x86 -> {78234974-0C4B-4111-BDEB-D9A104418771} -> C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll (ASUSTeK Computer Inc.)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab

Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} -  No File

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)

Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25

 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

Chrome: 

=======

CHR Extension: (Google Docs) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-12]

CHR Extension: (Google Drive) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-12]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]

CHR Extension: (YouTube) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-12]

CHR Extension: (Google Search) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-12]

CHR Extension: (Skype Click to Call) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-11-12]

CHR Extension: (Google Wallet) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-12]

CHR Extension: (Gmail) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-12]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

 

==================== Services (Whitelisted) =================

 

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)

R2 FedExAdminService; C:\Program Files (x86)\FedEx\ShipManager\BIN\AdminService.exe [24576 2013-07-24] () [File not signed]

R2 FedExLoggingService; C:\Program Files (x86)\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe [7168 2013-07-24] (FedEx Corporation) [File not signed]

R2 FedExShipnetDBService; C:\Program Files (x86)\FedEx\ShipManager\SQLAnywhere\Bin32\dbsrv11.exe [141176 2013-07-24] (iAnywhere Solutions, Inc.)

R3 FedExShipService; C:\Program Files (x86)\FedEx\ShipManager\BIN\ShipEngineService.exe [5120 2013-07-24] (FedEx Corporation) [File not signed]

R3 FedExTransactionService; C:\Program Files (x86)\FedEx\ShipManager\BIN\TransEngineService.exe [6656 2013-07-24] (FedEx Corporation) [File not signed]

R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-10] (Nero AG)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]

R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-06-26] (Intuit) [File not signed]

S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-02-27] (Intuit Inc.) [File not signed]

R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-02-27] (Intuit Inc.) [File not signed]

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

 

==================== Drivers (Whitelisted) ====================

 

R3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [56704 2012-09-11] (ASUS Corporation)

R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-06-02] (Glarysoft Ltd)

R0 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-07-03] (Glarysoft Ltd)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-18] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R2 monblanking; C:\Windows\System32\DRIVERS\monblanking.sys [34960 2014-01-30] (Citrix Systems, Inc.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)

S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2012-02-09] (Synaptics Incorporated)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-07-18 14:02 - 2014-07-18 14:02 - 00000000 ____D () C:\Users\Jim\Desktop\FRST-OlderVersion

2014-07-18 13:07 - 2014-07-18 13:07 - 00000000 ____D () C:\Users\Jim\.android

2014-07-18 13:07 - 2014-07-18 12:59 - 00024064 _____ () C:\Windows\zoek-delete.exe

2014-07-18 13:00 - 2014-07-18 13:08 - 00007900 _____ () C:\zoek-results.log

2014-07-18 12:59 - 2014-07-18 13:07 - 00000000 ____D () C:\zoek_backup

2014-07-18 12:59 - 2014-07-18 12:59 - 01287168 _____ () C:\Users\Jim\Desktop\zoek.exe

2014-07-18 12:58 - 2014-07-18 12:58 - 01354223 _____ () C:\Users\Jim\Desktop\AdwCleaner (1).exe

2014-07-18 12:55 - 2014-07-18 12:56 - 00000000 ____D () C:\AdwCleaner

2014-07-18 12:55 - 2014-07-18 12:55 - 01354223 _____ () C:\Users\Jim\Desktop\AdwCleaner.exe

2014-07-18 12:55 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-07-11 22:20 - 2014-07-11 22:23 - 00030238 _____ () C:\Users\Jim\Desktop\Addition.txt

2014-07-11 22:19 - 2014-07-18 14:02 - 00018368 _____ () C:\Users\Jim\Desktop\FRST.txt

2014-07-11 22:19 - 2014-07-18 14:02 - 00000000 ____D () C:\FRST

2014-07-11 22:18 - 2014-07-18 14:02 - 02086912 _____ (Farbar) C:\Users\Jim\Desktop\FRST64.exe

2014-07-11 13:42 - 2014-07-11 13:42 - 00006848 _____ () C:\Users\Jim\Desktop\fedex archive.txt

2014-07-10 13:33 - 2014-07-10 13:33 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2014-07-09 23:32 - 2014-07-09 23:32 - 01086104 _____ () C:\Users\Jim\Downloads\Setup (1).exe

2014-07-09 23:28 - 2014-07-09 23:28 - 00003130 _____ () C:\Windows\System32\Tasks\{96E6DA42-8CAB-438B-ABEA-2C8B4C778EBB}

2014-07-09 23:25 - 2014-07-09 23:25 - 00003122 _____ () C:\Windows\System32\Tasks\{16008FBF-A6A6-4591-8367-3B251C03EE22}

2014-07-09 23:21 - 2014-07-09 23:21 - 00000000 ____D () C:\Users\Jim\AppData\Local\com

2014-07-09 23:18 - 2014-07-09 23:18 - 01086104 _____ () C:\Users\Jim\Downloads\Setup.exe

2014-07-09 08:45 - 2014-06-29 19:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-07-09 08:45 - 2014-06-29 19:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-07-09 08:45 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe

2014-07-09 08:45 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe

2014-07-09 08:45 - 2014-06-17 18:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-07-09 08:45 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-07-09 08:45 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2014-07-09 08:45 - 2014-05-30 01:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-07-09 08:45 - 2014-05-30 01:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-07-09 08:45 - 2014-05-30 00:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-07-09 08:45 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2014-07-09 08:45 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2014-07-09 08:45 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2014-07-09 08:44 - 2014-06-20 13:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-07-09 08:44 - 2014-06-20 12:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-07-09 08:44 - 2014-06-18 18:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-07-09 08:44 - 2014-06-18 18:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-07-09 08:44 - 2014-06-18 18:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-07-09 08:44 - 2014-06-18 17:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-07-09 08:44 - 2014-06-18 17:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-07-09 08:44 - 2014-06-18 17:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-07-09 08:44 - 2014-06-18 17:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-07-09 08:44 - 2014-06-18 17:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-07-09 08:44 - 2014-06-18 17:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-07-09 08:44 - 2014-06-18 17:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-07-09 08:44 - 2014-06-18 17:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-07-09 08:44 - 2014-06-18 17:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-07-09 08:44 - 2014-06-18 17:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-07-09 08:44 - 2014-06-18 17:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-07-09 08:44 - 2014-06-18 17:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-07-09 08:44 - 2014-06-18 17:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-07-09 08:44 - 2014-06-18 17:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-07-09 08:44 - 2014-06-18 16:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-07-09 08:44 - 2014-06-18 16:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-07-09 08:44 - 2014-06-18 16:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-07-09 08:44 - 2014-06-18 16:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-07-09 08:44 - 2014-06-18 16:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-07-09 08:44 - 2014-06-18 16:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-07-09 08:44 - 2014-06-18 16:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-07-09 08:44 - 2014-06-18 16:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-07-09 08:44 - 2014-06-18 16:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-07-09 08:44 - 2014-06-18 16:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-07-09 08:44 - 2014-06-18 16:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-07-09 08:44 - 2014-06-18 16:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-07-09 08:44 - 2014-06-18 16:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-07-09 08:44 - 2014-06-18 16:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-07-09 08:44 - 2014-06-18 16:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-07-09 08:44 - 2014-06-18 16:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-07-09 08:44 - 2014-06-18 16:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-07-09 08:44 - 2014-06-18 16:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-07-09 08:44 - 2014-06-18 16:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-07-09 08:44 - 2014-06-18 16:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-07-09 08:44 - 2014-06-18 16:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-07-09 08:44 - 2014-06-18 16:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-07-09 08:44 - 2014-06-18 16:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-07-09 08:44 - 2014-06-18 15:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-07-09 08:44 - 2014-06-18 15:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-07-09 08:44 - 2014-06-18 15:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-07-09 08:44 - 2014-06-18 15:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-07-09 08:44 - 2014-06-18 15:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-07-09 08:44 - 2014-06-18 15:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-07-09 08:44 - 2014-06-18 15:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-07-09 08:44 - 2014-06-18 15:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-07-09 08:44 - 2014-06-18 15:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-07-09 08:44 - 2014-06-18 15:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-07-09 08:44 - 2014-06-18 15:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-07-09 08:44 - 2014-06-18 15:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-07-09 08:44 - 2014-06-18 15:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-07-09 08:44 - 2014-06-18 15:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-07-09 08:44 - 2014-05-30 01:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-07-09 08:44 - 2014-05-30 01:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2014-07-09 08:44 - 2014-05-30 01:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-07-09 08:44 - 2014-05-30 01:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-07-09 08:44 - 2014-05-30 01:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-07-09 08:44 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2014-07-09 08:44 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2014-07-09 08:44 - 2014-05-30 00:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-07-09 08:44 - 2014-05-30 00:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-07-09 08:43 - 2014-06-05 07:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-07-09 08:43 - 2014-06-05 07:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-07-09 08:43 - 2014-06-05 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-07-09 08:37 - 2014-07-18 13:07 - 00139100 _____ () C:\Windows\PFRO.log

2014-07-09 08:37 - 2014-07-18 13:07 - 00001770 _____ () C:\Windows\setupact.log

2014-07-09 08:37 - 2014-07-09 08:37 - 00000000 _____ () C:\Windows\setuperr.log

2014-07-08 19:02 - 2014-07-08 19:02 - 00000000 __SHD () C:\Users\Jim\AppData\Local\EmieUserList

2014-07-08 19:02 - 2014-07-08 19:02 - 00000000 __SHD () C:\Users\Jim\AppData\Local\EmieSiteList

2014-07-08 19:00 - 2014-07-08 19:00 - 12897216 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Jim\Downloads\gosetup.exe

2014-07-08 19:00 - 2014-07-08 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix

2014-07-08 19:00 - 2014-07-08 19:00 - 00000000 ____D () C:\Program Files (x86)\Citrix

2014-07-08 19:00 - 2014-01-30 08:37 - 00131416 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Windows\system32\gotomon_x64.dll

2014-07-08 19:00 - 2014-01-30 08:23 - 00034960 _____ (Citrix Systems, Inc.) C:\Windows\system32\Drivers\monblanking.sys

2014-07-08 12:00 - 2014-07-08 12:00 - 00000000 ____D () C:\Users\Jim\AppData\Local\Citrix

2014-07-07 19:40 - 2014-07-10 19:45 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\crawl

2014-07-07 19:40 - 2014-07-07 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dungeon Crawl Stone Soup

2014-07-07 19:40 - 2014-07-07 19:40 - 00000000 ____D () C:\Program Files (x86)\Crawl

2014-07-07 19:39 - 2014-07-07 19:40 - 13328668 _____ () C:\Users\Jim\Desktop\stone_soup-0.14.1-win32-installer.exe

