Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91862 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

After malware attack, Internet Explorer will not work.


  • This topic is locked This topic is locked
21 replies to this topic

#1 baldingeagle

baldingeagle

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 02 February 2014 - 02:17 PM

Hello.

 

A month or two ago,   my computer picked up some kind of spyware/malware and caused all kinds of problems at the time.    I used Malwarebytes and Avira to get rid of the most serious  problems,   but Internet Explorer has not worked since then.   I have been using Mozilla Firefox as my browser.    Every once in a while,   I will notice some minor problems with my computer so I have to believe that my computer is still being affected by the remnants of whatever malware got into my system.   I would really like to get IE back as well.   It will not load the homepage or any page.  

 

Thanks

 

Here is the OTL scan.

 

OTL logfile created on: 2/3/2014 1:10:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ken\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.98 Gb Total Physical Memory | 13.27 Gb Available Physical Memory | 83.08% Memory free
31.95 Gb Paging File | 28.62 Gb Available in Paging File | 89.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.24 Gb Total Space | 30.03 Gb Free Space | 25.18% Space Free | Partition Type: NTFS
Drive L: | 931.51 Gb Total Space | 860.47 Gb Free Space | 92.37% Space Free | Partition Type: NTFS
 
Computer Name: KEN-PC | User Name: Ken | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/02/03 13:10:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
PRC - [2014/01/28 18:59:18 | 001,863,048 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
PRC - [2014/01/02 18:32:12 | 033,508,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ken\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/21 21:21:56 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/12/21 21:21:19 | 001,032,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
PRC - [2013/12/21 21:21:13 | 000,684,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/11/26 13:16:36 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/09/20 14:12:52 | 009,837,056 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
PRC - [2013/09/20 14:12:52 | 009,828,864 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
PRC - [2013/09/20 14:12:52 | 000,103,936 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
PRC - [2013/02/01 12:22:34 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/09/25 23:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/02/03 09:37:40 | 000,041,984 | ---- | M] () -- c:\Users\Ken\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_od2kh.dll
MOD - [2014/01/28 18:59:18 | 016,287,624 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
MOD - [2013/12/17 20:25:54 | 003,610,624 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 17:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/09/20 13:50:06 | 000,988,160 | ---- | M] () -- C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
MOD - [2013/09/17 04:54:38 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
MOD - [2013/02/01 12:22:37 | 003,023,256 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/11/26 03:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014/01/28 18:59:18 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/21 21:21:56 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/12/21 21:21:22 | 001,011,768 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/26 13:16:36 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/09/20 19:03:26 | 000,807,800 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/10/23 03:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Disabled | Stopped] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/12/21 21:22:02 | 000,131,576 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/12/21 21:22:02 | 000,108,440 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/11/26 13:17:21 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/01/06 17:20:00 | 000,676,864 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {16237AD1-B295-45C7-9F39-951CA524F33B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 8C 7D C6 98 0B CE 01  [binary data]
IE - HKCU\..\URLSearchHook: {B9C767DD-F66A-40B4-8F12-4199A9A4393C} - SOFTWARE\Classes\CLSID\{B9C767DD-F66A-40B4-8F12-4199A9A4393C}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {032BA77B-A9AA-4A05-99D5-AAEA58862784}
IE - HKCU\..\SearchScopes\{032BA77B-A9AA-4A05-99D5-AAEA58862784}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{16237AD1-B295-45C7-9F39-951CA524F33B}: "URL" = http://search.condui...2211197136&UM=2
IE - HKCU\..\SearchScopes\{5DC88221-4520-4FAE-BEFB-FDFA91B1F715}: "URL" = https://www.google.c...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..CT3287811.browser.search.defaultthis.engineName: "true"
FF - prefs.js..CT3298566.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.defaultthis.engineName: "MixiDJ V30 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...s}&sspv=TB_CNI"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..keyword.URL: "http://search.yahoo....type=219247&p="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Ken\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\tdameritrade.com/tossc: C:\Program Files (x86)\thinkTDA\nptossc.dll (TD Ameritrade)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\linksicle@linksicle.com: C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/07 17:14:54 | 000,000,000 | ---D | M]
 
[2013/02/15 10:49:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Extensions
[2014/02/02 09:24:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\extensions
[2013/12/05 21:47:33 | 000,000,000 | ---D | M] (MixiDJ V30) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}
[2013/11/12 14:34:26 | 000,000,000 | ---D | M] (VisualBee V.12) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\extensions\{53c4024f-5a2e-4f2a-b33e-e8784d730938}
[2014/01/14 15:17:04 | 000,000,000 | ---D | M] (MyWordTool) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\extensions\emily@wilford.biz
[2014/01/10 13:49:06 | 000,007,494 | ---- | M] () (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\extensions\firefox@albrechto.co.xpi
[2013/12/05 21:47:33 | 000,001,029 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\searchplugins\conduit.xml
[2013/10/02 12:51:39 | 000,000,905 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\searchplugins\yahoo_ff.xml
[2013/12/05 20:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/01/14 15:24:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/02/01 12:22:53 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/02/01 12:22:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/07/04 18:43:58 | 000,003,724 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2013/02/19 22:02:32 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Yahoo (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...={searchTerms},
CHR - homepage: http://search.condui...2972165128&UM=2
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.5.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.5.10_0\plugins/np-cwmp.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.5.10_0\search/plugins/npConduitNewTabPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Ken\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: tossc (Enabled) = C:\Program Files (x86)\thinkTDA\nptossc.dll
CHR - plugin: Citrix Online Web Deployment Plugin 1.0.0.104 (Enabled) = C:\Users\Ken\AppData\Local\Citrix\Plugins\104\npappdetector.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Readium = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\0.9.1_0\
CHR - Extension: Google Wallet = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/07/04 14:39:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - Startup: C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ken\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...br/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB913DE5-D8A3-4649-9A8B-07C3D329ED61}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/12/06 18:36:58 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/02/03 13:10:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
[2014/02/02 09:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/02/01 23:42:27 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Apps
[2014/02/01 23:02:33 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Adobe_Systems_Incorporate
[2014/02/01 12:57:07 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Media Player Classic
[2014/01/31 14:22:39 | 000,000,000 | ---D | C] -- C:\Users\Ken\KooBits4
[2014/01/31 14:22:39 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\koobits.koobits4.com
[2014/01/31 14:22:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2014/01/31 13:53:48 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Sony Corporation
[2014/01/31 13:53:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2014/01/31 13:53:48 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\kinoma
[2014/01/31 13:53:11 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Sony Corporation
[2014/01/26 20:55:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/01/25 23:52:57 | 000,000,000 | R--D | C] -- C:\Users\Ken\Dropbox
[2014/01/25 23:52:21 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\DropboxMaster
[2014/01/25 23:52:13 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/01/25 23:52:01 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Dropbox
[2014/01/25 23:51:35 | 037,660,568 | ---- | C] (Dropbox, Inc.) -- C:\Users\Ken\Desktop\Dropbox 2.6.2.exe
[2014/01/15 11:06:15 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/01/15 11:06:15 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/01/15 11:06:15 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/01/14 20:46:11 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Amazon
[2014/01/14 20:46:10 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\webkit
[2014/01/14 20:44:36 | 000,000,000 | ---D | C] -- C:\Users\Ken\Desktop\No-1-Market-Top-Secret-10012014-MOBI
[2014/01/14 20:40:59 | 000,000,000 | ---D | C] -- C:\Users\Ken\.kindle
[2014/01/14 20:40:26 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2014/01/14 20:40:07 | 000,000,000 | ---D | C] -- C:\Users\Ken\Desktop\Kindle Previewer
[2014/01/14 15:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/01/14 15:22:16 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\calibre
[2014/01/14 15:17:03 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\MyWordTool
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/02/03 13:10:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
[2014/02/03 12:54:08 | 000,000,095 | -H-- | M] () -- C:\Users\Ken\Desktop\.~lock.AutotraderNinja.odt#
[2014/02/03 12:41:13 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/03 12:41:13 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/03 12:41:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/03 09:44:52 | 000,022,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/03 09:44:52 | 000,022,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/03 09:42:07 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/03 09:42:07 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/03 09:42:07 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/03 09:37:40 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/03 09:37:36 | 4276,785,150 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/03 01:21:59 | 000,020,461 | ---- | M] () -- C:\Users\Ken\Desktop\AutotraderNinja.odt
[2014/02/02 21:46:59 | 002,077,911 | ---- | M] () -- C:\Users\Ken\Desktop\Ken Bragg Timesheet.jpg
[2014/02/02 12:42:58 | 000,002,293 | ---- | M] () -- C:\Users\Ken\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/02 08:42:56 | 000,310,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/02 00:03:48 | 000,000,017 | ---- | M] () -- C:\Users\Ken\AppData\Local\resmon.resmoncfg
[2014/01/28 18:59:18 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/01/28 18:59:18 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/01/25 23:52:57 | 000,001,009 | ---- | M] () -- C:\Users\Ken\Desktop\Dropbox.lnk
[2014/01/25 23:52:23 | 000,001,019 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/01/25 23:51:46 | 037,660,568 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ken\Desktop\Dropbox 2.6.2.exe
[2014/01/22 00:43:01 | 000,022,741 | ---- | M] () -- C:\Users\Ken\Documents\Dr. Gumm.odt
[2014/01/14 20:44:04 | 009,275,071 | ---- | M] () -- C:\Users\Ken\Desktop\No-1-Market-Top-Secret-10012014-MOBI.zip
[2014/01/14 20:36:02 | 000,126,629 | ---- | M] () -- C:\Users\Ken\Desktop\Instructions.pdf
[2014/01/09 14:14:29 | 004,034,443 | ---- | M] () -- C:\Users\Ken\Desktop\No 1 Market Top Secret 10012014.epub
[2014/01/09 14:14:29 | 004,034,443 | ---- | M] () -- C:\Users\Ken\Desktop\EpubNo 1 Market Top Secret 10012014.epub
[2014/01/09 14:12:23 | 012,004,110 | ---- | M] () -- C:\Users\Ken\Desktop\No 1 Market Top Secret 10012014.mobi
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/02/03 12:54:08 | 000,000,095 | -H-- | C] () -- C:\Users\Ken\Desktop\.~lock.AutotraderNinja.odt#
[2014/02/02 21:56:18 | 000,020,461 | ---- | C] () -- C:\Users\Ken\Desktop\AutotraderNinja.odt
[2014/02/02 09:31:35 | 000,002,293 | ---- | C] () -- C:\Users\Ken\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/02 09:31:12 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/02 09:31:12 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/02 08:58:49 | 009,275,071 | ---- | C] () -- C:\Users\Ken\Desktop\No-1-Market-Top-Secret-10012014-MOBI.zip
[2014/02/02 00:03:48 | 000,000,017 | ---- | C] () -- C:\Users\Ken\AppData\Local\resmon.resmoncfg
[2014/01/25 23:58:06 | 012,004,110 | ---- | C] () -- C:\Users\Ken\Desktop\No 1 Market Top Secret 10012014.mobi
[2014/01/25 23:57:52 | 004,034,443 | ---- | C] () -- C:\Users\Ken\Desktop\EpubNo 1 Market Top Secret 10012014.epub
[2014/01/25 23:53:09 | 004,034,443 | ---- | C] () -- C:\Users\Ken\Desktop\No 1 Market Top Secret 10012014.epub
[2014/01/25 23:52:57 | 000,001,009 | ---- | C] () -- C:\Users\Ken\Desktop\Dropbox.lnk
[2014/01/25 23:52:23 | 000,001,019 | ---- | C] () -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/01/22 00:42:59 | 000,022,741 | ---- | C] () -- C:\Users\Ken\Documents\Dr. Gumm.odt
[2014/01/14 20:36:01 | 000,126,629 | ---- | C] () -- C:\Users\Ken\Desktop\Instructions.pdf
[2014/01/02 00:44:15 | 000,000,115 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2013/12/17 23:30:00 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\NtDirect.dll
[2013/06/29 12:27:01 | 000,000,113 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013/04/25 08:55:41 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/04/23 15:20:38 | 000,000,320 | ---- | C] () -- C:\Users\Ken\AppData\Roaming\SEC508942.trad
[2013/04/23 15:20:33 | 000,000,043 | ---- | C] () -- C:\Windows\WALLSTRT.INI
[2013/04/22 20:26:55 | 000,004,867 | ---- | C] () -- C:\ProgramData\zkaxuuhr.pbi
[2013/03/27 14:17:13 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\TSD32.DLL
[2013/02/15 10:19:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2013/09/21 15:15:14 | 098,547,399 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\牧欂豴
[2013/09/21 15:15:14 | 098,547,399 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\牧欂豴

