john99

Members
  • Content count

    37
  • Joined

  • Last visited

About john99

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. Here it is: Results of screen317's Security Check version 0.99.85 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 51 Java version out of Date! Mozilla Firefox 29.0.1 Firefox out of Date! Google Chrome 35.0.1916.114 Google Chrome 35.0.1916.153 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe WinPatrol winpatrol.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe BillP Studios WinPatrol WinPatrol.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  2. Hi, I updated the CCleaner version and ran it. Attached are my FRST64 logs. Thanks Addition.txt FRST.txt
  3. Sorry for delay. Malwarebytes Scan found not threats. The computer is running a bit slow. Nothing unusual in task manager. Here is Adware log: # AdwCleaner v3.213 - Report created 25/06/2014 at 22:29:06 # Updated 23/06/2014 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : johnr - JRAU-PC # Running from : C:\Users\johnr\Desktop\adwcleaner_3.213.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\johnr\AppData\Local\DefineExt Folder Deleted : C:\Users\johnr\AppData\Local\WhiteListing Folder Deleted : C:\Users\johnr\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\johnr\AppData\LocalLow\Conduit Folder Deleted : C:\Users\jrau\AppData\LocalLow\AVG Secure Search Folder Deleted : C:\Users\jrau\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo File Deleted : C:\END File Deleted : C:\Users\johnr\AppData\Roaming\Mozilla\Firefox\Profiles\ij2ykqmj.default\searchplugins\Askcom.xml File Deleted : C:\Users\johnr\AppData\Roaming\Mozilla\Firefox\Profiles\ij2ykqmj.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68} Key Deleted : HKCU\Software\BillP Studios Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\WEDLMNGR Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKLM\Software\BillP Studios Key Deleted : [x64] HKLM\SOFTWARE\Description Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE} ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16750 -\\ Mozilla Firefox v29.0.1 (en-US) [ File : C:\Users\johnr\AppData\Roaming\Mozilla\Firefox\Profiles\ij2ykqmj.default\prefs.js ] Line Deleted : user_pref("CT3309350_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1377999203630,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]"); Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", ""); Line Deleted : user_pref("smartbar.machineId", "XJXXDJXZRU2UURVTPRLPM2D8SPU9C443CLWZ4XA5N+KR5XMOWGEAQJ3EL443QFPBSEXMJRM65BNIITOA1CDR0Q"); [ File : C:\Users\jrau\AppData\Roaming\Mozilla\Firefox\Profiles\9j53xrvx.default\prefs.js ] Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com"); Line Deleted : user_pref("browser.search.order.1", "Ask.com"); Line Deleted : user_pref("browser.search.defaultengine", "Ask.com"); Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com"); Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", ""); -\\ Google Chrome v35.0.1916.153 [ File : C:\Users\jrau\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [Homepage] : hxxp://isearch.avg.com/?cid={FDB98080-8225-4317-AA08-F642242424EC}&mid=a0cb8c81babe47d0acfba9628d46c03d-5899a713f553e146c2a1299eef802221d09c6a83〈=en&ds=AVG&pr=fr&d=2012-12-12 20:16:50&v=15.2.0.5&pid=avg&sg=&sap=hp Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc [ File : C:\Users\norton\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [6531 octets] - [25/06/2014 22:11:22] AdwCleaner[s0].txt - [6428 octets] - [25/06/2014 22:29:06] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6488 octets] ##########
  4. I didn't see the FRST64 instructions until after I ran TDSKILLER and COMBOFIX. I ran it after them. When I ran FRST64 there was an error "Unknown variable at line xxxx". However a fixlog.txt was created and I attached it. The TDSKILLER found no Threats and I did not see a log. I attached the ComboFix log. Fixlog.txt ComboFix.txt
  5. I created a restore point and created the registry backup with delfix. The FRST64 logs are attached , the MalwareBytes log is below. I ran MS Essential but there were nothing found and no log. I am running RoqueKiller for about an hour. The progress bar seemed to have stopped about 1/2 way. Sure I let it continue to run? MalwareBytes Log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/24/2014 Scan Time: 3:28:21 PM Logfile: MalwareBytesScanLog.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.24.12 Rootkit Database: v2014.06.23.02 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: johnr Scan Type: Threat Scan Result: Completed Objects Scanned: 448040 Time Elapsed: 19 min, 35 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Addition.txt FRST.txt
  6. Thanks, I was able to boot normally. I have Malwarebytes, WinPatrol and MS Secuirty Essential on my computer. Should I run a full scan now? With these running not sure why I go the Ransomware. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2014 Ran by SYSTEM at 2014-06-24 14:30:15 Run:1 Running from J:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** Replace: C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll C:\Windows\SysWOW64\user32.dll ***************** C:\Windows\SysWOW64\user32.dll => Moved successfully. C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll copied successfully to C:\Windows\SysWOW64\user32.dll ==== End of Fixlog ====
  7. Here is the results from the search. BTW - great looking dogs! Farbar Recovery Scan Tool (x64) Version: 22-06-2014 Ran by SYSTEM at 2014-06-24 11:39:50 Running from J:\ Boot Mode: Recovery ================== Search Files: "user32.dll" ============= C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010-11-20 19:24][2010-11-20 19:24] 0833024 ____A (Microsoft Corporation) 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll [2010-11-20 19:24][2010-11-20 19:24] 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B C:\Windows\SysWOW64\user32.dll [2010-11-20 19:24][2014-03-04 01:16] 0872448 ____A (Microsoft Corporation) 03C34516E7CC1E4828BE373B79BEF1E7 C:\Windows\System32\user32.dll [2010-11-20 19:24][2010-11-20 19:24] 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B C:\Windows\ERDNT\cache86\user32.dll [2012-04-13 03:41][2010-11-20 19:24] 0833024 ____A (Microsoft Corporation) 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 C:\Windows\ERDNT\cache64\user32.dll [2012-04-13 03:41][2010-11-20 19:24] 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B X:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll [2010-11-20 01:50][2010-11-20 05:27] 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B X:\Windows\System32\user32.dll [2010-11-20 01:50][2010-11-20 05:27] 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B ====== End Of Search ======
