Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Ihelp123 malware redirects search results

This is a discussion on Ihelp123 malware redirects search results within the Resolved HJT Threads forums, part of the Tech Support Forum category. I'm unsure of the correct name since I removed it through my add/remove program but I'm still having these redirects


 
 
Thread Tools Search this Thread
Old 08-01-2014, 08:52 AM   #1
Registered Member
 
Join Date: Aug 2014
Posts: 12
OS: WIN 7 SP1



I'm unsure of the correct name since I removed it through my add/remove program but I'm still having these redirects with search engine and when I go directly to a site I'll see a gamers advertisement and malewarebytes will warn me. But malewarebytes will not allow me to go to the intended site after I allow it to stop the attack.. I've run malewarebytes, etc. without much luck.
After your instruction I'm posting. I do not have a boot disc or system disc.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17207 BrowserJavaVersion: 10.55.2
Run by Glenn at 10:40:57 on 2014-08-01
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3317.1774 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Users\Glenn\AppData\Local\FunctionGammaOS\FunctionGammaOS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\PureLeads\PureLeadsSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Users\Glenn\AppData\Local\FunctionGammaOS\DriverPublicSDK.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PureLeads\PureLeadsTray.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Users\Glenn\AppData\Local\Apps\2.0\NXRGNH7M.7ML\D5GD5ROT.CYT\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Glenn\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\ContextualProgramSDK\ContextualProgramSDK.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://aboutblank/
uDefault_Page_URL = www.google.com
mStart Page = www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = www.google.com
mDefault_Search_URL = www.google.com
uProxyServer = hxxp=127.0.0.1:10495
uProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net
BHO: iSkysoft iTube Studio: {0F789748-F853-4734-A187-A096F05306E5} - c:\program files\iskysoft\itube studio\SVRIEPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: DVDVideoSoft IE Extension: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\common files\dvdvideosoft\bin\IEDownloadMenuAndBtns.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [AppleIEDAV] c:\program files\common files\apple\internet services\AppleIEDAV.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [DellSystemDetect] c:\users\glenn\appdata\local\apps\2.0\nxrgnh7m.7ml\d5gd5rot.cyt\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iSkysoft Helper Compact.exe] c:\program files\common files\iskysoft\iskysoft helper compact\ISHelper.exe
mRun: [BrowserPlugInHelper] c:\program files\iskysoft\itube studio\BrowserPlugInHelper.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [PureLeads Tray] "c:\program files\pureleads\PureLeadsTray.exe"
StartupFolder: c:\users\glenn\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\glenn\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\program files\common files\dvdvideosoft\plugins\freeytmp3downloader.htm
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\common files\dvdvideosoft\bin\IEDownloadMenuAndBtns.dll
Trusted Zone: dell.com
TCP: NameServer = 205.152.144.23 205.152.132.23
TCP: Interfaces\{6A8FCDBE-A446-4159-B625-6ED187B71151} : DHCPNameServer = 205.152.144.23 205.152.132.23
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R1 wStLib;wStLib;c:\windows\system32\drivers\wStLib.sys [2014-4-23 52920]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 ContextualProgramSDK;ContextualProgramSDK;c:\windows\system32\contextualprogramsdk\ContextualProgramSDK.exe [2014-7-25 60965]
R2 FunctionGammaOS.exe;FunctionGammaOS.exe;c:\users\glenn\appdata\local\functiongammaos\FunctionGammaOS.exe [2014-7-25 98341]
R2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\logitech\solarapp\L4301_Solar.exe [2013-1-30 321776]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-6-18 104264]
R2 PlsvcV1;PlsvcV1;c:\program files\pureleads\PureLeadsSvc.exe [2014-1-23 91936]
R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr28u.sys [2009-9-15 807936]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
S1 MpKsl0262f053;MpKsl0262f053;c:\programdata\microsoft\microsoft antimalware\definition updates\{5d1235f1-4acd-4c6f-a370-26a04b2cfa3a}\MpKsl0262f053.sys [2014-8-1 39464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 GUIImportInterpreter.exe;GUIImportInterpreter.exe;c:\users\glenn\appdata\local\guiimportinterpreter\guiimportinterpreter.exe --> c:\users\glenn\appdata\local\guiimportinterpreter\GUIImportInterpreter.exe [?]
S2 plsapp;plsapp;c:\program files\pureleads\plsapp.exe [2014-1-23 3690784]
S2 PlsvcV2;PlsvcV2;c:\program files\pureleads\pureleads.service.exe --> c:\program files\pureleads\PureLeads.Service.exe [?]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\sh4ser~1.exe --> c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-11 62464]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [2012-6-22 19984]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2014-1-19 49664]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2013-2-5 1512448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-7-9 108032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-10-26 14848]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2011-4-11 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-10-26 24064]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-10-26 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-10-26 27136]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-4-11 112640]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-10-26 1343400]
.
=============== Created Last 30 ================
.
2014-07-31 14:10:36 8217224 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5d1235f1-4acd-4c6f-a370-26a04b2cfa3a}\mpengine.dll
2014-07-31 07:08:13 2425856 ----a-w- c:\windows\system32\wucltux.dll
2014-07-31 07:08:02 92672 ----a-w- c:\windows\system32\wudriver.dll
2014-07-31 07:07:48 179656 ----a-w- c:\windows\system32\wuwebv.dll
2014-07-31 07:07:47 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-07-30 13:42:16 8217224 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-07-29 14:20:18 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-07-29 14:19:41 -------- d-----w- C:\AdwCleaner
2014-07-29 13:33:01 -------- d-----w- c:\program files\Enigma Software Group
2014-07-29 13:30:35 -------- d-----w- c:\windows\455F074C814E4520B69B5584BD90400C.TMP
2014-07-29 13:30:31 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2014-07-29 10:12:48 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{bfc44540-ecc1-475b-914c-160420ccb6db}\gapaengine.dll
2014-07-27 03:31:11 -------- d-----w- c:\programdata\Malwarebytes
2014-07-26 01:55:41 -------- d-----w- c:\users\glenn\appdata\local\CheckCode
2014-07-26 01:55:33 -------- d-----w- c:\users\glenn\appdata\local\FunctionGammaOS
2014-07-26 01:52:44 -------- d-----w- c:\windows\system32\ContextualProgramSDK
2014-07-26 01:50:12 -------- d-----w- c:\programdata\Online
2014-07-26 01:50:07 -------- d-----w- c:\users\glenn\appdata\roaming\serv
2014-07-26 01:50:06 -------- d-----w- c:\users\glenn\appdata\roaming\device
2014-07-09 10:39:16 10603008 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2014-07-09 07:48:49 868864 ----a-w- c:\program files\common files\microsoft shared\ink\tipskins.dll
2014-07-08 15:52:30 89600 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
.
==================== Find3M ====================
.
2014-07-09 10:39:23 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 10:39:23 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-30 01:40:16 404480 ----a-w- c:\windows\system32\aepdu.dll
2014-06-30 01:36:00 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-06-18 23:56:37 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-18 23:56:03 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-06-18 23:38:40 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-06-18 23:23:27 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-18 23:23:24 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-06-18 23:22:40 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-06-18 23:16:33 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-06-18 2310 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 22:52:18 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- c:\windows\system32\wininet.dll
2014-06-18 01:51:32 646144 ----a-w- c:\windows\system32\osk.exe
2014-06-18 00:52:00 2350080 ----a-w- c:\windows\system32\win32k.sys
2014-06-06 09:44:17 509440 ----a-w- c:\windows\system32\qedit.dll
2014-06-05 14:26:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-30 07:52:51 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- c:\windows\system32\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- c:\windows\system32\credssp.dll
2014-05-30 06:36:07 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2014-05-13 10:55:33 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-05-08 0954 2742784 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-08 0954 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
.
============= FINISH: 10:42:20.24 ===============
Attached Files
File Type: zip attach (3).zip (7.7 KB, 42 views)
lildoggy is offline  
Sponsored Links
Advertisement
 
Old 08-02-2014, 09:07 AM   #2
TSF Enthusiast
 
DrDOS's Avatar
 
Join Date: Apr 2009
Location: Zionsville, IN 46077
Posts: 1,736
OS: Windows 8.1



lildoggy,

Hi and welcome to TSF.

I am currently reviewing your logs. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

https://www.techsupportforum.com/foru...you-93034.html

You may wish to Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools (near the top), then click Subscribe to this Thread. Make sure it is set to Instant Notification by email, then click Add Subscription.