< End of report >
 


Edited by baldingeagle, 03 February 2014 - 01:18 PM.

    Advertisements

Register to Remove


#2 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,066 posts
  • Interests:Boo!....
  • MVP

Posted 04 February 2014 - 10:48 AM

Hi and welcome

 

Not sure what files were deleted by the scanners but we can attempt to repair IE.

 

http://windows.micro...rnet-explorer-9

 

Let's check your computer for infections that might remain.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 6 different versions.  If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

(use correct version for your system.....Which system am I using?)

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 


Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#3 baldingeagle

baldingeagle

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 04 February 2014 - 09:53 PM

Hello.

 

Reinstalled IE 9 and it seems to be working fine.   I followed your other directions as well.    Below are the two scans.   Thanks very much.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2014
Ran by Ken (administrator) on KEN-PC on 04-02-2014 21:47:35
Running from C:\Users\Ken\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Dropbox, Inc.) C:\Users\Ken\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Seagate LLC) C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [MaxMenuMgr] - C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-09-25] (Seagate LLC)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Startup: C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ken\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x318C7DC6980BCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKCU - SearchMe Toolbar - {B9C767DD-F66A-40B4-8F12-4199A9A4393C} - C:\Program Files (x86)\SearchMe Toolbar\IE\7.9\searchmeToolbarIE.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {16237AD1-B295-45C7-9F39-951CA524F33B} URL =
SearchScopes: HKCU - DefaultScope {032BA77B-A9AA-4A05-99D5-AAEA58862784} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {032BA77B-A9AA-4A05-99D5-AAEA58862784} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {16237AD1-B295-45C7-9F39-951CA524F33B} URL = http://search.condui...2211197136&UM=2
SearchScopes: HKCU - {5DC88221-4520-4FAE-BEFB-FDFA91B1F715} URL = https://www.google.c...q={searchTerms}
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...br/ieatgpc1.cab
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: www.yahoo.com
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=219247&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Ken\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: tdameritrade.com/tossc - C:\Program Files (x86)\thinkTDA\nptossc.dll (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Users\Ken\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: MyWordTool - C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\Extensions\emily@wilford.biz [2014-01-14]
FF Extension: MixiDJ V30  - C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\Extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd} [2013-12-05]
FF Extension: VisualBee V.12  - C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\Extensions\{53c4024f-5a2e-4f2a-b33e-e8784d730938} [2013-11-12]
FF Extension: albrechto - C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\Extensions\firefox@albrechto.co.xpi [2014-01-10]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11
FF HKLM-x32\...\Firefox\Extensions: [linksicle@linksicle.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3298566&SearchSource=48&CUI=UN14615162972165128&UM=2
CHR DefaultSearchKeyword: yahoo.com search
CHR DefaultSearchProvider: Yahoo
CHR DefaultSearchURL: http://search.yahoo....p={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.5.10_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.5.10_0\plugins/np-cwmp.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.5.10_0\search/plugins/npConduitNewTabPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll No File
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\Ken\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (tossc) - C:\Program Files (x86)\thinkTDA\nptossc.dll (TD Ameritrade)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\Ken\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-05]
CHR Extension: (Google Drive) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-05]
CHR Extension: (YouTube) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-05]
CHR Extension: (Google Search) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-05]
CHR Extension: (Readium) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2014-01-25]
CHR Extension: (Google Wallet) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-05]
CHR Extension: (Gmail) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-05]
CHR HKCU\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Ken\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-11-26]
CHR HKCU\...\Chrome\Extension: [jpkgnchjblgnciiopegmabnakdoapgkj] - C:\Users\Ken\AppData\Local\CRE\jpkgnchjblgnciiopegmabnakdoapgkj.crx [2013-10-27]
CHR HKLM-x32\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Ken\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-11-26]
CHR HKLM-x32\...\Chrome\Extension: [jpkgnchjblgnciiopegmabnakdoapgkj] - C:\Users\Ken\AppData\Local\CRE\jpkgnchjblgnciiopegmabnakdoapgkj.crx [2013-10-27]
CHR HKLM-x32\...\Chrome\Extension: [nkopijddpkmggacdghppacglggodkcod] - C:\Program Files (x86)\albrechto\nkopijddpkmggacdghppacglggodkcod.crx [2013-10-27]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-21] (Avira Operations GmbH & Co. KG)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-04 21:47 - 2014-02-04 21:47 - 00014449 _____ () C:\Users\Ken\Desktop\FRST.txt
2014-02-04 21:47 - 2014-02-04 21:47 - 00000000 ____D () C:\FRST
2014-02-04 21:45 - 2014-02-04 21:45 - 02080256 _____ (Farbar) C:\Users\Ken\Desktop\FRST64.exe
2014-02-04 21:45 - 2014-02-04 21:45 - 00000194 _____ () C:\Users\Ken\Desktop\hosts-perm.bat
2014-02-04 21:41 - 2014-02-04 21:41 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Ken\Desktop\rkill.exe
2014-02-04 21:41 - 2014-02-04 21:41 - 00002770 _____ () C:\Users\Ken\Desktop\Rkill.txt
2014-02-04 21:34 - 2014-02-04 21:34 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 12344320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-02-04 21:34 - 2014-02-04 21:34 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-02-04 21:34 - 2014-02-04 21:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-04 21:34 - 2014-02-04 21:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-04 21:34 - 2014-02-04 21:34 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-04 21:34 - 2014-02-04 21:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-04 21:34 - 2014-02-04 21:34 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-04 21:34 - 2014-02-04 21:34 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-02-04 21:34 - 2014-02-04 21:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-02-04 21:34 - 2014-02-04 21:34 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-02-04 21:34 - 2014-02-04 21:34 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-02-04 21:28 - 2014-02-04 21:35 - 00001423 _____ () C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-02-04 21:04 - 2014-02-04 21:33 - 36380976 _____ (Microsoft Corporation) C:\Users\Ken\Documents\IE9-Windows7-x64-enu.exe
2014-02-03 13:13 - 2014-02-03 13:13 - 00074882 _____ () C:\Users\Ken\Desktop\OTL.Txt
2014-02-03 13:13 - 2014-02-03 13:13 - 00045046 _____ () C:\Users\Ken\Desktop\Extras.Txt
2014-02-03 13:10 - 2014-02-03 13:10 - 00602112 _____ (OldTimer Tools) C:\Users\Ken\Desktop\OTL.exe
2014-02-02 21:56 - 2014-02-03 14:17 - 00022806 _____ () C:\Users\Ken\Desktop\AutotraderNinja.odt
2014-02-02 09:31 - 2014-02-04 21:36 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-02 09:31 - 2014-02-04 21:35 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-02 09:31 - 2014-02-02 09:31 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-02 09:31 - 2014-02-02 09:31 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-02 08:58 - 2014-01-14 20:44 - 09275071 _____ () C:\Users\Ken\Desktop\No-1-Market-Top-Secret-10012014-MOBI.zip
2014-02-02 00:03 - 2014-02-02 00:03 - 00000017 _____ () C:\Users\Ken\AppData\Local\resmon.resmoncfg
2014-02-01 23:42 - 2014-02-01 23:42 - 00000000 ____D () C:\Users\Ken\AppData\Local\Apps\2.0
2014-02-01 23:02 - 2014-02-01 23:02 - 00000000 ____D () C:\Users\Ken\AppData\Local\Adobe_Systems_Incorporate
2014-02-01 12:57 - 2014-02-01 12:57 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\Media Player Classic
2014-01-31 14:22 - 2014-01-31 14:22 - 00000000 ____D () C:\Users\Ken\KooBits4
2014-01-31 14:22 - 2014-01-31 14:22 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\koobits.koobits4.com
2014-01-31 14:22 - 2014-01-31 14:22 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-01-31 14:22 - 2014-01-31 14:22 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-01-31 13:53 - 2014-02-01 23:08 - 00000000 ____D () C:\Users\Ken\AppData\Local\Sony Corporation
2014-01-31 13:53 - 2014-01-31 13:53 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\Sony Corporation
2014-01-31 13:53 - 2014-01-31 13:53 - 00000000 ____D () C:\Users\Ken\AppData\Local\kinoma
2014-01-31 13:53 - 2014-01-31 13:53 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-01-26 20:54 - 2014-01-26 20:55 - 00005146 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-25 23:58 - 2014-01-09 14:12 - 12004110 _____ () C:\Users\Ken\Desktop\No 1 Market Top Secret 10012014.mobi
2014-01-25 23:57 - 2014-01-09 14:14 - 04034443 _____ () C:\Users\Ken\Desktop\EpubNo 1 Market Top Secret 10012014.epub
2014-01-25 23:53 - 2014-01-09 14:14 - 04034443 _____ () C:\Users\Ken\Desktop\No 1 Market Top Secret 10012014.epub
2014-01-25 23:52 - 2014-02-04 21:35 - 00000000 ___RD () C:\Users\Ken\Dropbox
2014-01-25 23:52 - 2014-02-04 21:35 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\Dropbox
2014-01-25 23:52 - 2014-01-25 23:52 - 00001009 _____ () C:\Users\Ken\Desktop\Dropbox.lnk
2014-01-25 23:52 - 2014-01-25 23:52 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-25 23:52 - 2014-01-25 23:52 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\DropboxMaster
2014-01-25 23:51 - 2014-01-25 23:51 - 37660568 _____ (Dropbox, Inc.) C:\Users\Ken\Desktop\Dropbox 2.6.2.exe
2014-01-22 00:42 - 2014-01-22 00:43 - 00022741 _____ () C:\Users\Ken\Documents\Dr. Gumm.odt
2014-01-15 11:06 - 2013-11-26 19:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 11:06 - 2013-11-26 19:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 11:06 - 2013-11-26 19:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 11:06 - 2013-11-26 19:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 11:06 - 2013-11-26 19:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 11:06 - 2013-11-26 19:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 11:06 - 2013-11-26 19:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 11:06 - 2013-11-26 05:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 11:06 - 2013-11-26 04:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 20:46 - 2014-01-14 20:46 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\Amazon
2014-01-14 20:46 - 2014-01-14 20:46 - 00000000 ____D () C:\Users\Ken\AppData\Local\webkit
2014-01-14 20:44 - 2014-01-14 20:44 - 00000000 ____D () C:\Users\Ken\Desktop\No-1-Market-Top-Secret-10012014-MOBI
2014-01-14 20:40 - 2014-01-21 20:33 - 00000000 ____D () C:\Users\Ken\Desktop\Kindle Previewer
2014-01-14 20:40 - 2014-01-21 20:33 - 00000000 ____D () C:\Users\Ken\.kindle
2014-01-14 20:40 - 2014-01-14 20:40 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-01-14 15:22 - 2014-01-31 01:04 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\calibre
2014-01-14 15:17 - 2014-01-14 15:24 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\MyWordTool