  8. MrC, I don't have a good restore point. Here is the FRST.txt. Thanks Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014 Ran by SYSTEM on MININT-I2KLI7U on 24-06-2014 09:57:45 Running from J:\ Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet002 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2907240 2010-10-04] (Realtek Semiconductor Corp.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation) HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2010-12-03] (Intel Corporation) HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] () HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-02] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [523216 2011-09-09] (Cisco Systems, Inc.) HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [358336 2011-08-11] (Citrix Systems, Inc.) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware" [54072 2014-05-12] (Malwarebytes Corporation) Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.) HKU\johnr\...\Run: [GoToAssist Express Expert] => C:\Program Files (x86)\Citrix\GoToAssist Express Expert\383\g2ax_start.exe [609144 2012-04-06] (Citrix Online, a division of Citrix Systems, Inc.) HKU\johnr\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [439360 2013-08-12] (BillP Studios) HKU\johnr\...\Run: [GoToAssist Remote Support Expert] => C:\Users\johnr\AppData\Local\Citrix\GoToAssist Remote Support Expert\637\g2ax_start.exe [610888 2014-02-12] (Citrix Online, a division of Citrix Systems, Inc.) Startup: C:\Users\johnr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Flip.lnk ShortcutTarget: Flip.lnk -> C:\Program Files (x86)\Belkin\Flip\flip.exe (Belkin Corporation) ShellIconOverlayIdentifiers: EnabledUnlockedFDEIconOverlay -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.) ShellIconOverlayIdentifiers: UninitializedFdeIconOverlay -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.) ShellIconOverlayIdentifiers-x32: EnhancedStorageShell -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => No File ShellIconOverlayIdentifiers-x32: SharingPrivate -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => No File ==================== Services (Whitelisted) ================= S2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_service.exe [610888 2014-02-11] (Citrix Online, a division of Citrix Systems, Inc.) S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [67400 2011-04-01] (Microsoft Corporation) S3 msftesql$SYNCO_SQL; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [158568 2007-06-22] (Microsoft Corporation) S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) S2 MSOLAP$SYNCO_SQL; C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [31648608 2008-11-25] (Microsoft Corporation) S2 MSSQL$SYNCO_SQL; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [39626592 2008-11-25] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) S2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [409720 2013-06-28] () S3 ReportServer$SYNCO_SQL; C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [14688 2008-11-25] (Microsoft Corporation) S2 SQLAgent$SYNCO_SQL; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [426336 2008-11-25] (Microsoft Corporation) S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () S2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation) S2 WebFarmService; C:\Program Files\IIS\Microsoft Web Farm Framework\WebFarmService.exe [15600 2011-10-12] (Microsoft Corporation) S2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-02-02] (Dell Inc.) S2 MSSQL$SQLEXPRESS; "D:\SQL2008\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [X] S2 SQLAgent$SQLEXPRESS; "D:\SQL2008\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [X] ==================== Drivers (Whitelisted) ==================== S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-08-14] (AVG Technologies) S3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] () S3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [1980648 2010-10-04] (Realtek Semiconductor Corp.) S1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-24] (Microsoft Corporation) S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [321992 2012-06-28] (Microsoft Corporation) S1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [22368 2013-08-21] (AVG Technologies CZ, s.r.o. ) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-24 09:56 - 2014-06-24 09:57 - 00000000 ____D () C:\FRST 2014-06-20 19:52 - 2014-06-20 19:52 - 00000000 _____ () C:\Windows\Minidump\062014-28126-01.dmp 2014-06-20 19:49 - 2014-06-20 19:49 - 00262144 _____ () C:\Windows\Minidump\062014-28548-02.dmp 2014-06-20 19:46 - 2014-06-20 19:46 - 00262144 _____ () C:\Windows\Minidump\062014-28938-02.dmp 2014-06-20 19:44 - 2014-06-20 19:44 - 00000000 _____ () C:\Windows\Minidump\062014-28345-01.dmp 2014-06-20 19:41 - 2014-06-20 19:41 - 00262144 _____ () C:\Windows\Minidump\062014-28267-01.dmp 2014-06-20 19:38 - 2014-06-20 19:38 - 00262144 _____ () C:\Windows\Minidump\062014-28454-02.dmp 2014-06-20 19:35 - 2014-06-20 19:35 - 00000000 _____ () C:\Windows\Minidump\062014-28844-02.dmp 2014-06-20 19:33 - 2014-06-20 19:33 - 00262144 _____ () C:\Windows\Minidump\062014-28922-01.dmp 2014-06-20 19:30 - 2014-06-20 19:30 - 00262144 _____ () C:\Windows\Minidump\062014-28766-01.dmp 2014-06-20 19:27 - 2014-06-20 19:27 - 00262144 _____ () C:\Windows\Minidump\062014-29156-02.dmp 2014-06-20 19:25 - 2014-06-20 19:25 - 00262144 _____ () C:\Windows\Minidump\062014-28594-01.dmp 2014-06-20 19:22 - 2014-06-20 19:22 - 00262144 _____ () C:\Windows\Minidump\062014-29031-01.dmp 2014-06-20 19:19 - 2014-06-20 19:19 - 00262144 _____ () C:\Windows\Minidump\062014-28485-02.dmp 2014-06-20 19:16 - 2014-06-20 19:16 - 00000000 _____ () C:\Windows\Minidump\062014-28938-01.dmp 2014-06-20 19:13 - 2014-06-20 19:14 - 00262144 _____ () C:\Windows\Minidump\062014-28860-01.dmp 2014-06-20 19:11 - 2014-06-20 19:11 - 00262144 _____ () C:\Windows\Minidump\062014-29281-01.dmp 