Please be patient with me during this time.
DrDOS is offline  
Old 08-03-2014, 04:38 AM   #3
Registered Member
 
Join Date: Aug 2014
Posts: 12
OS: WIN 7 SP1



I'm patient and really appreciate the help.
lildoggy is offline  
Sponsored Links
Advertisement
 
Old 08-03-2014, 04:02 PM   #4
TSF Enthusiast
 
DrDOS's Avatar
 
Join Date: Apr 2009
Location: Zionsville, IN 46077
Posts: 1,736
OS: Windows 8.1



lildoggy,

Welcome to TSF. My name is Drew. I will be helping you with the concern that brought you here.

I am currently reviewing any log(s) you posted. If you haven't done so, Read This Before Posting For Malware Removal Help. This might be a good time to get familiar with what we can do, how you can help (by running the tools and providing their logs) and what you can expect from your visit at TSF.

Digest the following when you can if there is no problem following my instructions. Take note of some guidelines (sorry for the length .. they are kind of important) for this fix so we can work together to resolve any issues.
  1. Read my instructions completely. If you do not understand any step(s) provided, feel free to Stop. Let me know what is unclear. I would much rather clarify instructions or explain them in a different way than have something important broken. There really is no "dumb" question here.

  2. Perform everything in the order offered. Sometimes one step requires the previous one.

  3. "Save it to your DeskTop" is said in many of our tools. In later versions of Windows, "where" to save a file is not always offered. The default location is
    C:\Users\Glenn\Downloads
    Move (there are many ways to do this; ask if not sure how) (or at least copy; do NOT Send To > ShortCut to DeskTop) your download from here and put it on your DeskTop. Run the tool from your DeskTop based on the instructions given.

  4. Post all log files in your reply rather than as an attachment unless I specifically ask you to do so. If you can not post all log files in one reply, feel free to use several posts. Please post these log files in their entirety. If you are trying to show me something, just add a NOTE and say so. I really need to see the whole picture.

  5. Some malware may take a lot of steps to resolve, or in the worst case, reloading your system entirely. I can't stress enough the importance for you to backup any data. Whatever your method, it is an important step to do this before beginning any malware fix.

  6. Refrain from making any changes to your computer including installing/uninstalling any programs, deleting files, modifying the registry, and running any scanners or tools unless I tell you to do so. Doing so could be confusing for me and cause changes to the directions I have to give you and extend the time required to fix your computer. Furthermore, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.

  7. If you need to change any passwords, please do so from another, clean computer. Using this one may make things worse for you.

  8. Even if things appear to be better, it might not mean we are truly done. Please continue to follow my instructions and reply back until I give you the all clear. We do not want to clean you part-way, only to have the system re-infected for some reason. I will also give you some advice about prevention. Absence of symptoms does not always mean the computer is clean.

  9. Please set your system to show all files. Each system is a bit different so again, ask if you're not sure how. Return this setting when done.

  10. You may wish to Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools (near the top), then click Subscribe to this Thread. Make sure it is set to Instant Notification by email, then click Add Subscription.

If I haven't lost you, let's get started. I look forward to fixing your computer and getting you back to safe surfing.

  1. Please uninstall the following via Start->(or Computer)->Control Panel->(Programs)->Programs and Features if it still exists.

    • PureLeads<<Please read this

      Also delete the following Folders if they still exist:

      C:\Program Files\PureLeads

    • COTM App by We-Care.com v4.1.29.2<<Please read this

      Also delete the following Folders if they still exist:

      C:\Program Files\COTM App by We-Care.com v4.1.29.2

  2. Please download AdwCleaner by Xplode and save to your Desktop.

    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

  3. It may be helpful to know that when you put an item in your Trusted Zone, it has pretty much full access to your computer... Are you sure you trust this site to that degree? If you're not sure, and/or you do not need these in your trusted zone to facilitate access, or you did not knowingly permit this access yourself, then, in Internet Explorer, please go to Tools>Internet Options>Security tab > click on Trusted sites and then the "Sites" button and delete the following under "websites".
    dell.com
    I personally have nothing there.

    Further Reading: How to use security zones in Internet Explorer
DrDOS is offline  
Old 08-08-2014, 06:20 AM   #5
Registered Member
 
Join Date: Aug 2014
Posts: 12
OS: WIN 7 SP1



Good morning Drew, sorry its taken so long to get back to you. I set up my older XP computer alongside the corrupted onbe to use while I follow your directions. I backed up everything from the infected Win 7 computer and have been following your instructions.
Now, I've removed Pureleads but am hung up on removing COTM Reminder by We-Care v.4.1.21.2. It says that its integrated into my browser which I suppose is IE. Upon further research, it recommends I d/l "Should I remove it?" to remove the program. Says it is on a network source that is unavailable. I see you said don't d/l anything so I'll wait for your reply.
lildoggy is offline  
Old 08-08-2014, 06:25 AM   #6
Registered Member
 
Join Date: Aug 2014
Posts: 12
OS: WIN 7 SP1



Drew, I also wanted to inform you that during this whole episode and before I contacted you my banking account was accessed and money withdrawn via debit info. Coincidence or not this has me very concerned. I've since changed all my passwords and bank acct. numbers. (on another computer and in person at my bank.
lildoggy is offline  
Old 08-10-2014, 06:26 AM   #7
TSF Enthusiast
 
DrDOS's Avatar
 
Join Date: Apr 2009
Location: Zionsville, IN 46077
Posts: 1,736
OS: Windows 8.1



lildoggy,

Quote:
Good morning Drew, sorry its taken so long to get back to you. I set up my older XP computer alongside the corrupted onbe to use while I follow your directions. I backed up everything from the infected Win 7 computer and have been following your instructions.
Now, I've removed Pureleads but am hung up on removing COTM Reminder by We-Care v.4.1.21.2. It says that its integrated into my browser which I suppose is IE. Upon further research, it recommends I d/l "Should I remove it?" to remove the program. Says it is on a network source that is unavailable. I see you said don't d/l anything so I'll wait for your reply.

Drew, I also wanted to inform you that during this whole episode and before I contacted you my banking account was accessed and money withdrawn via debit info. Coincidence or not this has me very concerned. I've since changed all my passwords and bank acct. numbers. (on another computer and in person at my bank.
Looks like you contacted some financial institutions and you have another computer. Glad you didn't change any passwords through your infected W7 computer. Hopefully the XP computer is not compromised too. A new thread will have to be opened if so. As we may be unsure, don't change passwords on it.

"<<Please read this" is just an FYI. No need to download any tools you find there.

Please follow Post #4 as I still need to see those logs. Add this and do first.
  • Evasi0n Packages<<Please read this

    Also delete the following Folders if they still exist:

    C:\Program Files\Evasi0n Packages

As for COTM App by We-Care.com v4.1.29.2, the site says if you don't use it you should remove it!. Your Control Panel should remove it from any browsers. If you can't remove it through Programs and Features, proceed with the next step and we can remove it manually later.

Thanks. Please download and run all tools from your W7 computer. Let me know if there is a problem doing so.
DrDOS is offline  
Old 08-13-2014, 02:49 AM   #8
Registered Member
 
Join Date: Aug 2014
Posts: 12
OS: WIN 7 SP1



Drew, I am unable to remove EvasiOn Packages by the typical means of add/remove programs. A pop-up just shows that says "uninstall manager" with a box to check that says "remove this manager from add/remove programs". I haven't checked that box since I'm concerned it will remove it from there but EvasiOn Packages will still exist but just unseen. I hope you understand my meaning there.
Reading your link, it suggests downloading install Microsoft's uninstall fixer utility which I haven't done until you tell me to do so.
Here is the log file/report generated by Adware cleaner:

# AdwCleaner v3.304 - Report created 12/08/2014 at 20:05:37
# Updated 08/08/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Glenn - GLENN-PC
# Running from : C:\Users\Glenn\Desktop\adwcleaner_3.304.exe
# Option : Scan
***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Found : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17207
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MF3CF7A97-B42C-4847-B5F2-CC08E15160E3&SearchSource=55&CUI=&UM=6&UP=SPA9C33C07-328C-4B8B-8C7F-773E835E3954&SSPV=
-\\ Google Chrome v36.0.1985.125
[ File : C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Found [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MF3CF7A97-B42C-4847-B5F2-CC08E15160E3&SearchSource=58&CUI=&UM=6&UP=SPA9C33C07-328C-4B8B-8C7F-773E835E3954&q={searchTerms}&SSPV=
Found [Startup_urls] : hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MF3CF7A97-B42C-4847-B5F2-CC08E15160E3&SearchSource=55&CUI=&UM=6&UP=SPA9C33C07-328C-4B8B-8C7F-773E835E3954&SSPV=
Found [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MF3CF7A97-B42C-4847-B5F2-CC08E15160E3&SearchSource=55&CUI=&UM=6&UP=SPA9C33C07-328C-4B8B-8C7F-773E835E3954&SSPV=
*************************
AdwCleaner[R0].txt - [6103 octets] - [29/07/2014 10:19:46]
AdwCleaner[R1].txt - [1142 octets] - [29/07/2014 21:47:37]
AdwCleaner[R2].txt - [2413 octets] - [12/08/2014 20:05:37]
AdwCleaner[S0].txt - [6173 octets] - [29/07/2014 10:24:20]
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [2533 octets] ##########

NOTE: my xp computer and additional Win7 laptop, both on the same network as this infected computer seem fine.
When EvasiOn Packages was downloaded, it looks like an ITunes update and Bonjour from Apple were added the same day. I see no other Programs from that date other than those two.
Thanks continuously for your time.
lildoggy is offline  
Old 08-15-2014, 08:04 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, lildoggy. Drew is temporarily away from the keyboard.

