Author Topic: [Resolved - K] Trojan.Agent.ED found by MalawareBytes  (Read 3226 times)

Offline PGB

  • Bronze Member
  • Posts: 381
[Resolved - K] Trojan.Agent.ED found by MalawareBytes
« on: January 30, 2015, 07:40:40 AM »
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 10.71.2
Run by Phyllis at 8:36:22 on 2015-01-30
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.32706.28103 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Replay Telecorder for Skype\replay_telecorder_skype.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Enounce\MySpeed\MySpeed.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
C:\Windows\SysWOW64\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [replay_telecorder_skype] C:\Program Files (x86)\Replay Telecorder for Skype\replay_telecorder_skype.exe /start_context sys_auto
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [3xAV] C:\Program Files (x86)\Enounce\MySpeed\MySpeed.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [BrowserAppCoreService] C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\SahProcessManager.exe "C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe" "restart"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [RealDownloader] C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
StartupFolder: C:\Users\Phyllis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Phyllis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\REALPL~1.LNK - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{73BD1BBB-596A-4971-BC51-8CBFF9CB11DB} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.google.com 
x64-mSearch Page = hxxp://www.google.com 
x64-mDefault_Page_URL = hxxp://www.google.com
x64-mDefault_Search_URL = hxxp://www.google.com
x64-BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg_DTS] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /DTSU2P
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\3hyawouq.default-1384237558205\
FF - prefs.js: browser.search.selectedEngine - Vosteran
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\thinkorswim\npthinkorswim.dll
FF - plugin: C:\Program Files (x86)\thinkorswim\nptossc.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\Users\Phyllis\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Phyllis\AppData\Local\Fuze Box\Fuze Meeting\npfuzeshare.dll
FF - plugin: C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\3hyawouq.default-1384237558205\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Users\Phyllis\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll
.
---- FIREFOX POLICIES ----
.
.
.
.
.
.
.
);
.
);
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2013-1-10 47512]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2014-12-11 116000]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-8-7 644968]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-8-7 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-4-26 20464]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-11-4 55024]
R0 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2014-12-11 1120032]
R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2014-12-11 198432]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2014-12-11 161568]
R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2014-12-11 117024]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2014-12-11 3873784]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [2013-10-30 927232]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2013-11-12 118056]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2013-10-30 240584]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-7 15720]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-1-3 183200]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-10-30 169432]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-10-24 377704]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2013-4-30 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-11-12 72216]
R2 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-6-23 93400]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-6-23 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-6-23 969016]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 125584]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2012-10-30 230416]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-10-26 39568]
R2 RealPlayer Cloud Service;RealPlayer Cloud Service;C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [2014-11-25 1141848]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-10-30 31856]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2014-2-4 7142320]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-6-13 4799760]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2014-12-11 367200]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-10-30 96768]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;C:\Windows\System32\drivers\e1d62x64.sys [2013-10-30 496400]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-4-26 368112]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-4-26 786416]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-11 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-6-23 129752]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-6-4 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-6-4 166384]
S2 SessionLauncher;SessionLauncher;C:\Users\Phyllis\AppData\Local\Temp\DX9\SessionLauncher.exe --> C:\Users\Phyllis\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2014-10-16 249856]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-5-17 442368]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-6-23 63704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-15 19456]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-6-4 1120752]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-15 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-11-15 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-31 1255736]
.
=============== Created Last 30 ================
.
2015-01-30 13:29:49   79064   ----a-w-   C:\Windows\System32\drivers\xvrmtal.sys
2015-01-29 14:26:34   --------   d-----w-   C:\Program Files (x86)\SHARP
2015-01-29 14:26:27   82432   ----a-w-   C:\Windows\System32\SN0ELMON.dll
2015-01-29 14:26:22   32768   ------w-   C:\Windows\SysWow64\_isusr2k.dll
2015-01-29 14:26:22   180320   ----a-w-   C:\Windows\_isusr32.dll
2015-01-29 14:26:18   93696   ----a-w-   C:\Windows\System32\SCN2PM.dll
2015-01-29 14:26:18   70144   ----a-w-   C:\Windows\System32\SCN2PMUI.dll
2015-01-29 14:26:18   58368   ----a-w-   C:\Windows\System32\SCN2PMR.dll
2015-01-29 14:25:42   --------   d-----w-   C:\Windows\SysWow64\SCDRV
2015-01-29 14:25:39   --------   d-----w-   C:\Drivers
2015-01-29 14:10:02   11870360   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{310A3B17-615F-44DD-BC87-B9A2CB170C6B}\mpengine.dll
2015-01-28 14:07:52   11870360   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-01-25 20:52:07   736952   ----a-w-   C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2015-01-23 20:17:49   539984   ----a-w-   C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2015-01-22 23:28:30   1188440   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E7378B27-E69A-4EF1-A846-03EE42C636BD}\gapaengine.dll
2015-01-19 02:11:41   --------   d-----w-   C:\ProgramData\boost_interprocess
2015-01-19 02:07:32   --------   d-----w-   C:\Program Files (x86)\TradeStation 9.5
2015-01-19 02:06:28   --------   d-----w-   C:\Program Files\Microsoft SQL Server Compact Edition
2015-01-19 02:06:20   --------   d-----w-   C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-01-16 02:52:35   5553592   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2015-01-16 02:52:35   503808   ----a-w-   C:\Windows\System32\srcore.dll
2015-01-16 02:52:35   50176   ----a-w-   C:\Windows\System32\srclient.dll
2015-01-16 02:52:35   43008   ----a-w-   C:\Windows\SysWow64\srclient.dll
2015-01-16 02:52:35   3971512   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2015-01-16 02:52:35   3916728   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2015-01-16 02:52:35   296960   ----a-w-   C:\Windows\System32\rstrui.exe
2015-01-15 23:20:23   52224   ----a-w-   C:\Windows\SysWow64\nlaapi.dll
2015-01-15 23:20:23   303616   ----a-w-   C:\Windows\System32\nlasvc.dll
2015-01-15 23:20:23   156672   ----a-w-   C:\Windows\SysWow64\ncsi.dll
2015-01-15 23:20:21   144384   ----a-w-   C:\Windows\System32\ieUnatt.exe
2015-01-15 23:20:21   115712   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2015-01-15 23:20:19   210432   ----a-w-   C:\Windows\System32\profsvc.dll
2015-01-15 23:20:15   62976   ----a-w-   C:\Windows\System32\TSWbPrxy.exe
2015-01-15 23:20:13   141312   ----a-w-   C:\Windows\System32\drivers\mrxdav.sys
2015-01-09 15:03:09   --------   d-----w-   C:\SUPERDelete
2015-01-09 15:01:15   --------   d-----w-   C:\Users\Phyllis\AppData\Roaming\SUPERAntiSpyware.com
2015-01-09 15:01:12   --------   d-----w-   C:\ProgramData\SUPERAntiSpyware.com
2015-01-09 15:01:12   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2015-01-05 22:04:00   736952   ----a-w-   C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2015-01-05 22:03:45   2876528   ----a-w-   C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2015-01-05 22:03:37   42168   ----a-w-   C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-01-05 22:03:34   539984   ----a-w-   C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
==================== Find3M  ====================
.
2015-01-30 09:13:17   129752   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-25 11:47:08   71344   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-25 11:47:08   701616   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2015-01-14 19:10:48   107392   ----a-w-   C:\Windows\System32\LMIRfsClientNP.dll
2015-01-14 19:10:47   92520   ----a-w-   C:\Windows\System32\LMIinit.dll
2015-01-14 19:10:47   35688   ----a-w-   C:\Windows\System32\LMIport.dll
2014-12-31 11:14:31   298120   ------w-   C:\Windows\System32\MpSigStub.exe
2014-12-27 00:16:15   32832   ----a-w-   C:\Windows\SysWow64\rnd_chunk.bin
2014-12-11 17:29:54   367200   ----a-w-   C:\Windows\System32\drivers\afcdp.sys
2014-12-11 17:29:53   1464096   ----a-w-   C:\Windows\System32\drivers\tdrpman.sys
2014-12-11 17:29:52   269600   ----a-w-   C:\Windows\System32\drivers\snapman.sys
2014-12-11 17:29:52   198432   ----a-w-   C:\Windows\System32\drivers\tib_mounter.sys
2014-12-11 17:29:52   161568   ----a-w-   C:\Windows\System32\drivers\vididr.sys
2014-12-11 17:29:52   117024   ----a-w-   C:\Windows\System32\drivers\vidsflt.sys
2014-12-11 17:29:52   1120032   ----a-w-   C:\Windows\System32\drivers\tib.sys
2014-12-11 17:29:51   116000   ----a-w-   C:\Windows\System32\drivers\fltsrv.sys
2014-11-25 15:18:44   505416   ----a-w-   C:\Windows\SysWow64\msvcp71.dll
2014-11-25 15:18:44   353864   ----a-w-   C:\Windows\SysWow64\msvcr71.dll
2014-11-22 03:06:23   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39   66560   ----a-w-   C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10   580096   ----a-w-   C:\Windows\System32\vbscript.dll
2014-11-22 02:49:54   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20   88064   ----a-w-   C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29   114688   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51   814080   ----a-w-   C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07   6039552   ----a-w-   C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31   968704   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16   77824   ----a-w-   C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43   501248   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17   62464   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32   47616   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02   64000   ----a-w-   C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30   620032   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10   1359360   ----a-w-   C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58   2125312   ----a-w-   C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04   60416   ----a-w-   C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26   4299264   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21   2358272   ----a-w-   C:\Windows\System32\wininet.dll
2014-11-22 01:22:49   2052096   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57   1155072   ----a-w-   C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20   1888256   ----a-w-   C:\Windows\SysWow64\wininet.dll
2014-11-21 11:14:22   63704   ----a-w-   C:\Windows\System32\drivers\mwac.sys
2014-11-21 11:14:12   93400   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 11:14:08   25816   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2014-11-19 09:31:16   1217192   ----a-w-   C:\Windows\SysWow64\FM20.DLL
2014-11-11 03:09:06   1424384   ----a-w-   C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52   241152   ----a-w-   C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48   728064   ----a-w-   C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45   1230336   ----a-w-   C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32   186880   ----a-w-   C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25   550912   ----a-w-   C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26   119296   ----a-w-   C:\Windows\System32\drivers\tdx.sys
2014-11-08 03:16:08   2048   ----a-w-   C:\Windows\System32\tzres.dll
2014-11-08 02:45:09   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2014-11-04 11:42:35   107392   ----a-w-   C:\Windows\System32\LMIRfsClientNP.dll.000.bak
.
============= FINISH:  8:36:31.60 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/30/2013 6:58:57 PM
System Uptime: 1/29/2015 10:49:32 PM (10 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | Z87-PLUS
Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz | SOCKET 1150 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 238 GiB total, 56.627 GiB free.
D: is CDROM ()
Y: is NetworkDisk (NTFS) - 3663 GiB total, 2110.596 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP198: 1/22/2015 6:28:12 PM - Windows Update
RP199: 1/23/2015 7:34:32 AM - Windows Update
RP200: 1/26/2015 9:10:47 AM - Windows Update
RP201: 1/29/2015 9:25:43 AM - Installed SHARP MX/DX Series Printer Driver
.
==== Installed Programs ======================
.
Acronis True Image 2014
Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
Adobe Reader XI (11.0.10)
Adobe Refresh Manager
AMD Accelerated Video Transcoding
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Applian Director
Asmedia ASM106x SATA Host Controller Driver
Brother HL-5250DN
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cisco WebEx Meetings
Citrix Online Launcher
Codec Pack Packages
Corel PaintShop Pro X6
Creative Content
CrystalDiskMark 3.0.2f
DC-Bass Source 1.3.0
Definition Update for Microsoft Office 2010 (KB2910899) 32-Bit Edition
DirectVobSub 2.40.4209
DirectXInstallService
DivX Setup
Dropbox
EMCGadgets64
ffdshow
ffdshow v1.1.4399 [2012-03-22]
File Download ActiveX
File Type Assistant
Free Picture Resizer version 1.0.1.2
Fuze Meeting
FXCM MetaTrader 4
FXCM Trading Station
Google Chrome
Google Update Helper
GoToMeeting 6.4.11.2273
Haali Media Splitter
HL-5450DN
Hubb Client Data Manager
IBFX MT4
ICA
Integrated Investor
Intel(R) Management Engine Components
Intel(R) Network Connections 18.1.59.0
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
IPM_PSP_COM64
iSEEK AnswerWorks English Runtime
Java 7 Update 71
Java Auto Updater
Lagarith Lossless Codec (1.3.27)
LAME v3.99.3 (for Windows)
LogMeIn
Malwarebytes Anti-Malware version 2.0.4.1028
Microsoft .NET Framework 4.5.1
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server Compact 4.0 x64 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Moyea FLV Player version 1.6.2.2
Mozilla Firefox 35.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySpeed v5.4.4
NEW HAMPSHIRE ASSOCIATION REALTORS FORMS
Nitro Reader 3
OpenSource Flash Video Splitter 1.0.0.5
PipStrider III
PrimoPDF -- brought to you by Nitro PDF Software
PSPPContent
PSPPHelp
PSPPro64
Quicken 2012
Quicken WillMaker Plus 2012
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer Cloud
Realtek High Definition Audio Driver
RealUpgrade 1.1
Replay Converter 4
Replay Media Splitter 2.2.1305.22
Replay Music 5
Replay Telecorder for Skype 1.3.0.21
Replay Video Capture 7
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio RecordNow 10 Music Lab
Roxio Update Manager
Samsung Magician
Search App by Ask
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Excel 2010 (KB2910902) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553154) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2899519) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Setup
SHARP MX/DX Series PCL/PS Printer Driver
ShopAtHome.com BrowserAppCore Service Chrome
Skype Click to Call
Skype™ 6.18
Sonic CinePlayer Decoder Pack
SUPERAntiSpyware
TeamViewer 9
thinkorswim
Top Producer Outlook Sync
TradeStation 9.1
TradeStation 9.5
TTM Squeeze 2.2
TTM Squeeze Radar 3.2
TTM Voodoo Lines
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889818) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
UpdateService
VC_CRT_x64
VC80CRTRedist - 8.0.50727.6195
VD64Inst
VectorVest 7
Video Downloader
Video Padlock
VisualTour Studio
VT Remote Support
WinPcap 4.1.3
Xvid Video Codec
zipForm6
.
==== Event Viewer Messages From Past Week ========
.
1/29/2015 10:49:44 PM, Error: Service Control Manager [7000]  - The SessionLauncher service failed to start due to the following error:  The system cannot find the file specified.
1/28/2015 7:29:43 AM, Error: Schannel [36888]  - The following fatal alert was generated: 70. The internal error state is 105.
1/25/2015 8:58:23 AM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================

Perhaps I'm feeling spooked after the recent situation with my email ...  This virus was NOT found by SUPERAntiSpyware Free edition, and then was found immediatley after by MalawareBytes.   Please let me know if I still have a problem.  My understanding is that this could be serious and so I want to double-check.   Thanks!