2014-07-07 17:06 - 2014-07-07 17:06 - 00347816 _____ (Microsoft Corporation) C:\Users\Jim\Desktop\MicrosoftFixit.Printing.Run.exe

2014-07-07 16:49 - 2009-12-07 09:41 - 00023552 _____ (Euro Plus d.o.o.) C:\Windows\system32\zdnPM64S.dll

2014-07-07 16:49 - 2009-12-07 09:41 - 00020480 _____ (Euro Plus d.o.o.) C:\Windows\system32\zdnPM64U.dll

2014-07-07 16:47 - 2014-07-07 16:47 - 00000000 ____D () C:\ZebraDriver

2014-07-07 16:46 - 2014-07-07 16:47 - 11177984 _____ () C:\Users\Jim\Desktop\ZebraFedEx_driver_4500_self_extracting15.exe

2014-07-07 16:29 - 2014-07-07 16:29 - 00002202 _____ () C:\Users\Public\Desktop\Help Me FedEx.lnk

2014-07-07 16:29 - 2014-07-07 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FedEx Ship Manager

2014-07-07 16:29 - 2014-07-07 16:29 - 00000000 ____D () C:\Program Files (x86)\FedEx

2014-07-07 16:15 - 2014-07-07 16:26 - 229610616 _____ (FedEx Corporation) C:\Users\Jim\Desktop\FedExShipManager_2704.exe

2014-07-07 11:21 - 2014-07-07 11:21 - 00000000 ___HD () C:\Windows\system32\CanonIJ Uninstaller Information

2014-07-07 11:20 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMLMAH.DLL

2014-07-07 11:20 - 2010-03-18 19:26 - 00348672 _____ (CANON INC.) C:\Windows\system32\CNC8100L.dll

2014-07-07 11:20 - 2010-03-18 19:25 - 00307200 _____ (CANON INC.) C:\Windows\SysWOW64\CNC8100L.dll

2014-07-07 11:20 - 2010-03-18 19:01 - 00059232 _____ () C:\Windows\SysWOW64\CNC8100W.DAT

2014-07-07 11:20 - 2010-03-18 19:01 - 00059232 _____ () C:\Windows\system32\CNC8100W.DAT

2014-07-07 11:20 - 2010-03-18 17:13 - 01354240 _____ (CANON INC.) C:\Windows\system32\CNC8100C.dll

2014-07-07 11:20 - 2010-03-18 17:13 - 00112128 _____ (CANON INC.) C:\Windows\system32\CNC8100I.dll

2014-07-07 11:20 - 2010-03-18 17:11 - 00106496 _____ (CANON INC.) C:\Windows\SysWOW64\CNC8100U.dll

2014-07-07 11:20 - 2010-03-16 08:49 - 00016128 _____ () C:\Windows\SysWOW64\CNC174BD.TBL

2014-07-07 11:20 - 2010-03-16 08:49 - 00016128 _____ () C:\Windows\system32\CNC174BD.TBL

2014-07-07 11:20 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll

2014-07-07 11:20 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll

2014-07-07 11:05 - 2014-07-07 11:05 - 00000000 ____D () C:\Users\Jim\Desktop\MF4150_MFDrivers_W64_us_EN

2014-07-07 11:04 - 2014-07-07 11:04 - 16850048 _____ () C:\Users\Jim\Desktop\MF4150_MFDrivers_W64_us_EN.exe

2014-07-07 10:53 - 2014-07-07 10:53 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe

2014-07-07 10:53 - 2014-07-07 10:53 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe

2014-07-07 10:53 - 2014-07-07 10:53 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe

2014-07-07 10:53 - 2014-07-07 10:53 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe

2014-07-07 10:53 - 2014-07-07 10:53 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe

2014-07-07 10:53 - 2014-07-07 10:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf

2014-07-07 10:53 - 2014-07-07 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center

2014-07-07 10:53 - 2014-07-07 10:53 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center

2014-07-07 10:10 - 2014-07-10 16:01 - 00000000 ____D () C:\Users\Jim\Desktop\Livin Spoonful, Inc.QBW.SearchIndex

2014-07-07 10:09 - 2014-07-10 19:38 - 170823680 ____R () C:\Users\Jim\Desktop\Livin Spoonful, Inc.QBW

2014-07-07 10:09 - 2014-07-10 19:38 - 00000346 _____ () C:\Users\Jim\Desktop\Livin Spoonful, Inc.QBW.ND

2014-07-07 10:09 - 2014-07-07 10:09 - 00000387 _____ () C:\Users\Jim\Desktop\Livin Spoonful, Inc.QBW.DSN

2014-07-04 08:28 - 2014-07-04 08:28 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

2014-07-04 08:28 - 2014-07-04 08:28 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

2014-07-04 08:28 - 2014-07-04 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

2014-07-04 08:28 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe

2014-07-03 09:45 - 2014-07-03 09:45 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Jim\Downloads\Spybot_Search_Destroy_v2.4.exe

2014-07-03 08:12 - 2014-07-03 08:12 - 14122128 _____ () C:\Users\Jim\Downloads\Glary_Utilities_Pro_v5.3.0.8.exe

2014-07-01 15:36 - 2014-07-01 15:36 - 00000000 ____D () C:\Users\Jim\Desktop\Livin Spoonful, Inc - Images