Go ahead and try to uninstall EvasiOn Packages anyway. Let us know what happens.

------------------------------------------------------
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.2.1012.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14-day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the Update Now >> link
  • After the update completes, click the Scan Now >> button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
------------------------------------------------------
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the scan log which shows the date and time of the scan just performed.
  • Click Copy to Clipboard
  • Paste the contents of the clipboard into your reply.
------------------------------------------------------

Uninstall the following via the Programs and Features Panel (Start->(Settings)->Control Panel->Programs->Programs and Features):

Java(TM) 7 Update 55

These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

Go here and follow the prompts to install the latest Java > java.com: Java + You

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

AdwCleaner[S#].txt log
MBAM log
ESET report
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-20-2014, 11:23 AM   #10
Registered Member
 
Join Date: Aug 2014
Posts: 12
OS: WIN 7 SP1



Thank you Chemist and Drew. I deleted EvaSion from the programs but was only able to do so by checking the box at the bottom that rem9ved it from the list so I'm not sure if it still exists or not.
Here are the logs requested:
AdwCleaner:
# AdwCleaner v3.307 - Report created 20/08/2014 at 13:24:08
# Updated 17/08/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Glenn - GLENN-PC
# Running from : C:\Users\Glenn\Desktop\adwcleaner_3.307.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : wStLib
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\eDealsPop
File Deleted : C:\Windows\system32\drivers\wStLib.sys
***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\Superfish
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Superfish
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [eDealsPop]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17239
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Google Chrome v36.0.1985.143
[ File : C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MF3CF7A97-B42C-4847-B5F2-CC08E15160E3&SearchSource=58&CUI=&UM=6&UP=SPA9C33C07-328C-4B8B-8C7F-773E835E3954&q={searchTerms}&SSPV=
Deleted [Startup_urls] : hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MF3CF7A97-B42C-4847-B5F2-CC08E15160E3&SearchSource=55&CUI=&UM=6&UP=SPA9C33C07-328C-4B8B-8C7F-773E835E3954&SSPV=
Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MF3CF7A97-B42C-4847-B5F2-CC08E15160E3&SearchSource=55&CUI=&UM=6&UP=SPA9C33C07-328C-4B8B-8C7F-773E835E3954&SSPV=
*************************
AdwCleaner[R0].txt - [6103 octets] - [29/07/2014 10:19:46]
AdwCleaner[R1].txt - [1142 octets] - [29/07/2014 21:47:37]
AdwCleaner[R2].txt - [2613 octets] - [12/08/2014 20:05:37]
AdwCleaner[R3].txt - [3261 octets] - [20/08/2014 13:15:59]
AdwCleaner[S0].txt - [6173 octets] - [29/07/2014 10:24:20]
AdwCleaner[S1].txt - [3038 octets] - [20/08/2014 13:24:08]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3098 octets] ##########
Malwarebytes:
Malwarebytes Anti-Malware
www.malwarebytes.org

Detection, 8/1/2014 6:04:41 AM, SYSTEM, GLENN-PC, Protection, Malicious Website Protection, IP, 80.252.188.228, 48ed4acf13b.se, 57029, Outbound, C:\Users\Glenn\AppData\Local\FunctionGammaOS\DriverPublicSDK.exe,
Detection, 8/1/2014 6:04:42 AM, SYSTEM, GLENN-PC, Protection, Malicious Website Protection, IP, 80.252.188.228, 48ed4acf13b.se, 57029, Outbound, C:\Users\Glenn\AppData\Local\FunctionGammaOS\DriverPublicSDK.exe,
Detection, 8/1/2014 7:08:17 AM, SYSTEM, GLENN-PC, Protection, Malicious Website Protection, IP, 5.150.195.169, 48ed4acf13b.se, 60804, Outbound, C:\Users\Glenn\AppData\Local\FunctionGammaOS\DriverPublicSDK.exe,
Detection, 8/1/2014 7:08:17 AM, SYSTEM, GLENN-PC, Protection, Malicious Website Protection, IP, 5.150.195.169, 48ed4acf13b.se, 60804, Outbound, C:\Users\Glenn\AppData\Local\FunctionGammaOS\DriverPublicSDK.exe,
Update, 8/1/2014 9:28:05 AM, SYSTEM, GLENN-PC, Scheduler, Malware Database, 2014.8.1.1, 2014.8.1.2,
Protection, 8/1/2014 9:28:05 AM, SYSTEM, GLENN-PC, Protection, Refresh, Starting,
Protection, 8/1/2014 9:28:05 AM, SYSTEM, GLENN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 8/1/2014 9:28:05 AM, SYSTEM, GLENN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 8/1/2014 9:28:21 AM, SYSTEM, GLENN-PC, Protection, Refresh, Success,
Protection, 8/1/2014 9:28:21 AM, SYSTEM, GLENN-PC, Protection, Malicious Website Protection, Starting,
Protection, 8/1/2014 9:28:22 AM, SYSTEM, GLENN-PC, Protection, Malicious Website Protection, Started,
Protection, 8/1/2014 10:11:40 AM, SYSTEM, GLENN-PC, Protection, Malicious Website Protection, Stopping,
Protection, 8/1/2014 10:11:41 AM, SYSTEM, GLENN-PC, Protection, Malicious Website Protection, Stopped,
Protection, 8/1/2014 10:11:41 AM, SYSTEM, GLENN-PC, Protection, Malware Protection, Stopping,
Protection, 8/1/2014 10:11:41 AM, SYSTEM, GLENN-PC, Protection, Malware Protection, Stopped,
(end)
I am sending these logs before I los them from the JAVA delete/install and browser close.
lildoggy is offline  
Old 08-20-2014, 01:49 PM   #11
Registered Member
 
Join Date: Aug 2014
Posts: 12
OS: WIN 7 SP1



ESET
C:\AdwCleaner\Quarantine\C\Program Files\Mobogenie\nengine.dll.vir Win32/NextLive.A potentially unwanted application
C:\Users\Glenn\AppData\Local\ArchiveFolderTrash\ArchiveFolderTrash.exe a variant of Win32/AdWare.Pirrit.D application
C:\Users\Glenn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFM32ROB\spstub[1].exe a variant of Win32/ClientConnect.A potentially unwanted application
C:\Users\Glenn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IP722F64\SPSetup[1].exe a variant of Win32/ClientConnect.A potentially unwanted application
C:\Users\Glenn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K0PM0G1M\setup[1].exe Win32/OutBrowse.AD potentially unwanted application
C:\Users\Glenn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XD32ZX6V\Software_Update__CD5MTCD4349_ba68181b8e72169759412279d5656134[1].exe Win32/Toolbar.Montiera.B potentially unwanted application
C:\Users\Glenn\AppData\Local\Temp\tmd_34015554.exe a variant of Win32/OpenCandy.A potentially unsafe application
C:\Users\Glenn\AppData\Local\Temp\tmd_34016122.exe a variant of Win32/OpenCandy.A potentially unsafe application
C:\Users\Glenn\AppData\Local\Temp\tmp6073.exe a variant of Win32/OpenCandy.A potentially unsafe application
C:\Users\Glenn\AppData\Local\Temp\116582745.Uninstall\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application
C:\Users\Glenn\AppData\Local\Temp\116650293.Uninstall\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application
C:\Users\Glenn\AppData\Local\Temp\3172436.Uninstall\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application
C:\Users\Glenn\AppData\Local\Temp\3228799.Uninstall\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application
C:\Users\Glenn\AppData\Local\Temp\3239235.Uninstall\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application
C:\Users\Glenn\AppData\Local\Temp\38671087.Uninstall\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application
C:\Users\Glenn\AppData\Local\Temp\38711616.Uninstall\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application
C:\Users\Glenn\AppData\Local\Temp\38996069.Uninstall\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application
C:\Users\Glenn\AppData\Local\Temp\39064927.Uninstall\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application
C:\Users\Glenn\AppData\Local\Temp\4097038.Uninstall\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application
C:\Users\Glenn\AppData\Local\Temp\is-H8HQM.tmp\OptProCrash.dll a variant of Win32/SProtector.E potentially unwanted application
C:\Users\Glenn\AppData\Local\Temp\{ADD4D4FF-E957-4D1C-886E-86B011B1B503}\setup.exe multiple threats
C:\Users\Glenn\AppData\Roaming\serv\setup_fst_us.exe multiple threats
C:\Users\Glenn\Downloads\cbsidlm-cbsi213-Should_I_Remove_It-ORG-75834044.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Glenn\Downloads\cdbxp_setup_4.5.2.4478.exe Win32/OpenCandy potentially unsafe application
C:\Users\Glenn\Downloads\FreeYouTubeToiPhoneConverter.exe Win32/OpenCandy potentially unsafe application
C:\Users\Glenn\Downloads\FreeYouTubeToMP3Converter.exe a variant of Win32/OpenCandy.A potentially unsafe application
C:\Windows\Temp\UptUpdater.exe multiple threats