2014-06-20 19:08 - 2014-06-20 19:08 - 00262144 _____ () C:\Windows\Minidump\062014-28204-01.dmp 2014-06-20 19:05 - 2014-06-20 19:05 - 00262144 _____ () C:\Windows\Minidump\062014-28860-02.dmp 2014-06-20 19:02 - 2014-06-20 19:02 - 00262144 _____ () C:\Windows\Minidump\062014-27924-01.dmp 2014-06-20 18:59 - 2014-06-20 18:59 - 00262144 _____ () C:\Windows\Minidump\062014-28454-01.dmp 2014-06-20 18:56 - 2014-06-20 18:56 - 00262144 _____ () C:\Windows\Minidump\062014-28672-02.dmp 2014-06-20 18:53 - 2014-06-20 18:53 - 00262144 _____ () C:\Windows\Minidump\062014-29546-01.dmp 2014-06-20 18:50 - 2014-06-20 18:51 - 00262144 _____ () C:\Windows\Minidump\062014-28126-02.dmp 2014-06-20 18:48 - 2014-06-20 18:48 - 00262144 _____ () C:\Windows\Minidump\062014-28329-02.dmp 2014-06-20 18:45 - 2014-06-20 18:45 - 00262144 _____ () C:\Windows\Minidump\062014-28906-01.dmp 2014-06-20 18:42 - 2014-06-20 18:42 - 00262144 _____ () C:\Windows\Minidump\062014-29390-02.dmp 2014-06-20 18:39 - 2014-06-20 18:39 - 00262144 _____ () C:\Windows\Minidump\062014-28594-02.dmp 2014-06-20 18:36 - 2014-06-20 18:36 - 00262144 _____ () C:\Windows\Minidump\062014-29187-01.dmp 2014-06-20 18:34 - 2014-06-20 18:34 - 00262144 _____ () C:\Windows\Minidump\062014-28641-03.dmp 2014-06-20 18:31 - 2014-06-20 18:31 - 00262144 _____ () C:\Windows\Minidump\062014-29047-01.dmp 2014-06-20 18:28 - 2014-06-20 18:28 - 00262144 _____ () C:\Windows\Minidump\062014-28548-01.dmp 2014-06-20 18:26 - 2014-06-20 18:26 - 00262144 _____ () C:\Windows\Minidump\062014-29374-01.dmp 2014-06-20 18:23 - 2014-06-20 18:23 - 00262144 _____ () C:\Windows\Minidump\062014-28641-02.dmp 2014-06-20 18:20 - 2014-06-20 18:20 - 00262144 _____ () C:\Windows\Minidump\062014-29312-01.dmp 2014-06-20 18:17 - 2014-06-20 18:17 - 00262144 _____ () C:\Windows\Minidump\062014-28298-01.dmp 2014-06-20 18:14 - 2014-06-20 18:14 - 00262144 _____ () C:\Windows\Minidump\062014-28953-02.dmp 2014-06-20 18:11 - 2014-06-20 18:11 - 00262144 _____ () C:\Windows\Minidump\062014-28407-01.dmp 2014-06-20 18:08 - 2014-06-20 18:09 - 00262144 _____ () C:\Windows\Minidump\062014-28688-02.dmp 2014-06-20 18:06 - 2014-06-20 18:06 - 00262144 _____ () C:\Windows\Minidump\062014-28516-01.dmp 2014-06-20 18:03 - 2014-06-20 18:03 - 00262144 _____ () C:\Windows\Minidump\062014-28563-01.dmp 2014-06-20 18:00 - 2014-06-20 18:00 - 00262144 _____ () C:\Windows\Minidump\062014-29265-01.dmp 2014-06-20 17:58 - 2014-06-20 17:58 - 00262144 _____ () C:\Windows\Minidump\062014-29000-01.dmp 2014-06-20 17:54 - 2014-06-20 17:54 - 00262144 _____ () C:\Windows\Minidump\062014-29359-02.dmp 2014-06-20 17:51 - 2014-06-20 17:51 - 00262144 _____ () C:\Windows\Minidump\062014-29374-02.dmp 2014-06-20 17:48 - 2014-06-20 17:48 - 00262144 _____ () C:\Windows\Minidump\062014-29343-01.dmp 2014-06-20 17:45 - 2014-06-20 17:45 - 00262144 _____ () C:\Windows\Minidump\062014-28532-01.dmp 2014-06-20 17:43 - 2014-06-20 17:43 - 00262144 _____ () C:\Windows\Minidump\062014-28111-01.dmp 2014-06-20 17:40 - 2014-06-20 17:40 - 00262144 _____ () C:\Windows\Minidump\062014-28438-01.dmp 2014-06-20 17:37 - 2014-06-20 17:37 - 00262144 _____ () C:\Windows\Minidump\062014-28626-01.dmp 2014-06-20 17:34 - 2014-06-20 17:34 - 00262144 _____ () C:\Windows\Minidump\062014-29296-01.dmp 2014-06-20 08:17 - 2014-06-20 08:17 - 00003720 ____N () C:\bootsqm.dat 2014-06-12 15:50 - 2014-06-12 15:50 - 00000000 ____D () C:\Users\jrau\AppData\Local\CrashDumps 2014-06-12 15:46 - 2014-06-12 15:46 - 00000430 _____ () C:\Windows\PFRO.log 2014-06-12 14:46 - 2014-06-12 14:46 - 00126456 _____ () C:\Users\norton\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-12 14:45 - 2014-06-12 14:45 - 00000000 ____H () C:\Users\norton\Documents\Default.rdp 2014-06-12 14:35 - 2014-06-20 19:52 - 429867423 _____ () C:\Windows\MEMORY.DMP 2014-06-12 14:32 - 2014-06-20 19:52 - 00014056 _____ () C:\Windows\setupact.log 2014-06-12 14:32 - 2014-06-12 14:32 - 00000000 _____ () C:\Windows\setuperr.log 2014-06-12 13:55 - 2014-06-12 14:15 - 00000000 ____D () C:\Windows\Microsoft Antimalware 2014-06-12 09:05 - 2014-06-20 03:42 - 00004044 _____ () C:\Windows\WindowsUpdate.log 2014-06-11 20:29 - 2014-06-11 20:33 - 00185254 _____ () C:\users\LIST.TXT 2014-06-11 18:54 - 2014-06-11 18:54 - 00000000 ____D () C:\Users\jrau\AppData\Local\NPE 2014-06-11 17:06 - 2014-06-11 18:42 - 00000000 ____D () C:\Users\norton\AppData\Local\NPE 2014-06-11 17:06 - 2014-06-11 17:06 - 00000000 ____D () C:\ProgramData\Norton 2014-06-11 16:57 - 2014-06-11 17:04 - 00032512 _____ () C:\Windows\System32\Drivers\hitmanpro37.sys 2014-06-11 16:42 - 2014-06-11 20:47 - 00000000 ____D () C:\Users\norton\AppData\Local\Google 2014-06-11 16:42 - 2014-06-11 16:42 - 00000020 ___SH () C:\Users\norton\ntuser.ini 2014-06-11 16:42 - 2014-06-11 16:42 - 00000000 ____D () C:\users\norton 2014-06-11 16:42 - 2014-05-21 04:42 - 00000000 ____D () C:\Users\norton\Documents\Visual Studio 2008 2014-06-11 16:42 - 2013-08-08 23:02 - 00000000 ____D () C:\Users\norton\Documents\Visual Studio 2012 2014-06-11 16:42 - 2013-01-11 05:21 - 00000000 ____D () C:\Users\norton\AppData\Roaming\TuneUp Software 2014-06-11 16:42 - 2011-08-09 23:07 - 00000000 ____D () C:\Users\norton\Documents\Visual Studio 2005 2014-06-11 16:42 - 2011-06-16 23:01 - 00000000 ____D () C:\Users\norton\Documents\Visual Studio 2010 2014-06-11 16:42 - 2011-06-13 05:21 - 00000000 ____D () C:\Users\norton\AppData\Roaming\Macromedia 2014-06-11 16:42 - 2011-06-12 23:02 - 00000000 ____D () C:\Users\norton\AppData\Local\Microsoft Help 2014-06-10 18:21 - 2014-06-10 18:21 - 00001899 _____ () C:\Users\Public\Desktop\HitmanPro.lnk 2014-06-10 18:21 - 2014-06-10 18:21 - 00000000 ____D () C:\Program Files\HitmanPro 2014-06-10 03:57 - 2014-06-10 03:57 - 00009278 _____ () C:\Windows\System32\.crusader 2014-06-10 03:49 - 2014-06-10 18:29 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-06-09 10:51 - 2014-06-09 11:31 - 00000000 ___HD () C:\Users\Public\Documents\Report 2014-05-28 13:58 - 2014-05-28 13:58 - 00000000 ____D () C:\Users\johnr\AppData\Local\Microsoft_Corporation 2014-05-28 10:34 - 2012-06-28 21:22 - 00082888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr10.52.4000.0.dll 2014-05-28 10:34 - 2012-06-28 21:22 - 00057288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll 2014-05-28 10:34 - 2012-06-28 21:17 - 00088520 _____ (Microsoft