2014-07-01 14:12 - 2014-07-10 10:01 - 00000000 ____D () C:\Users\Jim\Desktop\QuickBooksAutoDataRecovery

2014-07-01 14:12 - 2014-07-01 14:12 - 00000496 ____R () C:\Users\Jim\Desktop\Livin Spoonful, Inc.lgb

2014-07-01 13:47 - 2014-07-01 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks

2014-07-01 13:47 - 2012-01-05 12:43 - 04218880 _____ (Amyuni Technologies http://www.amyuni.com) C:\Windows\SysWOW64\cdintf400.dll

2014-07-01 13:45 - 2014-07-01 13:45 - 00000000 ____D () C:\Users\Public\Documents\Intuit

2014-07-01 13:45 - 2014-07-01 13:45 - 00000000 ____D () C:\ProgramData\Nuance

2014-07-01 13:36 - 2014-07-01 13:41 - 564385456 _____ (Intuit, Inc. ) C:\Users\Jim\Desktop\QuickBooksPro2014.exe

2014-07-01 13:36 - 2014-07-01 13:41 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\Download Manager

2014-07-01 13:21 - 2014-07-01 13:23 - 00000000 ____D () C:\Users\Jim\Desktop\DownloadQB21

2014-07-01 13:20 - 2014-07-10 19:38 - 14942208 ____R () C:\Users\Jim\Desktop\Livin Spoonful, Inc.QBW.TLG

2014-07-01 13:20 - 2014-07-07 10:09 - 00000416 _____ () C:\Users\Jim\Desktop\Livin Spoonful, Inc.ND

2014-07-01 13:20 - 2014-07-07 10:09 - 00000000 ____D () C:\Users\Jim\Desktop\Restored_Livin Spoonful, Inc_Files

2014-07-01 13:20 - 2014-07-01 15:01 - 00000000 ____D () C:\ProgramData\SQL Anywhere 11

2014-06-19 10:27 - 2014-06-19 10:27 - 00000000 ____D () C:\Program Files\VideoLAN

2014-06-19 09:44 - 2014-06-19 09:44 - 25055851 _____ () C:\Users\Jim\Downloads\VLC_Media_Player_(64bit)_v2.1.4.exe

2014-06-19 09:07 - 2014-06-19 09:07 - 18583216 _____ (Adobe Systems Incorporated) C:\Users\Jim\Downloads\Adobe_Flash_Player_(IE)_v14.0.0.125.exe

2014-06-18 17:01 - 2014-07-07 16:29 - 00000000 ____D () C:\ProgramData\FedEx

2014-06-18 16:25 - 2014-06-18 16:37 - 229610616 _____ (FedEx Corporation) C:\Users\Jim\Downloads\FedExShipManager_2704.exe

2014-06-18 09:09 - 2014-06-18 09:09 - 13743624 _____ () C:\Users\Jim\Downloads\gup5setup.exe

 

==================== One Month Modified Files and Folders =======

 

2014-07-18 14:02 - 2014-07-18 14:02 - 00000000 ____D () C:\Users\Jim\Desktop\FRST-OlderVersion

2014-07-18 14:02 - 2014-07-11 22:19 - 00018368 _____ () C:\Users\Jim\Desktop\FRST.txt

2014-07-18 14:02 - 2014-07-11 22:19 - 00000000 ____D () C:\FRST

2014-07-18 14:02 - 2014-07-11 22:18 - 02086912 _____ (Farbar) C:\Users\Jim\Desktop\FRST64.exe

2014-07-18 14:02 - 2013-09-22 18:51 - 00000000 ____D () C:\Users\Jim

2014-07-18 13:51 - 2013-11-06 13:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-07-18 13:42 - 2013-09-22 19:13 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-18 13:29 - 2014-05-10 08:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-18 13:15 - 2009-07-13 21:45 - 00022736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-07-18 13:15 - 2009-07-13 21:45 - 00022736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-07-18 13:14 - 2009-07-13 22:13 - 00781782 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-07-18 13:11 - 2013-09-22 17:35 - 01800515 _____ () C:\Windows\WindowsUpdate.log

2014-07-18 13:08 - 2014-07-18 13:00 - 00007900 _____ () C:\zoek-results.log

2014-07-18 13:08 - 2014-05-22 08:38 - 00000328 _____ () C:\Windows\Tasks\GlaryInitialize 5.job

2014-07-18 13:08 - 2014-05-22 08:38 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5

2014-07-18 13:08 - 2013-11-27 15:21 - 00000000 ____D () C:\Users\Jim\AppData\Local\HTC MediaHub

2014-07-18 13:07 - 2014-07-18 13:07 - 00000000 ____D () C:\Users\Jim\.android

2014-07-18 13:07 - 2014-07-18 12:59 - 00000000 ____D () C:\zoek_backup

2014-07-18 13:07 - 2014-07-09 08:37 - 00139100 _____ () C:\Windows\PFRO.log

2014-07-18 13:07 - 2014-07-09 08:37 - 00001770 _____ () C:\Windows\setupact.log

2014-07-18 13:07 - 2013-09-22 19:13 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-18 13:07 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-07-18 12:59 - 2014-07-18 13:07 - 00024064 _____ () C:\Windows\zoek-delete.exe

2014-07-18 12:59 - 2014-07-18 12:59 - 01287168 _____ () C:\Users\Jim\Desktop\zoek.exe