Looking forward to hearing back. You guys are lifesavers. Are you in Atlanta?
lildoggy is offline  
Old 08-21-2014, 09:26 AM   #12
TSF Enthusiast
 
DrDOS's Avatar
 
Join Date: Apr 2009
Location: Zionsville, IN 46077
Posts: 1,736
OS: Windows 8.1



lildoggy,

Appreciate the AdwCleaner[S1].txt log. If you still have it, please post the AdwCleaner[S0].txt log as well.

How are things running now?


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
If the tool needs to be updated, it will close momentarily and place the older version in a folder. The updated version will open, ready for use.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
DrDOS is offline  
Old 08-27-2014, 05:03 AM   #13
Registered Member
 
Join Date: Aug 2014
Posts: 12
OS: WIN 7 SP1



Thanks Drew and The Security Team,
My computer seems ok now. I've only tried a little browsing on it but not using anything with passwords, etc. yet. There are no re-directs to advertising or anything like that.
I am unable to find the file requested - AdwCleaner (SO).txt. Did I generate it and save it previously? Here are the reports generated by Farbar:
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:26-08-2014
Ran by Glenn (administrator) on GLENN-PC on 27-08-2014 07:49:17
Running from C:\Users\Glenn\Desktop
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Users\Glenn\AppData\Local\ArchiveFolderTrash\ArchiveFolderTrash.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(iSkySoft) C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Dell) C:\Users\Glenn\AppData\Local\Apps\2.0\NXRGNH7M.7ML\D5GD5ROT.CYT\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dropbox, Inc.) C:\Users\Glenn\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AcroBroker.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [1734144 2013-05-29] (iSkySoft)
HKLM\...\Run: [BrowserPlugInHelper] => C:\Program Files\iSkysoft\iTube Studio\BrowserPlugInHelper.exe [516496 2013-12-31] (Wondershare Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-2359424518-3751645422-1730470352-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2359424518-3751645422-1730470352-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2359424518-3751645422-1730470352-1000\...\Run: [AppleIEDAV] => C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-2359424518-3751645422-1730470352-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-2359424518-3751645422-1730470352-1000\...\Run: [DellSystemDetect] => C:\Users\Glenn\AppData\Local\Apps\2.0\NXRGNH7M.7ML\D5GD5ROT.CYT\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-05-08] (Dell)
Startup: C:\Users\Glenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Glenn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: http=127.0.0.1:20092
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD9C1E4B9ABD2CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - {598AB9BD-67D6-49FD-908D-B907531A5189} URL = https://www.google.com/search?q={searchTerms}
BHO: iSkysoft iTube Studio -> {0F789748-F853-4734-A187-A096F05306E5} -> C:\Program Files\iSkysoft\iTube Studio\SVRIEPlugin.dll (iSkysoft Software Co., Ltd.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} https://download.eset.com/special/eos/OnlineScanner.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 205.152.144.23 205.152.132.23
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-10-26]
FF HKLM\...\Firefox\Extensions: [{7F737E3E-993D-43AB-9109-90C4E82752CC}] - C:\Program Files\iSkysoft\iTube Studio\SVRFirefoxExt
FF Extension: iSkysoft iTube Studio - C:\Program Files\iSkysoft\iTube Studio\SVRFirefoxExt [2014-03-29]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-05-31]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSearchURL: Default -> {searchTerms} - Bing=
CHR DefaultSuggestURL: Default -> https://suggest.seccint.com/CSuggestJ...x={searchTerms}
CHR CustomProfile: C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (iSkysoft iTube Studio) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\afapmikcgbhfkecdhiokcgledjcpfbfd [2014-04-09]
CHR Extension: (Google Docs) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-30]
CHR Extension: (Google Drive) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-09]
CHR Extension: (YouTube) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-30]
CHR Extension: (Google Search) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-30]
CHR Extension: (Google Wallet) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-30]
CHR Extension: (Gmail) - C:\Users\Glenn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-30]
CHR HKLM\...\Chrome\Extension: [afapmikcgbhfkecdhiokcgledjcpfbfd] - C:\Program Files\iSkysoft\iTube Studio\SVRChromePlugin.crx [2014-03-29]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
R2 ArchiveFolderTrash.exe; C:\Users\Glenn\AppData\Local\ArchiveFolderTrash\ArchiveFolderTrash.exe [89125 2014-08-14] () [File not signed]
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [321776 2013-01-30] (Logitech, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S2 FunctionGammaOS.exe; C:\Users\Glenn\AppData\Local\FunctionGammaOS\FunctionGammaOS.exe [X]
S2 GUIImportInterpreter.exe; C:\Users\Glenn\AppData\Local\GUIImportInterpreter\GUIImportInterpreter.exe [X]
S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
R1 FileDisk; C:\Windows\system32\Drivers\FileDisk.sys [12928 2004-09-25] (Bo BrantÚn) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [807936 2009-09-15] (Ralink Technology Corp.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 RgFltX86; \??\C:\Users\Glenn\AppData\Local\FunctionGammaOS\RgFltX86.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-27 07:49 - 2014-08-27 07:49 - 00017505 _____ () C:\Users\Glenn\Desktop\FRST.txt
2014-08-27 07:47 - 2014-08-27 07:49 - 00000000 ____D () C:\FRST
2014-08-27 07:46 - 2014-08-27 07:46 - 01095168 _____ (Farbar) C:\Users\Glenn\Desktop\FRST.exe
2014-08-20 16:44 - 2014-08-20 16:44 - 00003373 _____ () C:\Users\Glenn\Desktop\ESET.txt
2014-08-20 15:22 - 2014-08-20 15:22 - 00000000 ____D () C:\Program Files\ESET
2014-08-20 14:32 - 2014-08-20 14:32 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-20 14:32 - 2014-08-20 14:32 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-20 14:32 - 2014-08-20 14:32 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-20 14:32 - 2014-08-20 14:32 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-20 14:32 - 2014-08-20 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-20 14:32 - 2014-08-20 14:32 - 00000000 ____D () C:\Program Files\Java
2014-08-20 14:32 - 2014-08-20 14:32 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-20 14:02 - 2014-08-20 14:01 - 00004148 _____ () C:\Users\Glenn\ipconfig.all.txt
2014-08-20 13:39 - 2014-08-20 13:58 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-20 13:39 - 2014-08-20 13:39 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-20 13:39 - 2014-08-20 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-20 13:39 - 2014-08-20 13:39 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-20 13:39 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-20 13:39 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-20 13:39 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-20 13:34 - 2014-08-20 13:35 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Glenn\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-20 13:28 - 2014-08-20 13:28 - 00003178 _____ () C:\Users\Glenn\Desktop\AdwCleaner[S1].txt august20.txt
2014-08-20 13:15 - 2014-08-20 13:14 - 01361671 _____ () C:\Users\Glenn\Desktop\adwcleaner_3.307.exe
2014-08-20 13:14 - 2014-08-20 13:14 - 01361671 _____ () C:\Users\Glenn\Downloads\adwcleaner_3.307.exe