==================== One Month Modified Files and Folders =======

2014-02-04 21:47 - 2014-02-04 21:47 - 00014449 _____ () C:\Users\Ken\Desktop\FRST.txt
2014-02-04 21:47 - 2014-02-04 21:47 - 00000000 ____D () C:\FRST
2014-02-04 21:45 - 2014-02-04 21:45 - 02080256 _____ (Farbar) C:\Users\Ken\Desktop\FRST64.exe
2014-02-04 21:45 - 2014-02-04 21:45 - 00000194 _____ () C:\Users\Ken\Desktop\hosts-perm.bat
2014-02-04 21:42 - 2009-07-13 22:45 - 00022560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-04 21:42 - 2009-07-13 22:45 - 00022560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-04 21:41 - 2014-02-04 21:41 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Ken\Desktop\rkill.exe
2014-02-04 21:41 - 2014-02-04 21:41 - 00002770 _____ () C:\Users\Ken\Desktop\Rkill.txt
2014-02-04 21:40 - 2009-07-13 23:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-04 21:39 - 2013-02-15 11:58 - 01470937 _____ () C:\Windows\WindowsUpdate.log
2014-02-04 21:36 - 2014-02-02 09:31 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-04 21:35 - 2014-02-04 21:28 - 00001423 _____ () C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-02-04 21:35 - 2014-02-02 09:31 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-04 21:35 - 2014-01-25 23:52 - 00000000 ___RD () C:\Users\Ken\Dropbox
2014-02-04 21:35 - 2014-01-25 23:52 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\Dropbox
2014-02-04 21:35 - 2013-02-15 09:59 - 00001457 _____ () C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-04 21:35 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-04 21:35 - 2009-07-13 22:51 - 00070190 _____ () C:\Windows\setupact.log
2014-02-04 21:34 - 2014-02-04 21:34 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 12344320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-02-04 21:34 - 2014-02-04 21:34 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-02-04 21:34 - 2014-02-04 21:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-04 21:34 - 2014-02-04 21:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-04 21:34 - 2014-02-04 21:34 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-04 21:34 - 2014-02-04 21:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-04 21:34 - 2014-02-04 21:34 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-04 21:34 - 2014-02-04 21:34 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-02-04 21:34 - 2014-02-04 21:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-02-04 21:34 - 2014-02-04 21:34 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-02-04 21:34 - 2014-02-04 21:34 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-02-04 21:34 - 2013-02-15 13:24 - 00008210 _____ () C:\Windows\IE9_main.log
2014-02-04 21:34 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-02-04 21:33 - 2014-02-04 21:04 - 36380976 _____ (Microsoft Corporation) C:\Users\Ken\Documents\IE9-Windows7-x64-enu.exe
2014-02-04 21:22 - 2013-02-15 12:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-03 14:17 - 2014-02-02 21:56 - 00022806 _____ () C:\Users\Ken\Desktop\AutotraderNinja.odt
2014-02-03 13:13 - 2014-02-03 13:13 - 00074882 _____ () C:\Users\Ken\Desktop\OTL.Txt
2014-02-03 13:13 - 2014-02-03 13:13 - 00045046 _____ () C:\Users\Ken\Desktop\Extras.Txt
2014-02-03 13:10 - 2014-02-03 13:10 - 00602112 _____ (OldTimer Tools) C:\Users\Ken\Desktop\OTL.exe
2014-02-02 12:42 - 2010-11-20 21:47 - 00071658 _____ () C:\Windows\PFRO.log
2014-02-02 09:31 - 2014-02-02 09:31 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-02 09:31 - 2014-02-02 09:31 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-02 09:31 - 2013-02-15 12:21 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-02 09:11 - 2013-07-03 20:05 - 00000000 ____D () C:\ProgramData\AVG
2014-02-02 09:04 - 2013-02-15 09:59 - 00000000 ___RD () C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-02 08:42 - 2009-07-13 22:45 - 00310480 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-02 00:03 - 2014-02-02 00:03 - 00000017 _____ () C:\Users\Ken\AppData\Local\resmon.resmoncfg
2014-02-01 23:42 - 2014-02-01 23:42 - 00000000 ____D () C:\Users\Ken\AppData\Local\Apps\2.0
2014-02-01 23:13 - 2013-02-16 20:33 - 00069160 _____ () C:\Users\Ken\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-01 23:10 - 2013-06-22 09:52 - 00000000 ____D () C:\Program Files (x86)\thinkTDA
2014-02-01 23:08 - 2014-01-31 13:53 - 00000000 ____D () C:\Users\Ken\AppData\Local\Sony Corporation
2014-02-01 23:06 - 2013-02-16 00:28 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-01 23:02 - 2014-02-01 23:02 - 00000000 ____D () C:\Users\Ken\AppData\Local\Adobe_Systems_Incorporate
2014-02-01 12:57 - 2014-02-01 12:57 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\Media Player Classic
2014-02-01 12:47 - 2013-10-25 08:58 - 00000000 ____D () C:\Users\Ken\AppData\Local\WORDsearch 10
2014-01-31 14:22 - 2014-01-31 14:22 - 00000000 ____D () C:\Users\Ken\KooBits4
2014-01-31 14:22 - 2014-01-31 14:22 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\koobits.koobits4.com
2014-01-31 14:22 - 2014-01-31 14:22 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-01-31 14:22 - 2014-01-31 14:22 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-01-31 14:22 - 2013-02-15 12:31 - 00000000 ____D () C:\ProgramData\Adobe
2014-01-31 14:22 - 2013-02-15 09:58 - 00000000 ____D () C:\Users\Ken
2014-01-31 14:21 - 2013-02-16 00:48 - 00000000 ____D () C:\Users\Ken\AppData\Local\Adobe
2014-01-31 14:21 - 2013-02-15 12:34 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\Adobe
2014-01-31 13:53 - 2014-01-31 13:53 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\Sony Corporation
2014-01-31 13:53 - 2014-01-31 13:53 - 00000000 ____D () C:\Users\Ken\AppData\Local\kinoma
2014-01-31 13:53 - 2014-01-31 13:53 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-01-31 01:04 - 2014-01-14 15:22 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\calibre
2014-01-28 18:59 - 2013-02-15 12:32 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-28 18:59 - 2013-02-15 12:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-28 18:59 - 2013-02-15 12:32 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-26 20:55 - 2014-01-26 20:54 - 00005146 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-26 20:55 - 2013-11-11 12:29 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-26 20:55 - 2013-02-26 22:11 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-25 23:52 - 2014-01-25 23:52 - 00001009 _____ () C:\Users\Ken\Desktop\Dropbox.lnk
2014-01-25 23:52 - 2014-01-25 23:52 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-25 23:52 - 2014-01-25 23:52 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\DropboxMaster
2014-01-25 23:51 - 2014-01-25 23:51 - 37660568 _____ (Dropbox, Inc.) C:\Users\Ken\Desktop\Dropbox 2.6.2.exe
2014-01-22 00:43 - 2014-01-22 00:42 - 00022741 _____ () C:\Users\Ken\Documents\Dr. Gumm.odt
2014-01-21 20:33 - 2014-01-14 20:40 - 00000000 ____D () C:\Users\Ken\Desktop\Kindle Previewer
2014-01-21 20:33 - 2014-01-14 20:40 - 00000000 ____D () C:\Users\Ken\.kindle
2014-01-21 15:22 - 2013-04-22 20:29 - 00000000 ____D () C:\Users\Ken\Documents\WTT
2014-01-21 15:22 - 2013-04-22 20:29 - 00000000 ____D () C:\Users\Ken\AppData\Local\WhenToTrade.com
2014-01-15 14:21 - 2013-08-14 10:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 14:20 - 2013-02-15 13:39 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 20:46 - 2014-01-14 20:46 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\Amazon
2014-01-14 20:46 - 2014-01-14 20:46 - 00000000 ____D () C:\Users\Ken\AppData\Local\webkit
2014-01-14 20:44 - 2014-02-02 08:58 - 09275071 _____ () C:\Users\Ken\Desktop\No-1-Market-Top-Secret-10012014-MOBI.zip
2014-01-14 20:44 - 2014-01-14 20:44 - 00000000 ____D () C:\Users\Ken\Desktop\No-1-Market-Top-Secret-10012014-MOBI
2014-01-14 20:40 - 2014-01-14 20:40 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-01-14 15:24 - 2014-01-14 15:17 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\MyWordTool
2014-01-14 15:16 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\Resources
2014-01-09 22:48 - 2013-06-29 12:25 - 00000000 ____D () C:\Users\Ken\Documents\NinjaTrader 7
2014-01-09 14:14 - 2014-01-25 23:57 - 04034443 _____ () C:\Users\Ken\Desktop\EpubNo 1 Market Top Secret 10012014.epub
2014-01-09 14:14 - 2014-01-25 23:53 - 04034443 _____ () C:\Users\Ken\Desktop\No 1 Market Top Secret 10012014.epub
2014-01-09 14:12 - 2014-01-25 23:58 - 12004110 _____ () C:\Users\Ken\Desktop\No 1 Market Top Secret 10012014.mobi