Corporation) C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.52.4000.0.dll 2014-05-28 10:34 - 2012-06-28 21:17 - 00086984 _____ (Microsoft Corporation) C:\Windows\System32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll 2014-05-28 10:33 - 2014-05-28 10:33 - 00000000 ____D () C:\Users\johnr\Documents\Integration Services Script Component 2014-05-28 10:32 - 2014-05-28 10:32 - 00000000 ____D () C:\Windows\System32\RsFx 2014-05-28 10:32 - 2014-05-28 10:32 - 00000000 ____D () C:\Users\johnr\Documents\Integration Services Script Task 2014-05-28 10:30 - 2014-05-28 10:30 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0 2014-05-28 09:35 - 2014-05-28 09:37 - 357075912 _____ (Microsoft Corporation) C:\Users\johnr\Downloads\SQLEXPRWT_x64_ENU.exe 2014-05-28 07:46 - 2014-05-28 07:46 - 00013461 _____ () C:\Users\johnr\Documents\RestrictionComparison.xlsx ==================== One Month Modified Files and Folders ======= 2014-06-24 09:57 - 2014-06-24 09:56 - 00000000 ____D () C:\FRST 2014-06-24 04:59 - 2011-07-15 04:59 - 00000000 ____D () C:\localwork 2014-06-20 19:52 - 2014-06-20 19:52 - 00000000 _____ () C:\Windows\Minidump\062014-28126-01.dmp 2014-06-20 19:52 - 2014-06-12 14:35 - 429867423 _____ () C:\Windows\MEMORY.DMP 2014-06-20 19:52 - 2014-06-12 14:32 - 00014056 _____ () C:\Windows\setupact.log 2014-06-20 19:52 - 2013-03-11 05:08 - 00000000 ____D () C:\Windows\Minidump 2014-06-20 19:49 - 2014-06-20 19:49 - 00262144 _____ () C:\Windows\Minidump\062014-28548-02.dmp 2014-06-20 19:46 - 2014-06-20 19:46 - 00262144 _____ () C:\Windows\Minidump\062014-28938-02.dmp 2014-06-20 19:44 - 2014-06-20 19:44 - 00000000 _____ () C:\Windows\Minidump\062014-28345-01.dmp 2014-06-20 19:41 - 2014-06-20 19:41 - 00262144 _____ () C:\Windows\Minidump\062014-28267-01.dmp 2014-06-20 19:38 - 2014-06-20 19:38 - 00262144 _____ () C:\Windows\Minidump\062014-28454-02.dmp 2014-06-20 19:35 - 2014-06-20 19:35 - 00000000 _____ () C:\Windows\Minidump\062014-28844-02.dmp 2014-06-20 19:33 - 2014-06-20 19:33 - 00262144 _____ () C:\Windows\Minidump\062014-28922-01.dmp 2014-06-20 19:30 - 2014-06-20 19:30 - 00262144 _____ () C:\Windows\Minidump\062014-28766-01.dmp 2014-06-20 19:27 - 2014-06-20 19:27 - 00262144 _____ () C:\Windows\Minidump\062014-29156-02.dmp 2014-06-20 19:25 - 2014-06-20 19:25 - 00262144 _____ () C:\Windows\Minidump\062014-28594-01.dmp 2014-06-20 19:22 - 2014-06-20 19:22 - 00262144 _____ () C:\Windows\Minidump\062014-29031-01.dmp 2014-06-20 19:19 - 2014-06-20 19:19 - 00262144 _____ () C:\Windows\Minidump\062014-28485-02.dmp 2014-06-20 19:16 - 2014-06-20 19:16 - 00000000 _____ () C:\Windows\Minidump\062014-28938-01.dmp 2014-06-20 19:14 - 2014-06-20 19:13 - 00262144 _____ () C:\Windows\Minidump\062014-28860-01.dmp 2014-06-20 19:11 - 2014-06-20 19:11 - 00262144 _____ () C:\Windows\Minidump\062014-29281-01.dmp 2014-06-20 19:08 - 2014-06-20 19:08 - 00262144 _____ () C:\Windows\Minidump\062014-28204-01.dmp 2014-06-20 19:05 - 2014-06-20 19:05 - 00262144 _____ () C:\Windows\Minidump\062014-28860-02.dmp 2014-06-20 19:02 - 2014-06-20 19:02 - 00262144 _____ () C:\Windows\Minidump\062014-27924-01.dmp 2014-06-20 18:59 - 2014-06-20 18:59 - 00262144 _____ () C:\Windows\Minidump\062014-28454-01.dmp 2014-06-20 18:56 - 2014-06-20 18:56 - 00262144 _____ () C:\Windows\Minidump\062014-28672-02.dmp 2014-06-20 18:53 - 2014-06-20 18:53 - 00262144 _____ () C:\Windows\Minidump\062014-29546-01.dmp 2014-06-20 18:51 - 2014-06-20 18:50 - 00262144 _____ () C:\Windows\Minidump\062014-28126-02.dmp 2014-06-20 18:48 - 2014-06-20 18:48 - 00262144 _____ () C:\Windows\Minidump\062014-28329-02.dmp 2014-06-20 18:45 - 2014-06-20 18:45 - 00262144 _____ () C:\Windows\Minidump\062014-28906-01.dmp 2014-06-20 18:42 - 2014-06-20 18:42 - 00262144 _____ () C:\Windows\Minidump\062014-29390-02.dmp 2014-06-20 18:39 - 2014-06-20 18:39 - 00262144 _____ () C:\Windows\Minidump\062014-28594-02.dmp 2014-06-20 18:36 - 2014-06-20 18:36 - 00262144 _____ () C:\Windows\Minidump\062014-29187-01.dmp 2014-06-20 18:34 - 2014-06-20 18:34 - 00262144 _____ () C:\Windows\Minidump\062014-28641-03.dmp 2014-06-20 18:31 - 2014-06-20 18:31 - 00262144 _____ () C:\Windows\Minidump\062014-29047-01.dmp 2014-06-20 18:28 - 2014-06-20 18:28 - 00262144 _____ () C:\Windows\Minidump\062014-28548-01.dmp 2014-06-20 18:26 - 2014-06-20 18:26 - 00262144 _____ () C:\Windows\Minidump\062014-29374-01.dmp 2014-06-20 18:23 - 2014-06-20 18:23 - 00262144 _____ () C:\Windows\Minidump\062014-28641-02.dmp 2014-06-20 18:20 - 2014-06-20 18:20 - 00262144 _____ () C:\Windows\Minidump\062014-29312-01.dmp 2014-06-20 18:17 - 2014-06-20 18:17 - 00262144 _____ () C:\Windows\Minidump\062014-28298-01.dmp 2014-06-20 18:14 - 2014-06-20 18:14 - 00262144 _____ () C:\Windows\Minidump\062014-28953-02.dmp 2014-06-20 18:11 - 2014-06-20 18:11 - 00262144 _____ () C:\Windows\Minidump\062014-28407-01.dmp 2014-06-20 18:09 - 2014-06-20 18:08 - 00262144 _____ () C:\Windows\Minidump\062014-28688-02.dmp 2014-06-20 18:06 - 2014-06-20 18:06 - 00262144 _____ () C:\Windows\Minidump\062014-28516-01.dmp 2014-06-20 18:03 - 2014-06-20 18:03 - 00262144 _____ () C:\Windows\Minidump\062014-28563-01.dmp 2014-06-20 18:00 - 2014-06-20 18:00 - 00262144 _____ () C:\Windows\Minidump\062014-29265-01.dmp 2014-06-20 17:58 - 2014-06-20 17:58 - 00262144 _____ () C:\Windows\Minidump\062014-29000-01.dmp 2014-06-20 17:54 - 2014-06-20 17:54 - 00262144 _____ () C:\Windows\Minidump\062014-29359-02.dmp 2014-06-20 17:51 - 2014-06-20 17:51 - 00262144 _____ () C:\Windows\Minidump\062014-29374-02.dmp 2014-06-20 17:48 - 2014-06-20 17:48 - 00262144 _____ () C:\Windows\Minidump\062014-29343-01.dmp 2014-06-20 17:45 - 2014-06-20 17:45 - 00262144 _____ () C:\Windows\Minidump\062014-28532-01.dmp 2014-06-20 17:43 - 2014-06-20 17:43 - 00262144 _____ () C:\Windows\Minidump\062014-28111-01.dmp 2014-06-20 17:40 - 2014-06-20 17:40 - 00262144 _____ () C:\Windows\Minidump\062014-28438-01.dmp 2014-06-20 17:37 - 2014-06-20 17:37 - 00262144 _____ () C:\Windows\Minidump\062014-28626-01.dmp 2014-06-20 17:34 - 2014-06-20 17:34 - 00262144 _____ () C:\Windows\Minidump\062014-29296-01.dmp 2014-06-20 08:17 - 2014-06-20 08:17 - 00003720 ____N () C:\bootsqm.dat 2014-06-20 03:42 - 2014-06-12 09:05 - 00004044 _____ () C:\Windows\WindowsUpdate.log 2014-06-12 15:50 - 2014-06-12 15:50 - 00000000 ____D () C:\Users\jrau\AppData\Local\CrashDumps 2014-06-12 15:46 - 