2014-08-16 03:07 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 03:07 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-16 03:07 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 03:07 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 16:19 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 16:19 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 16:19 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 16:19 - 2014-07-25 09:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 16:19 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 16:19 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 16:19 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 16:19 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 16:19 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 16:19 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 16:19 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 16:19 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 16:19 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 16:19 - 2014-07-25 08:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 16:19 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 16:19 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 16:19 - 2014-07-25 07:59 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 16:19 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 16:19 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 16:19 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 16:19 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 16:19 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 16:19 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 16:19 - 2014-07-25 07:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 16:19 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 16:19 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 16:19 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 16:19 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 16:19 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 16:19 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 16:19 - 2014-07-13 21:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 16:19 - 2014-06-15 21:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 16:19 - 2014-06-15 21:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-15 16:19 - 2014-06-15 21:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-15 16:18 - 2014-08-06 21:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 16:18 - 2014-08-06 21:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 16:18 - 2014-07-15 22:47 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-15 16:18 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 16:18 - 2014-07-15 21:47 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-15 16:18 - 2014-06-03 05:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 16:18 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 16:18 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 16:18 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 16:17 - 2014-07-08 21:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-15 16:17 - 2014-07-08 21:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-15 16:17 - 2014-07-08 21:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-15 16:17 - 2014-07-08 21:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-15 16:17 - 2014-07-08 21:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-15 16:17 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-15 16:17 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 07:12 - 2014-08-20 13:53 - 00000000 ____D () C:\Users\Glenn\AppData\Local\ArchiveFolderTrash
2014-08-09 10:25 - 2014-08-09 10:28 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin
2014-08-09 10:21 - 2014-08-09 10:22 - 00699016 _____ (CNET Download.com) C:\Users\Glenn\Downloads\cbsidlm-cbsi213-Should_I_Remove_It-ORG-75834044.exe
2014-08-08 13:17 - 2014-08-08 13:17 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-08 13:17 - 2014-08-08 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-08 13:17 - 2014-08-08 13:17 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-08 13:17 - 2014-08-08 13:17 - 00000000 ____D () C:\Program Files\iTunes
2014-08-08 13:17 - 2014-08-08 13:17 - 00000000 ____D () C:\Program Files\iPod
2014-08-06 11:25 - 2014-08-06 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-06 11:24 - 2014-08-06 11:24 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-06 10:23 - 2014-08-06 10:23 - 00093948 _____ () C:\Users\Glenn\Desktop\How to Build a Pergola - DIY Building a Pergola - Popular Mechanics.htm
2014-08-06 10:23 - 2014-08-06 10:23 - 00000000 ____D () C:\Users\Glenn\Desktop\How to Build a Pergola - DIY Building a Pergola - Popular Mechanics_files
2014-08-05 08:59 - 2014-08-05 08:59 - 00000000 ____D () C:\Users\Glenn\Desktop\New folder
2014-08-04 06:18 - 2014-08-04 06:36 - 00000000 ____D () C:\Users\Glenn\AppData\Local\Adobe
2014-08-01 11:43 - 2014-08-01 11:43 - 00004500 _____ () C:\Users\Glenn\Desktop\ark.zip
2014-08-01 11:42 - 2014-08-01 11:44 - 00007912 _____ () C:\Users\Glenn\Desktop\attach (3).zip
2014-08-01 11:42 - 2014-08-01 11:42 - 00003322 _____ () C:\Users\Glenn\Desktop\attach (2).zip
2014-08-01 11:41 - 2014-08-01 11:41 - 00003322 _____ () C:\Users\Glenn\Desktop\attach.zip
2014-08-01 11:17 - 2014-08-01 11:17 - 00003578 _____ () C:\Users\Glenn\Desktop\ark.txt
2014-08-01 10:46 - 2014-08-01 10:46 - 00370943 _____ () C:\Users\Glenn\Desktop\gmer.zip
2014-08-01 10:42 - 2014-08-01 10:42 - 00018102 _____ () C:\Users\Glenn\Desktop\dds.txt
2014-08-01 10:42 - 2014-08-01 10:42 - 00010406 _____ () C:\Users\Glenn\Desktop\attach.txt
2014-08-01 10:35 - 2014-08-01 10:35 - 00145320 _____ () C:\Windows\Minidump\080114-23306-01.dmp
2014-08-01 10:21 - 2014-08-01 10:21 - 00688992 ____R (Swearware) C:\Users\Glenn\Desktop\dds.scr
2014-08-01 06:30 - 2014-08-01 06:30 - 00152106 _____ () C:\Users\Glenn\Desktop\You cannot print and you receive the error message Spooler subsystem app has encountered a problem and needs to close.htm
2014-08-01 06:30 - 2014-08-01 06:30 - 00000000 ____D () C:\Users\Glenn\Desktop\You cannot print and you receive the error message Spooler subsystem app has encountered a problem and needs to close_files
2014-07-31 10:19 - 2014-07-31 10:19 - 00002276 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-07-31 10:17 - 2014-07-31 10:18 - 29527272 _____ (DVDVideoSoft Ltd. ) C:\Users\Glenn\Downloads\FreeYouTubeToMP3Converter.exe
2014-07-31 10:15 - 2014-07-31 10:16 - 31023432 _____ (DVDVideoSoft Ltd. ) C:\Users\Glenn\Downloads\FreeStudio.exe.ouds1mp.partial
2014-07-31 03:08 - 2014-05-14 12:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 03:08 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 03:08 - 2014-05-14 12:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 03:08 - 2014-05-14 12:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 03:08 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 03:08 - 2014-05-14 12:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 03:08 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 03:07 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 03:07 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-30 21:41 - 2014-07-30 21:50 - 00000000 ____D () C:\Users\Glenn\Documents\Fax
2014-07-30 04:39 - 2014-07-30 04:39 - 00000000 ____D () C:\Users\Glenn\Desktop\Chameleon
2014-07-30 04:38 - 2014-07-30 04:38 - 04872677 _____ () C:\Users\Glenn\Downloads\mbam-chameleon-3.1.4.0.zip
2014-07-29 10:20 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-29 10:19 - 2014-08-20 13:24 - 00000000 ____D () C:\AdwCleaner
2014-07-29 09:33 - 2014-07-29 09:33 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-29 09:30 - 2014-07-31 11:12 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP
2014-07-29 09:30 - 2014-07-29 09:30 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-07-29 09:26 - 2014-07-29 21:46 - 01365551 _____ () C:\Users\Glenn\Downloads\adwcleaner_3.301.exe
2014-07-29 09:24 - 2014-07-29 09:26 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Glenn\Downloads\SpyHunter-Installer.exe
2014-07-29 09:17 - 2014-07-29 09:17 - 02642617 _____ () C:\Users\Glenn\Desktop\Delta - Book a flight_do.mht
2014-07-28 07:24 - 2014-07-28 07:25 - 28694720 _____ (Microsoft Corporation) C:\Users\Glenn\Downloads\Windows-KB890830-V5.14 (1).exe
2014-07-28 07:24 - 2014-07-28 07:25 - 27959936 _____ (Microsoft Corporation) C:\Users\Glenn\Downloads\Windows-KB890830-V5.14.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-27 07:49 - 2014-08-27 07:49 - 00017505 _____ () C:\Users\Glenn\Desktop\FRST.txt
2014-08-27 07:49 - 2014-08-27 07:47 - 00000000 ____D () C:\FRST
2014-08-27 07:46 - 2014-08-27 07:46 - 01095168 _____ (Farbar) C:\Users\Glenn\Desktop\FRST.exe
2014-08-27 07:39 - 2013-12-30 07:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-27 07:01 - 2014-01-30 13:08 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-27 05:07 - 2013-10-26 22:58 - 01252398 _____ () C:\Windows\WindowsUpdate.log
2014-08-26 19:01 - 2014-01-30 13:08 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-23 09:28 - 2009-07-14 00:34 - 00027168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-23 09:28 - 2009-07-14 00:34 - 00027168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-22 08:41 - 2009-07-14 00:39 - 00054036 _____ () C:\Windows\setupact.log
2014-08-21 04:42 - 2010-11-20 17:01 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-21 04:38 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-20 16:44 - 2014-08-20 16:44 - 00003373 _____ () C:\Users\Glenn\Desktop\ESET.txt
2014-08-20 15:22 - 2014-08-20 15:22 - 00000000 ____D () C:\Program Files\ESET
2014-08-20 14:44 - 2014-05-13 06:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-20 14:32 - 2014-08-20 14:32 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-20 14:32 - 2014-08-20 14:32 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-20 14:32 - 2014-08-20 14:32 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-20 14:32 - 2014-08-20 14:32 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-20 14:32 - 2014-08-20 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-20 14:32 - 2014-08-20 14:32 - 00000000 ____D () C:\Program Files\Java