Some content of TEMP:
====================
C:\Users\Ken\AppData\Local\Temp\avgnt.exe
C:\Users\Ken\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpghb_pb.dll
C:\Users\Ken\AppData\Local\Temp\G2MInstallerExtractor.exe
C:\Users\Ken\AppData\Local\Temp\HitmanPro.exe
C:\Users\Ken\AppData\Local\Temp\i4jdel0.exe
C:\Users\Ken\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Ken\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Ken\AppData\Local\Temp\msvcp110.dll
C:\Users\Ken\AppData\Local\Temp\msvcr110.dll
C:\Users\Ken\AppData\Local\Temp\pc-decrapifier.exe
C:\Users\Ken\AppData\Local\Temp\SendMsg.dll
C:\Users\Ken\AppData\Local\Temp\SHSetup.exe
C:\Users\Ken\AppData\Local\Temp\sqlite3.dll
C:\Users\Ken\AppData\Local\Temp\swt-gdip-win32-3452.dll
C:\Users\Ken\AppData\Local\Temp\swt-win32-3452.dll
C:\Users\Ken\AppData\Local\Temp\tbVisu.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-29 00:52

==================== End Of Log ============================



#4 baldingeagle

baldingeagle

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 04 February 2014 - 09:55 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2014
Ran by Ken at 2014-02-04 21:47:45
Running from C:\Users\Ken\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (x32 Version: 14.0.2.286 - Avira)
Belkin F7D1101 Basic Wireless USB Adapter (x32 Version: 1.0.0.4 - Belkin)
Belkin F7D1101 Basic Wireless USB Adapter (x32 Version: 1.0.0.4 - Belkin) Hidden
Canon D400-450 (Version:  - )
Canon MF Toolbox 4.9.1.1.mf13 (x32 Version: 4.9.1.1.mf13 - CANON INC.)
Cisco WebEx Meetings (HKCU Version:  - Cisco WebEx LLC)
Dropbox (HKCU Version: 2.6.2 - Dropbox, Inc.)
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKCU Version: 6.0.0.1259 - CitrixOnline)
hotComm® CL (x32 Version: 8.00.008x - 1stWorks Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kindle Previewer (HKCU Version: 2.92 - Amazon)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 18.0.2 (x86 en-US) (x32 Version: 18.0.2 - Mozilla)
Mozilla Maintenance Service (x32 Version: 18.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
NinjaTrader 7 (x32 Version: 7.0.1018 - NinjaTrader)
OpenOffice 4.0.1 (x32 Version: 4.01.9714 - Apache Software Foundation)
Sansa Updater (HKCU Version: 1.406 - SanDisk Corporation)
Seagate Manager Installer (x32 Version: 2.01.0600 - Seagate)
Seagate Manager Installer (x32 Version: 2.01.0600 - Seagate) Hidden
SearchMe Toolbar v7.9 (x32 Version: 7.9 - Spigot, Inc.) <==== ATTENTION
TeamViewer 7 (x32 Version: 7.0.15723 - TeamViewer)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
WTT 3.2 (x32 Version: 3.2 - WhenToTrade.com)

==================== Restore Points  =========================

03-02-2014 02:28:29 Scheduled Checkpoint
05-02-2014 03:27:13 Windows Modules Installer
05-02-2014 03:33:59 Windows Modules Installer

==================== Hosts content: ==========================

2009-07-13 20:34 - 2013-07-04 14:39 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {3AAE1F5B-9868-417A-B4C6-B14C6F97B473} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02] (Google Inc.)
Task: {51411DB9-C64B-436D-BE5C-23A6927D746F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-28] (Adobe Systems Incorporated)
Task: {5E6D2CF7-2CAA-4C36-9349-9AC994666454} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02] (Google Inc.)
Task: {D460D165-0543-4819-A6DB-D22D9C520F53} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-07-05 11:38 - 2013-07-05 11:36 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-02-04 21:35 - 2014-02-04 21:35 - 00041984 _____ () c:\users\ken\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpghb_pb.dll
2013-10-18 17:55 - 2013-10-18 17:55 - 25100288 _____ () C:\Users\Ken\AppData\Roaming\Dropbox\bin\libcef.dll
2013-02-19 22:02 - 2013-02-01 12:22 - 03023256 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-01-15 09:43 - 2014-01-28 18:59 - 16287624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/04/2014 09:37:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 09:30:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 09:24:09 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 09:39:28 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/02/2014 02:04:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/02/2014 00:44:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/02/2014 08:44:45 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/01/2014 06:21:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/01/2014 11:25:41 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7004

Error: (02/01/2014 11:25:41 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7004


System errors:
=============
Error: (02/02/2014 02:01:48 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/02/2014 02:01:44 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (02/02/2014 02:01:44 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (02/02/2014 11:17:39 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/02/2014 01:00:02 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/02/2014 00:21:25 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (02/01/2014 02:40:32 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/01/2014 01:10:28 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (01/31/2014 01:23:30 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================
Error: (02/04/2014 09:37:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 09:30:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 09:24:09 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 09:39:28 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/02/2014 02:04:22 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/02/2014 00:44:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/02/2014 08:44:45 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/01/2014 06:21:21 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/01/2014 11:25:41 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7004

Error: (02/01/2014 11:25:41 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7004


CodeIntegrity Errors:
===================================
  Date: 2013-07-04 15:39:12.661
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-04 15:39:12.646
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-03 13:01:37.368
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\aaa\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-07-03 13:01:37.352
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\aaa\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-05-11 22:04:17.173
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-05-11 22:04:17.158
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-21 00:07:03.887
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-02-21 00:07:03.871
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 16360.88 MB
Available physical RAM: 14201.49 MB
Total Pagefile: 32719.95 MB
Available Pagefile: 30449.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (New Volume) (Fixed) (Total:119.24 GB) (Free:28.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive l: (New Volume) (Fixed) (Total:931.51 GB) (Free:860.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 81F1B5E5)
Partition 1: (Active) - (Size=119 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: A036A383)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#5 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,066 posts
  • Interests:Boo!....
  • MVP

Posted 05 February 2014 - 06:08 AM

Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

SearchMe Toolbar

MyWordTool
http://www.systemloo...5-temp_dat.html

MixiDJ V30
http://www.systemloo...fa-3cc99b0caddd

VisualBee V.12
http://www.systemloo...3e-e8784d730938

If you have problems, can't find then just let me know and we'll take them out a different way.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
 

start
URLSearchHook: HKCU - SearchMe Toolbar - {B9C767DD-F66A-40B4-8F12-4199A9A4393C} - C:\Program Files (x86)\SearchMe Toolbar\IE\7.9\searchmeToolbarIE.dll No File
SearchScopes: HKCU - {16237AD1-B295-45C7-9F39-951CA524F33B} URL = http://search.condui...2211197136&UM=2
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll No File
FF Plugin-x32: @avg.com/AVG
SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll No File
FF SearchPlugin: C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: albrechto - C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\Extensions\firefox@albrechto.co.xpi [2014-01-10]
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3298566&SearchSource=48&CUI=UN14615162972165128&UM=2
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.5.10_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.5.10_0\plugins/np-cwmp.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.5.10_0\search/plugins/npConduitNewTabPlugin.dll No File
CHR HKCU\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Ken\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-11-26]
CHR HKLM-x32\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Ken\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-11-26]
CHR HKLM-x32\...\Chrome\Extension: [jpkgnchjblgnciiopegmabnakdoapgkj] - C:\Users\Ken\AppData\Local\CRE\jpkgnchjblgnciiopegmabnakdoapgkj.crx [2013-10-27]
CHR HKCU\...\Chrome\Extension: [jpkgnchjblgnciiopegmabnakdoapgkj] - C:\Users\Ken\AppData\Local\CRE\jpkgnchjblgnciiopegmabnakdoapgkj.crx [2013-10-27]
C:\Users\Ken\AppData\Local\Temp\avgnt.exe
C:\Users\Ken\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpghb_pb.dll
C:\Users\Ken\AppData\Local\Temp\G2MInstallerExtractor.exe
C:\Users\Ken\AppData\Local\Temp\HitmanPro.exe
C:\Users\Ken\AppData\Local\Temp\i4jdel0.exe
C:\Users\Ken\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Ken\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Ken\AppData\Local\Temp\msvcp110.dll
C:\Users\Ken\AppData\Local\Temp\msvcr110.dll
C:\Users\Ken\AppData\Local\Temp\pc-decrapifier.exe
C:\Users\Ken\AppData\Local\Temp\SendMsg.dll
C:\Users\Ken\AppData\Local\Temp\SHSetup.exe
C:\Users\Ken\AppData\Local\Temp\sqlite3.dll
C:\Users\Ken\AppData\Local\Temp\swt-gdip-win32-3452.dll
C:\Users\Ken\AppData\Local\Temp\swt-win32-3452.dll
C:\Users\Ken\AppData\Local\Temp\tbVisu.dll
end



Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

NEXT

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.


adwcleaner_download.png
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

thisisujrt.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I need to see
Fixlog.txt
C:\AdwCleaner[S1].txt
JRT.txt
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#6 baldingeagle

baldingeagle

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 05 February 2014 - 10:10 AM

Hello Juliet.

 

I could not find  SearchMe Toolbar, MyWordTool, MixiDJ V30, and VisualBee V.12.   

 

The SearchMe Toolbar is listed in my Programs and Features list for "uninstalling or changing a program",    but when I try to uninstall it,   a box pops up that states;  "The feature you are trying to use is on a network resource that is unavailable".   When I click OK to try again or enter an alternate path to a folder containing it,    the message is that the path cannot be found.  

 

The other 3 do not show up in my Programs and Features list.

 

Below is the scan from the FRST64 fix.   I will post it and continue with the list of directions you gave me.   Thanks.

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2014
Ran by Ken at 2014-02-05 09:49:35 Run:1
Running from C:\Users\Ken\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
URLSearchHook: HKCU - SearchMe Toolbar - {B9C767DD-F66A-40B4-8F12-4199A9A4393C} - C:\Program Files (x86)\SearchMe Toolbar\IE\7.9\searchmeToolbarIE.dll No File
SearchScopes: HKCU - {16237AD1-B295-45C7-9F39-951CA524F33B} URL = http://search.condui...2211197136&UM=2
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll No File
FF Plugin-x32: @avg.com/AVG
SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll No File
FF SearchPlugin: C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: albrechto - C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\Extensions\firefox@albrechto.co.xpi [2014-01-10]
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3298566&SearchSource=48&CUI=UN14615162972165128&UM=2
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.5.10_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.5.10_0\plugins/np-cwmp.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.5.10_0\search/plugins/npConduitNewTabPlugin.dll No File
CHR HKCU\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Ken\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-11-26]
CHR HKLM-x32\...\Chrome\Extension: [fdkednngfjmpnljkolbapdednncafhen] - C:\Users\Ken\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx [2013-11-26]
CHR HKLM-x32\...\Chrome\Extension: [jpkgnchjblgnciiopegmabnakdoapgkj] - C:\Users\Ken\AppData\Local\CRE\jpkgnchjblgnciiopegmabnakdoapgkj.crx [2013-10-27]
CHR HKCU\...\Chrome\Extension: [jpkgnchjblgnciiopegmabnakdoapgkj] - C:\Users\Ken\AppData\Local\CRE\jpkgnchjblgnciiopegmabnakdoapgkj.crx [2013-10-27]
C:\Users\Ken\AppData\Local\Temp\avgnt.exe
C:\Users\Ken\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpghb_pb.dll
C:\Users\Ken\AppData\Local\Temp\G2MInstallerExtractor.exe
C:\Users\Ken\AppData\Local\Temp\HitmanPro.exe
C:\Users\Ken\AppData\Local\Temp\i4jdel0.exe
C:\Users\Ken\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Ken\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Ken\AppData\Local\Temp\msvcp110.dll
C:\Users\Ken\AppData\Local\Temp\msvcr110.dll
C:\Users\Ken\AppData\Local\Temp\pc-decrapifier.exe
C:\Users\Ken\AppData\Local\Temp\SendMsg.dll
C:\Users\Ken\AppData\Local\Temp\SHSetup.exe
C:\Users\Ken\AppData\Local\Temp\sqlite3.dll
C:\Users\Ken\AppData\Local\Temp\swt-gdip-win32-3452.dll
C:\Users\Ken\AppData\Local\Temp\swt-win32-3452.dll
C:\Users\Ken\AppData\Local\Temp\tbVisu.dll
*****************

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{B9C767DD-F66A-40B4-8F12-4199A9A4393C} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{B9C767DD-F66A-40B4-8F12-4199A9A4393C} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{16237AD1-B295-45C7-9F39-951CA524F33B} => Key deleted successfully.
HKCR\CLSID\{16237AD1-B295-45C7-9F39-951CA524F33B} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\viprotocol => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} => Key deleted successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @avg.com/AVG => Key not found.
FF Plugin-x32: @avg.com/AVG not found.
C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\searchplugins\conduit.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml => Moved successfully.
C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\Extensions\firefox@albrechto.co.xpi => Moved successfully.
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3298566&SearchSource=48&CUI=UN14615162972165128&UM=2 ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.5.10_0\plugins/ConduitChromeApiPlugin.dll not found.
C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.5.10_0\plugins/np-cwmp.dll not found.
C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.5.10_0\search/plugins/npConduitNewTabPlugin.dll not found.
HKCU\SOFTWARE\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen => Key deleted successfully.
C:\Users\Ken\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen => Key deleted successfully.
"C:\Users\Ken\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpkgnchjblgnciiopegmabnakdoapgkj => Key deleted successfully.
C:\Users\Ken\AppData\Local\CRE\jpkgnchjblgnciiopegmabnakdoapgkj.crx => Moved successfully.
HKCU\SOFTWARE\Google\Chrome\Extensions\jpkgnchjblgnciiopegmabnakdoapgkj => Key deleted successfully.
"C:\Users\Ken\AppData\Local\CRE\jpkgnchjblgnciiopegmabnakdoapgkj.crx" => File/Directory not found.
C:\Users\Ken\AppData\Local\Temp\avgnt.exe => Moved successfully.
"C:\Users\Ken\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpghb_pb.dll" => File/Directory not found.
C:\Users\Ken\AppData\Local\Temp\G2MInstallerExtractor.exe => Moved successfully.
C:\Users\Ken\AppData\Local\Temp\HitmanPro.exe => Moved successfully.
C:\Users\Ken\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
C:\Users\Ken\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ken\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ken\AppData\Local\Temp\msvcp110.dll => Moved successfully.
C:\Users\Ken\AppData\Local\Temp\msvcr110.dll => Moved successfully.
C:\Users\Ken\AppData\Local\Temp\pc-decrapifier.exe => Moved successfully.
C:\Users\Ken\AppData\Local\Temp\SendMsg.dll => Moved successfully.
C:\Users\Ken\AppData\Local\Temp\SHSetup.exe => Moved successfully.
C:\Users\Ken\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Ken\AppData\Local\Temp\swt-gdip-win32-3452.dll => Moved successfully.
C:\Users\Ken\AppData\Local\Temp\swt-win32-3452.dll => Moved successfully.
C:\Users\Ken\AppData\Local\Temp\tbVisu.dll => Moved successfully.

==== End of Fixlog ====



#7 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,066 posts
  • Interests:Boo!....
  • MVP

Posted 05 February 2014 - 10:42 AM

 

I could not find  SearchMe Toolbar, MyWordTool, MixiDJ V30, and VisualBee V.12.  

 

The SearchMe Toolbar is listed in my Programs and Features list for "uninstalling or changing a program",    but when I try to uninstall it,   a box pops up that states;  "The feature you are trying to use is on a network resource that is unavailable".   When I click OK to try again or enter an alternate path to a folder containing it,    the message is that the path cannot be found. 

 

The other 3 do not show up in my Programs and Features list.

 

Not a problem, can take it out other ways.

 

C:\AdwCleaner[S1].txt --> ?
JRT.txt                         --> ?


Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#8 baldingeagle

baldingeagle

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 05 February 2014 - 10:42 AM

Hi again.

 

Below are the AdwCleaner and  JRT scans.   Thanks.

 

 

# AdwCleaner v3.018 - Report created 05/02/2014 at 10:23:29
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ken - KEN-PC
# Running from : C:\Users\Ken\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Application Updater

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Common Files\spigot
Folder Deleted : C:\Users\Ken\AppData\Local\Conduit
Folder Deleted : C:\Users\Ken\AppData\Local\PackageAware
Folder Deleted : C:\Users\Ken\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\Ken\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ken\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Ken\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Ken\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\CT3298566
Folder Deleted : C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\CT3287811
Folder Deleted : C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\Extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}
Folder Deleted : C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\Extensions\{53c4024f-5a2e-4f2a-b33e-e8784d730938}
File Deleted : C:\END

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287811
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298566
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\visualbee

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526


-\\ Mozilla Firefox v18.0.2 (en-US)

[ File : C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\prefs.js ]

Line Deleted : user_pref("CT3287811.FF19Solved", "true");
Line Deleted : user_pref("CT3287811.UserID", "UN40208822253014011");
Line Deleted : user_pref("CT3287811.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3287811.fullUserID", "UN40208822253014011.IN.20131112143425");
Line Deleted : user_pref("CT3287811.installDate", "12/11/2013 14:34:26");
Line Deleted : user_pref("CT3287811.installSessionId", "{08E42D43-B0D1-41E5-BBD4-B69705B6F59C}");
Line Deleted : user_pref("CT3287811.installSp", "TRUE");
Line Deleted : user_pref("CT3287811.installerVersion", "1.8.0.14");
Line Deleted : user_pref("CT3287811.keyword", "true");
Line Deleted : user_pref("CT3287811.originalHomepage", "hxxp://search.yahoo.com?type=219247&fr=spigot-yhp-ff");
Line Deleted : user_pref("CT3287811.originalSearchAddressUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=219247&p=");
Line Deleted : user_pref("CT3287811.originalSearchEngine", "Yahoo!");
Line Deleted : user_pref("CT3287811.originalSearchEngineName", "Yahoo!");
Line Deleted : user_pref("CT3287811.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3287811.searchRevert", "false");
Line Deleted : user_pref("CT3287811.searchUserMode", "2");
Line Deleted : user_pref("CT3287811.smartbar.homepage", "true");
Line Deleted : user_pref("CT3287811.toolbarInstallDate", "12-11-2013 14:34:25");
Line Deleted : user_pref("CT3287811.versionFromInstaller", "10.21.1.7");
Line Deleted : user_pref("CT3287811.xpeMode", "0");
Line Deleted : user_pref("CT3298566.FF19Solved", "true");
Line Deleted : user_pref("CT3298566.UserID", "UN10947643771274793");
Line Deleted : user_pref("CT3298566.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3298566.fullUserID", "UN10947643771274793.IN.20131205214732");
Line Deleted : user_pref("CT3298566.installDate", "05/12/2013 21:47:33");
Line Deleted : user_pref("CT3298566.installSessionId", "{6235A124-D451-4B2D-A866-A3A0949EE812}");
Line Deleted : user_pref("CT3298566.installSp", "TRUE");
Line Deleted : user_pref("CT3298566.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3298566.keyword", "true");
Line Deleted : user_pref("CT3298566.originalHomepage", "www.yahoo.com");
Line Deleted : user_pref("CT3298566.originalSearchAddressUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=219247&p=");
Line Deleted : user_pref("CT3298566.originalSearchEngine", "Yahoo!");
Line Deleted : user_pref("CT3298566.originalSearchEngineName", "Yahoo!");
Line Deleted : user_pref("CT3298566.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3298566.searchRevert", "false");
Line Deleted : user_pref("CT3298566.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3298566.searchUserMode", "2");
Line Deleted : user_pref("CT3298566.smartbar.homepage", "true");
Line Deleted : user_pref("CT3298566.toolbarInstallDate", "05-12-2013 21:47:32");
Line Deleted : user_pref("CT3298566.versionFromInstaller", "10.22.5.170");
Line Deleted : user_pref("CT3298566.xpeMode", "0");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3287811&octid=CT3287811&SearchSource=61&CUI=UN40208822253014011&UM=2&UP=SPCE36604D-8B04-4E64-9FDA-11D9BA8B0FA9");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=219247&p=");
Line Deleted : user_pref("browser.newtabpage.pinned", "[null,null,{\"url\":\"hxxp://us-mg5.mail.yahoo.com/neo/launch\",\"title\":\"(4 unread) - kbraggjr - Yahoo! Mail\"},null,null,{\"url\":\"hxxps://mail.google.com/[...]
Line Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ V30 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&CUI=UN10947643771274793&UM=2&SearchSource=3&q={searchTerms}&sspv=TB_CNI");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3298566");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3287811&CUI=UN40208822253014011&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3287811&octid=CT3287811&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287811&SearchSource=2&CUI=UN40208822253014011&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3298566");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3298566");
Line Deleted : user_pref("smartbar.machineId", "4FIZE9T0YQVQNWR8KLLXZEJO2SMAPQ0UUU1DOQNXOTU0ZVC2DMPFG4AVOZ60MX1YTLSRQK289VN0QJP9WDUHNW");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3287811&CUI=UN40208822253014011&UM=2&SearchSource=13");

-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [11030 octets] - [05/02/2014 10:23:05]
AdwCleaner[S0].txt - [10851 octets] - [05/02/2014 10:23:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10912 octets] ##########

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by Ken on Wed 02/05/2014 at 10:35:47.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitchecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitchecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\conduitchecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\conduitchecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\Ken\AppData\Roaming\mywordtool"
Successfully deleted: [Folder] "C:\Users\Ken\appdata\local\cre"



~~~ FireFox

Emptied folder: C:\Users\Ken\AppData\Roaming\mozilla\firefox\profiles\1bhvuexe.default\minidumps [587 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/05/2014 at 10:37:40.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


 



#9 baldingeagle

baldingeagle

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 05 February 2014 - 10:42 AM

Hi again.

 

Below are the AdwCleaner and  JRT scans.   Thanks.

 

 

# AdwCleaner v3.018 - Report created 05/02/2014 at 10:23:29
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ken - KEN-PC
# Running from : C:\Users\Ken\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Application Updater

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Common Files\spigot
Folder Deleted : C:\Users\Ken\AppData\Local\Conduit
Folder Deleted : C:\Users\Ken\AppData\Local\PackageAware
Folder Deleted : C:\Users\Ken\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\Ken\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ken\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Ken\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Ken\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\CT3298566
Folder Deleted : C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\CT3287811
Folder Deleted : C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\Extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}
Folder Deleted : C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\Extensions\{53c4024f-5a2e-4f2a-b33e-e8784d730938}
File Deleted : C:\END

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287811
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298566
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\visualbee

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526


-\\ Mozilla Firefox v18.0.2 (en-US)

[ File : C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\prefs.js ]

Line Deleted : user_pref("CT3287811.FF19Solved", "true");
Line Deleted : user_pref("CT3287811.UserID", "UN40208822253014011");
Line Deleted : user_pref("CT3287811.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3287811.fullUserID", "UN40208822253014011.IN.20131112143425");
Line Deleted : user_pref("CT3287811.installDate", "12/11/2013 14:34:26");
Line Deleted : user_pref("CT3287811.installSessionId", "{08E42D43-B0D1-41E5-BBD4-B69705B6F59C}");
Line Deleted : user_pref("CT3287811.installSp", "TRUE");
Line Deleted : user_pref("CT3287811.installerVersion", "1.8.0.14");
Line Deleted : user_pref("CT3287811.keyword", "true");
Line Deleted : user_pref("CT3287811.originalHomepage", "hxxp://search.yahoo.com?type=219247&fr=spigot-yhp-ff");
Line Deleted : user_pref("CT3287811.originalSearchAddressUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=219247&p=");
Line Deleted : user_pref("CT3287811.originalSearchEngine", "Yahoo!");
Line Deleted : user_pref("CT3287811.originalSearchEngineName", "Yahoo!");
Line Deleted : user_pref("CT3287811.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3287811.searchRevert", "false");
Line Deleted : user_pref("CT3287811.searchUserMode", "2");
Line Deleted : user_pref("CT3287811.smartbar.homepage", "true");
Line Deleted : user_pref("CT3287811.toolbarInstallDate", "12-11-2013 14:34:25");
Line Deleted : user_pref("CT3287811.versionFromInstaller", "10.21.1.7");
Line Deleted : user_pref("CT3287811.xpeMode", "0");
Line Deleted : user_pref("CT3298566.FF19Solved", "true");
Line Deleted : user_pref("CT3298566.UserID", "UN10947643771274793");
Line Deleted : user_pref("CT3298566.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3298566.fullUserID", "UN10947643771274793.IN.20131205214732");
Line Deleted : user_pref("CT3298566.installDate", "05/12/2013 21:47:33");
Line Deleted : user_pref("CT3298566.installSessionId", "{6235A124-D451-4B2D-A866-A3A0949EE812}");
Line Deleted : user_pref("CT3298566.installSp", "TRUE");
Line Deleted : user_pref("CT3298566.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3298566.keyword", "true");
Line Deleted : user_pref("CT3298566.originalHomepage", "www.yahoo.com");
Line Deleted : user_pref("CT3298566.originalSearchAddressUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=219247&p=");
Line Deleted : user_pref("CT3298566.originalSearchEngine", "Yahoo!");
Line Deleted : user_pref("CT3298566.originalSearchEngineName", "Yahoo!");
Line Deleted : user_pref("CT3298566.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3298566.searchRevert", "false");
Line Deleted : user_pref("CT3298566.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3298566.searchUserMode", "2");
Line Deleted : user_pref("CT3298566.smartbar.homepage", "true");
Line Deleted : user_pref("CT3298566.toolbarInstallDate", "05-12-2013 21:47:32");
Line Deleted : user_pref("CT3298566.versionFromInstaller", "10.22.5.170");
Line Deleted : user_pref("CT3298566.xpeMode", "0");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3287811&octid=CT3287811&SearchSource=61&CUI=UN40208822253014011&UM=2&UP=SPCE36604D-8B04-4E64-9FDA-11D9BA8B0FA9");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=219247&p=");
Line Deleted : user_pref("browser.newtabpage.pinned", "[null,null,{\"url\":\"hxxp://us-mg5.mail.yahoo.com/neo/launch\",\"title\":\"(4 unread) - kbraggjr - Yahoo! Mail\"},null,null,{\"url\":\"hxxps://mail.google.com/[...]
Line Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ V30 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298566&CUI=UN10947643771274793&UM=2&SearchSource=3&q={searchTerms}&sspv=TB_CNI");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3298566");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3287811&CUI=UN40208822253014011&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3287811&octid=CT3287811&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287811&SearchSource=2&CUI=UN40208822253014011&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3298566");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3298566");
Line Deleted : user_pref("smartbar.machineId", "4FIZE9T0YQVQNWR8KLLXZEJO2SMAPQ0UUU1DOQNXOTU0ZVC2DMPFG4AVOZ60MX1YTLSRQK289VN0QJP9WDUHNW");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3287811&CUI=UN40208822253014011&UM=2&SearchSource=13");

-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [11030 octets] - [05/02/2014 10:23:05]
AdwCleaner[S0].txt - [10851 octets] - [05/02/2014 10:23:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10912 octets] ##########

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by Ken on Wed 02/05/2014 at 10:35:47.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitchecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitchecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\conduitchecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\conduitchecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\Ken\AppData\Roaming\mywordtool"
Successfully deleted: [Folder] "C:\Users\Ken\appdata\local\cre"



~~~ FireFox

Emptied folder: C:\Users\Ken\AppData\Roaming\mozilla\firefox\profiles\1bhvuexe.default\minidumps [587 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/05/2014 at 10:37:40.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


 



#10 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,066 posts
  • Interests:Boo!....
  • MVP

Posted 05 February 2014 - 10:48 AM

Good,  that took out quite a bit!



bf_new.gif Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.



    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ESET online scannner

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

    Now this scan can take quite a while to run, depending on how full your computer is, but it is a good thorough scanner I rely on often. If you have any errands to run, now would be a good time to get those done. LOL

    Also, do not be alarmed if it finds things, I am somewhat expecting it to find malicious files in quarantine folders.

    ~~~~~~~~~~~~~~~~~~~~~~
    Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner.
  • Select the option YES, I accept the Terms of Use then click on Start.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    Scan for potentially unwanted applications
    Scan for potentially unsafe applications
    Enable Anti-Stealth Technology

  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

    Advertisements

Register to Remove


#11 baldingeagle

baldingeagle

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 05 February 2014 - 06:37 PM

Hi Juliet.

 

Here are the scans you requested;      Thanks.

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.05.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ken :: KEN-PC [administrator]

2/5/2014 2:13:36 PM
mbam-log-2014-02-05 (14-13-36).txt

Scan type: Full scan (C:\|L:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 465203
Time elapsed: 20 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Linksicle (PUP.Optional.Linksicle.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|linksicle@linksicle.com (PUP.Optional.Linksicle.A) -> Data: C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

ESET Scan

 

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Application Updater\ApplicationUpdater.exe.vir    a variant of Win32/Toolbar.Widgi.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\spigot\Search Settings\SearchSettings.exe.vir    a variant of Win32/Toolbar.Widgi potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\spigot\Search Settings\SearchSettings64.exe.vir    a variant of Win64/Toolbar.Widgi.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\spigot\Search Settings\wth169.dll.vir    a variant of Win32/Toolbar.Widgi.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\spigot\Search Settings\wthx169.dll.vir    a variant of Win64/Toolbar.Widgi.B potentially unwanted application
C:\FRST\Quarantine\firefox@albrechto.co.xpi05-02-2014_09-49-35    Win32/BrowseFox.B potentially unwanted application
C:\FRST\Quarantine\tbVisu.dll05-02-2014_09-49-35    a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Ken\AppData\Local\Temp\is-3GK1L.tmp\OptProCrash.dll    a variant of Win32/SProtector.E potentially unwanted application
C:\Users\Ken\AppData\Local\Temp\is-PUSRN.tmp\OptProCrash.dll    a variant of Win32/SProtector.E potentially unwanted application
C:\Users\Ken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\477eac6b-2898c7a1    Java/Exploit.Agent.NJC trojan
C:\Windows\Installer\MSI4942.tmp    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\_OTM\MovedFiles\04182012_171150\C_ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll    a variant of Win32/Adware.Yontoo.B application
 



#12 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,066 posts
  • Interests:Boo!....
  • MVP

Posted 05 February 2014 - 07:26 PM

Thank you for the logs.

Let's remove those files found.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
 

start
C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe
C:\Users\Ken\AppData\Local\Temp\is-3GK1L.tmp\OptProCrash.dll
C:\Users\Ken\AppData\Local\Temp\is-PUSRN.tmp\OptProCrash.dll
C:\Users\Ken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\477eac6b-2898c7a1
C:\Windows\Installer\MSI4942.tmp
C:\_OTM\MovedFiles\04182012_171150\C_ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
end



Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

After you run the fixlist.txt, save it.

I would like for you to give me a fresh FRST scan, then post that log as well.


How's your computer now?
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#13 baldingeagle

baldingeagle

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 05 February 2014 - 09:46 PM

Hi Juliet.

 

Below are the scans you requested.   Thanks.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-02-2014
Ran by Ken at 2014-02-05 21:38:06 Run:2
Running from C:\Users\Ken\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe
C:\Users\Ken\AppData\Local\Temp\is-3GK1L.tmp\OptProCrash.dll
C:\Users\Ken\AppData\Local\Temp\is-PUSRN.tmp\OptProCrash.dll
C:\Users\Ken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\477eac6b-2898c7a1
C:\Windows\Installer\MSI4942.tmp
C:\_OTM\MovedFiles\04182012_171150\C_ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
*****************

Could not move "C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe" => Scheduled to move on reboot.
C:\Users\Ken\AppData\Local\Temp\is-3GK1L.tmp\OptProCrash.dll => Moved successfully.
C:\Users\Ken\AppData\Local\Temp\is-PUSRN.tmp\OptProCrash.dll => Moved successfully.
C:\Users\Ken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\477eac6b-2898c7a1 => Moved successfully.
C:\Windows\Installer\MSI4942.tmp => Moved successfully.
C:\_OTM\MovedFiles\04182012_171150\C_ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-02-05 21:39:06)<=

"C:\Program Files (x86)\Avira\AntiVir Desktop\offercast_avirav7_.exe" => File could not move.

==== End of Fixlog ====

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2014
Ran by Ken (administrator) on KEN-PC on 05-02-2014 21:41:17
Running from C:\Users\Ken\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Seagate LLC) C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(Dropbox, Inc.) C:\Users\Ken\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [MaxMenuMgr] - C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-09-25] (Seagate LLC)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-21] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Startup: C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ken\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x318C7DC6980BCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {032BA77B-A9AA-4A05-99D5-AAEA58862784} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {032BA77B-A9AA-4A05-99D5-AAEA58862784} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {5DC88221-4520-4FAE-BEFB-FDFA91B1F715} URL = https://www.google.c...q={searchTerms}
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...br/ieatgpc1.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: www.yahoo.com
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=219247&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Ken\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: tdameritrade.com/tossc - C:\Program Files (x86)\thinkTDA\nptossc.dll (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Users\Ken\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\searchplugins\yahoo_ff.xml
FF Extension: MyWordTool - C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\Extensions\emily@wilford.biz [2014-01-14]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchKeyword: yahoo.com search
CHR DefaultSearchProvider: Yahoo
CHR DefaultSearchURL: http://search.yahoo....p={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.5.10_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.5.10_0\plugins/np-cwmp.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.5.10_0\search/plugins/npConduitNewTabPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll No File
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\Ken\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (tossc) - C:\Program Files (x86)\thinkTDA\nptossc.dll (TD Ameritrade)
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\Ken\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-05]
CHR Extension: (Google Drive) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-05]
CHR Extension: (YouTube) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-05]
CHR Extension: (Google Search) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-05]
CHR Extension: (Readium) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2014-01-25]
CHR Extension: (Google Wallet) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-05]
CHR Extension: (Gmail) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-05]
CHR HKLM-x32\...\Chrome\Extension: [nkopijddpkmggacdghppacglggodkcod] - C:\Program Files (x86)\albrechto\nkopijddpkmggacdghppacglggodkcod.crx [2013-07-05]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-21] (Avira Operations GmbH & Co. KG)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-05 21:35 - 2014-02-05 21:41 - 00011784 _____ () C:\Users\Ken\Desktop\FRST.txt
2014-02-05 21:34 - 2014-02-05 21:34 - 00000000 ____D () C:\Users\Ken\Desktop\FRST-OlderVersion
2014-02-05 18:22 - 2014-02-05 18:22 - 00001860 _____ () C:\Users\Ken\Desktop\ESET scan.txt
2014-02-05 14:12 - 2014-02-05 14:12 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Ken\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-05 14:12 - 2014-02-05 14:12 - 00001123 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-05 14:12 - 2014-02-05 14:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-05 14:12 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-05 10:37 - 2014-02-05 10:37 - 00001882 _____ () C:\Users\Ken\Desktop\JRT.txt
2014-02-05 10:35 - 2014-02-05 10:35 - 00000000 ____D () C:\Windows\ERUNT
2014-02-05 10:34 - 2014-02-05 10:34 - 01037530 _____ (Thisisu) C:\Users\Ken\Desktop\JRT.exe
2014-02-05 10:25 - 2014-02-05 10:25 - 00011017 _____ () C:\Users\Ken\Desktop\AdwCleaner[S0].txt
2014-02-05 10:22 - 2014-02-05 10:23 - 00000000 ____D () C:\AdwCleaner
2014-02-05 10:22 - 2014-02-05 10:22 - 01166132 _____ () C:\Users\Ken\Desktop\AdwCleaner.exe
2014-02-04 21:47 - 2014-02-05 21:41 - 00000000 ____D () C:\FRST
2014-02-04 21:45 - 2014-02-05 21:34 - 02082304 _____ (Farbar) C:\Users\Ken\Desktop\FRST64.exe
2014-02-04 21:45 - 2014-02-04 21:45 - 00000194 _____ () C:\Users\Ken\Desktop\hosts-perm.bat
2014-02-04 21:41 - 2014-02-04 21:56 - 00002770 _____ () C:\Users\Ken\Desktop\Rkill.txt
2014-02-04 21:41 - 2014-02-04 21:41 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Ken\Desktop\rkill.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 12344320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-02-04 21:34 - 2014-02-04 21:34 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-02-04 21:34 - 2014-02-04 21:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-04 21:34 - 2014-02-04 21:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-04 21:34 - 2014-02-04 21:34 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-04 21:34 - 2014-02-04 21:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-04 21:34 - 2014-02-04 21:34 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-04 21:34 - 2014-02-04 21:34 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-02-04 21:34 - 2014-02-04 21:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-02-04 21:34 - 2014-02-04 21:34 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-02-04 21:34 - 2014-02-04 21:34 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-02-04 21:28 - 2014-02-04 21:35 - 00001423 _____ () C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-02-04 21:04 - 2014-02-04 21:33 - 36380976 _____ (Microsoft Corporation) C:\Users\Ken\Documents\IE9-Windows7-x64-enu.exe
2014-02-03 13:13 - 2014-02-03 13:13 - 00074882 _____ () C:\Users\Ken\Desktop\OTL.Txt
2014-02-03 13:13 - 2014-02-03 13:13 - 00045046 _____ () C:\Users\Ken\Desktop\Extras.Txt
2014-02-03 13:10 - 2014-02-03 13:10 - 00602112 _____ (OldTimer Tools) C:\Users\Ken\Desktop\OTL.exe
2014-02-02 21:56 - 2014-02-03 14:17 - 00022806 _____ () C:\Users\Ken\Desktop\AutotraderNinja.odt
2014-02-02 09:31 - 2014-02-05 21:38 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-02 09:31 - 2014-02-05 21:36 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-02 09:31 - 2014-02-02 09:31 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-02 09:31 - 2014-02-02 09:31 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-02 08:58 - 2014-01-14 20:44 - 09275071 _____ () C:\Users\Ken\Desktop\No-1-Market-Top-Secret-10012014-MOBI.zip
2014-02-02 00:03 - 2014-02-02 00:03 - 00000017 _____ () C:\Users\Ken\AppData\Local\resmon.resmoncfg
2014-02-01 23:42 - 2014-02-01 23:42 - 00000000 ____D () C:\Users\Ken\AppData\Local\Apps\2.0
2014-02-01 23:02 - 2014-02-01 23:02 - 00000000 ____D () C:\Users\Ken\AppData\Local\Adobe_Systems_Incorporate
2014-02-01 12:57 - 2014-02-01 12:57 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\Media Player Classic
2014-01-31 14:22 - 2014-01-31 14:22 - 00000000 ____D () C:\Users\Ken\KooBits4
2014-01-31 14:22 - 2014-01-31 14:22 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\koobits.koobits4.com
2014-01-31 14:22 - 2014-01-31 14:22 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-01-31 14:22 - 2014-01-31 14:22 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-01-31 13:53 - 2014-02-01 23:08 - 00000000 ____D () C:\Users\Ken\AppData\Local\Sony Corporation
2014-01-31 13:53 - 2014-01-31 13:53 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\Sony Corporation
2014-01-31 13:53 - 2014-01-31 13:53 - 00000000 ____D () C:\Users\Ken\AppData\Local\kinoma
2014-01-31 13:53 - 2014-01-31 13:53 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-01-26 20:54 - 2014-01-26 20:55 - 00005146 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-25 23:58 - 2014-01-09 14:12 - 12004110 _____ () C:\Users\Ken\Desktop\No 1 Market Top Secret 10012014.mobi
2014-01-25 23:57 - 2014-01-09 14:14 - 04034443 _____ () C:\Users\Ken\Desktop\EpubNo 1 Market Top Secret 10012014.epub
2014-01-25 23:53 - 2014-01-09 14:14 - 04034443 _____ () C:\Users\Ken\Desktop\No 1 Market Top Secret 10012014.epub
2014-01-25 23:52 - 2014-02-05 21:39 - 00000000 ___RD () C:\Users\Ken\Dropbox
2014-01-25 23:52 - 2014-02-05 21:39 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\Dropbox
2014-01-25 23:52 - 2014-01-25 23:52 - 00001009 _____ () C:\Users\Ken\Desktop\Dropbox.lnk
2014-01-25 23:52 - 2014-01-25 23:52 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-25 23:52 - 2014-01-25 23:52 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\DropboxMaster
2014-01-25 23:51 - 2014-01-25 23:51 - 37660568 _____ (Dropbox, Inc.) C:\Users\Ken\Desktop\Dropbox 2.6.2.exe
2014-01-22 00:42 - 2014-01-22 00:43 - 00022741 _____ () C:\Users\Ken\Documents\Dr. Gumm.odt
2014-01-15 11:06 - 2013-11-26 19:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 11:06 - 2013-11-26 19:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 11:06 - 2013-11-26 19:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 11:06 - 2013-11-26 19:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 11:06 - 2013-11-26 19:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 11:06 - 2013-11-26 19:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 11:06 - 2013-11-26 19:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 11:06 - 2013-11-26 05:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 11:06 - 2013-11-26 04:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 20:46 - 2014-01-14 20:46 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\Amazon
2014-01-14 20:46 - 2014-01-14 20:46 - 00000000 ____D () C:\Users\Ken\AppData\Local\webkit
2014-01-14 20:44 - 2014-01-14 20:44 - 00000000 ____D () C:\Users\Ken\Desktop\No-1-Market-Top-Secret-10012014-MOBI
2014-01-14 20:40 - 2014-01-21 20:33 - 00000000 ____D () C:\Users\Ken\Desktop\Kindle Previewer
2014-01-14 20:40 - 2014-01-21 20:33 - 00000000 ____D () C:\Users\Ken\.kindle
2014-01-14 20:40 - 2014-01-14 20:40 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-01-14 15:22 - 2014-01-31 01:04 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\calibre

==================== One Month Modified Files and Folders =======

2014-02-05 21:41 - 2014-02-05 21:35 - 00011784 _____ () C:\Users\Ken\Desktop\FRST.txt
2014-02-05 21:41 - 2014-02-04 21:47 - 00000000 ____D () C:\FRST
2014-02-05 21:39 - 2014-01-25 23:52 - 00000000 ___RD () C:\Users\Ken\Dropbox
2014-02-05 21:39 - 2014-01-25 23:52 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\Dropbox
2014-02-05 21:38 - 2014-02-02 09:31 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-05 21:38 - 2013-02-15 11:58 - 01528115 _____ () C:\Windows\WindowsUpdate.log
2014-02-05 21:38 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-05 21:38 - 2009-07-13 22:51 - 00070414 _____ () C:\Windows\setupact.log
2014-02-05 21:36 - 2014-02-02 09:31 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-05 21:34 - 2014-02-05 21:34 - 00000000 ____D () C:\Users\Ken\Desktop\FRST-OlderVersion
2014-02-05 21:34 - 2014-02-04 21:45 - 02082304 _____ (Farbar) C:\Users\Ken\Desktop\FRST64.exe
2014-02-05 21:22 - 2013-02-15 12:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-05 18:22 - 2014-02-05 18:22 - 00001860 _____ () C:\Users\Ken\Desktop\ESET scan.txt
2014-02-05 14:12 - 2014-02-05 14:12 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Ken\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-05 14:12 - 2014-02-05 14:12 - 00001123 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-05 14:12 - 2014-02-05 14:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-05 14:10 - 2009-07-13 22:45 - 00022560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-05 14:10 - 2009-07-13 22:45 - 00022560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-05 14:08 - 2009-07-13 23:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-05 14:03 - 2010-11-20 21:47 - 00072274 _____ () C:\Windows\PFRO.log
2014-02-05 10:37 - 2014-02-05 10:37 - 00001882 _____ () C:\Users\Ken\Desktop\JRT.txt
2014-02-05 10:35 - 2014-02-05 10:35 - 00000000 ____D () C:\Windows\ERUNT
2014-02-05 10:34 - 2014-02-05 10:34 - 01037530 _____ (Thisisu) C:\Users\Ken\Desktop\JRT.exe
2014-02-05 10:25 - 2014-02-05 10:25 - 00011017 _____ () C:\Users\Ken\Desktop\AdwCleaner[S0].txt
2014-02-05 10:23 - 2014-02-05 10:22 - 00000000 ____D () C:\AdwCleaner
2014-02-05 10:22 - 2014-02-05 10:22 - 01166132 _____ () C:\Users\Ken\Desktop\AdwCleaner.exe
2014-02-05 09:23 - 2013-02-15 12:32 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 09:23 - 2013-02-15 12:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 09:23 - 2013-02-15 12:32 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-04 23:52 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-02-04 21:56 - 2014-02-04 21:41 - 00002770 _____ () C:\Users\Ken\Desktop\Rkill.txt
2014-02-04 21:45 - 2014-02-04 21:45 - 00000194 _____ () C:\Users\Ken\Desktop\hosts-perm.bat
2014-02-04 21:41 - 2014-02-04 21:41 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Ken\Desktop\rkill.exe
2014-02-04 21:35 - 2014-02-04 21:28 - 00001423 _____ () C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-02-04 21:35 - 2013-02-15 09:59 - 00001457 _____ () C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-04 21:34 - 2014-02-04 21:34 - 17847296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 12344320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-02-04 21:34 - 2014-02-04 21:34 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-02-04 21:34 - 2014-02-04 21:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-04 21:34 - 2014-02-04 21:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-04 21:34 - 2014-02-04 21:34 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-04 21:34 - 2014-02-04 21:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-04 21:34 - 2014-02-04 21:34 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-04 21:34 - 2014-02-04 21:34 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-02-04 21:34 - 2014-02-04 21:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-02-04 21:34 - 2014-02-04 21:34 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-02-04 21:34 - 2014-02-04 21:34 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-02-04 21:34 - 2014-02-04 21:34 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-02-04 21:34 - 2014-02-04 21:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-02-04 21:34 - 2013-02-15 13:24 - 00008210 _____ () C:\Windows\IE9_main.log
2014-02-04 21:34 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-02-04 21:33 - 2014-02-04 21:04 - 36380976 _____ (Microsoft Corporation) C:\Users\Ken\Documents\IE9-Windows7-x64-enu.exe
2014-02-03 14:17 - 2014-02-02 21:56 - 00022806 _____ () C:\Users\Ken\Desktop\AutotraderNinja.odt
2014-02-03 13:13 - 2014-02-03 13:13 - 00074882 _____ () C:\Users\Ken\Desktop\OTL.Txt
2014-02-03 13:13 - 2014-02-03 13:13 - 00045046 _____ () C:\Users\Ken\Desktop\Extras.Txt
2014-02-03 13:10 - 2014-02-03 13:10 - 00602112 _____ (OldTimer Tools) C:\Users\Ken\Desktop\OTL.exe
2014-02-02 09:31 - 2014-02-02 09:31 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-02 09:31 - 2014-02-02 09:31 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-02 09:31 - 2013-02-15 12:21 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-02 09:11 - 2013-07-03 20:05 - 00000000 ____D () C:\ProgramData\AVG
2014-02-02 09:04 - 2013-02-15 09:59 - 00000000 ___RD () C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-02 08:42 - 2009-07-13 22:45 - 00310480 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-02 00:03 - 2014-02-02 00:03 - 00000017 _____ () C:\Users\Ken\AppData\Local\resmon.resmoncfg
2014-02-01 23:42 - 2014-02-01 23:42 - 00000000 ____D () C:\Users\Ken\AppData\Local\Apps\2.0
2014-02-01 23:13 - 2013-02-16 20:33 - 00069160 _____ () C:\Users\Ken\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-01 23:10 - 2013-06-22 09:52 - 00000000 ____D () C:\Program Files (x86)\thinkTDA
2014-02-01 23:08 - 2014-01-31 13:53 - 00000000 ____D () C:\Users\Ken\AppData\Local\Sony Corporation
2014-02-01 23:06 - 2013-02-16 00:28 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-02-01 23:02 - 2014-02-01 23:02 - 00000000 ____D () C:\Users\Ken\AppData\Local\Adobe_Systems_Incorporate
2014-02-01 12:57 - 2014-02-01 12:57 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\Media Player Classic
2014-02-01 12:47 - 2013-10-25 08:58 - 00000000 ____D () C:\Users\Ken\AppData\Local\WORDsearch 10
2014-01-31 14:22 - 2014-01-31 14:22 - 00000000 ____D () C:\Users\Ken\KooBits4
2014-01-31 14:22 - 2014-01-31 14:22 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\koobits.koobits4.com
2014-01-31 14:22 - 2014-01-31 14:22 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-01-31 14:22 - 2014-01-31 14:22 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-01-31 14:22 - 2013-02-15 12:31 - 00000000 ____D () C:\ProgramData\Adobe
2014-01-31 14:22 - 2013-02-15 09:58 - 00000000 ____D () C:\Users\Ken
2014-01-31 14:21 - 2013-02-16 00:48 - 00000000 ____D () C:\Users\Ken\AppData\Local\Adobe
2014-01-31 14:21 - 2013-02-15 12:34 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\Adobe
2014-01-31 13:53 - 2014-01-31 13:53 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\Sony Corporation
2014-01-31 13:53 - 2014-01-31 13:53 - 00000000 ____D () C:\Users\Ken\AppData\Local\kinoma
2014-01-31 13:53 - 2014-01-31 13:53 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-01-31 01:04 - 2014-01-14 15:22 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\calibre
2014-01-26 20:55 - 2014-01-26 20:54 - 00005146 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-26 20:55 - 2013-11-11 12:29 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-26 20:55 - 2013-02-26 22:11 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-25 23:52 - 2014-01-25 23:52 - 00001009 _____ () C:\Users\Ken\Desktop\Dropbox.lnk
2014-01-25 23:52 - 2014-01-25 23:52 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-25 23:52 - 2014-01-25 23:52 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\DropboxMaster
2014-01-25 23:51 - 2014-01-25 23:51 - 37660568 _____ (Dropbox, Inc.) C:\Users\Ken\Desktop\Dropbox 2.6.2.exe
2014-01-22 00:43 - 2014-01-22 00:42 - 00022741 _____ () C:\Users\Ken\Documents\Dr. Gumm.odt
2014-01-21 20:33 - 2014-01-14 20:40 - 00000000 ____D () C:\Users\Ken\Desktop\Kindle Previewer
2014-01-21 20:33 - 2014-01-14 20:40 - 00000000 ____D () C:\Users\Ken\.kindle
2014-01-21 15:22 - 2013-04-22 20:29 - 00000000 ____D () C:\Users\Ken\Documents\WTT
2014-01-21 15:22 - 2013-04-22 20:29 - 00000000 ____D () C:\Users\Ken\AppData\Local\WhenToTrade.com
2014-01-15 14:21 - 2013-08-14 10:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 14:20 - 2013-02-15 13:39 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 20:46 - 2014-01-14 20:46 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\Amazon
2014-01-14 20:46 - 2014-01-14 20:46 - 00000000 ____D () C:\Users\Ken\AppData\Local\webkit
2014-01-14 20:44 - 2014-02-02 08:58 - 09275071 _____ () C:\Users\Ken\Desktop\No-1-Market-Top-Secret-10012014-MOBI.zip
2014-01-14 20:44 - 2014-01-14 20:44 - 00000000 ____D () C:\Users\Ken\Desktop\No-1-Market-Top-Secret-10012014-MOBI
2014-01-14 20:40 - 2014-01-14 20:40 - 00000000 ____D () C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-01-14 15:16 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\Resources
2014-01-09 22:48 - 2013-06-29 12:25 - 00000000 ____D () C:\Users\Ken\Documents\NinjaTrader 7
2014-01-09 14:14 - 2014-01-25 23:57 - 04034443 _____ () C:\Users\Ken\Desktop\EpubNo 1 Market Top Secret 10012014.epub
2014-01-09 14:14 - 2014-01-25 23:53 - 04034443 _____ () C:\Users\Ken\Desktop\No 1 Market Top Secret 10012014.epub
2014-01-09 14:12 - 2014-01-25 23:58 - 12004110 _____ () C:\Users\Ken\Desktop\No 1 Market Top Secret 10012014.mobi

Some content of TEMP:
====================
C:\Users\Ken\AppData\Local\Temp\avgnt.exe
C:\Users\Ken\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgnrm6t.dll
C:\Users\Ken\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-29 00:52

==================== End Of Log ============================



#14 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,066 posts
  • Interests:Boo!....
  • MVP

Posted 06 February 2014 - 04:51 AM

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
 

start
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.5.10_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.5.10_0\plugins/np-cwmp.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.5.10_0\search/plugins/npConduitNewTabPlugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll No File
CHR HKLM-x32\...\Chrome\Extension: [nkopijddpkmggacdghppacglggodkcod] - C:\Program Files (x86)\albrechto\nkopijddpkmggacdghppacglggodkcod.crx [2013-07-05]
C:\Users\Ken\AppData\Local\Temp\avgnt.exe
C:\Users\Ken\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgnrm6t.dll
C:\Users\Ken\AppData\Local\Temp\Quarantine.exe
end



Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


Please post this log when done...How is your computer now?
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#15 baldingeagle

baldingeagle

    Authentic Member

  • Authentic Member
  • PipPip
  • 51 posts

Posted 06 February 2014 - 10:02 AM

Hi Juliet.

 

My computer seems to be running well.   Below is the scan you requested.

 

Thank you so much.

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-02-2014
Ran by Ken at 2014-02-06 09:57:57 Run:3
Running from C:\Users\Ken\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.5.10_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.5.10_0\plugins/np-cwmp.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.5.10_0\search/plugins/npConduitNewTabPlugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll No File
CHR HKLM-x32\...\Chrome\Extension: [nkopijddpkmggacdghppacglggodkcod] - C:\Program Files (x86)\albrechto\nkopijddpkmggacdghppacglggodkcod.crx [2013-07-05]
C:\Users\Ken\AppData\Local\Temp\avgnt.exe
C:\Users\Ken\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgnrm6t.dll
C:\Users\Ken\AppData\Local\Temp\Quarantine.exe
*****************

C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.5.10_0\plugins/ConduitChromeApiPlugin.dll not found.
C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.5.10_0\plugins/np-cwmp.dll not found.
C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.5.10_0\search/plugins/npConduitNewTabPlugin.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll not found.
C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nkopijddpkmggacdghppacglggodkcod => Key deleted successfully.
"C:\Program Files (x86)\albrechto\nkopijddpkmggacdghppacglggodkcod.crx" => File/Directory not found.
C:\Users\Ken\AppData\Local\Temp\avgnt.exe => Moved successfully.
"C:\Users\Ken\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgnrm6t.dll" => File/Directory not found.
C:\Users\Ken\AppData\Local\Temp\Quarantine.exe => Moved successfully.

==== End of Fixlog ====


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users