2014-06-12 15:46 - 00000430 _____ () C:\Windows\PFRO.log 2014-06-12 15:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Branding 2014-06-12 14:46 - 2014-06-12 14:46 - 00126456 _____ () C:\Users\norton\AppData\Local\GDIPFONTCACHEV1.DAT 2014-06-12 14:45 - 2014-06-12 14:45 - 00000000 ____H () C:\Users\norton\Documents\Default.rdp 2014-06-12 14:45 - 2014-04-16 03:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys 2014-06-12 14:32 - 2014-06-12 14:32 - 00000000 _____ () C:\Windows\setuperr.log 2014-06-12 14:15 - 2014-06-12 13:55 - 00000000 ____D () C:\Windows\Microsoft Antimalware 2014-06-11 20:47 - 2014-06-11 16:42 - 00000000 ____D () C:\Users\norton\AppData\Local\Google 2014-06-11 20:33 - 2014-06-11 20:29 - 00185254 _____ () C:\users\LIST.TXT 2014-06-11 18:54 - 2014-06-11 18:54 - 00000000 ____D () C:\Users\jrau\AppData\Local\NPE 2014-06-11 18:42 - 2014-06-11 17:06 - 00000000 ____D () C:\Users\norton\AppData\Local\NPE 2014-06-11 17:06 - 2014-06-11 17:06 - 00000000 ____D () C:\ProgramData\Norton 2014-06-11 17:04 - 2014-06-11 16:57 - 00032512 _____ () C:\Windows\System32\Drivers\hitmanpro37.sys 2014-06-11 16:42 - 2014-06-11 16:42 - 00000020 ___SH () C:\Users\norton\ntuser.ini 2014-06-11 16:42 - 2014-06-11 16:42 - 00000000 ____D () C:\users\norton 2014-06-10 18:29 - 2014-06-10 03:49 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-06-10 18:21 - 2014-06-10 18:21 - 00001899 _____ () C:\Users\Public\Desktop\HitmanPro.lnk 2014-06-10 18:21 - 2014-06-10 18:21 - 00000000 ____D () C:\Program Files\HitmanPro 2014-06-10 03:57 - 2014-06-10 03:57 - 00009278 _____ () C:\Windows\System32\.crusader 2014-06-09 11:31 - 2014-06-09 10:51 - 00000000 ___HD () C:\Users\Public\Documents\Report 2014-06-09 11:17 - 2012-10-16 03:12 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-09 10:58 - 2014-03-10 13:30 - 00000000 ____D () C:\Users\johnr\AppData\Roaming\FileZilla 2014-06-09 10:52 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\System32\FxsTmp 2014-06-09 08:01 - 2011-06-17 05:07 - 00000000 ____D () C:\Users\johnr\Documents\SQL Server Management Studio 2014-06-09 04:05 - 2012-03-30 08:21 - 00000000 ____D () C:\ADBImp 2014-06-09 03:27 - 2012-10-16 03:12 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-05 03:46 - 2009-07-13 20:45 - 00021312 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-05 03:46 - 2009-07-13 20:45 - 00021312 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-05 03:21 - 2011-06-17 03:41 - 00000000 ____D () C:\users\johnr 2014-06-05 02:59 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-04 03:04 - 2009-07-13 21:13 - 01175008 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-05-31 12:39 - 2011-06-29 12:56 - 00001261 _____ () C:\Windows\ODBC.INI 2014-05-31 12:31 - 2011-06-12 15:44 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-05-31 12:28 - 2011-06-12 09:20 - 00000000 ____D () C:\Program Files\Microsoft SQL Server 2014-05-31 12:28 - 2011-06-12 09:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server 2014-05-31 12:16 - 2014-04-16 03:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-05-31 10:48 - 2012-04-09 13:05 - 00001141 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-05-28 13:58 - 2014-05-28 13:58 - 00000000 ____D () C:\Users\johnr\AppData\Local\Microsoft_Corporation 2014-05-28 11:43 - 2011-06-17 03:41 - 00000000 ____D () C:\Users\johnr\AppData\Local\Microsoft Help 2014-05-28 10:33 - 2014-05-28 10:33 - 00000000 ____D () C:\Users\johnr\Documents\Integration Services Script Component 2014-05-28 10:32 - 2014-05-28 10:32 - 00000000 ____D () C:\Windows\System32\RsFx 2014-05-28 10:32 - 2014-05-28 10:32 - 00000000 ____D () C:\Users\johnr\Documents\Integration Services Script Task 2014-05-28 10:30 - 2014-05-28 10:30 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 9.0 2014-05-28 10:28 - 2011-06-12 09:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0 2014-05-28 09:37 - 2014-05-28 09:35 - 357075912 _____ (Microsoft Corporation) C:\Users\johnr\Downloads\SQLEXPRWT_x64_ENU.exe 2014-05-28 07:46 - 2014-05-28 07:46 - 00013461 _____ () C:\Users\johnr\Documents\RestrictionComparison.xlsx Files to move or delete: ==================== C:\Users\johnr\gotomypc_533.exe C:\Users\johnr\gotomypc_540.exe C:\Users\johnr\gotomypc_635.exe C:\Users\jrau\gotomypc_533.exe C:\Users\jrau\gotomypc_540.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll [2010-11-20 19:24] - [2014-03-04 01:16] - 0872448 ____A (Microsoft Corporation) 03C34516E7CC1E4828BE373B79BEF1E7 C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 11% Total physical RAM: 8073.05 MB Available physical RAM: 7161.56 MB Total Pagefile: 8071.25 MB Available Pagefile: 7166.73 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:470.9 GB) (Free:377.92 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:0.73 GB) (Free:0.11 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive e: (Data) (Fixed) (Total:292.97 GB) (Free:177.81 GB) NTFS Drive f: (Backup) (Fixed) (Total:166.87 GB) (Free:73.18 GB) NTFS Drive i: (KIS - MD) (CDROM) (Total:0.52 GB) (Free:0 GB) CDFS Drive j: (WDO_MEDIA64) (Removable) (Total:14.52 GB) (Free:14.25 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (RECOVERY) (Fixed) (Total:0.73 GB) (Free:0.5 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 68026767) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=931 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 4A11BC2E) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=752 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=471 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=460 GB) - (Type=OF Extended) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: 0001532E) Partition 1: (Active) - (Size=15 GB) - (Type=0C) LastRegBack: 2014-06-07 20:08 ==================== End Of Log ============================
  9. Hello, I am infected with the Department of Justice Moneypak Ransomware and unable to remove it. I tried using HitmanPro, and Kaspersky Rescue Disk. I have another boot drive on the same computer and booted from that drive and ran Malwarebytes and Windows Defender on the infected drive but still no luck. I can only boot to Windows Safety Mode command prompt. I am running Window 7 64 bit. Any help would be welcome. Thanks, John
  10. It seems that the shockwave flash object was causing the issue. Once I disabled it IE is working fine. Thanks for all your help.