2014-08-20 14:32 - 2014-08-20 14:32 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-20 14:17 - 2013-11-28 16:53 - 00001017 _____ () C:\Users\Glenn\Desktop\Dropbox.lnk
2014-08-20 14:17 - 2013-11-28 16:53 - 00000000 ___RD () C:\Users\Glenn\Dropbox
2014-08-20 14:17 - 2013-11-28 16:51 - 00000000 ____D () C:\Users\Glenn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-20 14:17 - 2013-11-28 16:50 - 00000000 ____D () C:\Users\Glenn\AppData\Roaming\Dropbox
2014-08-20 14:02 - 2013-10-26 20:08 - 00000000 ____D () C:\Users\Glenn
2014-08-20 14:01 - 2014-08-20 14:02 - 00004148 _____ () C:\Users\Glenn\ipconfig.all.txt
2014-08-20 13:58 - 2014-08-20 13:39 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-20 13:56 - 2014-06-09 10:11 - 00000000 ___RD () C:\Users\Glenn\Google Drive
2014-08-20 13:54 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-20 13:54 - 2009-07-14 00:33 - 00409120 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-20 13:53 - 2014-08-14 07:12 - 00000000 ____D () C:\Users\Glenn\AppData\Local\ArchiveFolderTrash
2014-08-20 13:53 - 2014-07-25 21:52 - 00000000 ____D () C:\Windows\system32\ContextualProgramSDK
2014-08-20 13:53 - 2010-11-20 17:48 - 00112368 _____ () C:\Windows\PFRO.log
2014-08-20 13:39 - 2014-08-20 13:39 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-20 13:39 - 2014-08-20 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-20 13:39 - 2014-08-20 13:39 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-20 13:35 - 2014-08-20 13:34 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Glenn\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-20 13:28 - 2014-08-20 13:28 - 00003178 _____ () C:\Users\Glenn\Desktop\AdwCleaner[S1].txt august20.txt
2014-08-20 13:24 - 2014-07-29 10:19 - 00000000 ____D () C:\AdwCleaner
2014-08-20 13:14 - 2014-08-20 13:15 - 01361671 _____ () C:\Users\Glenn\Desktop\adwcleaner_3.307.exe
2014-08-20 13:14 - 2014-08-20 13:14 - 01361671 _____ () C:\Users\Glenn\Downloads\adwcleaner_3.307.exe
2014-08-19 06:05 - 2014-06-09 10:09 - 00002000 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-08-19 06:05 - 2014-06-09 10:09 - 00001998 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-08-19 06:05 - 2014-06-09 10:09 - 00001988 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-08-19 06:05 - 2014-06-09 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-16 10:57 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-08-16 07:52 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-16 03:36 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-16 03:20 - 2013-10-26 20:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-16 03:19 - 2013-10-26 21:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-16 03:12 - 2013-10-26 21:31 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 05:28 - 2014-01-30 13:09 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-10 05:16 - 2014-07-25 21:50 - 00000000 ____D () C:\Users\Glenn\AppData\Roaming\device
2014-08-09 10:28 - 2014-08-09 10:25 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin
2014-08-09 10:22 - 2014-08-09 10:21 - 00699016 _____ (CNET Download.com) C:\Users\Glenn\Downloads\cbsidlm-cbsi213-Should_I_Remove_It-ORG-75834044.exe
2014-08-08 13:17 - 2014-08-08 13:17 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-08 13:17 - 2014-08-08 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-08 13:17 - 2014-08-08 13:17 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-08 13:17 - 2014-08-08 13:17 - 00000000 ____D () C:\Program Files\iTunes
2014-08-08 13:17 - 2014-08-08 13:17 - 00000000 ____D () C:\Program Files\iPod
2014-08-08 13:17 - 2014-01-13 08:08 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-06 21:43 - 2014-08-15 16:18 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 21:39 - 2014-08-15 16:18 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 11:25 - 2014-08-06 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-06 11:24 - 2014-08-06 11:24 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-06 10:23 - 2014-08-06 10:23 - 00093948 _____ () C:\Users\Glenn\Desktop\How to Build a Pergola - DIY Building a Pergola - Popular Mechanics.htm
2014-08-06 10:23 - 2014-08-06 10:23 - 00000000 ____D () C:\Users\Glenn\Desktop\How to Build a Pergola - DIY Building a Pergola - Popular Mechanics_files
2014-08-05 09:44 - 2014-07-14 08:37 - 00000000 ____D () C:\Users\Glenn\Desktop\apartments
2014-08-05 08:59 - 2014-08-05 08:59 - 00000000 ____D () C:\Users\Glenn\Desktop\New folder
2014-08-04 06:36 - 2014-08-04 06:18 - 00000000 ____D () C:\Users\Glenn\AppData\Local\Adobe
2014-08-04 06:17 - 2013-12-30 07:20 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-04 06:17 - 2013-12-30 07:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-01 11:44 - 2014-08-01 11:42 - 00007912 _____ () C:\Users\Glenn\Desktop\attach (3).zip
2014-08-01 11:43 - 2014-08-01 11:43 - 00004500 _____ () C:\Users\Glenn\Desktop\ark.zip
2014-08-01 11:42 - 2014-08-01 11:42 - 00003322 _____ () C:\Users\Glenn\Desktop\attach (2).zip
2014-08-01 11:41 - 2014-08-01 11:41 - 00003322 _____ () C:\Users\Glenn\Desktop\attach.zip
2014-08-01 11:17 - 2014-08-01 11:17 - 00003578 _____ () C:\Users\Glenn\Desktop\ark.txt
2014-08-01 10:46 - 2014-08-01 10:46 - 00370943 _____ () C:\Users\Glenn\Desktop\gmer.zip
2014-08-01 10:42 - 2014-08-01 10:42 - 00018102 _____ () C:\Users\Glenn\Desktop\dds.txt
2014-08-01 10:42 - 2014-08-01 10:42 - 00010406 _____ () C:\Users\Glenn\Desktop\attach.txt
2014-08-01 10:35 - 2014-08-01 10:35 - 00145320 _____ () C:\Windows\Minidump\080114-23306-01.dmp
2014-08-01 10:35 - 2014-07-22 13:49 - 356101446 _____ () C:\Windows\MEMORY.DMP
2014-08-01 10:35 - 2014-07-22 13:49 - 00000000 ____D () C:\Windows\Minidump
2014-08-01 10:21 - 2014-08-01 10:21 - 00688992 ____R (Swearware) C:\Users\Glenn\Desktop\dds.scr
2014-08-01 06:30 - 2014-08-01 06:30 - 00152106 _____ () C:\Users\Glenn\Desktop\You cannot print and you receive the error message Spooler subsystem app has encountered a problem and needs to close.htm
2014-08-01 06:30 - 2014-08-01 06:30 - 00000000 ____D () C:\Users\Glenn\Desktop\You cannot print and you receive the error message Spooler subsystem app has encountered a problem and needs to close_files
2014-07-31 19:16 - 2014-08-15 16:19 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 12:22 - 2014-01-13 09:15 - 00000000 ____D () C:\Users\Glenn\AppData\Local\078AA535-9CC7-4C7A-9A74-E61419438673.aplzod
2014-07-31 11:12 - 2014-07-29 09:30 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP
2014-07-31 10:20 - 2014-05-31 10:26 - 00000000 ____D () C:\Users\Glenn\AppData\Roaming\DVDVideoSoft
2014-07-31 10:19 - 2014-07-31 10:19 - 00002276 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-07-31 10:19 - 2014-05-31 10:29 - 00001201 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-07-31 10:19 - 2014-05-31 10:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-31 10:19 - 2014-05-31 10:28 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-07-31 10:19 - 2014-05-31 10:28 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-07-31 10:18 - 2014-07-31 10:17 - 29527272 _____ (DVDVideoSoft Ltd. ) C:\Users\Glenn\Downloads\FreeYouTubeToMP3Converter.exe
2014-07-31 10:16 - 2014-07-31 10:15 - 31023432 _____ (DVDVideoSoft Ltd. ) C:\Users\Glenn\Downloads\FreeStudio.exe.ouds1mp.partial
2014-07-31 10:02 - 2014-05-31 10:29 - 00002312 _____ () C:\Users\Public\Desktop\Free YouTube to iPhone Converter.lnk
2014-07-30 21:50 - 2014-07-30 21:41 - 00000000 ____D () C:\Users\Glenn\Documents\Fax
2014-07-30 21:41 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-07-30 04:39 - 2014-07-30 04:39 - 00000000 ____D () C:\Users\Glenn\Desktop\Chameleon
2014-07-30 04:38 - 2014-07-30 04:38 - 04872677 _____ () C:\Users\Glenn\Downloads\mbam-chameleon-3.1.4.0.zip
2014-07-29 21:46 - 2014-07-29 09:26 - 01365551 _____ () C:\Users\Glenn\Downloads\adwcleaner_3.301.exe
2014-07-29 09:33 - 2014-07-29 09:33 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-29 09:30 - 2014-07-29 09:30 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-07-29 09:26 - 2014-07-29 09:24 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Glenn\Downloads\SpyHunter-Installer.exe
2014-07-29 09:17 - 2014-07-29 09:17 - 02642617 _____ () C:\Users\Glenn\Desktop\Delta - Book a flight_do.mht
2014-07-28 07:25 - 2014-07-28 07:24 - 28694720 _____ (Microsoft Corporation) C:\Users\Glenn\Downloads\Windows-KB890830-V5.14 (1).exe
2014-07-28 07:25 - 2014-07-28 07:24 - 27959936 _____ (Microsoft Corporation) C:\Users\Glenn\Downloads\Windows-KB890830-V5.14.exe
Some content of TEMP:
====================
C:\Users\Glenn\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4unadr.dll
C:\Users\Glenn\AppData\Local\Temp\oi_{AD76F6F7-0054-47A4-9418-A648033F322E}.exe
C:\Users\Glenn\AppData\Local\Temp\SHSetup.exe
C:\Users\Glenn\AppData\Local\Temp\SpOrder.dll
C:\Users\Glenn\AppData\Local\Temp\tmd_34015554.exe
C:\Users\Glenn\AppData\Local\Temp\tmd_34016122.exe
C:\Users\Glenn\AppData\Local\Temp\tmp6073.exe