...OMG  Just realized that yesterday, I got a pop up on my computer tellingme to download a new version of SUPERAntiSpyware and I did that:  It shows publisher as SUPERAntiSpyware.com   48.8 MB  Version 6.01168.  It has updated since (before running the scan in which it did not detect the Trojans).  Should I delete that program from my computer and reinstall it directly from their website?
« Last Edit: January 31, 2015, 05:59:32 AM by kevinf80 »



Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Trojan.Agent.ED found by MalawareBytes
« Reply #1 on: January 30, 2015, 09:28:57 AM »
Hello PGB and welcome,

I can see browser hijacker Vosteran, maybe there will be other hidden entries.... Do the following:

If you have d/l Superantispyware from suspect site it is best to uninstall it now, do not reinstall until later: use the following to remove it...

Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information)

Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required.

Run the tool, the main GUI will populate with installed programs list,

Left click on Program name to highlight that entry.

Select Action from the Menu bar, then Uninstall from there follow the prompts.

If Uninstall fails open the "Action" menu one more time and use "Force Removal" option

Next,

Use the instructions in the following link to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Next,


Backup the Registry:

Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
  • Note: the default location is C:\Windows\ERDNT which is acceptable.

  • Make sure that at least the first two check boxes are selected.


  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe
Next,

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link
When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.


Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.


In most cases, a restart will be required.


Wait for the prompt to restart the computer to appear, then click on Yes.


When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"
Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

Next,

Download AdwCleaner by Xplode onto your Desktop.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, click on the Clean button.
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[Sn].txt. Where n in the scan reference number
Next,

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Let me see those logs in your next reply...

Thank you,

Kevin....

Offline PGB

  • Bronze Member
  • Posts: 381
Re: [Resolved - K] Trojan.Agent.ED found by MalawareBytes
« Reply #2 on: January 30, 2015, 11:21:57 AM »
Followed all the instructions carefully; think I've got it all here:
Uninstalled SuperAntiSpyware using GeekUninstaller; followed instructions to show Hidden Files; backed up Registry using ERUNT; MalawareBytes Threat Scan run; there were no detections; not sure if this is the correct log; the one I saved to TXT disappeared, so I went back into Application Logs to find it:

Malwarebytes Anti-Malware
www.malwarebytes.org


Detection, 1/30/2015 12:34:14 AM, SYSTEM, PHYLLIS-PC, Protection, Malware Protection, File, Trojan.Agent.ED, C:\Program Files (x86)\FXCM MetaTrader 4\terminal.exe, Quarantine, [1f6a74892564a2941962976bdc2610f0]
Update, 1/30/2015 4:13:17 AM, SYSTEM, PHYLLIS-PC, Scheduler, Malware Database, 2015.1.30.1, 2015.1.30.3,
Scan, 1/30/2015 8:30:10 AM, SYSTEM, PHYLLIS-PC, Manual, Start:1/30/2015 12:10:01 AM, Duration:7 min 34 sec, Threat Scan, Completed, 2 Malware Detections, 0 Non-Malware Detections,
Protection, 1/30/2015 8:36:17 AM, SYSTEM, PHYLLIS-PC, Protection, Malware Protection, Stopping,
Protection, 1/30/2015 8:36:18 AM, SYSTEM, PHYLLIS-PC, Protection, Malware Protection, Stopped,
Protection, 1/30/2015 8:36:18 AM, SYSTEM, PHYLLIS-PC, Protection, Malicious Website Protection, Stopping,
Protection, 1/30/2015 8:36:19 AM, SYSTEM, PHYLLIS-PC, Protection, Malicious Website Protection, Stopped,
Protection, 1/30/2015 8:42:26 AM, SYSTEM, PHYLLIS-PC, Protection, Malware Protection, Starting,
Protection, 1/30/2015 8:42:26 AM, SYSTEM, PHYLLIS-PC, Protection, Malware Protection, Started,
Protection, 1/30/2015 8:42:26 AM, SYSTEM, PHYLLIS-PC, Protection, Malicious Website Protection, Starting,
Protection, 1/30/2015 8:42:30 AM, SYSTEM, PHYLLIS-PC, Protection, Malicious Website Protection, Started,
Update, 1/30/2015 10:28:08 AM, SYSTEM, PHYLLIS-PC, Scheduler, Malware Database, 2015.1.30.3, 2015.1.30.5,
Protection, 1/30/2015 10:28:08 AM, SYSTEM, PHYLLIS-PC, Protection, Refresh, Starting,
Protection, 1/30/2015 10:28:09 AM, SYSTEM, PHYLLIS-PC, Protection, Malicious Website Protection, Stopping,
Protection, 1/30/2015 10:28:09 AM, SYSTEM, PHYLLIS-PC, Protection, Malicious Website Protection, Stopped,
Protection, 1/30/2015 10:28:14 AM, SYSTEM, PHYLLIS-PC, Protection, Refresh, Success,
Protection, 1/30/2015 10:28:14 AM, SYSTEM, PHYLLIS-PC, Protection, Malicious Website Protection, Starting,
Protection, 1/30/2015 10:28:14 AM, SYSTEM, PHYLLIS-PC, Protection, Malicious Website Protection, Started,
Scan, 1/30/2015 10:36:59 AM, SYSTEM, PHYLLIS-PC, Manual, Start:1/30/2015 10:28:09 AM, Duration:8 min 3 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Update, 1/30/2015 11:34:42 AM, SYSTEM, PHYLLIS-PC, Manual, Malware Database, 2015.1.30.5, 2015.1.30.6,
Protection, 1/30/2015 11:34:42 AM, SYSTEM, PHYLLIS-PC, Protection, Refresh, Starting,
Protection, 1/30/2015 11:34:42 AM, SYSTEM, PHYLLIS-PC, Protection, Malicious Website Protection, Stopping,
Protection, 1/30/2015 11:34:42 AM, SYSTEM, PHYLLIS-PC, Protection, Malicious Website Protection, Stopped,
Protection, 1/30/2015 11:34:45 AM, SYSTEM, PHYLLIS-PC, Protection, Refresh, Success,
Protection, 1/30/2015 11:34:45 AM, SYSTEM, PHYLLIS-PC, Protection, Malicious Website Protection, Starting,
Protection, 1/30/2015 11:34:46 AM, SYSTEM, PHYLLIS-PC, Protection, Malicious Website Protection, Started,
Scan, 1/30/2015 11:42:42 AM, SYSTEM, PHYLLIS-PC, Manual, Start:1/30/2015 11:35:41 AM, Duration:6 min 16 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,
Protection, 1/30/2015 11:52:44 AM, SYSTEM, PHYLLIS-PC, Protection, Malware Protection, Starting,
Protection, 1/30/2015 11:52:44 AM, SYSTEM, PHYLLIS-PC, Protection, Malware Protection, Started,
Protection, 1/30/2015 11:52:44 AM, SYSTEM, PHYLLIS-PC, Protection, Malicious Website Protection, Starting,
Protection, 1/30/2015 11:52:46 AM, SYSTEM, PHYLLIS-PC, Protection, Malicious Website Protection, Started,
Protection, 1/30/2015 11:56:06 AM, SYSTEM, PHYLLIS-PC, Protection, Malware Protection, Stopping,
Protection, 1/30/2015 11:56:06 AM, SYSTEM, PHYLLIS-PC, Protection, Malware Protection, Stopped,
Protection, 1/30/2015 11:56:07 AM, SYSTEM, PHYLLIS-PC, Protection, Malicious Website Protection, Stopping,
Protection, 1/30/2015 11:56:07 AM, SYSTEM, PHYLLIS-PC, Protection, Malicious Website Protection, Stopped,
Protection, 1/30/2015 12:09:21 PM, SYSTEM, PHYLLIS-PC, Protection, Malware Protection, Starting,
Protection, 1/30/2015 12:09:21 PM, SYSTEM, PHYLLIS-PC, Protection, Malware Protection, Started,
Protection, 1/30/2015 12:09:21 PM, SYSTEM, PHYLLIS-PC, Protection, Malicious Website Protection, Starting,
Protection, 1/30/2015 12:09:21 PM, SYSTEM, PHYLLIS-PC, Protection, Malicious Website Protection, Started,

(end)

Adware Cleaner:
# AdwCleaner v4.109 - Report created 30/01/2015 at 11:51:58
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Phyllis - PHYLLIS-PC
# Running from : C:\Users\Phyllis\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Users\Phyllis\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Phyllis\AppData\Local\Temp\webget
Folder Deleted : C:\Users\Phyllis\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\Phyllis\AppData\Local\PackageAware
Folder Deleted : C:\Users\Phyllis\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Folder Deleted : C:\Users\Phyllis\AppData\Roaming\DigitalSites
File Deleted : C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\3hyawouq.default-1384237558205\invalidprefs.js
File Deleted : C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\3hyawouq.default-1384237558205\searchplugins\ask-search.xml
File Deleted : C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\3hyawouq.default-1384237558205\searchplugins\bingp.xml
File Deleted : C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\3hyawouq.default-1384237558205\user.js
File Deleted : C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Deleted : C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BrowserAppCoreService]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trusted Software Assistant_is1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0.1 (x86 en-US)

[3hyawouq.default-1384237558205\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Vosteran");
[3hyawouq.default-1384237558205\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://Vosteran.com/?f=1&a=vst_dnldkng_14_52_ff&cd=2XzuyEtN2Y1L1QzuyByE0DtDtB0BzyyDyE0DyEtAyDzyyEyCtN0D0Tzu0StCtDzytDtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzy[...]
[3hyawouq.default-1384237558205\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://Vosteran.com/?f=2&a=vst_dnldkng_14_52_ff&cd=2XzuyEtN2Y1L1QzuyByE0DtDtB0BzyyDyE0DyEtAyDzyyEyCtN0D0Tzu0StCtDzytDtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtB[...]
[3hyawouq.default-1384237558205\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
[3hyawouq.default-1384237558205\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
[3hyawouq.default-1384237558205\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://Vosteran.com/?f=3&a=vst_dnldkng_14_52_ff&cd=2XzuyEtN2Y1L1QzuyByE0DtDtB0BzyyDyE0DyEtAyDzyyEyCtN0D0Tzu0StCtDzytDtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyE[...]
[3hyawouq.default-1384237558205\prefs.js] - Line Deleted : user_pref("extensions.xpiState", "{\"app-profile\":{\"LogMeInClient@logmein.com\":{\"d\":\"C:\\\\Users\\\\Phyllis\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\3hyawouq.default-1384237558[...]

-\\ Google Chrome v40.0.2214.93


*************************

AdwCleaner[R0].txt - [6457 octets] - [30/01/2015 11:49:43]
AdwCleaner[S0].txt - [6375 octets] - [30/01/2015 11:51:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6435 octets] ##########

# AdwCleaner v4.109 - Report created 30/01/2015 at 11:49:43
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Phyllis - PHYLLIS-PC
# Running from : C:\Users\Phyllis\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Found : C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Found : C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Found : C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Found : C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Found : C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Found : C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\3hyawouq.default-1384237558205\invalidprefs.js
File Found : C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\3hyawouq.default-1384237558205\searchplugins\ask-search.xml
File Found : C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\3hyawouq.default-1384237558205\searchplugins\bingp.xml
File Found : C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\3hyawouq.default-1384237558205\user.js
Folder Found : C:\Program Files (x86)\AskPartnerNetwork
Folder Found : C:\ProgramData\AskPartnerNetwork
Folder Found : C:\Users\Phyllis\AppData\Local\AskPartnerNetwork
Folder Found : C:\Users\Phyllis\AppData\Local\PackageAware
Folder Found : C:\Users\Phyllis\AppData\Local\Temp\apn
Folder Found : C:\Users\Phyllis\AppData\Local\Temp\webget
Folder Found : C:\Users\Phyllis\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Folder Found : C:\Users\Phyllis\AppData\Roaming\DigitalSites

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AskPartnerNetwork
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Pack Packages
Key Found : [x64] HKCU\Software\AskPartnerNetwork
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\AskPartnerNetwork
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Key Found : HKLM\SOFTWARE\InstallCore
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trusted Software Assistant_is1
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BrowserAppCoreService]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0.1 (x86 en-US)

[3hyawouq.default-1384237558205] - Line Found : user_pref("browser.search.selectedEngine", "Vosteran");
[3hyawouq.default-1384237558205] - Line Found : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://Vosteran.com/?f=1&a=vst_dnldkng_14_52_ff&cd=2XzuyEtN2Y1L1QzuyByE0DtDtB0BzyyDyE0DyEtAyDzyyEyCtN0D0Tzu0StCtDzytDtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzy[...]
[3hyawouq.default-1384237558205] - Line Found : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://Vosteran.com/?f=2&a=vst_dnldkng_14_52_ff&cd=2XzuyEtN2Y1L1QzuyByE0DtDtB0BzyyDyE0DyEtAyDzyyEyCtN0D0Tzu0StCtDzytDtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtB[...]
[3hyawouq.default-1384237558205] - Line Found : user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
[3hyawouq.default-1384237558205] - Line Found : user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
[3hyawouq.default-1384237558205] - Line Found : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://Vosteran.com/?f=3&a=vst_dnldkng_14_52_ff&cd=2XzuyEtN2Y1L1QzuyByE0DtDtB0BzyyDyE0DyEtAyDzyyEyCtN0D0Tzu0StCtDzytDtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyE[...]
[3hyawouq.default-1384237558205] - Line Found : user_pref("extensions.xpiState", "{\"app-profile\":{\"LogMeInClient@logmein.com\":{\"d\":\"C:\\\\Users\\\\Phyllis\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\3hyawouq.default-1384237558[...]