  11. I reset IE again and am still having the same problem. When the home page was set to www.msn.com IE wouldn't even open all the way; the site would beging to show and then hang-up sometimes with the "Discuss" addon enable/disable bar at the bottome. I was finally able to reset my home page to google and it opens fine but anytime I try to navigate to ANY other site it hangs up. Also, I noticed that it is now IE 10. Before all these issues began I was running IE 9. I assume during one of the reboots along the way and update ran. John
  12. I am still having issues with IE. When open IE it hangs trying to go www,msn.com and I can't navigate to any other URL. I have no problem in Safari, FireFox or Chrome. ========== OTL ========== ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\johnr\Desktop\cmd.bat deleted successfully. C:\Users\johnr\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Classic .NET AppPool User: Default User: Default User User: DefaultAppPool User: johnr ->Java cache emptied: 0 bytes User: jrau ->Java cache emptied: 0 bytes User: Public Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: All Users User: Classic .NET AppPool User: Default ->Flash cache emptied: 56466 bytes User: Default User ->Flash cache emptied: 0 bytes User: DefaultAppPool ->Flash cache emptied: 56466 bytes User: johnr ->Flash cache emptied: 523 bytes User: jrau ->Flash cache emptied: 3552 bytes User: Public Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 09022013_221140
  13. OTL.txt OTL logfile created on: 9/1/2013 8:30:34 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\johnr\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16660) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.88 Gb Total Physical Memory | 5.23 Gb Available Physical Memory | 66.38% Memory free 15.77 Gb Paging File | 12.71 Gb Available in Paging File | 80.60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 470.90 Gb Total Space | 375.96 Gb Free Space | 79.84% Space Free | Partition Type: NTFS Drive D: | 292.97 Gb Total Space | 232.75 Gb Free Space | 79.45% Space Free | Partition Type: NTFS Drive E: | 166.87 Gb Total Space | 73.19 Gb Free Space | 43.86% Space Free | Partition Type: NTFS Computer Name: JRAU-PC | User Name: johnr | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\johnr\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios) PRC - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_user_customer.exe (Citrix Online, a division of Citrix Systems, Inc.) PRC - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_system_customer.exe (Citrix Online, a division of Citrix Systems, Inc.) PRC - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_service.exe (Citrix Online, a division of Citrix Systems, Inc.) PRC - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_comm_customer.exe (Citrix Online, a division of Citrix Systems, Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\498\g2ax_user_expert.exe (Citrix Online, a division of Citrix Systems, Inc.) PRC - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\498\g2ax_start.exe (Citrix Online, a division of Citrix Systems, Inc.) PRC - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\498\g2ax_comm_expert.exe (Citrix Online, a division of Citrix Systems, Inc.) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.) PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) PRC - C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe (Citrix Systems, Inc.) PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files (x86)\Belkin\Flip\flip.exe (Belkin Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2b87cb064e64ff40778ca12322abb710\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\67fa9ea7086262a8c67abad2aa2d8975\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll () MOD - C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\50ac055662e8876504c8121692aa1bdd\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll () MOD - c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll () MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () ========== Services (SafeList) ========== SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (WebFarmService) -- C:\Program Files\IIS\Microsoft Web Farm Framework\WebFarmService.exe (Microsoft Corporation) SRV:64bit: - (MsDepSvc) -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe (Microsoft Corporation) SRV:64bit: - (SecureStorageService) -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.) SRV:64bit: - (TdmService) -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (Intel® -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation) SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.) SRV:64bit: - (EPSON_EB_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION) SRV:64bit: - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (GoToAssist Remote Support Customer) -- C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_service.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions) SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions) SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (tcsd_win32.exe) -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.) DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.) DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.) DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys () DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc60.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (SynthVid) -- C:\Windows\SysNative\drivers\VMBusVideoM.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation) DRV:64bit: - (IntcAzAudAddService) -- C:\Windows\SysNative\drivers\RTDVHD64.sys (Realtek Semiconductor Corp.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.) DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.) DRV:64bit: - (PBADRV) -- C:\Windows\SysNative\drivers\PBADRV.SYS (Dell Inc) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3440588634-1009513163-3344267490-1019\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-3440588634-1009513163-3344267490-1019\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKU\S-1-5-21-3440588634-1009513163-3344267490-1019\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKU\S-1-5-21-3440588634-1009513163-3344267490-1019\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 06 63 20 75 20 A7 CE 01 [binary data] IE - HKU\S-1-5-21-3440588634-1009513163-3344267490-1019\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3440588634-1009513163-3344267490-1019\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-3440588634-1009513163-3344267490-1019\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3440588634-1009513163-3344267490-1019\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "www.google.com" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3309350&SearchSource=2&CUI=UN26030166448337290&UM=2&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\lesstabs@lesstabs.com: C:\Program Files (x86)\Mozilla Firefox\extensions\lesstabs@lesstabs.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}: C:\Users\johnr\AppData\Roaming\Mozilla\FireFox\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/20 16:02:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/08/20 16:02:16 | 000,000,000 | ---D | M] [2012/12/09 15:45:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\johnr\AppData\Roaming\Mozilla\Extensions [2013/08/31 21:35:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\johnr\AppData\Roaming\Mozilla\Firefox\Profiles\ij2ykqmj.default\extensions [2013/03/12 11:39:34 | 000,002,308 | ---- | M] () -- C:\Users\johnr\AppData\Roaming\Mozilla\Firefox\Profiles\ij2ykqmj.default\searchplugins\askcom.xml [2013/08/20 16:02:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/08/20 16:02:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013/08/20 16:02:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011/08/11 12:18:12 | 000,128,960 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2011/08/10 23:16:34 | 000,096,192 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2011/08/11 12:18:30 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2011/08/11 12:18:08 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2011/08/11 12:19:38 | 000,436,136 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2011/08/10 23:16:34 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2012/12/12 21:16:55 | 000,000,000 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml ========== Chrome ========== CHR - default_search_provider: Ask (Enabled) CHR - default_search_provider: search_url = http://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=AD3AE346-80DF-47BF-A4E7-D685E53125E0&apn_ptnrs=TV&apn_sauid=5590EECE-D8D7-4D52-8BF0-86C05FBC45A7&apn_dtid=OSJ000YYUS&q={searchTerms} CHR - default_search_provider: suggest_url = http://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms} CHR - homepage: http://www.google.com/ CHR - plugin: Silverlight (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Google Drive = C:\Users\johnr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: BrowserPlus2 = C:\Users\johnr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iigplimlmgilpobjilfbfeilnpiigpgl\10.16.100.504_0\ O1 HOSTS File: ([2013/08/26 12:30:12 | 000,000,021 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.) O4:64bit: - HKLM..\Run: [CANON DR2010C SVC] C:\Windows\SysNative\DR201SVC.dll (Canon Electronics) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [iMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKU\S-1-5-21-3440588634-1009513163-3344267490-1019..\Run: [GoToAssist Express Expert] C:\Program Files (x86)\Citrix\GoToAssist Express Expert\383\g2ax_start.exe (Citrix Online, a division of Citrix Systems, Inc.) O4 - HKU\S-1-5-21-3440588634-1009513163-3344267490-1019..\Run: [GoToAssist Remote Support Expert] C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\498\g2ax_start.exe (Citrix Online, a division of Citrix Systems, Inc.) O4 - HKU\S-1-5-21-3440588634-1009513163-3344267490-1019..