2014-07-18 12:58 - 2014-07-18 12:58 - 01354223 _____ () C:\Users\Jim\Desktop\AdwCleaner (1).exe

2014-07-18 12:56 - 2014-07-18 12:55 - 00000000 ____D () C:\AdwCleaner

2014-07-18 12:55 - 2014-07-18 12:55 - 01354223 _____ () C:\Users\Jim\Desktop\AdwCleaner.exe

2014-07-13 22:22 - 2013-11-27 23:16 - 00000000 ____D () C:\Users\Jim\Desktop\Sue's Mac Files

2014-07-12 08:52 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Help

2014-07-11 22:23 - 2014-07-11 22:20 - 00030238 _____ () C:\Users\Jim\Desktop\Addition.txt

2014-07-11 13:42 - 2014-07-11 13:42 - 00006848 _____ () C:\Users\Jim\Desktop\fedex archive.txt

2014-07-10 22:06 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared

2014-07-10 19:45 - 2014-07-07 19:40 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\crawl

2014-07-10 19:38 - 2014-07-07 10:09 - 170823680 ____R () C:\Users\Jim\Desktop\Livin Spoonful, Inc.QBW

2014-07-10 19:38 - 2014-07-07 10:09 - 00000346 _____ () C:\Users\Jim\Desktop\Livin Spoonful, Inc.QBW.ND

2014-07-10 19:38 - 2014-07-01 13:20 - 14942208 ____R () C:\Users\Jim\Desktop\Livin Spoonful, Inc.QBW.TLG

2014-07-10 16:01 - 2014-07-07 10:10 - 00000000 ____D () C:\Users\Jim\Desktop\Livin Spoonful, Inc.QBW.SearchIndex

2014-07-10 13:41 - 2014-03-23 22:00 - 00000000 ____D () C:\Users\Jim\AppData\Local\Windows Live

2014-07-10 13:33 - 2014-07-10 13:33 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2014-07-10 10:01 - 2014-07-01 14:12 - 00000000 ____D () C:\Users\Jim\Desktop\QuickBooksAutoDataRecovery

2014-07-10 09:05 - 2013-09-24 18:34 - 00000090 _____ () C:\Windows\QBChanUtil_Trigger.ini

2014-07-10 03:43 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache

2014-07-10 03:18 - 2009-07-13 21:45 - 00306896 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-07-10 03:17 - 2014-05-05 22:21 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-07-10 03:17 - 2011-04-12 01:28 - 00000000 ____D () C:\Program Files\Windows Journal

2014-07-10 03:17 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Vss

2014-07-10 03:17 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\tracing

2014-07-10 03:17 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism

2014-07-10 03:17 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism

2014-07-10 03:01 - 2013-09-26 12:09 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-07-10 03:01 - 2013-09-26 12:09 - 00000000 ____D () C:\Windows\system32\MRT

2014-07-09 23:32 - 2014-07-09 23:32 - 01086104 _____ () C:\Users\Jim\Downloads\Setup (1).exe

2014-07-09 23:29 - 2014-06-12 20:25 - 00000000 ____D () C:\Program Files (x86)\VideoLAN

2014-07-09 23:28 - 2014-07-09 23:28 - 00003130 _____ () C:\Windows\System32\Tasks\{96E6DA42-8CAB-438B-ABEA-2C8B4C778EBB}

2014-07-09 23:25 - 2014-07-09 23:25 - 00003122 _____ () C:\Windows\System32\Tasks\{16008FBF-A6A6-4591-8367-3B251C03EE22}

2014-07-09 23:21 - 2014-07-09 23:21 - 00000000 ____D () C:\Users\Jim\AppData\Local\com

2014-07-09 23:18 - 2014-07-09 23:18 - 01086104 _____ () C:\Users\Jim\Downloads\Setup.exe

2014-07-09 08:37 - 2014-07-09 08:37 - 00000000 _____ () C:\Windows\setuperr.log

2014-07-08 21:33 - 2013-09-22 18:28 - 00000000 ____D () C:\Windows\Panther

2014-07-08 19:26 - 2013-12-13 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled

2014-07-08 19:02 - 2014-07-08 19:02 - 00000000 __SHD () C:\Users\Jim\AppData\Local\EmieUserList

2014-07-08 19:02 - 2014-07-08 19:02 - 00000000 __SHD () C:\Users\Jim\AppData\Local\EmieSiteList

2014-07-08 19:00 - 2014-07-08 19:00 - 12897216 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Jim\Downloads\gosetup.exe

2014-07-08 19:00 - 2014-07-08 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix

2014-07-08 19:00 - 2014-07-08 19:00 - 00000000 ____D () C:\Program Files (x86)\Citrix

2014-07-08 19:00 - 2013-09-23 22:03 - 00000000 ____D () C:\Program Files\DIFX

2014-07-08 12:00 - 2014-07-08 12:00 - 00000000 ____D () C:\Users\Jim\AppData\Local\Citrix

2014-07-08 11:51 - 2013-11-06 13:56 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-07-08 11:51 - 2013-11-06 13:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-07-08 11:51 - 2013-11-06 13:56 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-07-07 19:40 - 2014-07-07 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dungeon Crawl Stone Soup

2014-07-07 19:40 - 2014-07-07 19:40 - 00000000 ____D () C:\Program Files (x86)\Crawl

2014-07-07 19:40 - 2014-07-07 19:39 - 13328668 _____ () C:\Users\Jim\Desktop\stone_soup-0.14.1-win32-installer.exe