-\\ Google Chrome v40.0.2214.93


*************************

AdwCleaner[R0].txt - [6301 octets] - [30/01/2015 11:49:43]


Junkware Removal:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by Phyllis on Fri 01/30/2015 at 11:58:51.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update swift browse
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util swift browse



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Phyllis\AppData\Roaming\mozilla\firefox\profiles\3hyawouq.default-1384237558205\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/30/2015 at 12:01:19.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The Farber Recovery Scan was too long to be included; see next post.

The Addition.txt is attached.

Offline PGB

  • Bronze Member
  • Posts: 381
Re: [Resolved - K] Trojan.Agent.ED found by MalawareBytes
« Reply #3 on: January 30, 2015, 11:26:25 AM »
continued/ 
Farber Recovery Scan:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by Phyllis (administrator) on PHYLLIS-PC on 30-01-2015 12:03:07
Running from C:\Users\Phyllis\Desktop
Loaded Profiles: Phyllis (Available profiles: Phyllis)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Applian Technologies Inc.) C:\Program Files (x86)\Replay Telecorder for Skype\replay_telecorder_skype.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Enounce Incorporated) C:\Program Files (x86)\Enounce\MySpeed\MySpeed.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dropbox, Inc.) C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(ShopAtHome.com) C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-10-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-10-30] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-04-30] (LogMeIn, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-10-30] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-06-04] (Sonic Solutions)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2678784 2011-10-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-11-25] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805936 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4249353033-2772040276-2529461727-1000\...\Run: [replay_telecorder_skype] => C:\Program Files (x86)\Replay Telecorder for Skype\replay_telecorder_skype.exe [2088448 2013-08-25] (Applian Technologies Inc.)
HKU\S-1-5-21-4249353033-2772040276-2529461727-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-4249353033-2772040276-2529461727-1000\...\Run: [3xAV] => C:\Program Files (x86)\Enounce\MySpeed\MySpeed.exe [1332808 2014-04-08] (Enounce Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-4249353033-2772040276-2529461727-1000] => C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\BAC_PAC.js
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-4249353033-2772040276-2529461727-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4249353033-2772040276-2529461727-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\3hyawouq.default-1384237558205
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4249353033-2772040276-2529461727-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Phyllis\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-4249353033-2772040276-2529461727-1000: @fuzebox.com/Fuze Meeting NPAPI Plugin,version=1.0.0.1 -> C:\Users\Phyllis\AppData\Local\Fuze Box\Fuze Meeting\npfuzeshare.dll ( )
FF Plugin HKU\S-1-5-21-4249353033-2772040276-2529461727-1000: tdameritrade.com/thinkorswim -> C:\Program Files (x86)\thinkorswim\npthinkorswim.dll (TD Ameritrade)
FF Plugin HKU\S-1-5-21-4249353033-2772040276-2529461727-1000: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkorswim\nptossc.dll (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer Cloud)
FF Plugin ProgramFiles/Appdata: C:\Users\Phyllis\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\3hyawouq.default-1384237558205\Extensions\LogMeInClient@logmein.com [2014-11-04]
FF Extension: Search App by Ask - C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\3hyawouq.default-1384237558205\Extensions\toolbar_REAL1-SP@apn.ask.com.xpi [2014-11-24]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-26]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-25]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.bing.com/?pc=U223
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSearchURL: Default -> http://www.bing.com/search?FORM=U223DF&PC=U223&q={searchTerms}
CHR DefaultSuggestURL: Default -> http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&form=U223DF&PC=U223
CHR Profile: C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-06]
CHR Extension: (Google Search) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-06]
CHR Extension: (ShopAtHome.com) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc [2014-11-02]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-01-09]
CHR Extension: (Skype Click to Call) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-10]
CHR Extension: (Google Wallet) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-06]
CHR Extension: (Gmail) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [249856 2011-11-15] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2013-10-30] (DTS, Inc)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [377704 2015-01-14] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2015-01-14] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-04-30] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2012-10-30] (Nitro PDF Software)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-11-25] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 SessionLauncher; C:\Users\Phyllis\AppData\Local\Temp\DX9\SessionLauncher.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [47512 2013-01-10] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-10-30] ()
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-26] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-30] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-12-11] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-12-11] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-12-11] (Acronis International GmbH)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-30 12:03 - 2015-01-30 12:03 - 00025962 _____ () C:\Users\Phyllis\Desktop\FRST.txt
2015-01-30 12:02 - 2015-01-30 12:03 - 00000000 ____D () C:\FRST
2015-01-30 12:02 - 2015-01-30 12:02 - 02130432 _____ (Farbar) C:\Users\Phyllis\Desktop\FRST64.exe
2015-01-30 12:01 - 2015-01-30 12:01 - 00001046 _____ () C:\Users\Phyllis\Desktop\JRT.txt
2015-01-30 11:58 - 2015-01-30 11:58 - 00000000 ____D () C:\Windows\ERUNT
2015-01-30 11:57 - 2015-01-30 11:57 - 01707939 _____ (Thisisu) C:\Users\Phyllis\Desktop\JRT.exe
2015-01-30 11:49 - 2015-01-30 11:51 - 00000000 ____D () C:\AdwCleaner
2015-01-30 11:47 - 2015-01-30 11:47 - 00001050 _____ () C:\Users\Phyllis\Desktop\1-30-15.txt
2015-01-30 11:44 - 2015-01-30 11:44 - 02194432 _____ () C:\Users\Phyllis\Desktop\AdwCleaner.exe
2015-01-30 11:34 - 2015-01-30 11:34 - 00000000 ____D () C:\Windows\ERDNT
2015-01-30 11:33 - 2015-01-30 11:33 - 00000928 _____ () C:\Users\Phyllis\Desktop\NTREGOPT.lnk
2015-01-30 11:33 - 2015-01-30 11:33 - 00000909 _____ () C:\Users\Phyllis\Desktop\ERUNT.lnk
2015-01-30 11:33 - 2015-01-30 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2015-01-30 11:33 - 2015-01-30 11:33 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2015-01-30 11:31 - 2015-01-30 11:31 - 00791393 _____ (Lars Hederer ) C:\Users\Phyllis\Desktop\erunt-setup.exe
2015-01-30 11:25 - 2015-01-30 11:25 - 00000000 ____D () C:\Users\Phyllis\Desktop\geek
2015-01-30 08:35 - 2015-01-30 12:01 - 00000000 ____D () C:\Users\Phyllis\Desktop\1-30-15
2015-01-30 08:34 - 2015-01-30 08:34 - 00688992 _____ (Swearware) C:\Users\Phyllis\Downloads\dds (2).com
2015-01-29 09:26 - 2015-01-29 09:26 - 00000000 ____D () C:\Program Files (x86)\SHARP
2015-01-29 09:26 - 2012-11-13 17:20 - 00013440 _____ () C:\Windows\system32\SN0EUD67.MCF
2015-01-29 09:26 - 2012-11-13 17:20 - 00013239 _____ () C:\Windows\system32\SN0EUD6D.MCF
2015-01-29 09:26 - 2012-11-13 17:20 - 00013239 _____ () C:\Windows\system32\SN0EUD6B.MCF
2015-01-29 09:26 - 2012-11-13 17:20 - 00013239 _____ () C:\Windows\system32\SN0EUD6A.MCF
2015-01-29 09:26 - 2012-11-13 17:20 - 00013239 _____ () C:\Windows\system32\SN0EUD65.MCF
2015-01-29 09:26 - 2012-11-13 17:20 - 00013207 _____ () C:\Windows\system32\SN0EUD6C.MCF
2015-01-29 09:26 - 2012-11-13 17:20 - 00013201 _____ () C:\Windows\system32\SN0EUD68.MCF
2015-01-29 09:26 - 2012-11-13 17:20 - 00012871 _____ () C:\Windows\system32\SN0EUD69.MCF
2015-01-29 09:26 - 2012-11-13 17:20 - 00012871 _____ () C:\Windows\system32\SN0EUD66.MCF
2015-01-29 09:26 - 2012-11-13 17:20 - 00010993 _____ () C:\Windows\system32\SN0EUD63.MCF
2015-01-29 09:26 - 2012-11-13 17:20 - 00010225 _____ () C:\Windows\system32\SN0EUD64.MCF
2015-01-29 09:26 - 2012-11-13 17:20 - 00010176 _____ () C:\Windows\system32\SN0EUD61.MCF
2015-01-29 09:26 - 2012-10-09 11:17 - 00180320 _____ () C:\Windows\_isusr32.dll
2015-01-29 09:26 - 2012-04-18 19:12 - 00000396 _____ () C:\Windows\system32\SCN2PM.DAT
2015-01-29 09:26 - 2012-04-18 18:43 - 00093696 _____ (SHARP CORPORATION) C:\Windows\system32\SCN2PM.dll
2015-01-29 09:26 - 2010-05-28 15:30 - 00032768 ____N () C:\Windows\SysWOW64\_isusr2k.dll
2015-01-29 09:26 - 2008-10-29 14:19 - 00082432 _____ (SHARP CORPORATION) C:\Windows\system32\SN0ELMON.dll
2015-01-29 09:26 - 2007-03-26 11:33 - 00070144 _____ (SHARP CORPORATION) C:\Windows\system32\SCN2PMUI.dll
2015-01-29 09:26 - 2006-10-09 18:11 - 00041752 _____ () C:\Windows\system32\SCN2PM.chm
2015-01-29 09:26 - 2006-01-30 11:59 - 00058368 _____ (SHARP CORPORATION) C:\Windows\system32\SCN2PMR.dll
2015-01-29 09:26 - 2005-06-11 15:40 - 00000100 _____ () C:\Windows\system32\SN0ELMON.dat
2015-01-29 09:26 - 2005-06-11 15:40 - 00000074 _____ () C:\Windows\system32\SN0ELMON.mtx
2015-01-29 09:26 - 2004-01-14 18:00 - 00009773 _____ () C:\Windows\SysWOW64\SCN2PM.HLP
2015-01-29 09:26 - 2003-05-08 15:36 - 00008698 _____ () C:\Windows\font2.sii
2015-01-29 09:26 - 2003-05-08 15:36 - 00004907 _____ () C:\Windows\font1.sii
2015-01-29 09:25 - 2015-01-29 09:26 - 00000000 ____D () C:\Windows\SysWOW64\SCDRV
2015-01-29 09:25 - 2015-01-29 09:25 - 00000000 ____D () C:\Users\Phyllis\Downloads\sharp
2015-01-29 09:24 - 2015-01-29 09:24 - 45017452 _____ () C:\Users\Phyllis\Downloads\WINDOWS WHQL 64 BIT PRINT DRIVER PACKAGE FOR DX-C311.ZIP
2015-01-27 21:32 - 2015-01-27 21:32 - 00003267 _____ () C:\Users\Phyllis\Documents\2015-01-27-watchlist.csv
2015-01-27 21:01 - 2015-01-27 21:01 - 00003267 _____ () C:\Users\Phyllis\Documents\2015-01-27-watchlist MONTLY SMI Bear.csv
2015-01-27 18:06 - 2015-01-30 08:36 - 00030813 _____ () C:\Users\Phyllis\Desktop\dds.txt
2015-01-27 18:06 - 2015-01-30 08:36 - 00009746 _____ () C:\Users\Phyllis\Desktop\attach.txt
2015-01-26 21:16 - 2015-01-26 21:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-26 13:14 - 2015-01-26 13:14 - 00004171 _____ () C:\Users\Phyllis\Downloads\Becoming a full-service virtual agent w_ dotloop & ReaLync.ics
2015-01-25 12:11 - 2015-01-25 12:11 - 00001251 _____ () C:\Users\Phyllis\Downloads\the-re-max-collection-presentation-folder.oembed
2015-01-24 21:33 - 2015-01-24 21:33 - 00004122 _____ () C:\Users\Phyllis\Downloads\iCal-20150124-073234.ics
2015-01-22 20:09 - 2015-01-22 20:11 - 351931463 _____ () C:\Users\Phyllis\Downloads\VectorVest User Group (1).zip
2015-01-22 16:36 - 2015-01-22 16:37 - 04986696 _____ () C:\Users\Phyllis\Downloads\2015-01-21 12_20_21 - Small (1).mov
2015-01-22 16:36 - 2015-01-22 16:36 - 04986696 _____ () C:\Users\Phyllis\Downloads\2015-01-21 12_20_21 - Small.mov
2015-01-18 21:11 - 2015-01-30 11:24 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-01-18 21:11 - 2015-01-18 21:16 - 00000624 _____ () C:\Windows\Tasks\TradeStation Backup - Daily Backup.job
2015-01-18 21:11 - 2015-01-18 21:16 - 00000604 _____ () C:\Windows\Tasks\TradeStation Backup - Monthly.job
2015-01-18 21:11 - 2015-01-18 21:16 - 00000600 _____ () C:\Windows\Tasks\TradeStation Backup - Weekly.job
2015-01-18 21:11 - 2015-01-18 21:11 - 00002027 _____ () C:\Users\Public\Desktop\TradeStation 9.5.lnk
2015-01-18 21:11 - 2015-01-18 21:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeStation 9.5
2015-01-18 21:07 - 2015-01-18 21:16 - 00000000 ____D () C:\Program Files (x86)\TradeStation 9.5
2015-01-18 21:06 - 2015-01-18 21:06 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2015-01-18 21:06 - 2015-01-18 21:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-01-17 11:27 - 2015-01-17 11:43 - 1896353687 _____ () C:\Users\Phyllis\Downloads\Live Recordings (1).zip
2015-01-17 11:27 - 2015-01-17 11:31 - 498797874 _____ () C:\Users\Phyllis\Downloads\etfwcfollowup.mp4
2015-01-17 11:27 - 2015-01-17 11:31 - 494971807 _____ () C:\Users\Phyllis\Downloads\1129class (1).mp4
2015-01-15 21:52 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 21:52 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 21:52 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 21:52 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 21:52 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 21:52 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 21:52 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-15 18:20 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 18:20 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 18:20 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-15 18:20 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-01-15 18:20 - 2014-12-11 12:47 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 18:20 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 18:20 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-15 18:20 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 14:54 - 2015-01-12 14:54 - 00003443 _____ () C:\Users\Phyllis\Downloads\TradeDataReport.csv
2015-01-11 14:24 - 2015-01-11 14:25 - 17719376 _____ () C:\Users\Phyllis\Downloads\mo (1).mp4
2015-01-11 14:24 - 2015-01-11 14:25 - 17058662 _____ () C:\Users\Phyllis\Downloads\eco (3).mp4
2015-01-11 14:12 - 2015-01-11 14:13 - 19770203 _____ () C:\Users\Phyllis\Downloads\ts.mp4
2015-01-09 10:28 - 2015-01-09 10:28 - 00688992 _____ (Swearware) C:\Users\Phyllis\Downloads\dds.com
2015-01-09 10:28 - 2015-01-09 10:28 - 00688992 _____ (Swearware) C:\Users\Phyllis\Downloads\dds (1).com
2015-01-09 10:03 - 2015-01-09 10:03 - 00000000 ____D () C:\SUPERDelete
2015-01-09 10:01 - 2015-01-30 11:27 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-01-09 10:00 - 2015-01-09 10:00 - 00305664 _____ (Secure By Design Inc.) C:\Users\Phyllis\Downloads\Ninite Super Installer.exe
2015-01-09 10:00 - 2015-01-09 10:00 - 00305664 _____ (Secure By Design Inc.) C:\Users\Phyllis\Downloads\Ninite Super Installer (2).exe
2015-01-09 10:00 - 2015-01-09 10:00 - 00305664 _____ (Secure By Design Inc.) C:\Users\Phyllis\Downloads\Ninite Super Installer (1).exe
2015-01-09 09:41 - 2015-01-09 09:41 - 00650568 _____ (Cisco WebEx LLC) C:\Users\Phyllis\Downloads\Cisco_WebEx_Add-On (1).exe
2015-01-09 09:40 - 2015-01-09 09:40 - 00650568 _____ (Cisco WebEx LLC) C:\Users\Phyllis\Downloads\Cisco_WebEx_Add-On.exe
2015-01-08 21:57 - 2015-01-08 21:57 - 00065867 _____ () C:\Users\Phyllis\Downloads\20141221135230ELDS (1).ELD
2015-01-08 21:56 - 2015-01-08 21:56 - 00065867 _____ () C:\Users\Phyllis\Downloads\20141221135230ELDS.ELD
2015-01-08 21:08 - 2015-01-08 21:08 - 00059289 _____ () C:\Users\Phyllis\Downloads\20130520221642LRCHAN (2).ELD
2015-01-08 21:07 - 2015-01-08 21:07 - 00059289 _____ () C:\Users\Phyllis\Downloads\20130520221642LRCHAN.ELD
2015-01-08 21:07 - 2015-01-08 21:07 - 00059289 _____ () C:\Users\Phyllis\Downloads\20130520221642LRCHAN (1).ELD
2015-01-06 16:26 - 2015-01-06 16:26 - 00004530 _____ () C:\Users\Phyllis\Downloads\List127.xls
2015-01-06 11:01 - 2015-01-06 11:01 - 00005417 _____ () C:\Users\Phyllis\Downloads\List329.xls
2015-01-06 10:54 - 2015-01-06 10:54 - 00020822 _____ () C:\Users\Phyllis\Downloads\PennyPilotClasses (4).csv
2015-01-05 15:10 - 2015-01-05 15:10 - 00005417 _____ () C:\Users\Phyllis\Downloads\List453.xls
2015-01-05 12:03 - 2015-01-05 12:03 - 00047362 _____ () C:\Users\Phyllis\Downloads\Risk-Manager-Setup.zip
2015-01-04 19:15 - 2015-01-04 19:15 - 05980517 _____ () C:\Users\Phyllis\Downloads\infi (1).mp4
2015-01-04 19:15 - 2015-01-04 19:15 - 03758801 _____ () C:\Users\Phyllis\Downloads\grub (1).mp4
2015-01-04 19:01 - 2015-01-04 19:01 - 05980517 _____ () C:\Users\Phyllis\Downloads\infi.mp4
2015-01-04 18:58 - 2015-01-04 18:58 - 03758801 _____ () C:\Users\Phyllis\Downloads\grub.mp4
2015-01-04 18:55 - 2015-01-04 18:56 - 04779941 _____ () C:\Users\Phyllis\Downloads\fonr.mp4
2015-01-04 18:51 - 2015-01-04 18:51 - 06228386 _____ () C:\Users\Phyllis\Downloads\fb.mp4
2015-01-04 18:49 - 2015-01-04 18:50 - 02757686 _____ () C:\Users\Phyllis\Downloads\enph.mp4
2015-01-04 18:46 - 2015-01-04 18:46 - 05273303 _____ () C:\Users\Phyllis\Downloads\bwld.mp4
2015-01-04 18:46 - 2015-01-04 18:46 - 05273303 _____ () C:\Users\Phyllis\Downloads\bwld (1).mp4
2015-01-03 12:47 - 2015-01-03 12:48 - 00000000 ____D () C:\Users\Phyllis\Desktop\19 Southgate Drive  Glastonbury CT  06073
2015-01-01 14:55 - 2015-01-30 11:25 - 06297096 _____ (Geek Uninstaller) C:\Users\Phyllis\Desktop\geek.exe
2015-01-01 10:22 - 2015-01-01 10:26 - 533050822 _____ () C:\Users\Phyllis\Downloads\HD Course Recording.zip
2014-12-31 17:05 - 2014-12-31 17:05 - 00016157 _____ () C:\Users\Phyllis\Downloads\splits (9).xls
2014-12-31 17:05 - 2014-12-31 17:05 - 00016157 _____ () C:\Users\Phyllis\Downloads\splits (10).xls