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios) O4 - Startup: C:\Users\johnr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Flip.lnk = C:\Program Files (x86)\Belkin\Flip\flip.exe (Belkin Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3440588634-1009513163-3344267490-1019\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3440588634-1009513163-3344267490-1019\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3440588634-1009513163-3344267490-1019\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-3440588634-1009513163-3344267490-1019\..Trusted Domains: ed.gov ([fafsa] https in Trusted sites) O15 - HKU\S-1-5-21-3440588634-1009513163-3344267490-1019\..Trusted Domains: nyu.edu ([ssswforms.ssw] https in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} http://localhost:49797/SSSW_WebForms/Reserved.ReportViewerWebControl.axd?Culture=1033&CultureOverrides=True&UICulture=1033&UICultureOverrides=True&ReportStack=1&ControlID=edf0c81716f24848b156ad5cc73d3f84&Mode=true&OpType=PrintCab&Arch=X86 (RSClientPrint 2008 Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://mywayphotos.riteaid.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class) O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 1.7.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} https://68.70.80.30/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP7-15458/webex/ieatgpc1.cab (GpcContainer Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007 (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{083D706F-0552-4B1B-88C7-C242F3464370}: NameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B96CE1C-8FB4-4067-9B42-726F48707A4E}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll File not found O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found O18:64bit: - Protocol\Filter\ica - No CLSID value found O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\GoToAssist Express Customer: DllName - (C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_winlogonx64.dll) - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\498\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/09/01 20:29:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\johnr\Desktop\OTL.exe [2013/08/31 22:05:46 | 000,000,000 | ---D | C] -- C:\Users\johnr\AppData\Roaming\WinPatrol [2013/08/31 22:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol [2013/08/31 22:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2013/08/31 22:05:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios [2013/08/31 21:44:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2013/08/31 21:44:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2013/08/31 21:25:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/08/31 12:20:40 | 000,000,000 | ---D | C] -- C:\Users\johnr\Desktop\backups [2013/08/31 11:29:49 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\johnr\Desktop\HijackThis.exe [2013/08/31 10:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013/08/31 10:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013/08/31 10:56:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2013/08/31 10:56:44 | 000,000,000 | ---D | C] -- C:\Users\johnr\AppData\Roaming\Foxit Software [2013/08/31 10:56:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software [2013/08/31 10:40:41 | 000,000,000 | ---D | C] -- C:\Users\johnr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2013/08/31 10:40:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group [2013/08/31 07:29:57 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5 [2013/08/22 21:05:20 | 000,000,000 | ---D | C] -- C:\Users\johnr\AppData\Local\Avg2013 [2013/08/22 10:04:51 | 000,000,000 | ---D | C] -- C:\DELLTOOLS [2013/08/22 09:03:16 | 000,000,000 | ---D | C] -- C:\Users\johnr\AppData\Local\{FD9F2615-6C07-496B-ADD4-95DC8F763865} [2013/08/20 16:02:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/08/20 14:54:03 | 000,000,000 | ---D | C] -- C:\Users\johnr\AppData\Roaming\AVG [2013/08/20 14:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG [2013/08/20 14:53:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} [2013/08/15 03:06:36 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/08/15 03:06:36 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/08/15 03:06:35 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013/08/15 03:06:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013/08/15 03:06:35 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013/08/15 03:06:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013/08/15 03:06:35 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013/08/15 03:06:35 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013/08/15 03:06:35 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013/08/15 03:06:35 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013/08/15 03:06:35 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013/08/15 03:06:34 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/08/15 03:06:34 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/08/15 03:06:34 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/08/15 03:06:34 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/08/14 21:07:22 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013/08/14 21:07:20 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2013/08/14 21:07:17 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013/08/14 21:07:04 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2013/08/14 21:07:04 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2013/08/14 21:07:03 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll [2013/08/14 21:06:54 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/08/14 21:06:54 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/08/14 21:06:53 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/08/14 21:06:51 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013/08/14 21:06:51 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013/08/14 21:06:51 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013/08/14 21:06:50 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013/08/14 21:06:50 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013/08/14 21:06:50 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013/08/14 21:06:50 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/08/14 21:06:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013/08/14 21:06:50 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013/08/14 21:06:50 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013/08/14 21:06:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013/08/14 21:06:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013/08/14 21:06:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013/08/14 21:06:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013/08/14 21:06:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013/08/14 21:06:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013/08/14 21:06:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013/08/14 21:06:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013/08/14 21:06:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013/08/14 21:06:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013/08/14 21:06:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013/08/14 21:06:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013/08/14 21:06:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013/08/14 21:06:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013/08/14 21:06:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013/08/14 21:06:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013/08/14 21:06:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/08/14 21:06:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013/08/14 21:06:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013/08/14 21:06:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013/08/14 21:06:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013/08/14 21:06:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013/08/14 21:06:49 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/08/14 21:06:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013/08/14 21:06:49 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/08/14 21:06:49 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013/08/14 21:06:49 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013/08/14 21:06:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/08/14 21:06:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013/08/14 21:06:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013/08/14 21:06:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013/08/14 21:06:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013/08/14 21:06:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013/08/14 21:06:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013/08/14 21:06:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/08/14 21:06:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013/08/14 21:06:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013/08/14 21:06:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013/08/14 21:06:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013/08/14 21:06:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013/08/14 21:06:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013/08/14 21:06:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013/08/14 21:06:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013/08/14 21:06:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013/08/14 21:06:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013/08/14 21:06:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013/08/14 21:06:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013/08/14 21:06:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013/08/14 