2014-07-07 17:06 - 2014-07-07 17:06 - 00347816 _____ (Microsoft Corporation) C:\Users\Jim\Desktop\MicrosoftFixit.Printing.Run.exe

2014-07-07 17:06 - 2013-09-22 19:13 - 00069496 _____ () C:\Users\Jim\AppData\Local\GDIPFONTCACHEV1.DAT

2014-07-07 16:47 - 2014-07-07 16:47 - 00000000 ____D () C:\ZebraDriver

2014-07-07 16:47 - 2014-07-07 16:46 - 11177984 _____ () C:\Users\Jim\Desktop\ZebraFedEx_driver_4500_self_extracting15.exe

2014-07-07 16:29 - 2014-07-07 16:29 - 00002202 _____ () C:\Users\Public\Desktop\Help Me FedEx.lnk

2014-07-07 16:29 - 2014-07-07 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FedEx Ship Manager

2014-07-07 16:29 - 2014-07-07 16:29 - 00000000 ____D () C:\Program Files (x86)\FedEx

2014-07-07 16:29 - 2014-06-18 17:01 - 00000000 ____D () C:\ProgramData\FedEx

2014-07-07 16:26 - 2014-07-07 16:15 - 229610616 _____ (FedEx Corporation) C:\Users\Jim\Desktop\FedExShipManager_2704.exe

2014-07-07 11:21 - 2014-07-07 11:21 - 00000000 ___HD () C:\Windows\system32\CanonIJ Uninstaller Information

2014-07-07 11:20 - 2009-07-13 20:20 - 00000000 __RSD () C:\Windows\Media

2014-07-07 11:05 - 2014-07-07 11:05 - 00000000 ____D () C:\Users\Jim\Desktop\MF4150_MFDrivers_W64_us_EN

2014-07-07 11:04 - 2014-07-07 11:04 - 16850048 _____ () C:\Users\Jim\Desktop\MF4150_MFDrivers_W64_us_EN.exe

2014-07-07 10:57 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-07-07 10:53 - 2014-07-07 10:53 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe

2014-07-07 10:53 - 2014-07-07 10:53 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe

2014-07-07 10:53 - 2014-07-07 10:53 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe

2014-07-07 10:53 - 2014-07-07 10:53 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe

2014-07-07 10:53 - 2014-07-07 10:53 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe

2014-07-07 10:53 - 2014-07-07 10:53 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf

2014-07-07 10:53 - 2014-07-07 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center

2014-07-07 10:53 - 2014-07-07 10:53 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center

2014-07-07 10:09 - 2014-07-07 10:09 - 00000387 _____ () C:\Users\Jim\Desktop\Livin Spoonful, Inc.QBW.DSN

2014-07-07 10:09 - 2014-07-01 13:20 - 00000416 _____ () C:\Users\Jim\Desktop\Livin Spoonful, Inc.ND

2014-07-07 10:09 - 2014-07-01 13:20 - 00000000 ____D () C:\Users\Jim\Desktop\Restored_Livin Spoonful, Inc_Files

2014-07-04 08:32 - 2014-02-21 10:32 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-07-04 08:28 - 2014-07-04 08:28 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

2014-07-04 08:28 - 2014-07-04 08:28 - 00001383 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

2014-07-04 08:28 - 2014-07-04 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

2014-07-04 08:28 - 2013-09-22 22:52 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-07-03 09:45 - 2014-07-03 09:45 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Jim\Downloads\Spybot_Search_Destroy_v2.4.exe

2014-07-03 08:26 - 2014-05-22 08:38 - 00020160 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys

2014-07-03 08:26 - 2014-05-22 08:38 - 00002972 _____ () C:\Windows\System32\Tasks\GU5SkipUAC

2014-07-03 08:26 - 2014-05-22 08:38 - 00002624 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5

2014-07-03 08:26 - 2014-05-22 08:38 - 00001096 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk

2014-07-03 08:12 - 2014-07-03 08:12 - 14122128 _____ () C:\Users\Jim\Downloads\Glary_Utilities_Pro_v5.3.0.8.exe

2014-07-01 15:52 - 2013-11-06 11:30 - 00002044 _____ () C:\Users\Jim\Documents\gpfax.adr

2014-07-01 15:52 - 2013-11-06 11:30 - 00000024 _____ () C:\Users\Jim\Documents\gpfax.idx

2014-07-01 15:36 - 2014-07-01 15:36 - 00000000 ____D () C:\Users\Jim\Desktop\Livin Spoonful, Inc - Images

2014-07-01 15:01 - 2014-07-01 13:20 - 00000000 ____D () C:\ProgramData\SQL Anywhere 11

2014-07-01 14:12 - 2014-07-01 14:12 - 00000496 ____R () C:\Users\Jim\Desktop\Livin Spoonful, Inc.lgb

2014-07-01 13:54 - 2013-09-24 18:35 - 00000000 ____D () C:\Users\Jim\AppData\Local\Intuit

2014-07-01 13:54 - 2013-09-24 18:33 - 00000000 ____D () C:\Windows\Intuit

2014-07-01 13:47 - 2014-07-01 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks

2014-07-01 13:45 - 2014-07-01 13:45 - 00000000 ____D () C:\Users\Public\Documents\Intuit