==================== One Month Modified Files and Folders =======

Offline PGB

  • Bronze Member
  • Posts: 381
Re: [Resolved - K] Trojan.Agent.ED found by MalawareBytes
« Reply #4 on: January 30, 2015, 11:27:27 AM »
continued: FRST.txt/


(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-30 12:02 - 2014-11-02 10:26 - 00000000 ____D () C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service
2015-01-30 12:02 - 2013-10-31 08:00 - 02091432 _____ () C:\Windows\WindowsUpdate.log
2015-01-30 11:59 - 2009-07-13 23:45 - 00022096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-30 11:59 - 2009-07-13 23:45 - 00022096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-30 11:57 - 2009-07-14 00:13 - 00789712 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-30 11:53 - 2013-12-06 09:20 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-30 11:53 - 2013-11-04 16:55 - 00000000 ____D () C:\Users\Phyllis\AppData\Roaming\Nitro PDF
2015-01-30 11:53 - 2013-11-04 15:39 - 00000000 ___RD () C:\Users\Phyllis\Dropbox
2015-01-30 11:53 - 2013-11-04 15:35 - 00000000 ____D () C:\Users\Phyllis\AppData\Roaming\Dropbox
2015-01-30 11:52 - 2014-06-23 19:15 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-30 11:52 - 2014-01-28 18:29 - 00001004 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-01-30 11:52 - 2014-01-28 18:29 - 00000988 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-01-30 11:52 - 2013-11-11 01:03 - 00657818 _____ () C:\Windows\PFRO.log
2015-01-30 11:52 - 2013-11-10 09:44 - 00016524 _____ () C:\Windows\setupact.log
2015-01-30 11:52 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-30 11:51 - 2014-02-25 19:00 - 00000574 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4249353033-2772040276-2529461727-1000.job
2015-01-30 11:47 - 2013-11-09 15:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-30 11:06 - 2014-06-20 06:15 - 00000000 ____D () C:\Users\Phyllis\AppData\Local\Deployment
2015-01-30 11:06 - 2013-11-05 10:45 - 00000000 ____D () C:\Users\Phyllis\Documents\Outlook Files
2015-01-30 11:04 - 2013-12-06 09:20 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-30 08:42 - 2014-05-05 11:16 - 00000000 ____D () C:\Windows\Applian Director
2015-01-30 03:54 - 2013-11-12 15:37 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-01-30 00:34 - 2014-09-06 15:21 - 00000000 ____D () C:\Program Files (x86)\FXCM MetaTrader 4
2015-01-29 22:49 - 2011-04-12 03:28 - 00000000 ____D () C:\Windows\ShellNew
2015-01-29 18:40 - 2013-11-04 15:25 - 00000000 ____D () C:\Users\Phyllis\AppData\Local\CrashDumps
2015-01-29 10:59 - 2013-11-09 13:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-29 09:27 - 2013-11-04 09:29 - 00000000 ____D () C:\Users\Phyllis\AppData\Roaming\PrimoPDF
2015-01-29 09:25 - 2013-10-30 17:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-28 13:28 - 2014-02-25 19:00 - 00003608 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-4249353033-2772040276-2529461727-1000
2015-01-27 21:49 - 2013-11-04 11:59 - 00000000 ____D () C:\Users\Phyllis\.thinkorswim
2015-01-27 21:49 - 2013-11-04 11:59 - 00000000 ____D () C:\Program Files (x86)\thinkorswim
2015-01-27 12:05 - 2013-11-03 17:33 - 00000000 ____D () C:\Users\Phyllis\AppData\Roaming\Replay Video Capture 7
2015-01-27 10:17 - 2014-05-05 09:04 - 00003348 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4249353033-2772040276-2529461727-1000
2015-01-27 10:17 - 2014-05-05 09:04 - 00003218 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4249353033-2772040276-2529461727-1000
2015-01-26 08:51 - 2013-11-04 08:52 - 00000404 _____ () C:\Windows\Tasks\EasyShare Registration Task.job
2015-01-25 06:47 - 2013-11-09 15:16 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 06:47 - 2013-10-31 16:30 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 06:47 - 2013-10-31 16:30 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-23 07:37 - 2013-10-31 20:19 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-23 07:34 - 2013-10-31 20:19 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-19 11:27 - 2013-11-05 19:06 - 00000000 ____D () C:\Users\Phyllis\AppData\Local\TradeStation_Technologies
2015-01-16 23:15 - 2013-11-12 10:32 - 1117614659 _____ () C:\Windows\DYNAZIP.LOG
2015-01-15 14:43 - 2013-11-04 09:08 - 00000000 ____D () C:\ProgramData\VisualTour
2015-01-14 14:11 - 2013-11-12 15:37 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2015-01-14 14:10 - 2013-11-12 15:37 - 00107392 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2015-01-14 14:10 - 2013-11-12 15:37 - 00092520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2015-01-14 14:10 - 2013-11-12 15:37 - 00035688 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2015-01-13 16:07 - 2013-11-04 09:01 - 00000000 ____D () C:\Program Files (x86)\vtstudio
2015-01-11 21:28 - 2013-11-06 15:19 - 00598672 _____ () C:\Windows\SysWOW64\45.cht
2015-01-11 21:28 - 2013-11-06 15:09 - 00385236 _____ () C:\Windows\SysWOW64\44.cht
2015-01-11 21:28 - 2013-11-06 15:09 - 00115676 _____ () C:\Windows\SysWOW64\43.cht
2015-01-11 21:28 - 2013-11-06 14:51 - 00902860 _____ () C:\Windows\SysWOW64\41.cht
2015-01-11 21:28 - 2013-11-06 14:51 - 00095804 _____ () C:\Windows\SysWOW64\42.cht
2015-01-11 21:28 - 2013-11-04 17:14 - 00668264 _____ () C:\Windows\SysWOW64\40.cht
2015-01-11 21:27 - 2013-11-04 17:14 - 01774272 _____ () C:\Windows\SysWOW64\37.cht
2015-01-11 21:27 - 2013-11-04 17:14 - 00668264 _____ () C:\Windows\SysWOW64\38.cht
2015-01-11 21:27 - 2013-11-04 17:14 - 00385236 _____ () C:\Windows\SysWOW64\39.cht
2015-01-11 21:26 - 2013-11-04 17:14 - 01246892 _____ () C:\Windows\SysWOW64\35.cht
2015-01-11 21:26 - 2013-11-04 17:14 - 01186760 _____ () C:\Windows\SysWOW64\36.cht
2015-01-11 21:26 - 2013-11-04 17:14 - 00551272 _____ () C:\Windows\SysWOW64\34.cht
2015-01-11 21:26 - 2013-11-04 10:52 - 00089420 _____ () C:\Windows\SysWOW64\33.cht
2015-01-11 21:24 - 2013-11-04 10:52 - 01254220 _____ () C:\Windows\SysWOW64\30.cht
2015-01-11 21:24 - 2013-11-04 10:52 - 00902860 _____ () C:\Windows\SysWOW64\25.cht
2015-01-11 21:24 - 2013-11-04 10:52 - 00552360 _____ () C:\Windows\SysWOW64\27.cht
2015-01-11 21:24 - 2013-11-04 10:52 - 00516220 _____ () C:\Windows\SysWOW64\28.cht
2015-01-11 21:24 - 2013-11-04 10:52 - 00440004 _____ () C:\Windows\SysWOW64\29.cht
2015-01-11 21:24 - 2013-11-04 10:52 - 00132844 _____ () C:\Windows\SysWOW64\26.cht
2015-01-11 21:24 - 2013-11-04 10:52 - 00095804 _____ () C:\Windows\SysWOW64\32.cht
2015-01-11 21:24 - 2013-11-04 10:52 - 00092804 _____ () C:\Windows\SysWOW64\31.cht
2015-01-11 21:23 - 2013-11-04 10:52 - 00902860 _____ () C:\Windows\SysWOW64\22.cht
2015-01-11 21:23 - 2013-11-04 10:52 - 00516220 _____ () C:\Windows\SysWOW64\24.cht
2015-01-11 21:23 - 2013-11-04 10:52 - 00115676 _____ () C:\Windows\SysWOW64\21.cht
2015-01-11 21:23 - 2013-11-04 10:52 - 00098488 _____ () C:\Windows\SysWOW64\23.cht
2015-01-11 21:23 - 2013-11-04 10:51 - 00350112 _____ () C:\Windows\SysWOW64\20.cht
2015-01-11 21:22 - 2013-11-04 10:51 - 01774272 _____ () C:\Windows\SysWOW64\16.cht
2015-01-11 21:22 - 2013-11-04 10:51 - 01186760 _____ () C:\Windows\SysWOW64\19.cht
2015-01-11 21:22 - 2013-11-04 10:51 - 00384336 _____ () C:\Windows\SysWOW64\17.cht
2015-01-11 21:22 - 2013-11-04 10:51 - 00095804 _____ () C:\Windows\SysWOW64\18.cht
2015-01-11 21:21 - 2013-11-04 10:51 - 00551272 _____ () C:\Windows\SysWOW64\15.cht
2015-01-11 21:21 - 2013-11-04 10:50 - 01246892 _____ () C:\Windows\SysWOW64\14.cht
2015-01-11 21:21 - 2013-11-04 10:50 - 00902860 _____ () C:\Windows\SysWOW64\9.cht
2015-01-11 21:21 - 2013-11-04 10:50 - 00516220 _____ () C:\Windows\SysWOW64\7.cht
2015-01-11 21:21 - 2013-11-04 10:50 - 00516220 _____ () C:\Windows\SysWOW64\11.cht
2015-01-11 21:21 - 2013-11-04 10:50 - 00115676 _____ () C:\Windows\SysWOW64\8.cht
2015-01-11 21:21 - 2013-11-04 10:50 - 00098488 _____ () C:\Windows\SysWOW64\10.cht
2015-01-11 21:21 - 2013-11-04 10:50 - 00095804 _____ () C:\Windows\SysWOW64\12.cht
2015-01-11 21:21 - 2013-11-04 10:50 - 00089420 _____ () C:\Windows\SysWOW64\13.cht
2015-01-11 14:13 - 2013-11-04 10:50 - 01760164 _____ () C:\Windows\SysWOW64\4.cht
2015-01-11 14:13 - 2013-11-04 10:50 - 01246892 _____ () C:\Windows\SysWOW64\5.cht
2015-01-11 14:13 - 2013-11-04 10:50 - 01186760 _____ () C:\Windows\SysWOW64\6.cht
2015-01-11 14:11 - 2013-11-04 10:50 - 00902860 _____ () C:\Windows\SysWOW64\3.cht
2015-01-11 14:10 - 2013-11-04 10:50 - 01246892 _____ () C:\Windows\SysWOW64\2.cht
2015-01-11 14:09 - 2013-11-04 10:50 - 00408064 _____ () C:\Windows\SysWOW64\1.cht
2015-01-09 14:16 - 2013-10-31 16:30 - 00000000 ____D () C:\Users\Phyllis\AppData\Roaming\Adobe
2015-01-09 10:04 - 2013-11-12 10:18 - 00000000 ____D () C:\ProgramData\WebEx
2015-01-09 09:41 - 2014-09-04 06:02 - 00000000 ____D () C:\Users\Phyllis\AppData\Local\WebEx
2015-01-09 09:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-05 17:47 - 2014-05-05 09:04 - 00000000 ____D () C:\Users\Phyllis\AppData\Roaming\Real
2015-01-05 16:04 - 2013-11-06 19:17 - 00369376 _____ () C:\Windows\SysWOW64\54.cht
2015-01-05 16:03 - 2013-11-06 19:15 - 00836488 _____ () C:\Windows\SysWOW64\53.cht
2015-01-05 16:02 - 2013-11-06 19:13 - 01741856 _____ () C:\Windows\SysWOW64\52.cht
2015-01-05 15:55 - 2013-11-06 19:12 - 00311132 _____ () C:\Windows\SysWOW64\51.cht
2015-01-05 15:55 - 2013-11-06 16:35 - 00416772 _____ () C:\Windows\SysWOW64\49.cht
2015-01-05 15:55 - 2013-11-06 16:35 - 00396108 _____ () C:\Windows\SysWOW64\50.cht
2015-01-05 15:54 - 2013-11-06 16:34 - 00434328 _____ () C:\Windows\SysWOW64\48.cht
2015-01-05 15:50 - 2013-11-06 16:34 - 00428512 _____ () C:\Windows\SysWOW64\47.cht
2015-01-05 15:46 - 2013-11-06 15:19 - 00357760 _____ () C:\Windows\SysWOW64\46.cht
2015-01-05 14:11 - 2013-11-08 14:53 - 00416772 _____ () C:\Windows\SysWOW64\93.cht
2015-01-05 14:03 - 2013-11-08 13:24 - 00311132 _____ () C:\Windows\SysWOW64\92.cht
2015-01-05 13:54 - 2013-11-08 13:24 - 00407388 _____ () C:\Windows\SysWOW64\91.cht
2015-01-05 13:43 - 2013-11-08 13:24 - 00132012 _____ () C:\Windows\SysWOW64\90.cht
2015-01-05 13:43 - 2013-11-08 13:23 - 01238004 _____ () C:\Windows\SysWOW64\89.cht
2015-01-05 13:42 - 2013-11-08 13:23 - 00416772 _____ () C:\Windows\SysWOW64\88.cht
2015-01-05 13:40 - 2013-11-08 13:23 - 00033944 _____ () C:\Windows\SysWOW64\87.cht
2015-01-05 13:36 - 2013-11-08 13:23 - 00416772 _____ () C:\Windows\SysWOW64\86.cht
2015-01-05 12:51 - 2013-11-08 13:23 - 01741856 _____ () C:\Windows\SysWOW64\85.cht
2015-01-05 12:50 - 2013-11-08 13:23 - 00416772 _____ () C:\Windows\SysWOW64\84.cht
2015-01-05 12:48 - 2013-11-08 13:00 - 01741856 _____ () C:\Windows\SysWOW64\83.cht
2015-01-05 12:41 - 2013-11-08 13:00 - 00416772 _____ () C:\Windows\SysWOW64\82.cht
2015-01-05 12:41 - 2013-11-08 11:58 - 01741856 _____ () C:\Windows\SysWOW64\81.cht
2015-01-05 12:37 - 2013-11-08 11:53 - 00416772 _____ () C:\Windows\SysWOW64\80.cht
2015-01-05 12:26 - 2013-11-08 11:53 - 00311132 _____ () C:\Windows\SysWOW64\79.cht
2015-01-05 12:25 - 2013-11-08 11:52 - 00033944 _____ () C:\Windows\SysWOW64\78.cht
2015-01-05 11:47 - 2013-11-08 11:52 - 00396108 _____ () C:\Windows\SysWOW64\77.cht
2015-01-05 11:45 - 2013-11-08 11:51 - 00416772 _____ () C:\Windows\SysWOW64\76.cht
2015-01-05 11:41 - 2013-11-08 11:51 - 00468128 _____ () C:\Windows\SysWOW64\75.cht
2015-01-05 10:49 - 2013-11-06 19:39 - 00468128 _____ () C:\Windows\SysWOW64\74.cht
2015-01-05 10:30 - 2013-11-06 19:38 - 00396108 _____ () C:\Windows\SysWOW64\73.cht
2015-01-05 10:07 - 2013-11-06 19:38 - 00416772 _____ () C:\Windows\SysWOW64\72.cht
2015-01-05 10:06 - 2013-11-06 19:38 - 00033944 _____ () C:\Windows\SysWOW64\71.cht
2015-01-05 09:57 - 2013-11-06 19:38 - 00580004 _____ () C:\Windows\SysWOW64\70.cht
2015-01-05 09:55 - 2013-11-06 19:33 - 01599764 _____ () C:\Windows\SysWOW64\69.cht
2015-01-05 09:53 - 2013-11-06 19:33 - 01596712 _____ () C:\Windows\SysWOW64\68.cht
2015-01-05 09:52 - 2013-11-06 19:32 - 01450788 _____ () C:\Windows\SysWOW64\66.cht
2015-01-05 09:52 - 2013-11-06 19:32 - 00409232 _____ () C:\Windows\SysWOW64\67.cht
2015-01-05 09:51 - 2013-11-06 19:32 - 00448028 _____ () C:\Windows\SysWOW64\64.cht
2015-01-05 09:51 - 2013-11-06 19:32 - 00196924 _____ () C:\Windows\SysWOW64\65.cht
2015-01-05 09:51 - 2013-11-06 19:31 - 00468128 _____ () C:\Windows\SysWOW64\63.cht
2015-01-05 09:51 - 2013-11-06 19:31 - 00126488 _____ () C:\Windows\SysWOW64\62.cht
2015-01-05 09:50 - 2013-11-06 19:31 - 01736816 _____ () C:\Windows\SysWOW64\61.cht
2015-01-05 09:48 - 2013-11-06 19:31 - 00416772 _____ () C:\Windows\SysWOW64\60.cht
2015-01-05 09:47 - 2013-11-06 19:30 - 00311132 _____ () C:\Windows\SysWOW64\59.cht
2015-01-05 09:47 - 2013-11-06 19:30 - 00145060 _____ () C:\Windows\SysWOW64\58.cht
2015-01-05 09:45 - 2013-11-06 19:20 - 00070176 _____ () C:\Windows\SysWOW64\57.cht
2015-01-05 09:41 - 2013-11-06 19:20 - 00031944 _____ () C:\Windows\SysWOW64\56.cht
2015-01-05 09:41 - 2013-11-06 19:17 - 01736816 _____ () C:\Windows\SysWOW64\55.cht
2015-01-02 11:44 - 2013-12-06 10:00 - 00465316 _____ () C:\Windows\SysWOW64\316.cht
2015-01-02 11:42 - 2013-12-06 10:00 - 00405544 _____ () C:\Windows\SysWOW64\315.cht
2015-01-02 11:41 - 2013-12-06 10:00 - 00724620 _____ () C:\Windows\SysWOW64\314.cht
2015-01-02 11:40 - 2013-12-06 10:00 - 01831780 _____ () C:\Windows\SysWOW64\313.cht
2015-01-02 11:39 - 2013-12-06 10:00 - 01223972 _____ () C:\Windows\SysWOW64\312.cht
2015-01-02 11:39 - 2013-12-06 10:00 - 00502344 _____ () C:\Windows\SysWOW64\310.cht
2015-01-02 11:39 - 2013-12-06 10:00 - 00402840 _____ () C:\Windows\SysWOW64\311.cht
2015-01-02 11:36 - 2013-12-06 10:00 - 00480912 _____ () C:\Windows\SysWOW64\309.cht
2015-01-02 11:36 - 2013-12-06 10:00 - 00448132 _____ () C:\Windows\SysWOW64\308.cht
2015-01-02 11:35 - 2013-12-06 10:00 - 00514860 _____ () C:\Windows\SysWOW64\307.cht
2015-01-02 11:31 - 2013-12-06 10:00 - 00446256 _____ () C:\Windows\SysWOW64\306.cht
2015-01-02 11:30 - 2013-12-06 09:59 - 00404220 _____ () C:\Windows\SysWOW64\304.cht
2015-01-02 11:30 - 2013-12-06 09:59 - 00372996 _____ () C:\Windows\SysWOW64\305.cht
2015-01-02 11:30 - 2013-12-06 09:59 - 00352192 _____ () C:\Windows\SysWOW64\303.cht
2015-01-02 11:29 - 2013-12-06 09:59 - 00779172 _____ () C:\Windows\SysWOW64\302.cht
2015-01-02 11:29 - 2013-12-06 09:59 - 00386004 _____ () C:\Windows\SysWOW64\301.cht
2015-01-02 11:28 - 2013-12-06 09:59 - 00145060 _____ () C:\Windows\SysWOW64\300.cht
2015-01-02 11:21 - 2013-12-06 09:58 - 00033944 _____ () C:\Windows\SysWOW64\299.cht
2015-01-02 11:21 - 2013-12-06 09:58 - 00033944 _____ () C:\Windows\SysWOW64\298.cht
2015-01-02 11:20 - 2013-12-06 09:58 - 00644924 _____ () C:\Windows\SysWOW64\295.cht
2015-01-02 11:20 - 2013-12-06 09:58 - 00644924 _____ () C:\Windows\SysWOW64\294.cht
2015-01-02 11:20 - 2013-12-06 09:58 - 00092164 _____ () C:\Windows\SysWOW64\297.cht
2015-01-02 11:20 - 2013-12-06 09:58 - 00092164 _____ () C:\Windows\SysWOW64\296.cht
2015-01-02 11:19 - 2013-12-06 09:58 - 00187760 _____ () C:\Windows\SysWOW64\293.cht
2015-01-02 11:19 - 2013-12-06 09:58 - 00187760 _____ () C:\Windows\SysWOW64\292.cht
2015-01-02 11:11 - 2013-12-06 09:58 - 00033944 _____ () C:\Windows\SysWOW64\291.cht
2015-01-02 11:11 - 2013-12-06 09:58 - 00033944 _____ () C:\Windows\SysWOW64\290.cht
2015-01-02 10:59 - 2013-12-06 09:58 - 00440788 _____ () C:\Windows\SysWOW64\289.cht
2015-01-02 10:59 - 2013-12-06 09:58 - 00440788 _____ () C:\Windows\SysWOW64\288.cht
2015-01-02 10:55 - 2013-12-06 09:58 - 00465316 _____ () C:\Windows\SysWOW64\287.cht
2015-01-02 10:55 - 2013-12-06 09:58 - 00465316 _____ () C:\Windows\SysWOW64\286.cht
2015-01-02 10:27 - 2013-12-06 09:58 - 00033944 _____ () C:\Windows\SysWOW64\285.cht
2015-01-02 10:27 - 2013-12-06 09:58 - 00033944 _____ () C:\Windows\SysWOW64\284.cht
2015-01-02 10:26 - 2013-12-06 09:58 - 00145060 _____ () C:\Windows\SysWOW64\279.cht
2015-01-02 10:26 - 2013-12-06 09:58 - 00145060 _____ () C:\Windows\SysWOW64\278.cht
2015-01-02 10:26 - 2013-12-06 09:58 - 00092164 _____ () C:\Windows\SysWOW64\281.cht
2015-01-02 10:26 - 2013-12-06 09:58 - 00092164 _____ () C:\Windows\SysWOW64\280.cht
2015-01-02 10:26 - 2013-12-06 09:58 - 00034140 _____ () C:\Windows\SysWOW64\283.cht
2015-01-02 10:26 - 2013-12-06 09:58 - 00034140 _____ () C:\Windows\SysWOW64\282.cht
2015-01-02 10:24 - 2013-12-06 09:58 - 00092164 _____ () C:\Windows\SysWOW64\277.cht
2015-01-02 10:24 - 2013-12-06 09:58 - 00092164 _____ () C:\Windows\SysWOW64\276.cht
2015-01-02 10:23 - 2013-12-06 09:58 - 00034140 _____ () C:\Windows\SysWOW64\275.cht
2015-01-02 10:23 - 2013-12-06 09:58 - 00034140 _____ () C:\Windows\SysWOW64\274.cht
2015-01-02 10:23 - 2013-12-06 09:57 - 00145060 _____ () C:\Windows\SysWOW64\273.cht
2015-01-02 10:23 - 2013-12-06 09:57 - 00145060 _____ () C:\Windows\SysWOW64\272.cht
2015-01-02 10:23 - 2013-12-06 09:57 - 00145060 _____ () C:\Windows\SysWOW64\269.cht
2015-01-02 10:23 - 2013-12-06 09:57 - 00145060 _____ () C:\Windows\SysWOW64\268.cht
2015-01-02 10:23 - 2013-12-06 09:57 - 00092164 _____ () C:\Windows\SysWOW64\271.cht
2015-01-02 10:23 - 2013-12-06 09:57 - 00092164 _____ () C:\Windows\SysWOW64\270.cht
2015-01-02 10:22 - 2013-12-06 09:57 - 00187760 _____ () C:\Windows\SysWOW64\267.cht
2015-01-02 10:22 - 2013-12-06 09:57 - 00187760 _____ () C:\Windows\SysWOW64\266.cht