21:06:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013/08/14 21:06:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013/08/14 21:06:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013/08/14 21:06:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013/08/14 21:06:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013/08/14 21:06:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013/08/14 21:06:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013/08/14 21:06:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013/08/14 21:06:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013/08/14 21:06:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013/08/14 21:06:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/08/11 16:37:29 | 000,000,000 | ---D | C] -- C:\Users\johnr\AppData\Roaming\Kernel for Windows Data Recovery [2013/08/08 21:27:22 | 000,000,000 | ---D | C] -- C:\SaveEdit [2013/08/08 17:40:15 | 000,000,000 | ---D | C] -- C:\Users\johnr\Desktop\saved games [2013/08/08 16:19:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Kits [2013/08/08 16:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\IIS Express [2013/08/08 16:15:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS Express [2013/08/08 16:12:36 | 000,000,000 | ---D | C] -- C:\Users\johnr\Documents\Visual Studio 2012 [2013/08/08 16:10:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Help Viewer [2013/08/08 16:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2013/08/08 15:44:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0 [2013/08/08 15:44:06 | 000,000,000 | ---D | C] -- C:\Windows\symbols [2013/08/08 15:41:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2013/08/08 14:45:59 | 000,000,000 | ---D | C] -- C:\Users\johnr\AppData\Roaming\Open Download Manager [2013/08/08 14:45:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GorillaPrice [2013/08/08 14:45:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDownloaderManager [2013/08/08 14:29:59 | 000,000,000 | ---D | C] -- C:\Users\johnr\AppData\Local\Conduit [2013/08/08 14:29:53 | 000,000,000 | ---D | C] -- C:\Users\johnr\AppData\Local\CRE [2013/08/08 14:29:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2013/08/08 14:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013/08/08 14:27:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2013/08/08 14:27:04 | 000,000,000 | ---D | C] -- C:\Users\johnr\AppData\Local\DefineExt [2013/08/08 13:11:59 | 000,000,000 | ---D | C] -- C:\Users\johnr\AppData\Local\Daring_Development_Inc [2013/08/08 13:06:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup [2013/08/06 03:00:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT [2013/03/24 16:14:56 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\johnr\gotomypc_635.exe [2011/07/14 11:33:19 | 001,062,984 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\johnr\gotomypc_540.exe [2011/06/24 08:33:40 | 001,063,320 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\johnr\gotomypc_533.exe ========== Files - Modified Within 30 Days ========== [2013/09/01 20:29:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\johnr\Desktop\OTL.exe [2013/09/01 19:47:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/09/01 10:42:38 | 001,081,358 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/09/01 10:42:38 | 000,877,510 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/09/01 10:42:38 | 000,197,492 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/09/01 10:34:08 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/09/01 10:34:08 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/09/01 10:25:07 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/09/01 10:24:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/09/01 10:24:01 | 2053,844,991 | -HS- | M] () -- C:\hiberfil.sys [2013/08/31 21:45:08 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2013/08/31 11:29:16 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\johnr\Desktop\HijackThis.exe [2013/08/31 10:58:34 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/08/31 10:56:48 | 000,002,113 | ---- | M] () -- C:\Users\johnr\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk [2013/08/31 10:56:48 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013/08/31 10:40:41 | 000,001,303 | ---- | M] () -- C:\Users\johnr\Desktop\Revo Uninstaller.lnk [2013/08/31 07:22:48 | 003,771,904 | ---- | M] () -- C:\Users\johnr\Desktop\RogueKillerX64.exe [2013/08/30 22:48:39 | 000,002,218 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/08/27 07:07:24 | 000,165,376 | ---- | M] () -- C:\Users\johnr\Desktop\SystemLook_x64.exe [2013/08/26 12:30:12 | 000,000,021 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/08/20 14:14:35 | 000,007,599 | ---- | M] () -- C:\Users\johnr\AppData\Local\Resmon.ResmonCfg [2013/08/15 08:06:47 | 000,002,348 | -H-- | M] () -- C:\Users\johnr\Documents\Default.rdp [2013/08/14 18:19:49 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2013/08/08 21:21:00 | 001,073,480 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/08/08 20:39:59 | 000,008,192 | -H-- | M] () -- C:\Users\johnr\Desktop\Gibbed.Borderlands2.SaveEdit.suo [2013/08/08 17:11:14 | 000,001,046 | ---- | M] () -- C:\Users\johnr\Desktop\Gibbed.Borderlands2.SaveEdit.sln [2013/08/08 15:53:52 | 511,141,888 | ---- | M] () -- C:\Users\johnr\Desktop\vs2012_webexp_enu.iso [2013/08/08 14:30:03 | 000,000,009 | ---- | M] () -- C:\END [2013/08/08 14:17:06 | 000,471,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013/08/31 21:45:08 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif [2013/08/31 21:45:01 | 000,002,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2013/08/31 10:58:34 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/08/31 10:56:48 | 000,002,113 | ---- | C] () -- C:\Users\johnr\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk [2013/08/31 10:56:48 | 000,002,089 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2013/08/31 10:56:47 | 000,216,064 | ---- | C] () -- C:\Windows\SysWow64\gcapi_dll.dll [2013/08/31 10:40:41 | 000,001,303 | ---- | C] () -- C:\Users\johnr\Desktop\Revo Uninstaller.lnk [2013/08/31 07:34:36 | 003,771,904 | ---- | C] () -- C:\Users\johnr\Desktop\RogueKillerX64.exe [2013/08/27 07:11:36 | 000,165,376 | ---- | C] () -- C:\Users\johnr\Desktop\SystemLook_x64.exe [2013/08/11 14:34:28 | 000,007,599 | ---- | C] () -- C:\Users\johnr\AppData\Local\Resmon.ResmonCfg [2013/08/08 21:52:28 | 000,343,552 | ---- | C] () -- C:\Users\johnr\Desktop\Gibbed.Borderlands2.SaveEdit (2).exe [2013/08/08 17:11:14 | 000,008,192 | -H-- | C] () -- C:\Users\johnr\Desktop\Gibbed.Borderlands2.SaveEdit.suo [2013/08/08 17:11:14 | 000,001,046 | ---- | C] () -- C:\Users\johnr\Desktop\Gibbed.Borderlands2.SaveEdit.sln [2013/08/08 15:49:44 | 511,141,888 | ---- | C] () -- C:\Users\johnr\Desktop\vs2012_webexp_enu.iso [2013/08/08 14:29:34 | 000,000,009 | ---- | C] () -- C:\END [2013/06/04 17:21:01 | 000,213,544 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2013/01/23 08:12:06 | 000,009,584 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll [2012/08/26 19:45:54 | 000,357,073 | ---- | C] () -- C:\Users\johnr\order_history.pdf [2012/07/29 20:18:36 | 000,001,919 | ---- | C] () -- C:\Users\johnr\PossibleDups2.pdf [2012/07/29 20:15:03 | 000,003,106 | ---- | C] () -- C:\Users\johnr\PossibleDups1.pdf [2012/07/15 07:25:09 | 000,027,520 | ---- | C] () -- C:\Users\johnr\AppData\Local\dt.dat [2012/05/17 21:16:39 | 000,000,936 | ---- | C] () -- C:\Users\johnr\export.sql [2012/05/01 21:23:03 | 000,050,979 | ---- | C] () -- C:\Users\johnr\Watch Hill Vacation Rental - VRBO 234335 - 2 BR RI Cottage, Private Watch Hill Cottage 5 Min_ Walk to Beach.htm [2012/02/23 12:06:43 | 000,000,160 | ---- | C] () -- C:\Windows\setscan.ini [2011/12/16 17:28:27 | 048,363,251 | ---- | C] () -- C:\Users\johnr\export.tsv [2011/11/06 20:10:48 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI [2011/11/06 14:15:04 | 000,000,288 | ---- | C] () -- C:\Users\johnr\.JavaPowUpload.properties [2011/11/04 12:44:54 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2011/11/04 12:44:54 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2011/11/04 12:44:54 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2011/11/04 12:44:54 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2011/11/04 12:44:54 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2011/11/04 12:44:54 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2011/11/04 12:44:54 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2011/11/04 12:44:54 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2011/11/04 12:44:54 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2011/11/04 12:44:54 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2011/11/04 12:44:54 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2011/11/04 12:44:54 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2011/11/04 12:44:54 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2011/11/04 12:44:54 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2011/11/04 12:44:54 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2011/11/04 12:44:54 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2011/11/04 12:42:59 | 000,000,079 | ---- | C] () -- C:\Windows\EWF630.ini [2011/10/28 13:52:16 | 000,000,395 | ---- | C] () -- C:\Users\johnr\Untitled.sql [2011/07/30 14:09:37 | 010,407,696 | ---- | C] () -- C:\Users\johnr\Eligibility_1118.csv [2011/07/24 22:51:12 | 016,973,683 | ---- | C] () -- C:\Users\johnr\MEDHIST.csv ========== ZeroAccess Check ========== [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report >
  14. I tried these steps now when I go into IE it askes me enable or diable the "Discuss" add-on. I click disable and IE hanges up. I try just closing the window and IE hanges up. I'm afraid to click Enable.
  15. I also tried typing www.malwarebytes.org and www.malwareremoval.com in to IE and it hung-up but not a problem in FireFox. Weird?