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-20 18:33
==================== End Of Log ============================

Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x86) Version:26-08-2014
Ran by Glenn at 2014-08-27 07:50:33
Running from C:\Users\Glenn\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat X Pro (HKLM\...\{AC76BA86-1033-0000-7760-000000000005}) (Version: 10.1.10 - Adobe Systems)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avery Wizard 5.0 (HKLM\...\{D43E122B-C053-4545-999A-2219BF8F6422}) (Version: 5.0.3 - Avery)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
COTM App by We-Care.com v4.1.29.2 (HKLM\...\{18753869-2CAE-44DD-B98A-0A8AC24B0D57}) (Version: 4.1.29.2 - We-Care.com)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version: - Microsoft)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
eDealsPop version 1.0 (HKLM\...\eDealsPop_is1) (Version: 1.0 - eDealsPop)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
Free YouTube to iPhone Converter version 2.12.42.716 (HKLM\...\Free YouTube to iPhone Converter_is1) (Version: 2.12.42.716 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.42.716 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.42.716 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
iSkysoft iTube Studio(Build 3.8.0.3) (HKLM\...\iSkysoft iTube Studio_is1) (Version: 3.8.0.3 - iSkysoft Software)
iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
Photo Gallery (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
Windows Live Communications Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2359424518-3751645422-1730470352-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Glenn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2359424518-3751645422-1730470352-1000_Classes\CLSID\{0207CA76-8233-4478-9A40-607AC304C435}\InprocServer32 -> C:\Users\Glenn\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-2359424518-3751645422-1730470352-1000_Classes\CLSID\{2BB2DE4F-FCDF-46F2-9723-5B1959E1BDE0}\InprocServer32 -> C:\Users\Glenn\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-2359424518-3751645422-1730470352-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Glenn\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2359424518-3751645422-1730470352-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Glenn\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2359424518-3751645422-1730470352-1000_Classes\CLSID\{95775FC2-FFFA-4432-A4BC-352AB1A84581}\InprocServer32 -> C:\Users\Glenn\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-2359424518-3751645422-1730470352-1000_Classes\CLSID\{990D9B6F-6621-11D9-AD6A-000C29B1E318}\InprocServer32 -> C:\Users\Glenn\AppData\Roaming\Avery\Avery Wizard 5.0\AveryOAd.dll (Avery Dennison Corporation. Envel Informationssysteme GmbH.)
CustomCLSID: HKU\S-1-5-21-2359424518-3751645422-1730470352-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Glenn\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2359424518-3751645422-1730470352-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Glenn\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2359424518-3751645422-1730470352-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Glenn\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2359424518-3751645422-1730470352-1000_Classes\CLSID\{BE892433-7479-4231-AB95-A313BDA3D409}\InprocServer32 -> C:\Users\Glenn\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-2359424518-3751645422-1730470352-1000_Classes\CLSID\{D0E9EEAE-9AC7-4204-BA07-B72DD6077E82}\InprocServer32 -> C:\Users\Glenn\AppData\Roaming\Avery\Avery Wizard 5.0\AvWizRes.dll (Avery Products Corporation. Envel Informationssysteme GmbH.)
CustomCLSID: HKU\S-1-5-21-2359424518-3751645422-1730470352-1000_Classes\CLSID\{D2776BCC-5F09-4068-B4E2-7EE1202F95CF}\InprocServer32 -> C:\Users\Glenn\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-2359424518-3751645422-1730470352-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Glenn\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2359424518-3751645422-1730470352-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Glenn\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2359424518-3751645422-1730470352-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Glenn\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2359424518-3751645422-1730470352-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Glenn\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2359424518-3751645422-1730470352-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Glenn\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2359424518-3751645422-1730470352-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Glenn\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2359424518-3751645422-1730470352-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Glenn\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2359424518-3751645422-1730470352-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Glenn\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2359424518-3751645422-1730470352-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Glenn\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2359424518-3751645422-1730470352-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Glenn\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
09-08-2014 14:24:22 Installed Should I Remove It
09-08-2014 14:27:42 Removed Should I Remove It
09-08-2014 21:49:28 Windows Update
11-08-2014 00:55:43 Windows Backup
13-08-2014 01:46:26 Windows Update
16-08-2014 07:00:34 Windows Update
17-08-2014 23:00:05 Windows Backup
19-08-2014 11:35:33 Windows Update
20-08-2014 18:21:34 Removed Java 7 Update 55
20-08-2014 18:31:59 Installed Java 7 Update 67
23-08-2014 06:23:22 Windows Update
24-08-2014 23:00:07 Windows Backup
27-08-2014 06:22:03 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1680F13D-2E7E-4EA0-BA84-CDDB2B0F7C98} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5728CBE4-800A-4613-A04E-C2F26F3B62AA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-04] (Adobe Systems Incorporated)
Task: {89030B45-1E01-4DEA-A0B7-0FC4CCCF145D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {AF908667-3ABD-4416-A626-8A20C55B520B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-30] (Google Inc.)
Task: {ED13801A-45DC-46EF-83F3-73BE26CF9FCF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-30] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-14 07:12 - 2014-08-14 07:12 - 00089125 _____ () C:\Users\Glenn\AppData\Local\ArchiveFolderTrash\ArchiveFolderTrash.exe
2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2014-08-20 14:17 - 2014-08-20 14:17 - 00043008 _____ () c:\users\glenn\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4unadr.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Glenn\AppData\Roaming\Dropbox\bin\libcef.dll
2014-05-08 07:22 - 2014-05-08 07:22 - 00305520 _____ () C:\Program Files\Adobe\Acrobat 10.0\Acrobat\sqlite.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-01-20 14:16 - 2014-01-20 14:16 - 00237384 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Glenn\Desktop\Video Apr 27, 12 29 17 PM.mov:com.dropbox.attributes
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============
Name: MpKslc74624ae
Description: MpKslc74624ae
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKslc74624ae
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================
Application errors:
==================
Error: (08/24/2014 06:21:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1342015
Error: (08/24/2014 06:21:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1342015
Error: (08/24/2014 06:21:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/24/2014 06:21:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1341016
Error: (08/24/2014 06:21:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1341016
Error: (08/24/2014 06:21:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/24/2014 06:21:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1340018
Error: (08/24/2014 06:21:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1340018
Error: (08/24/2014 06:21:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/24/2014 06:21:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1339019

System errors:
=============
Error: (08/26/2014 02:32:14 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.101.
The computer with the IP address 192.168.1.103 did not allow the name to be claimed by
this computer.
Error: (08/25/2014 02:20:06 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.183.359.0
Update Source: %NT AUTHORITY59
Update Stage: 4.5.0216.00
Source Path: 4.5.0216.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (08/24/2014 10:27:57 AM) (Source: DCOM) (EventID: 10016) (User: Glenn-PC)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Glenn-PCGlennS-1-5-21-2359424518-3751645422-1730470352-1000LocalHost (Using LRPC)
Error: (08/21/2014 04:20:52 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{6A8FCDBE-A446-4159-B625-6ED187B71151} because another computer on the network has the same name. The server could not start.
Error: (08/21/2014 03:24:28 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.181.195.0
Update Source: %NT AUTHORITY59
Update Stage: 4.5.0216.00
Source Path: 4.5.0216.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (08/20/2014 01:55:33 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The ArchiveFolderTrash.exe service hung on starting.
Error: (08/20/2014 01:54:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GUIImportInterpreter.exe service failed to start due to the following error:
%%2
Error: (08/20/2014 01:54:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The FunctionGammaOS.exe service failed to start due to the following error:
%%2
Error: (08/20/2014 01:54:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SpyHunter 4 Service service failed to start due to the following error:
%%2
Error: (08/20/2014 01:52:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Microsoft Office Sessions:
=========================
Error: (08/24/2014 06:21:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1342015
Error: (08/24/2014 06:21:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1342015
Error: (08/24/2014 06:21:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/24/2014 06:21:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1341016
Error: (08/24/2014 06:21:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1341016
Error: (08/24/2014 06:21:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/24/2014 06:21:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1340018
Error: (08/24/2014 06:21:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1340018
Error: (08/24/2014 06:21:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/24/2014 06:21:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1339019

==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 55%
Total physical RAM: 3317.18 MB
Available physical RAM: 1464.42 MB
Total Pagefile: 6813.23 MB
Available Pagefile: 2169.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.5 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:596.07 GB) (Free:537.68 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: CDE6CDE6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
lildoggy is offline  
Old 08-28-2014, 11:47 AM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, lildoggy.