2014-07-01 13:45 - 2014-07-01 13:45 - 00000000 ____D () C:\ProgramData\Nuance

2014-07-01 13:45 - 2013-09-24 18:34 - 00000000 ____D () C:\ProgramData\Intuit

2014-07-01 13:45 - 2013-09-24 18:34 - 00000000 ____D () C:\Program Files (x86)\Intuit

2014-07-01 13:41 - 2014-07-01 13:36 - 564385456 _____ (Intuit, Inc. ) C:\Users\Jim\Desktop\QuickBooksPro2014.exe

2014-07-01 13:41 - 2014-07-01 13:36 - 00000000 ____D () C:\Users\Jim\AppData\Roaming\Download Manager

2014-07-01 13:23 - 2014-07-01 13:21 - 00000000 ____D () C:\Users\Jim\Desktop\DownloadQB21

2014-06-29 19:09 - 2014-07-09 08:45 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-06-29 19:04 - 2014-07-09 08:45 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-06-25 21:56 - 2014-02-08 21:19 - 00068704 _____ () C:\Users\Jim\AppData\Roaming\GDIPFONTCACHEV1.DAT

2014-06-20 19:37 - 2013-09-22 19:13 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-06-20 19:37 - 2013-09-22 19:13 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-06-20 13:14 - 2014-07-09 08:44 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-06-20 12:39 - 2014-07-09 08:44 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-06-19 10:27 - 2014-06-19 10:27 - 00000000 ____D () C:\Program Files\VideoLAN

2014-06-19 09:44 - 2014-06-19 09:44 - 25055851 _____ () C:\Users\Jim\Downloads\VLC_Media_Player_(64bit)_v2.1.4.exe

2014-06-19 09:07 - 2014-06-19 09:07 - 18583216 _____ (Adobe Systems Incorporated) C:\Users\Jim\Downloads\Adobe_Flash_Player_(IE)_v14.0.0.125.exe

2014-06-18 18:39 - 2014-07-09 08:44 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-06-18 18:06 - 2014-07-09 08:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-06-18 18:06 - 2014-07-09 08:44 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-06-18 17:48 - 2014-07-09 08:44 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-06-18 17:42 - 2014-07-09 08:44 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-06-18 17:42 - 2014-07-09 08:44 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-06-18 17:41 - 2014-07-09 08:44 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-06-18 17:41 - 2014-07-09 08:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-06-18 17:32 - 2014-07-09 08:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-06-18 17:31 - 2014-07-09 08:44 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-06-18 17:26 - 2014-07-09 08:44 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-06-18 17:24 - 2014-07-09 08:44 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-06-18 17:24 - 2014-07-09 08:44 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-06-18 17:23 - 2014-07-09 08:44 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-06-18 17:16 - 2014-07-09 08:44 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-06-18 17:14 - 2014-07-09 08:44 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-06-18 17:09 - 2014-07-09 08:44 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-06-18 16:59 - 2014-07-09 08:44 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-06-18 16:56 - 2014-07-09 08:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-06-18 16:53 - 2014-07-09 08:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-06-18 16:51 - 2014-07-09 08:44 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-06-18 16:50 - 2014-07-09 08:44 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-06-18 16:48 - 2014-07-09 08:44 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-06-18 16:39 - 2014-07-09 08:44 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-06-18 16:38 - 2014-07-09 08:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-06-18 16:37 - 2014-07-09 08:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-06-18 16:37 - 2014-06-18 16:25 - 229610616 _____ (FedEx Corporation) C:\Users\Jim\Downloads\FedExShipManager_2704.exe

2014-06-18 16:36 - 2014-07-09 08:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-06-18 16:35 - 2014-07-09 08:44 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-06-18 16:33 - 2014-07-09 08:44 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-06-18 16:32 - 2014-07-09 08:44 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-06-18 16:28 - 2014-07-09 08:44 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-06-18 16:28 - 2014-07-09 08:44 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-06-18 16:27 - 2014-07-09 08:44 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-06-18 16:27 - 2014-07-09 08:44 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-06-18 16:25 - 2014-07-09 08:44 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-06-18 16:23 - 2014-07-09 08:44 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-06-18 16:22 - 2014-07-09 08:44 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-06-18 16:12 - 2014-07-09 08:44 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-06-18 16:06 - 2014-07-09 08:44 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-06-18 16:01 - 2014-07-09 08:44 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-06-18 15:59 - 2014-07-09 08:44 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-06-18 15:58 - 2014-07-09 08:44 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-06-18 15:58 - 2014-07-09 08:44 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-06-18 15:52 - 2014-07-09 08:44 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-06-18 15:51 - 2014-07-09 08:44 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-06-18 15:49 - 2014-07-09 08:44 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-06-18 15:46 - 2014-07-09 08:44 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-06-18 15:45 - 2014-07-09 08:44 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-06-18 15:35 - 2014-07-09 08:44 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-06-18 15:34 - 2014-07-09 08:44 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-06-18 15:15 - 2014-07-09 08:44 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-06-18 15:13 - 2014-07-09 08:44 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-06-18 15:09 - 2014-07-09 08:44 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-06-18 15:07 - 2014-07-09 08:44 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-06-18 09:09 - 2014-06-18 09:09 - 13743624 _____ () C:\Users\Jim\Downloads\gup5setup.exe

2014-06-18 08:48 - 2014-06-05 08:35 - 00000234 _____ () C:\BackupLoader.ini

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-07-18 10:02

 

==================== End Of Log ============================

Link to post
Share on other sites

 

Zoek.exe v5.0.0.0 Updated 16-07-2014

Tool run by Jim on Fri 07/18/2014 at 12:59:37.47.

Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Jim\Desktop\zoek.exe [scan all users] [script inserted] 

 

==== System Restore Info ======================

 

7/18/2014 1:00:31 PM Zoek.exe System Restore Point Created Succesfully.

 

==== Deleting CLSID Registry Keys ======================

 

HKEY_USERS\S-1-5-21-3331341093-2676811913-1412392328-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78234974-0C4B-4111-BDEB-D9A104418772} deleted successfully

HKEY_USERS\S-1-5-21-3331341093-2676811913-1412392328-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78234974-0C4B-4111-BDEB-D9A104418772} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{78234974-0C4B-4111-BDEB-D9A104418772} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78234974-0C4B-4111-BDEB-D9A104418772} deleted successfully

 

==== Deleting CLSID Registry Values ======================

 

 

==== Deleting Services ======================

 

 

==== Deleting Files \ Folders ======================

 

C:\Users\Jim\.android deleted

C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts deleted

C:\Users\Jim\Searches deleted

C:\Windows\wininit.ini deleted

C:\Windows\SysNative\config\systemprofile\Searches deleted

C:\Users\Jim\gosetup.exe deleted

"C:\Windows\Installer\33809355.msi" deleted

 

==== Chrome Look ======================

 

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[04/11/2014 07:46 PM]

 

Google Voice Search Hotword (Beta) - Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn

Chrome RDP - Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbkkbcmdlboombapidmoeolnmdacpkch

Facebook Customizer (by Adblock Plus) - Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm

Appointy - Appointment Scheduler (FREE) - Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkcdmbbkojlabojdecchcjlonojlname

Auto HD For YouTube™ - Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak

Skype Click to Call - Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

Todo.ly - Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhefmbclkekanpjjpkbciloojcmpkap

Beautiful landscape - Jim\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ambfimhigppdidfmelpjmojccbfdoeig

Chrome RDP - Jim\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cbkkbcmdlboombapidmoeolnmdacpkch

Appointy - Appointment Scheduler (FREE) - Jim\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fkcdmbbkojlabojdecchcjlonojlname

Auto HD For YouTube\u2122 - Jim\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak

Skype for Chromium - Jim\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

Todo.ly - Jim\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\obhefmbclkekanpjjpkbciloojcmpkap

 

==== Chrome Fix ======================

 

C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully

C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully

 

==== Set IE to Default ======================

 

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU

 

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

 

==== All HKCU SearchScopes ======================

 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

 

==== Reset Google Chrome ======================

 

C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Profile 3\Preferences was reset successfully

C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Profile 3\Web Data was reset successfully

 

==== Deleting Registry Keys ======================

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully

 

==== Empty IE Cache ======================

 

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

 

==== Empty FireFox Cache ======================

 

No FireFox Profiles found

 

==== Empty Chrome Cache ======================

 

C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache Emptied Successfully

 

==== Empty All Java Cache ======================

 

Java Cache cleared successfully

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=15 folders=4 13096837 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Jim\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\Windows\Temp successfully emptied

C:\Users\Jim\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== Deleting Files / Folders ======================

 

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

 

==== EOF on Fri 07/18/2014 at 13:08:06.16 ======================
Link to post
Share on other sites

Let's do a final check up:

Step 1

Please download the eset.pngESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.

    Note: This scan might take a long time! Please be patient.

  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!

Can you please tell me which problems still persist now?

Link to post
Share on other sites

C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000002 a variant of Win32/SoftPulse.H potentially unwanted application

C:\Users\Jim\Downloads\Setup (1).exe a variant of Win32/SoftPulse.H potentially unwanted application

C:\Users\Jim\Downloads\Setup.exe a variant of Win32/SoftPulse.H potentially unwanted application
Link to post
Share on other sites

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=bad0435f4100b44e8d17fe54008401a8

# engine=19247

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2014-07-18 10:22:31

# local_time=2014-07-18 03:22:31 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='Microsoft Security Essentials'

# compatibility_mode=5895 16777213 100 100 8262585 27748545 0 0

# scanned=137235

# found=3

# cleaned=0

# scan_time=1747

sh=D3ED9D12CBA4C31E8111BF30A5C82816792065E8 ft=1 fh=7f1e21db35fa14e2 vn="a variant of Win32/SoftPulse.H potentially unwanted application" ac=I fn="C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000002"

sh=D3ED9D12CBA4C31E8111BF30A5C82816792065E8 ft=1 fh=7f1e21db35fa14e2 vn="a variant of Win32/SoftPulse.H potentially unwanted application" ac=I fn="C:\Users\Jim\Downloads\Setup (1).exe"

sh=FE1D03D0353F90A66381986DA797E5E194358D8F ft=1 fh=1a80b7f035fa14e2 vn="a variant of Win32/SoftPulse.H potentially unwanted application" ac=I fn="C:\Users\Jim\Downloads\Setup.exe"
Link to post
Share on other sites

Step 1

frst.pngfrstfix.png

Please download the attached fixlist txt.gif and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.

    Please copy and paste its contents in your next reply.

fixlist.txt

That's it! abklatsch.gif

Your logs look clean to me at the moment. icon_thumb.gif

We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.

My help is free for everybody.

If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.

Thank you!

Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.
Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.

The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Java™ 7 Update 45

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.