2015-01-02 10:09 - 2013-12-06 09:57 - 00187760 _____ () C:\Windows\SysWOW64\263.cht
2015-01-02 10:09 - 2013-12-06 09:57 - 00187760 _____ () C:\Windows\SysWOW64\262.cht
2015-01-02 10:09 - 2013-12-06 09:57 - 00031944 _____ () C:\Windows\SysWOW64\265.cht
2015-01-02 10:09 - 2013-12-06 09:57 - 00031944 _____ () C:\Windows\SysWOW64\264.cht
2015-01-02 10:08 - 2013-12-06 09:57 - 00465316 _____ () C:\Windows\SysWOW64\261.cht
2015-01-02 10:08 - 2013-12-06 09:57 - 00465316 _____ () C:\Windows\SysWOW64\260.cht
2015-01-02 10:08 - 2013-12-06 09:57 - 00440788 _____ () C:\Windows\SysWOW64\259.cht
2015-01-02 10:08 - 2013-12-06 09:57 - 00440788 _____ () C:\Windows\SysWOW64\258.cht
2015-01-02 10:05 - 2013-12-06 09:57 - 00465316 _____ () C:\Windows\SysWOW64\257.cht
2015-01-02 10:05 - 2013-12-06 09:57 - 00465316 _____ () C:\Windows\SysWOW64\256.cht
2015-01-02 10:04 - 2013-12-06 09:57 - 00350876 _____ () C:\Windows\SysWOW64\253.cht
2015-01-02 10:04 - 2013-12-06 09:57 - 00350876 _____ () C:\Windows\SysWOW64\252.cht
2015-01-02 10:04 - 2013-12-06 09:57 - 00033944 _____ () C:\Windows\SysWOW64\255.cht
2015-01-02 10:04 - 2013-12-06 09:57 - 00033944 _____ () C:\Windows\SysWOW64\254.cht
2015-01-02 10:03 - 2013-12-06 09:56 - 00461848 _____ () C:\Windows\SysWOW64\247.cht
2015-01-02 10:03 - 2013-12-06 09:56 - 00461848 _____ () C:\Windows\SysWOW64\246.cht
2015-01-02 10:03 - 2013-12-06 09:56 - 00440788 _____ () C:\Windows\SysWOW64\251.cht
2015-01-02 10:03 - 2013-12-06 09:56 - 00440788 _____ () C:\Windows\SysWOW64\250.cht
2015-01-02 10:03 - 2013-12-06 09:56 - 00033944 _____ () C:\Windows\SysWOW64\249.cht
2015-01-02 10:03 - 2013-12-06 09:56 - 00033944 _____ () C:\Windows\SysWOW64\248.cht
2015-01-01 23:13 - 2013-12-06 09:56 - 00461848 _____ () C:\Windows\SysWOW64\245.cht
2015-01-01 21:04 - 2013-12-06 09:56 - 00187760 _____ () C:\Windows\SysWOW64\244.cht
2015-01-01 21:04 - 2013-12-06 09:56 - 00187760 _____ () C:\Windows\SysWOW64\243.cht
2015-01-01 21:03 - 2013-12-06 09:56 - 00470156 _____ () C:\Windows\SysWOW64\242.cht
2015-01-01 21:03 - 2013-12-06 09:56 - 00470156 _____ () C:\Windows\SysWOW64\241.cht
2015-01-01 12:23 - 2013-12-06 09:56 - 00597548 _____ () C:\Windows\SysWOW64\240.cht
2015-01-01 12:23 - 2013-12-06 09:56 - 00597548 _____ () C:\Windows\SysWOW64\239.cht
2015-01-01 11:56 - 2013-12-06 09:56 - 00475160 _____ () C:\Windows\SysWOW64\238.cht
2015-01-01 11:56 - 2013-12-06 09:56 - 00475160 _____ () C:\Windows\SysWOW64\237.cht
2015-01-01 11:51 - 2013-12-06 09:56 - 00459808 _____ () C:\Windows\SysWOW64\236.cht
2015-01-01 11:51 - 2013-12-06 09:56 - 00459808 _____ () C:\Windows\SysWOW64\235.cht
2015-01-01 11:46 - 2013-12-06 09:56 - 00425888 _____ () C:\Windows\SysWOW64\234.cht
2015-01-01 11:46 - 2013-12-06 09:56 - 00425888 _____ () C:\Windows\SysWOW64\233.cht
2015-01-01 11:44 - 2013-12-06 09:56 - 00033944 _____ () C:\Windows\SysWOW64\232.cht
2015-01-01 11:43 - 2013-12-06 09:56 - 00033944 _____ () C:\Windows\SysWOW64\231.cht
2015-01-01 01:01 - 2013-12-06 09:56 - 00033944 _____ () C:\Windows\SysWOW64\230.cht
2015-01-01 01:00 - 2013-11-24 01:05 - 00000000 ____D () C:\Program Files (x86)\TradeStation Archives
2014-12-31 23:12 - 2013-12-06 09:56 - 00033944 _____ () C:\Windows\SysWOW64\229.cht
2014-12-31 16:50 - 2013-12-06 09:56 - 00440788 _____ () C:\Windows\SysWOW64\228.cht
2014-12-31 16:50 - 2013-12-06 09:56 - 00440788 _____ () C:\Windows\SysWOW64\227.cht
2014-12-31 16:50 - 2013-12-06 09:56 - 00033944 _____ () C:\Windows\SysWOW64\226.cht
2014-12-31 16:50 - 2013-12-06 09:55 - 00033944 _____ () C:\Windows\SysWOW64\225.cht
2014-12-31 16:46 - 2013-12-06 09:55 - 01894996 _____ () C:\Windows\SysWOW64\223.cht
2014-12-31 16:46 - 2013-12-06 09:55 - 01869844 _____ () C:\Windows\SysWOW64\224.cht
2014-12-31 16:31 - 2013-12-06 09:55 - 00502960 _____ () C:\Windows\SysWOW64\222.cht
2014-12-31 16:31 - 2013-12-06 09:55 - 00502960 _____ () C:\Windows\SysWOW64\221.cht
2014-12-31 15:50 - 2013-12-06 09:55 - 00008628 _____ () C:\Windows\SysWOW64\220.cht
2014-12-31 15:50 - 2013-12-06 09:55 - 00008628 _____ () C:\Windows\SysWOW64\219.cht
2014-12-31 15:49 - 2013-12-06 09:55 - 00459068 _____ () C:\Windows\SysWOW64\218.cht
2014-12-31 15:49 - 2013-12-06 09:55 - 00459068 _____ () C:\Windows\SysWOW64\217.cht
2014-12-31 15:48 - 2013-12-06 09:55 - 00724792 _____ () C:\Windows\SysWOW64\216.cht
2014-12-31 15:48 - 2013-12-06 09:55 - 00724792 _____ () C:\Windows\SysWOW64\215.cht
2014-12-31 15:47 - 2013-12-06 09:55 - 00440788 _____ () C:\Windows\SysWOW64\214.cht
2014-12-31 15:47 - 2013-12-06 09:55 - 00440788 _____ () C:\Windows\SysWOW64\213.cht
2014-12-31 15:46 - 2013-12-06 09:55 - 00465316 _____ () C:\Windows\SysWOW64\208.cht
2014-12-31 15:46 - 2013-12-06 09:55 - 00465316 _____ () C:\Windows\SysWOW64\207.cht
2014-12-31 15:46 - 2013-12-06 09:55 - 00350876 _____ () C:\Windows\SysWOW64\212.cht
2014-12-31 15:46 - 2013-12-06 09:55 - 00350876 _____ () C:\Windows\SysWOW64\211.cht
2014-12-31 15:46 - 2013-12-06 09:55 - 00033944 _____ () C:\Windows\SysWOW64\210.cht
2014-12-31 15:46 - 2013-12-06 09:55 - 00033944 _____ () C:\Windows\SysWOW64\209.cht
2014-12-31 15:45 - 2013-12-06 09:55 - 01894996 _____ () C:\Windows\SysWOW64\205.cht
2014-12-31 15:45 - 2013-12-06 09:55 - 01868836 _____ () C:\Windows\SysWOW64\206.cht
2014-12-31 15:44 - 2013-12-06 09:55 - 00626396 _____ () C:\Windows\SysWOW64\202.cht
2014-12-31 15:44 - 2013-12-06 09:55 - 00626396 _____ () C:\Windows\SysWOW64\201.cht
2014-12-31 15:44 - 2013-12-06 09:55 - 00187760 _____ () C:\Windows\SysWOW64\204.cht
2014-12-31 15:44 - 2013-12-06 09:55 - 00187760 _____ () C:\Windows\SysWOW64\203.cht
2014-12-31 15:43 - 2013-12-06 09:55 - 00126488 _____ () C:\Windows\SysWOW64\200.cht
2014-12-31 15:43 - 2013-12-06 09:54 - 00126488 _____ () C:\Windows\SysWOW64\199.cht
2014-12-31 15:42 - 2013-12-06 09:54 - 00532784 _____ () C:\Windows\SysWOW64\198.cht
2014-12-31 15:42 - 2013-12-06 09:54 - 00532784 _____ () C:\Windows\SysWOW64\197.cht
2014-12-31 15:41 - 2013-12-06 09:54 - 00461848 _____ () C:\Windows\SysWOW64\196.cht
2014-12-31 15:41 - 2013-12-06 09:54 - 00461848 _____ () C:\Windows\SysWOW64\195.cht
2014-12-31 15:38 - 2013-12-06 09:54 - 00126488 _____ () C:\Windows\SysWOW64\194.cht
2014-12-31 15:38 - 2013-12-06 09:54 - 00126488 _____ () C:\Windows\SysWOW64\193.cht
2014-12-31 15:33 - 2013-12-06 09:54 - 00464292 _____ () C:\Windows\SysWOW64\192.cht
2014-12-31 15:33 - 2013-12-06 09:54 - 00464292 _____ () C:\Windows\SysWOW64\191.cht
2014-12-31 15:32 - 2013-12-06 09:54 - 00464116 _____ () C:\Windows\SysWOW64\190.cht
2014-12-31 15:32 - 2013-12-06 09:54 - 00464116 _____ () C:\Windows\SysWOW64\189.cht
2014-12-31 15:29 - 2013-12-06 09:54 - 00530648 _____ () C:\Windows\SysWOW64\188.cht
2014-12-31 15:29 - 2013-12-06 09:54 - 00530648 _____ () C:\Windows\SysWOW64\187.cht
2014-12-31 15:29 - 2013-12-06 09:54 - 00465316 _____ () C:\Windows\SysWOW64\186.cht
2014-12-31 15:28 - 2013-12-06 09:54 - 00465316 _____ () C:\Windows\SysWOW64\185.cht
2014-12-31 15:28 - 2013-12-06 09:54 - 00350876 _____ () C:\Windows\SysWOW64\184.cht
2014-12-31 15:28 - 2013-12-06 09:54 - 00350876 _____ () C:\Windows\SysWOW64\183.cht
2014-12-31 15:28 - 2013-12-06 09:54 - 00033944 _____ () C:\Windows\SysWOW64\182.cht
2014-12-31 15:28 - 2013-12-06 09:54 - 00033944 _____ () C:\Windows\SysWOW64\181.cht
2014-12-31 15:27 - 2013-12-06 09:54 - 00123508 _____ () C:\Windows\SysWOW64\180.cht
2014-12-31 15:27 - 2013-12-06 09:54 - 00123508 _____ () C:\Windows\SysWOW64\179.cht
2014-12-31 15:22 - 2013-12-06 09:54 - 00641180 _____ () C:\Windows\SysWOW64\178.cht
2014-12-31 15:22 - 2013-12-06 09:54 - 00641180 _____ () C:\Windows\SysWOW64\177.cht
2014-12-31 15:21 - 2013-12-06 09:54 - 00123508 _____ () C:\Windows\SysWOW64\176.cht
2014-12-31 15:21 - 2013-12-06 09:53 - 00123508 _____ () C:\Windows\SysWOW64\175.cht
2014-12-31 15:21 - 2013-12-02 13:36 - 00063244 _____ () C:\Windows\SysWOW64\174.cht
2014-12-31 15:21 - 2013-12-02 13:36 - 00063244 _____ () C:\Windows\SysWOW64\173.cht
2014-12-31 15:15 - 2013-12-02 13:35 - 00042212 _____ () C:\Windows\SysWOW64\172.cht
2014-12-31 15:15 - 2013-11-15 20:17 - 00042212 _____ () C:\Windows\SysWOW64\171.cht
2014-12-31 15:14 - 2013-11-15 20:17 - 00120048 _____ () C:\Windows\SysWOW64\170.cht
2014-12-31 15:14 - 2013-11-15 20:09 - 00120048 _____ () C:\Windows\SysWOW64\169.cht
2014-12-31 15:09 - 2013-11-15 20:09 - 00038084 _____ () C:\Windows\SysWOW64\168.cht
2014-12-31 15:09 - 2013-11-15 20:00 - 00038084 _____ () C:\Windows\SysWOW64\167.cht
2014-12-31 15:00 - 2013-11-15 20:00 - 00038092 _____ () C:\Windows\SysWOW64\166.cht
2014-12-31 15:00 - 2013-11-15 19:59 - 00038092 _____ () C:\Windows\SysWOW64\165.cht
2014-12-31 14:54 - 2013-11-15 19:59 - 00165716 _____ () C:\Windows\SysWOW64\164.cht
2014-12-31 14:54 - 2013-11-15 19:46 - 00165716 _____ () C:\Windows\SysWOW64\163.cht
2014-12-31 14:49 - 2013-11-15 16:37 - 00196924 _____ () C:\Windows\SysWOW64\162.cht
2014-12-31 14:49 - 2013-11-15 16:37 - 00196924 _____ () C:\Windows\SysWOW64\161.cht
2014-12-31 14:48 - 2013-11-15 16:35 - 00038076 _____ () C:\Windows\SysWOW64\160.cht
2014-12-31 14:48 - 2013-11-15 16:35 - 00038076 _____ () C:\Windows\SysWOW64\159.cht
2014-12-31 14:47 - 2013-11-15 16:22 - 00490616 _____ () C:\Windows\SysWOW64\158.cht
2014-12-31 14:47 - 2013-11-15 16:22 - 00490616 _____ () C:\Windows\SysWOW64\157.cht
2014-12-31 14:45 - 2013-11-15 16:22 - 00008628 _____ () C:\Windows\SysWOW64\156.cht
2014-12-31 14:45 - 2013-11-15 16:22 - 00008628 _____ () C:\Windows\SysWOW64\155.cht
2014-12-31 14:44 - 2013-11-15 16:22 - 00042184 _____ () C:\Windows\SysWOW64\154.cht
2014-12-31 14:44 - 2013-11-15 16:21 - 00042184 _____ () C:\Windows\SysWOW64\153.cht
2014-12-31 14:39 - 2013-11-15 16:21 - 00770836 _____ () C:\Windows\SysWOW64\152.cht
2014-12-31 14:39 - 2013-11-15 16:20 - 00796300 _____ () C:\Windows\SysWOW64\151.cht
2014-12-31 14:39 - 2013-11-15 16:20 - 00440788 _____ () C:\Windows\SysWOW64\150.cht
2014-12-31 14:39 - 2013-11-15 16:20 - 00440788 _____ () C:\Windows\SysWOW64\149.cht
2014-12-31 14:38 - 2013-11-15 16:19 - 00033944 _____ () C:\Windows\SysWOW64\148.cht
2014-12-31 14:38 - 2013-11-15 16:10 - 00033944 _____ () C:\Windows\SysWOW64\147.cht
2014-12-31 14:36 - 2013-11-15 16:10 - 00350876 _____ () C:\Windows\SysWOW64\146.cht
2014-12-31 14:36 - 2013-11-15 16:08 - 00350876 _____ () C:\Windows\SysWOW64\145.cht
2014-12-31 14:35 - 2013-11-15 15:17 - 00033944 _____ () C:\Windows\SysWOW64\144.cht
2014-12-31 14:35 - 2013-11-15 15:17 - 00033944 _____ () C:\Windows\SysWOW64\143.cht
2014-12-31 14:32 - 2013-11-15 15:17 - 00440788 _____ () C:\Windows\SysWOW64\142.cht
2014-12-31 14:32 - 2013-11-15 13:34 - 00440788 _____ () C:\Windows\SysWOW64\141.cht
2014-12-31 14:18 - 2014-02-10 19:59 - 00000000 ____D () C:\Users\Phyllis\AppData\Roaming\Skype
2014-12-31 14:17 - 2013-11-15 13:34 - 00033944 _____ () C:\Windows\SysWOW64\140.cht
2014-12-31 14:17 - 2013-11-15 13:34 - 00033944 _____ () C:\Windows\SysWOW64\139.cht
2014-12-31 14:17 - 2013-11-15 13:25 - 00475160 _____ () C:\Windows\SysWOW64\138.cht
2014-12-31 14:17 - 2013-11-15 13:25 - 00475160 _____ () C:\Windows\SysWOW64\137.cht
2014-12-31 14:13 - 2013-11-15 13:25 - 00465316 _____ () C:\Windows\SysWOW64\136.cht
2014-12-31 14:13 - 2013-11-15 13:19 - 00465316 _____ () C:\Windows\SysWOW64\135.cht
2014-12-31 14:06 - 2013-11-15 13:10 - 00350876 _____ () C:\Windows\SysWOW64\134.cht
2014-12-31 14:06 - 2013-11-15 13:10 - 00350876 _____ () C:\Windows\SysWOW64\133.cht
2014-12-31 14:06 - 2013-11-15 13:10 - 00033944 _____ () C:\Windows\SysWOW64\132.cht
2014-12-31 14:06 - 2013-11-15 12:45 - 00033944 _____ () C:\Windows\SysWOW64\131.cht
2014-12-31 14:04 - 2013-11-15 12:45 - 00796300 _____ () C:\Windows\SysWOW64\129.cht
2014-12-31 14:04 - 2013-11-15 12:45 - 00768796 _____ () C:\Windows\SysWOW64\130.cht
2014-12-31 13:33 - 2013-11-15 12:40 - 00440788 _____ () C:\Windows\SysWOW64\128.cht
2014-12-31 13:33 - 2013-11-15 12:40 - 00440788 _____ () C:\Windows\SysWOW64\127.cht
2014-12-31 13:10 - 2013-11-15 12:40 - 00465316 _____ () C:\Windows\SysWOW64\126.cht
2014-12-31 13:10 - 2013-11-15 12:32 - 00465316 _____ () C:\Windows\SysWOW64\125.cht
2014-12-31 13:09 - 2013-11-15 12:32 - 00350876 _____ () C:\Windows\SysWOW64\124.cht
2014-12-31 13:09 - 2013-11-15 12:32 - 00350876 _____ () C:\Windows\SysWOW64\123.cht
2014-12-31 13:00 - 2013-11-15 12:32 - 00350876 _____ () C:\Windows\SysWOW64\122.cht
2014-12-31 13:00 - 2013-11-15 12:32 - 00350876 _____ () C:\Windows\SysWOW64\121.cht
2014-12-31 12:59 - 2013-11-15 12:32 - 00641180 _____ () C:\Windows\SysWOW64\120.cht
2014-12-31 12:59 - 2013-11-15 12:15 - 00641180 _____ () C:\Windows\SysWOW64\119.cht
2014-12-31 12:56 - 2013-11-15 12:15 - 00641180 _____ () C:\Windows\SysWOW64\118.cht
2014-12-31 12:56 - 2013-11-15 12:15 - 00641180 _____ () C:\Windows\SysWOW64\117.cht
2014-12-31 12:48 - 2013-11-15 12:12 - 00465316 _____ () C:\Windows\SysWOW64\116.cht
2014-12-31 12:48 - 2013-11-15 12:12 - 00465316 _____ () C:\Windows\SysWOW64\115.cht
2014-12-31 12:46 - 2013-11-15 12:12 - 00033944 _____ () C:\Windows\SysWOW64\114.cht
2014-12-31 12:46 - 2013-11-15 12:12 - 00033944 _____ () C:\Windows\SysWOW64\113.cht
2014-12-31 12:46 - 2013-11-15 11:49 - 00440788 _____ () C:\Windows\SysWOW64\112.cht
2014-12-31 12:46 - 2013-11-15 11:49 - 00440788 _____ () C:\Windows\SysWOW64\111.cht
2014-12-31 12:45 - 2013-11-15 11:49 - 00470156 _____ () C:\Windows\SysWOW64\110.cht
2014-12-31 12:45 - 2013-11-15 11:47 - 00470156 _____ () C:\Windows\SysWOW64\109.cht
2014-12-31 12:36 - 2013-11-15 11:47 - 00386004 _____ () C:\Windows\SysWOW64\108.cht
2014-12-31 12:36 - 2013-11-15 11:47 - 00386004 _____ () C:\Windows\SysWOW64\107.cht
2014-12-31 12:31 - 2013-11-15 11:47 - 00386004 _____ () C:\Windows\SysWOW64\106.cht
2014-12-31 12:30 - 2013-11-15 11:47 - 01894996 _____ () C:\Windows\SysWOW64\104.cht
2014-12-31 12:30 - 2013-11-15 11:47 - 01865812 _____ () C:\Windows\SysWOW64\105.cht
2014-12-31 12:29 - 2013-11-15 11:44 - 00465316 _____ () C:\Windows\SysWOW64\103.cht
2014-12-31 12:29 - 2013-11-15 11:44 - 00465316 _____ () C:\Windows\SysWOW64\102.cht
2014-12-31 12:25 - 2013-11-08 16:49 - 00440788 _____ () C:\Windows\SysWOW64\101.cht
2014-12-31 12:25 - 2013-11-08 15:46 - 00440788 _____ () C:\Windows\SysWOW64\100.cht
2014-12-31 12:23 - 2013-11-08 15:46 - 01865812 _____ () C:\Windows\SysWOW64\99.cht
2014-12-31 12:23 - 2013-11-08 15:45 - 01894996 _____ () C:\Windows\SysWOW64\98.cht
2014-12-31 12:23 - 2013-11-08 15:45 - 01296308 _____ () C:\Windows\SysWOW64\97.cht
2014-12-31 12:23 - 2013-11-08 15:45 - 01296308 _____ () C:\Windows\SysWOW64\96.cht
2014-12-31 12:22 - 2013-11-08 15:45 - 00480912 _____ () C:\Windows\SysWOW64\95.cht
2014-12-31 12:22 - 2013-11-08 15:45 - 00480912 _____ () C:\Windows\SysWOW64\94.cht
2014-12-31 06:14 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2013-11-11 12:37 - 2013-11-29 12:49 - 0005116 _____ () C:\Users\Phyllis\AppData\Roaming\AutoTagLog.log
2013-11-11 12:06 - 2014-05-05 13:39 - 0009510 _____ () C:\Users\Phyllis\AppData\Roaming\RegistrationLog.log
2014-05-05 11:17 - 2014-05-05 13:38 - 0001132 _____ () C:\Users\Phyllis\AppData\Roaming\ReplayConverterLog.log
2013-11-11 12:06 - 2013-11-30 00:15 - 0051684 _____ () C:\Users\Phyllis\AppData\Roaming\ReplayMusicLog.log
2013-11-01 15:47 - 2013-11-01 15:47 - 0000320 _____ () C:\Users\Phyllis\AppData\Roaming\SEC517874.trad
2013-11-01 15:29 - 2013-11-01 15:29 - 0000320 _____ () C:\Users\Phyllis\AppData\Roaming\SEC540721.trad
2013-11-11 13:44 - 2013-11-11 13:45 - 0000874 _____ () C:\Users\Phyllis\AppData\Roaming\VideoPadlockLog.log
2014-12-26 20:12 - 2014-12-27 07:12 - 0000063 _____ () C:\Users\Phyllis\AppData\Roaming\WB.CFG
2013-10-30 19:32 - 2014-10-17 08:20 - 0007605 _____ () C:\Users\Phyllis\AppData\Local\resmon.resmoncfg
2013-11-11 13:24 - 2014-12-13 09:33 - 0293012 _____ () C:\Users\Phyllis\AppData\Local\rx_audio.Cache
2013-11-11 13:24 - 2014-11-30 13:15 - 0008424 _____ () C:\Users\Phyllis\AppData\Local\rx_image32.Cache
2013-10-30 17:53 - 2013-10-30 17:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Phyllis\AppData\Local\Temp\6_Offer_16.exe
C:\Users\Phyllis\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\Phyllis\AppData\Local\Temp\clean20.dll
C:\Users\Phyllis\AppData\Local\Temp\CopyUpdate.exe
C:\Users\Phyllis\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpficmmn.dll
C:\Users\Phyllis\AppData\Local\Temp\GACInstaller.dll
C:\Users\Phyllis\AppData\Local\Temp\instutil.dll
C:\Users\Phyllis\AppData\Local\Temp\jna3188981325091469049.dll
C:\Users\Phyllis\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Phyllis\AppData\Local\Temp\lowproc.exe
C:\Users\Phyllis\AppData\Local\Temp\nitro_reader3_x64.exe
C:\Users\Phyllis\AppData\Local\Temp\Quarantine.exe
C:\Users\Phyllis\AppData\Local\Temp\RegistASM.exe
C:\Users\Phyllis\AppData\Local\Temp\Rev1427.tmp.exe
C:\Users\Phyllis\AppData\Local\Temp\Samsung_Magician_Setup_v44.exe
C:\Users\Phyllis\AppData\Local\Temp\Samsung_Magician_Setup_v45.exe
C:\Users\Phyllis\AppData\Local\Temp\sqlite3.dll
C:\Users\Phyllis\AppData\Local\Temp\stubhelper.dll
C:\Users\Phyllis\AppData\Local\Temp\TSInst10.exe
C:\Users\Phyllis\AppData\Local\Temp\TSInstallCAUtils.dll
C:\Users\Phyllis\AppData\Local\Temp\_ir_sf_temp_0DirectorSetup.exe
C:\Users\Phyllis\AppData\Local\Temp\_isFF18.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 00:44

==================== End Of Log ============================
« Last Edit: January 30, 2015, 11:31:39 AM by PGB »

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Trojan.Agent.ED found by MalawareBytes
« Reply #5 on: January 30, 2015, 02:19:45 PM »
Thanks for the logs, you post wrong log from Malwarebytes. I want to see "Scan log" not protection log....

Open Malwarebytes, from the main GUI click on History > Application Logs. Find your "scan" log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"
Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

Next,

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin.

(To run ESET Online Scanner in a browser other than Internet Explorer, you'll need to download ESET SMART  Installer during the process)

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
Click Start
  • When asked, allow the add/on to be installed
Click Start
  • Make sure that the option "Remove found threats"  is Ticked
  • Click on Advanced Settings, ensure the following options are checked:
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Click Scan

  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

If threats were found

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

close program

Copy and paste the report in next reply.

Next,

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...

Let me see those logs, also give an update on any remaining issues or concerns...

Thank you,

Kevin...




Offline PGB

  • Bronze Member
  • Posts: 381
Re: [Resolved - K] Trojan.Agent.ED found by MalawareBytes
« Reply #6 on: January 30, 2015, 03:20:02 PM »
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/30/2015
Scan Time: 11:35:41 AM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.30.06
Rootkit Database: v2015.01.14.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Phyllis

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 403069
Time Elapsed: 6 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-01-2015
Ran by Phyllis at 2015-01-30 16:23:59 Run:1
Running from C:\Users\Phyllis\Desktop\1-30-15
Loaded Profiles: Phyllis (Available profiles: Phyllis)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
AutoConfigURL: [S-1-5-21-4249353033-2772040276-2529461727-1000] => C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\BAC_PAC.js
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service
FF Extension: Search App by Ask - C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\3hyawouq.default-1384237558205\Extensions\toolbar_REAL1-SP@apn.ask.com.xpi [2014-11-24]
C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\3hyawouq.default-1384237558205\Extensions\toolbar_REAL1-SP@apn.ask.com.xpi
CHR Extension: (ShopAtHome.com) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc [2014-11-02]
C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc
S2 SessionLauncher; C:\Users\Phyllis\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
S4 LMIRfsClientNP; No ImagePath
C:\Users\Phyllis\AppData\Local\Temp\6_Offer_16.exe
C:\Users\Phyllis\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\Phyllis\AppData\Local\Temp\clean20.dll
C:\Users\Phyllis\AppData\Local\Temp\CopyUpdate.exe
C:\Users\Phyllis\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpficmmn.dll
C:\Users\Phyllis\AppData\Local\Temp\GACInstaller.dll
C:\Users\Phyllis\AppData\Local\Temp\instutil.dll
C:\Users\Phyllis\AppData\Local\Temp\jna3188981325091469049.dll
C:\Users\Phyllis\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Phyllis\AppData\Local\Temp\lowproc.exe
C:\Users\Phyllis\AppData\Local\Temp\nitro_reader3_x64.exe
C:\Users\Phyllis\AppData\Local\Temp\Quarantine.exe
C:\Users\Phyllis\AppData\Local\Temp\RegistASM.exe
C:\Users\Phyllis\AppData\Local\Temp\Rev1427.tmp.exe
C:\Users\Phyllis\AppData\Local\Temp\Samsung_Magician_Setup_v44.exe
C:\Users\Phyllis\AppData\Local\Temp\Samsung_Magician_Setup_v45.exe
C:\Users\Phyllis\AppData\Local\Temp\sqlite3.dll
C:\Users\Phyllis\AppData\Local\Temp\stubhelper.dll
C:\Users\Phyllis\AppData\Local\Temp\TSInst10.exe
C:\Users\Phyllis\AppData\Local\Temp\TSInstallCAUtils.dll
C:\Users\Phyllis\AppData\Local\Temp\_ir_sf_temp_0DirectorSetup.exe
C:\Users\Phyllis\AppData\Local\Temp\_isFF18.exe
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Phyllis\Desktop\SMM_Call_10.02.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\Phyllis\Downloads\attachedMessage (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Phyllis\Downloads\attachedMessage (2).eml:OECustomProperty
AlternateDataStreams: C:\Users\Phyllis\Downloads\attachedMessage (3).eml:OECustomProperty
AlternateDataStreams: C:\Users\Phyllis\Downloads\attachedMessage (4).eml:OECustomProperty
AlternateDataStreams: C:\Users\Phyllis\Downloads\attachedMessage (5).eml:OECustomProperty
AlternateDataStreams: C:\Users\Phyllis\Downloads\attachedMessage (6).eml:OECustomProperty
AlternateDataStreams: C:\Users\Phyllis\Downloads\attachedMessage (7).eml:OECustomProperty
AlternateDataStreams: C:\Users\Phyllis\Downloads\attachedMessage (8).eml:OECustomProperty
AlternateDataStreams: C:\Users\Phyllis\Downloads\attachedMessage (9).eml:OECustomProperty
AlternateDataStreams: C:\Users\Phyllis\Downloads\attachedMessage.eml:OECustomProperty
AlternateDataStreams: C:\Users\Phyllis\Downloads\Re_ 110 Newton Road_ P&S (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Phyllis\Downloads\Re_ 110 Newton Road_ P&S (2).eml:OECustomProperty
AlternateDataStreams: C:\Users\Phyllis\Downloads\Re_ 110 Newton Road_ P&S (3).eml:OECustomProperty
AlternateDataStreams: C:\Users\Phyllis\Downloads\Re_ 110 Newton Road_ P&S.eml:OECustomProperty
C:\Windows\System32\drivers\xvrmtal.sys
Emptytemp:
end



*****************

HKU\S-1-5-21-4249353033-2772040276-2529461727-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value deleted successfully.

"C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service" directory move:

C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\bacconfig.xml => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\BACUpgrade.txt => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\BAC_PAC.js => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\Belcaro.BrowserAppCore.ActionEngine.dll => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\Belcaro.BrowserAppCore.BrowserMessaging.dll => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\Belcaro.BrowserAppCore.Common.dll => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\Belcaro.BrowserAppCore.CommunicationEngine.dll => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\Belcaro.BrowserAppCore.DefaultSearchProvider.dll => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\Belcaro.BrowserAppCore.HeartBeat.dll => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\Belcaro.BrowserAppCore.Logging.dll => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\Belcaro.BrowserAppCore.Models.dll => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\Belcaro.BrowserAppCore.RulesEngine.dll => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\Belcaro.BrowserAppCore.Suppression.dll => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\Belcaro.BrowserAppCore.UserInfo.dll => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\Belcaro.BrowserAppCore.Utils.dll => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\Belcaro.BrowserAppCore.WebSocketServer.dll => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\Belcaro.BrowserAppCore.XMLDataProvider.dll => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\Belcaro.BrowserAppCore.XmlEngine.dll => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\delete_notification.html => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\FiddlerCore.dll => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\HtmlAgilityPack.dll => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\Ionic.Zip.dll => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\merchants.xml => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\NotificationDialog.exe => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\NotificationDialog.exe.config => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\prefs.xml => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\SahCoreNet.dll => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\SahProcessManager.exe => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\SahProcessManager.exe.config => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe.config => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\SQLite.Designer.dll => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\System.Data.SQLite.dll => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\uninstaller.exe => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\userinfo.xml => Moved successfully.
C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\version.txt => Moved successfully.
Could not move "C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service" directory. => Scheduled to move on reboot.

C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\3hyawouq.default-1384237558205\Extensions\toolbar_REAL1-SP@apn.ask.com.xpi => Moved successfully.
"C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\3hyawouq.default-1384237558205\Extensions\toolbar_REAL1-SP@apn.ask.com.xpi" => File/Directory not found.
C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc => Moved successfully.
"C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc" => File/Directory not found.
SessionLauncher => Service deleted successfully.
LMIRfsClientNP => Service deleted successfully.
C:\Users\Phyllis\AppData\Local\Temp\6_Offer_16.exe => Moved successfully.
C:\Users\Phyllis\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe => Moved successfully.
C:\Users\Phyllis\AppData\Local\Temp\clean20.dll => Moved successfully.
C:\Users\Phyllis\AppData\Local\Temp\CopyUpdate.exe => Moved successfully.
C:\Users\Phyllis\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpficmmn.dll => Moved successfully.
C:\Users\Phyllis\AppData\Local\Temp\GACInstaller.dll => Moved successfully.
C:\Users\Phyllis\AppData\Local\Temp\instutil.dll => Moved successfully.
C:\Users\Phyllis\AppData\Local\Temp\jna3188981325091469049.dll => Moved successfully.
C:\Users\Phyllis\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => Moved successfully.
C:\Users\Phyllis\AppData\Local\Temp\lowproc.exe => Moved successfully.
C:\Users\Phyllis\AppData\Local\Temp\nitro_reader3_x64.exe => Moved successfully.
C:\Users\Phyllis\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Phyllis\AppData\Local\Temp\RegistASM.exe => Moved successfully.
C:\Users\Phyllis\AppData\Local\Temp\Rev1427.tmp.exe => Moved successfully.
C:\Users\Phyllis\AppData\Local\Temp\Samsung_Magician_Setup_v44.exe => Moved successfully.
C:\Users\Phyllis\AppData\Local\Temp\Samsung_Magician_Setup_v45.exe => Moved successfully.
C:\Users\Phyllis\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Phyllis\AppData\Local\Temp\stubhelper.dll => Moved successfully.
C:\Users\Phyllis\AppData\Local\Temp\TSInst10.exe => Moved successfully.
C:\Users\Phyllis\AppData\Local\Temp\TSInstallCAUtils.dll => Moved successfully.
C:\Users\Phyllis\AppData\Local\Temp\_ir_sf_temp_0DirectorSetup.exe => Moved successfully.
C:\Users\Phyllis\AppData\Local\Temp\_isFF18.exe => Moved successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
C:\Users\Phyllis\Desktop\SMM_Call_10.02.mp3 => ":Roxio EMC Stream" ADS removed successfully.
C:\Users\Phyllis\Downloads\attachedMessage (1).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Phyllis\Downloads\attachedMessage (2).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Phyllis\Downloads\attachedMessage (3).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Phyllis\Downloads\attachedMessage (4).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Phyllis\Downloads\attachedMessage (5).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Phyllis\Downloads\attachedMessage (6).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Phyllis\Downloads\attachedMessage (7).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Phyllis\Downloads\attachedMessage (8).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Phyllis\Downloads\attachedMessage (9).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Phyllis\Downloads\attachedMessage.eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Phyllis\Downloads\Re_ 110 Newton Road_ P&S (1).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Phyllis\Downloads\Re_ 110 Newton Road_ P&S (2).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Phyllis\Downloads\Re_ 110 Newton Road_ P&S (3).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Phyllis\Downloads\Re_ 110 Newton Road_ P&S.eml => ":OECustomProperty" ADS removed successfully.
"C:\Windows\System32\drivers\xvrmtal.sys" => File/Directory not found.
EmptyTemp: => Removed 17.2 GB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-30 16:27:06)<=

C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service => Is moved successfully.

==== End of Fixlog 16:27:06 ====
« Last Edit: January 30, 2015, 03:29:01 PM by PGB »

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Trojan.Agent.ED found by MalawareBytes
« Reply #7 on: January 30, 2015, 03:48:07 PM »
Thanks for those logs, post ESET scan results anytime you`re ready. Also give update on any remaining issues or concerns.....

FRST has reclaimed considerable amount of space from temp directories!

Quote
EmptyTemp: => Removed 17.2 GB temporary data.

Kevin.... :t

Offline PGB

  • Bronze Member
  • Posts: 381
Re: [Resolved - K] Trojan.Agent.ED found by MalawareBytes
« Reply #8 on: January 30, 2015, 04:33:41 PM »
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe.vir   a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application   deleted - quarantined
C:\Users\Phyllis\Downloads\cbsidlm-cbsi188-Moyea_FLV_Player-ORG-10677393.exe   a variant of Win32/CNETInstaller.B potentially unwanted application   deleted - quarantined
C:\Users\Phyllis\Downloads\MPlayer.exe   a variant of Win32/InstallCore.TR potentially unwanted application   deleted - quarantined
---------------------------------
 Results of screen317's Security Check version 0.99.95 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
Microsoft Security Essentials   
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Java 7 Update 71 
  Java 64-bit 8 Update 31[/color] 
 Adobe Flash Player 16.0.0.296 
 Adobe Reader XI 
 Mozilla Firefox (35.0.1)
 Google Chrome (40.0.2214.91)
 Google Chrome (40.0.2214.93)
 Google Chrome (plugins...)
````````Process Check: objlist.exe by Laurent````````[/u] 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 31% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````[/u]



Yes, this an SSD, so not to defrag.

I have no other concerns; system seems to be working well.



Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Trojan.Agent.ED found by MalawareBytes
« Reply #9 on: January 30, 2015, 06:54:34 PM »
Thanks for the update, run the following to clear up:

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:


  • Remove disinfection tools
  • Purge System Restore
  • Reset system settings

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following link to fully understand PC security and best practices, you may find it useful....

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

Let me know if we are ok to close out....

Thank you,

Kevin....

Offline PGB

  • Bronze Member
  • Posts: 381
Re: [Resolved - K] Trojan.Agent.ED found by MalawareBytes
« Reply #10 on: January 30, 2015, 08:51:55 PM »
The hyperlinks in my Microsoft Outlook would not open.  I fixed it with Microsoft Fix it 50388 from Microsoft Support http://support.microsoft.com/kb/310049?fi=50388  from a  Google search, and it seems to be working fine now.  So it seems everything i working fine!
« Last Edit: January 30, 2015, 09:04:27 PM by PGB »

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7656
Re: [Resolved - K] Trojan.Agent.ED found by MalawareBytes
« Reply #11 on: January 31, 2015, 05:59:00 AM »
Since this issue appears to be resolved the topic has been closed. Glad we could help.... :t 

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

The fixes and advice in this thread are for this System only. Do not apply the instructions from this thread to your own System. Please start a new thread describing your issue and someone will be along to assist you.

 :ty