Please uninstall the following via Start->(or Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

eDealsPop<<Please read this

Don't follow the prompt to download SpyHunter.

Please delete the following Folder if it still exists:

C:\Program Files\eDealsPop

------------------------------------------------------

Also, carefully follow all the instructions here for uninstalling Trovi from Chrome:

Uninstall

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST.exe

    NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    C:\Users\Glenn\AppData\Local\ArchiveFolderTrash\ArchiveFolderTrash.exe
    C:\Users\Glenn\AppData\Roaming\serv\setup_fst_us.exe
    C:\Users\Glenn\Downloads\cbsidlm-cbsi213-Should_I_Remove_It-ORG-75834044.exe
    C:\Users\Glenn\Downloads\cdbxp_setup_4.5.2.4478.ex
    C:\Users\Glenn\Downloads\FreeYouTubeToiPhoneConverter.exe
    C:\Users\Glenn\Downloads\FreeYouTubeToMP3Converter.exe
    C:\Windows\Temp\UptUpdater.exe
    HKLM\...\Run: [] => [X]
    ProxyServer: http=127.0.0.1:20092
    S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [X]
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    2014-07-29 09:33 - 2014-07-29 09:33 - 00000000 ____D () C:\Program Files\Enigma Software Group
    2014-07-29 09:30 - 2014-07-31 11:12 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP
    2014-07-29 09:30 - 2014-07-29 09:30 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
    2014-07-29 09:26 - 2014-07-29 09:24 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Glenn\Downloads\SpyHunter-Installer.exe
    EmptyTemp:
    end
  • Double-click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-03-2014, 04:49 AM   #15
Registered Member
 
Join Date: Aug 2014
Posts: 12
OS: WIN 7 SP1



"Save it as fixlist.txt next to FRST.exe

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work."

Good morning Chemist, hope you had a nice Labor Day holiday.
I just want to be sure I understand you directions here. When you say save fixlist.txt next to FRST.exe and that they must be in the same location does this mean that they should be side by side on my desktop?

The next to direction sounds simple unless there's something you do I'm not familiar with to do this. I do understand the notepad direction for copying the code you provided. But do you mean just placing that next to the existing FRST.exe existing on my desktop already? As in just side by side?
Thanks much, lildoggy
lildoggy is offline  
Old 09-03-2014, 09:47 AM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, lildoggy. You're very welcome. While I understand real life is most important, it's difficult to work on your issue with your replies so far apart. It also keeps me from helping others, as I don't take on an unlimited number of threads at one time. Please try to be more prompt in your replies, so we can resolve this issue in a more rapid fashion. Thanks.

------------------------------------------------------

It's only necessary that both fixlist.txt and FRST.exe be in the same folder or both on the desktop. They don't have to literally be next to one another.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-03-2014, 10:57 AM   #17
Registered Member
 
Join Date: Aug 2014
Posts: 12
OS: WIN 7 SP1



Thanks Chemist, yes, I'm guilty of being tardy. I should have explained that I must travel for work. Excuses aside, we'll get this done in a more timely fashion on my end.
The fix was run and this log created, however, Windows said the program had a problem and needed to close. That was after I saw the log appear.
Fixlog.txt:
*****************
start
C:\Users\Glenn\AppData\Local\ArchiveFolderTrash\ArchiveFolderTrash.exe
C:\Users\Glenn\AppData\Roaming\serv\setup_fst_us.exe
C:\Users\Glenn\Downloads\cbsidlm-cbsi213-Should_I_Remove_It-ORG-75834044.exe
C:\Users\Glenn\Downloads\cdbxp_setup_4.5.2.4478.ex
C:\Users\Glenn\Downloads\FreeYouTubeToiPhoneConverter.exe
C:\Users\Glenn\Downloads\FreeYouTubeToMP3Converter.exe
C:\Windows\Temp\UptUpdater.exe
HKLM\...\Run: [] => [X]
ProxyServer: http=127.0.0.1:20092
S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
2014-07-29 09:33 - 2014-07-29 09:33 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-29 09:30 - 2014-07-31 11:12 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP
2014-07-29 09:30 - 2014-07-29 09:30 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-07-29 09:26 - 2014-07-29 09:24 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Glenn\Downloads\SpyHunter-Installer.exe
EmptyTemp:
end
*****************
C:\Users\Glenn\AppData\Local\ArchiveFolderTrash\ArchiveFolderTrash.exe => Moved successfully.
C:\Users\Glenn\AppData\Roaming\serv\setup_fst_us.exe => Moved successfully.
C:\Users\Glenn\Downloads\cbsidlm-cbsi213-Should_I_Remove_It-ORG-75834044.exe => Moved successfully.
"C:\Users\Glenn\Downloads\cdbxp_setup_4.5.2.4478.ex" => File/Directory not found.
C:\Users\Glenn\Downloads\FreeYouTubeToiPhoneConverter.exe => Moved successfully.
C:\Users\Glenn\Downloads\FreeYouTubeToMP3Converter.exe => Moved successfully.
C:\Windows\Temp\UptUpdater.exe => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
SpyHunter 4 Service => Service deleted successfully.
esgiguard => Service deleted successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
C:\Windows\455F074C814E4520B69B5584BD90400C.TMP => Moved successfully.
C:\Program Files\Common Files\Wise Installation Wizard => Moved successfully.
C:\Users\Glenn\Downloads\SpyHunter-Installer.exe => Moved successfully.
lildoggy is offline  
Old 09-03-2014, 11:13 AM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, lildoggy. You're very welcome. How is the machine behaving?

Let me know and I will give you some final instructions.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 09-03-2014, 10:21 PM   #19
Registered Member
 
Join Date: Aug 2014
Posts: 12
OS: WIN 7 SP1



Chemist,
I'd say everything is running smoothly. I've only browsed a bit, not opening my email but just web surfing. No re-directs, its fast and I wouldn't suspect a problem if there were any.
lildoggy is offline  
Old 09-03-2014, 10:27 PM   #20
Registered Member
 
Join Date: Aug 2014
Posts: 12
OS: WIN 7 SP1



Chemist, I'll add that I think I know how I caused the issue. I'd found a program that d/l's you tube videos changing them to mp4's to play on my Ipod. One day it said d/l this new program and I did. The other was working fine and I don't know why I blindly followed the direction to do that. But seeing it mentioned in the logs jogged my memory about that.
lildoggy is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Virus? Ads and crashing
I think I followed the instructions on this. Problem description: My computer will randomly start playing ads or things that sound like talkshows when nothing is open, and is running much slower than normal. It will also randomly shut itself off, which leads to error messages and it asking me if I...
jmcconnell0801 Resolved HJT Threads 41 09-24-2012 05:05 PM
Search engine results redirecting to non-related site
Reposted since I accidently marked the last post Resolved I'm having issues with IE and Foxfire when clicking on result whereby it is redirected to non-related site. Here is the thread: ComboFix 11-07-15.01 - smarella 07/15/2011 13:11:28.1.1 - x64 Microsoft Windows 7 Home Premium ...
smar3 Resolved HJT Threads 1 07-15-2011 01:02 PM
OTL Tutorial
Written by emeraldnzl and reposted here with permission and thanks. Introduction Regularly check your canned. Make sure it is up to date with changes (this tool is updated frequently) and that you have the correct download link. The correct ones for the latest version at time of writing are...
tetonbob The Annex 4 06-07-2010 08:29 AM
HJT log+strange google search results
Hello, Today my google search started to act up and only displays ad results. Could someone please help me resolve the problem? Here is my report: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:37:05 PM, on 11/8/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet...
Kitzhof Resolved HJT Threads 21 11-16-2008 07:41 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:03 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts