Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I got everything, but I'd like to make sure.


  • This topic is locked This topic is locked
7 replies to this topic

#1 urbanizedknave

urbanizedknave

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 06 August 2014 - 05:43 PM

I've run Emsisoft Anti-Malware and installed Zonealarm Pro AV + Firewall and done deep a scan with both programs. I *think* I've gotten rid of everything, but I would love a second opinion. This computer still seems to be running slower than it should with 8gb RAM.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.17028  BrowserJavaVersion: 10.65.2
Run by wenewman at 17:34:53 on 2014-08-06
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.7764.5470 [GMT -5:00]
.
AV: ZoneAlarm Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security *Disabled/Outdated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Disabled/Outdated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: ZoneAlarm Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\atieclxx.exe
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\ProgramData\IePluginServices\PluginService.exe
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhostex.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
C:\windows\system32\svchost.exe -k apphost
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\windows\system32\dashost.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE
C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
C:\windows\splwow64.exe
C:\Windows\System32\RuntimeBroker.exe
C:\windows\system32\printfilterpipelinesvc.exe
C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
C:\windows\explorer.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Windows\System32\WUDFHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://astromenda.com/?f=1&a=ast_cmi_14_48_ch&cd=2XzuyEtN2Y1L1Qzu0AyEtCyBtAtCzz0EyD0D0EyCtCyDtByDtN0D0Tzu0SzyyEyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzz0Fzy0AtDtC0CtGyBzz0A0DtGzzzy0ByEtGtA0EyEyCtGtB0FzytB0AtAtC0A0FyDzy0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyB0FyE0D0AyCyDtG0DyBtBzztGyD0EzyyCtG0A0A0A0BtGyB0EzytDtA0FyDtA0EzztAtD2Q&cr=1184320722&ir=
uSearch Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85BPXM7F-tfpYcjdgD0FkJajtPuBe4zV817FeXEy7rSHY4esAkPOSs7a5XVc8q2yVDDcM1BRiu7QeUGQTfcUv93TUGiXTI6YPCU1X7vgVWFYjf7d_gE4_CIpB1nZz7A_r&q={searchTerms}
uSearch Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85BPXM7F-tfpYcjdgD0FkJajtPuBe4zV817FeXEy7rSHY4esAkPOSs7a5XVc8q2yVDDcM1BRiu7QeUGQTfcUv93TUGiXTI6YPCU1X7vgVWFYjf7d_gE4_CIpB1nZz7A_r&q={searchTerms}
uDefault_Page_URL = about:blank
mStart Page = about:blank
mSearch Page = hxxp://www.istart123.com/web/?type=ds&ts=1406774444&from=tt4u&uid=ST1000DM003-9YN162_S1D71KKL&q={searchTerms}
mDefault_Page_URL = about:blank
mDefault_Search_URL = hxxp://www.istart123.com/web/?type=ds&ts=1406774444&from=tt4u&uid=ST1000DM003-9YN162_S1D71KKL&q={searchTerms}
uSearchAssistant = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85BPXM7F-tfpYcjdgD0FkJajtPuBe4zV817FeXEy7rSHY4esAkPOSs7a5XVc8q2yVDDcM1BRiu7QeUGQTfcUv93TUGiXTI6YPCU1X7vgVWFYjf7d_gE4_CIpB1nZz7A_r&q={searchTerms}
mWinlogon: Userinit = userinit.exe
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coieplg.dll
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - 
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
uRun: [HP Deskjet 3520 series (NET)] "C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN32P1C20R05SY:NW" -scfn "HP Deskjet 3520 series (NET)" -AutoStart 1
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [fst_us_175] <no file>
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001051-0002-0051-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - 
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9223EA53-110C-4E11-8D29-2ED2275C8162} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{FB43624A-3A51-46A8-82C9-4C4C87B9DFAD} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FB43624A-3A51-46A8-82C9-4C4C87B9DFAD}\5446C6569737D27457563747027596D26496 : DHCPNameServer = 192.168.1.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browserprotect.exe - tasklist.exe
x64-mStart Page = about:blank
x64-mSearch Page = hxxp://www.istart123.com/web/?type=ds&ts=1406774444&from=tt4u&uid=ST1000DM003-9YN162_S1D71KKL&q={searchTerms}
x64-mDefault_Page_URL = about:blank
x64-mDefault_Search_URL = hxxp://www.istart123.com/web/?type=ds&ts=1406774444&from=tt4u&uid=ST1000DM003-9YN162_S1D71KKL&q={searchTerms}
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - 
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - 
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - 
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: bitguard.exe - tasklist.exe
x64-IFEO: bprotect.exe - tasklist.exe
x64-IFEO: bpsvc.exe - tasklist.exe
x64-IFEO: browserdefender.exe - tasklist.exe
x64-IFEO: browserprotect.exe - tasklist.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\wenewman\AppData\Roaming\Mozilla\Firefox\Profiles\wqwu9bbe.default\
FF - prefs.js: browser.search.selectedEngine - Astromenda
FF - prefs.js: browser.startup.homepage - hxxp://astromenda.com/?f=1&a=ast_cmi_14_48_ch&cd=2XzuyEtN2Y1L1Qzu0AyEtCyBtAtCzz0EyD0D0EyCtCyDtByDtN0D0Tzu0SzyyEyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzz0Fzy0AtDtC0CtGyBzz0A0DtGzzzy0ByEtGtA0EyEyCtGtB0FzytB0AtAtC0A0FyDzy0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyB0FyE0D0AyCyDtG0DyBtBzztGyD0EzyyCtG0A0A0A0BtGyB0EzytDtA0FyDtA0EzztAtD2Q&cr=1184320722&ir=
FF - prefs.js: keyword.URL - hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_l8fMQr5kRlG85BPXM7F-tfpYcjdgD0FkJajtPuBe4zV817FeXEy7rSHY4esAkPOSs7a5XVc8q2yVDDcM1BRiu7QeUGQTfcUv93TUGiXTI6YPCU1X7vgVWFYjf7d_gE4_CIpB1nZz7A_r&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Users\wenewman\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\windows\System32\WebClient\npwebclient.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.astrmndant.aflt - ast_cmi_14_48_ch
FF - user.js: extensions.astrmndant.instlRef - 142905_b
FF - user.js: extensions.astrmndant.cr - 1184320722
FF - user.js: extensions.astrmndant.cd - 2XzuyEtN2Y1L1Qzu0AyEtCyBtAtCzz0EyD0D0EyCtCyDtByDtN0D0Tzu0SzyyEyEtN1L2XzutBtFtBtCtFtCzztFtAtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAzz0Fzy0AtDtC0CtGyBzz0A0DtGzzzy0ByEtGtA0EyEyCtGtB0FzytB0AtAtC0A0FyDzy0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyB0FyE0D0AyCyDtG0DyBtBzztGyD0EzyyCtG0A0A0A0BtGyB0EzytDtA0FyDtA0EzztAtD2Q
.
user_pref(extensions.autoDisableScopes,14);
.
============= SERVICES / DRIVERS ===============
.
R1 {55dce8ba-9dec-4013-937e-adbf9317d990}Gw64;{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64;C:\windows\System32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys [2014-8-1 61584]
R1 {9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64;{9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64;C:\windows\System32\Drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64.sys [2014-7-25 61120]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2014-8-5 26176]
R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2014-8-5 45208]
R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2014-8-5 23088]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2012-12-10 92536]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\Drivers\klim6.sys [2014-8-5 30304]
R1 klwfp;klwfp;C:\windows\System32\Drivers\klwfp.sys [2014-8-5 49760]
R1 kneps;kneps;C:\windows\System32\Drivers\kneps.sys [2014-8-5 177760]
R2 a2AntiMalware;Emsisoft Protection Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2014-8-5 4741384]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-10-16 240640]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-4-8 2356912]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2014-2-7 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\windows\System32\Drivers\LMIRfsDriver.sys [2014-5-29 72216]
R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2014-8-5 71472]
R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [2013-5-31 1393240]
R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\System32\Drivers\NISx64\1405000.01C\ccsetx64.sys [2014-5-1 169048]
R3 cleanhlp;cleanhlp;C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2014-8-5 57024]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-4-17 138912]
R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130614.001\IDSviA64.sys [2013-6-14 513184]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\windows\System32\Drivers\netr28x.sys [2013-12-4 2505904]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\windows\System32\Drivers\RtsPStor.sys [2012-7-4 339600]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-6-13 683664]
R3 SymDS;Symantec Data Store;C:\windows\System32\Drivers\NISx64\1405000.01C\symds64.sys [2014-5-1 493656]
R3 SymEFA;Symantec Extended File Attributes;C:\windows\System32\Drivers\NISx64\1405000.01C\symefa64.sys [2014-5-1 1139800]
R3 SymIRON;Symantec Iron Driver;C:\windows\System32\Drivers\NISx64\1405000.01C\ironx64.sys [2014-5-1 224416]
R3 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\Drivers\NISx64\1405000.01C\symnets.sys [2014-5-1 433752]
R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\Drivers\usbfilter.sys [2012-3-31 56448]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S0 klelam;klelam;C:\windows\System32\Drivers\klelam.sys [2014-3-19 29616]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\Drivers\ssudbus.sys [2014-1-22 108800]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\Drivers\ssudmdm.sys [2014-1-22 206080]
S3 WSDScan;WSD Scan Support;C:\windows\System32\Drivers\WSDScan.sys [2013-4-19 23552]
S4 SymELAM;Symantec ELAM Driver;C:\windows\System32\Drivers\NISx64\1405000.01C\symelam.sys [2014-5-1 23448]
.
=============== Created Last 30 ================
.
2014-08-06 05:52:45 -------- d-----w- C:\ProgramData\Emsisoft
2014-08-06 00:37:50 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2014-08-05 23:16:28 177760 ----a-w- C:\windows\System32\drivers\kneps.sys
2014-08-05 23:16:25 64856 ----a-w- C:\windows\System32\klfphc.dll
2014-08-05 23:16:25 49760 ----a-w- C:\windows\System32\drivers\klwfp.sys
2014-08-05 23:16:21 30304 ----a-w- C:\windows\System32\drivers\klim6.sys
2014-08-05 23:16:17 7717984 ----a-w- C:\windows\System32\drivers\kl1.sys
2014-08-05 23:16:15 92768 ----a-w- C:\windows\System32\drivers\klflt.sys
2014-08-05 23:10:14 -------- d-----w- C:\Program Files (x86)\CheckPoint
2014-08-05 23:09:36 -------- d-----w- C:\ProgramData\CheckPoint
2014-08-04 23:23:13 -------- d-----w- C:\Users\wenewman\AppData\Local\LPT
2014-08-02 04:17:19 -------- d-----w- C:\Program Files\CCleaner
2014-08-02 00:02:19 -------- d-----w- C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-08-02 00:00:33 -------- d-----w- C:\Users\wenewman\AppData\Roaming\hpqLog
2014-08-01 21:39:57 -------- d-----w- C:\Program Files (x86)\predm
2014-08-01 21:36:02 -------- d-----w- C:\ProgramData\374311380
2014-08-01 19:45:50 61584 ----a-w- C:\windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys
2014-08-01 19:16:43 552 ----a-w- C:\windows\SysWow64\schtasks.bin
2014-08-01 19:11:37 -------- d-----w- C:\Users\wenewman\AppData\Roaming\Probit Software
2014-08-01 18:35:52 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-01 18:28:18 -------- d-----w- C:\Users\wenewman\AppData\Local\com
2014-08-01 18:25:46 -------- d-----w- C:\Program Files (x86)\Supporter
2014-08-01 18:25:19 -------- d-----w- C:\ProgramData\e3ee6a4c8583885b
2014-08-01 18:25:19 -------- d-----w- C:\ProgramData\cosstminn
2014-08-01 18:25:13 -------- d-----w- C:\Users\wenewman\AppData\Local\globalUpdate
2014-08-01 18:25:13 -------- d-----w- C:\Program Files (x86)\globalUpdate
2014-08-01 18:25:12 -------- d-----w- C:\Program Files (x86)\cosstminn
2014-08-01 18:25:05 -------- d-----w- C:\Users\wenewman\AppData\Local\Chromatic Browser
2014-08-01 18:25:03 -------- d-----w- C:\Users\wenewman\AppData\Local\Torch
2014-08-01 18:24:57 -------- d-----w- C:\Users\wenewman\AppData\Local\Comodo
2014-08-01 18:23:55 -------- d-----w- C:\Program Files (x86)\Probit Software
2014-08-01 18:16:31 71168 ----a-w- C:\windows\System32\drivers\hdaudbus.sys
2014-08-01 18:15:25 94552 ----a-w- C:\windows\System32\drivers\mountmgr.sys
2014-08-01 18:15:25 328024 ----a-w- C:\windows\System32\drivers\Classpnp.sys
2014-07-31 02:43:08 -------- d-----w- C:\ProgramData\IePluginServices
2014-07-31 02:42:45 -------- d-----w- C:\ProgramData\WindowsMangerProtect
2014-07-31 02:40:47 -------- d-----w- C:\Program Files (x86)\Bench
2014-07-25 19:53:53 61120 ----a-w- C:\windows\System32\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64.sys
2014-07-25 18:49:02 -------- d-----w- C:\Users\wenewman\AppData\Roaming\GroovorioUpdater
2014-07-25 13:47:45 -------- d-----w- C:\Users\wenewman\AppData\Roaming\HP Support Assistant
2014-07-24 15:38:37 -------- d-----w- C:\Program Files (x86)\Setup Support for Consumer Input
2014-07-24 15:38:32 -------- d-----w- C:\Program Files (x86)\Settings Manager
2014-07-24 15:38:21 -------- d-----w- C:\ProgramData\systemk
2014-07-13 13:50:44 703968 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-07-13 13:50:44 105440 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-13 13:46:45 -------- d-s---w- C:\windows\System32\CompatTel
2014-07-10 07:41:48 87552 ----a-w- C:\windows\System32\aepic.dll
2014-07-10 07:41:48 702464 ----a-w- C:\windows\System32\aepdu.dll
2014-07-10 07:41:48 556544 ----a-w- C:\windows\System32\aeinv.dll
2014-07-10 07:41:48 394240 ----a-w- C:\windows\System32\devinv.dll
.
==================== Find3M  ====================
.
2014-07-18 19:43:53 92488 ----a-w- C:\windows\System32\LMIinit.dll
2014-07-18 19:43:53 35656 ----a-w- C:\windows\System32\LMIport.dll
2014-07-18 19:43:53 107368 ----a-w- C:\windows\System32\LMIRfsClientNP.dll
2014-06-19 02:12:11 2239488 ----a-w- C:\windows\System32\wininet.dll
2014-06-19 02:12:02 915968 ----a-w- C:\windows\System32\uxtheme.dll
2014-06-19 02:12:02 53760 ----a-w- C:\windows\System32\UXInit.dll
2014-06-19 02:10:33 3959296 ----a-w- C:\windows\System32\jscript9.dll
2014-06-19 02:10:28 67072 ----a-w- C:\windows\System32\iesetup.dll
2014-06-19 02:10:28 136704 ----a-w- C:\windows\System32\iesysprep.dll
2014-06-19 02:09:55 1508864 ----a-w- C:\windows\System32\inetcpl.cpl
2014-06-19 00:53:52 1766400 ----a-w- C:\windows\SysWow64\wininet.dll
2014-06-19 00:53:42 44032 ----a-w- C:\windows\SysWow64\UXInit.dll
2014-06-19 00:52:46 2863616 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-06-19 00:52:42 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-06-19 00:52:42 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2014-06-19 00:52:19 1440768 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-06-19 00:33:44 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2014-06-19 00:30:35 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-06-18 22:05:00 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll
2014-06-17 23:27:37 1440256 ----a-w- C:\windows\SysWow64\osk.exe
2014-06-17 23:24:48 1557504 ----a-w- C:\windows\System32\osk.exe
2014-06-11 04:18:14 4038144 ----a-w- C:\windows\System32\win32k.sys
2014-06-06 14:06:38 596480 ----a-w- C:\windows\System32\qedit.dll
2014-06-06 10:17:56 497152 ----a-w- C:\windows\SysWow64\qedit.dll
2014-06-02 22:33:45 265216 ----a-w- C:\windows\System32\InkEd.dll
2014-05-29 23:31:26 452608 ----a-w- C:\windows\SysWow64\SHCore.dll
2014-05-29 23:03:04 588288 ----a-w- C:\windows\System32\SHCore.dll
2014-05-29 23:02:28 439808 ----a-w- C:\windows\System32\lsm.dll
2014-05-29 23:02:27 1281536 ----a-w- C:\windows\System32\lsasrv.dll
2014-05-29 22:24:46 576512 ----a-w- C:\windows\System32\drivers\afd.sys
2013-12-17 03:21:17 10395072 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe
.
============= FINISH: 17:37:02.65 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:53 AM

Posted 11 August 2014 - 10:23 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Still some work to do.

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#3 urbanizedknave

urbanizedknave
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 11 August 2014 - 05:11 PM

Thanks for your assistance! Here are the logs you requested.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Protection, 8/11/2014 4:09:03 PM, SYSTEM, EAST, Protection, Malware Protection, Starting, 
Protection, 8/11/2014 4:09:03 PM, SYSTEM, EAST, Protection, Malware Protection, Started, 
Protection, 8/11/2014 4:09:03 PM, SYSTEM, EAST, Protection, Malicious Website Protection, Starting, 
Protection, 8/11/2014 4:09:04 PM, SYSTEM, EAST, Protection, Malicious Website Protection, Started, 
Update, 8/11/2014 4:09:15 PM, SYSTEM, EAST, Manual, Rootkit Database, 2014.2.20.1, 2014.8.4.1, 
Update, 8/11/2014 4:09:26 PM, SYSTEM, EAST, Manual, Malware Database, 2014.3.4.9, 2014.8.11.8, 
Protection, 8/11/2014 4:09:29 PM, SYSTEM, EAST, Protection, Refresh, Starting, 
Protection, 8/11/2014 4:09:29 PM, SYSTEM, EAST, Protection, Malicious Website Protection, Stopping, 
Protection, 8/11/2014 4:09:30 PM, SYSTEM, EAST, Protection, Malicious Website Protection, Stopped, 
Protection, 8/11/2014 4:09:41 PM, SYSTEM, EAST, Protection, Refresh, Success, 
Protection, 8/11/2014 4:09:42 PM, SYSTEM, EAST, Protection, Malicious Website Protection, Starting, 
Protection, 8/11/2014 4:09:42 PM, SYSTEM, EAST, Protection, Malicious Website Protection, Started, 
Detection, 8/11/2014 4:10:24 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, Quarantine, [85cf5e671b6083b38e90f0cb45bd916f]
Protection, 8/11/2014 4:10:25 PM, SYSTEM, EAST, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, 
Error, 8/11/2014 4:10:25 PM, SYSTEM, EAST, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, 
Detection, 8/11/2014 4:10:42 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, Quarantine, [85cf5e671b6083b38e90f0cb45bd916f]
Protection, 8/11/2014 4:10:44 PM, SYSTEM, EAST, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, 
Error, 8/11/2014 4:10:44 PM, SYSTEM, EAST, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, 
Detection, 8/11/2014 4:18:01 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, Quarantine, [85cf5e671b6083b38e90f0cb45bd916f]
Protection, 8/11/2014 4:18:02 PM, SYSTEM, EAST, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, 
Error, 8/11/2014 4:18:02 PM, SYSTEM, EAST, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, 
Detection, 8/11/2014 4:35:22 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, C:\Program Files (x86)\Settings Manager\systemk\systemkbho.dll, Quarantine, [5202279e9dde6ccab563a9dea958966a]
Detection, 8/11/2014 4:35:29 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, C:\Program Files (x86)\Settings Manager\systemk\x64\systemkbho.dll, Quarantine, [1f35cafb63189d99ba5ee5a21de4ed13]
Detection, 8/11/2014 4:36:23 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\systemkbho.dll, Quarantine, [5202279e9dde6ccab563a9dea958966a]
Protection, 8/11/2014 4:36:24 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\systemkbho.dll, 
Error, 8/11/2014 4:36:24 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\systemkbho.dll, 
Detection, 8/11/2014 4:36:25 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, Quarantine, [1f35cafb63189d99ba5ee5a21de4ed13]
Protection, 8/11/2014 4:36:25 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, 
Error, 8/11/2014 4:36:25 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, 
Detection, 8/11/2014 4:37:18 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, Quarantine, [1f35cafb63189d99ba5ee5a21de4ed13]
Detection, 8/11/2014 4:37:18 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\systemkbho.dll, Quarantine, [5202279e9dde6ccab563a9dea958966a]
Protection, 8/11/2014 4:37:19 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\systemkbho.dll, 
Error, 8/11/2014 4:37:19 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\systemkbho.dll, 
Protection, 8/11/2014 4:37:19 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, 
Error, 8/11/2014 4:37:19 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, 
Detection, 8/11/2014 4:37:41 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, Quarantine, [1f35cafb63189d99ba5ee5a21de4ed13]
Detection, 8/11/2014 4:37:41 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\systemkbho.dll, Quarantine, [5202279e9dde6ccab563a9dea958966a]
Protection, 8/11/2014 4:37:41 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, 
Error, 8/11/2014 4:37:41 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, 
Detection, 8/11/2014 4:39:02 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\systemkbho.dll, Quarantine, [5202279e9dde6ccab563a9dea958966a]
Detection, 8/11/2014 4:39:03 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, Quarantine, [1f35cafb63189d99ba5ee5a21de4ed13]
Protection, 8/11/2014 4:39:03 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\systemkbho.dll, 
Protection, 8/11/2014 4:39:03 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, 
Error, 8/11/2014 4:39:03 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\systemkbho.dll, 
Error, 8/11/2014 4:39:03 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, 
Detection, 8/11/2014 4:39:10 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\systemkbho.dll, Quarantine, [5202279e9dde6ccab563a9dea958966a]
Protection, 8/11/2014 4:39:11 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\systemkbho.dll, 
Error, 8/11/2014 4:39:11 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\systemkbho.dll, 
Detection, 8/11/2014 4:39:12 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\systemk\x64\syskldr.dll, Quarantine, [01533a8badce0036110dac0f37cba858]
Detection, 8/11/2014 4:39:14 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, C:\Program Files (x86)\Settings Manager\systemk\x64\systemk.dll, Quarantine, [a5afa4213e3d9e9834e41d6a45bc24dc]
Detection, 8/11/2014 4:39:26 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, Quarantine, [85cf5e671b6083b38e90f0cb45bd916f]
Detection, 8/11/2014 4:39:26 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, Quarantine, [1f35cafb63189d99ba5ee5a21de4ed13]
Protection, 8/11/2014 4:39:26 PM, SYSTEM, EAST, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, 
Error, 8/11/2014 4:39:26 PM, SYSTEM, EAST, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, 
Protection, 8/11/2014 4:39:26 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, 
Error, 8/11/2014 4:39:26 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, 
Detection, 8/11/2014 4:40:59 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\systemkbho.dll, Quarantine, [5202279e9dde6ccab563a9dea958966a]
Protection, 8/11/2014 4:40:59 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\systemkbho.dll, 
Error, 8/11/2014 4:40:59 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\systemkbho.dll, 
Detection, 8/11/2014 4:41:00 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\x64\systemk.dll, Quarantine, [a5afa4213e3d9e9834e41d6a45bc24dc]
Protection, 8/11/2014 4:41:00 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemk.dll, 
Error, 8/11/2014 4:41:00 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemk.dll, 
Detection, 8/11/2014 4:41:04 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SettingsManager.A, c:\program files (x86)\settings manager\systemk\x64\syskldr.dll, Quarantine, [01533a8badce0036110dac0f37cba858]
Protection, 8/11/2014 4:41:04 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\syskldr.dll, 
Error, 8/11/2014 4:41:04 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\syskldr.dll, 
Detection, 8/11/2014 4:41:10 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, Quarantine, [85cf5e671b6083b38e90f0cb45bd916f]
Protection, 8/11/2014 4:41:11 PM, SYSTEM, EAST, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, 
Error, 8/11/2014 4:41:11 PM, SYSTEM, EAST, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, 
Detection, 8/11/2014 4:41:12 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, Quarantine, [1f35cafb63189d99ba5ee5a21de4ed13]
Protection, 8/11/2014 4:41:13 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, 
Error, 8/11/2014 4:41:13 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, 
Detection, 8/11/2014 4:41:29 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\systemkbho.dll, Quarantine, [5202279e9dde6ccab563a9dea958966a]
Protection, 8/11/2014 4:41:29 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\systemkbho.dll, 
Detection, 8/11/2014 4:41:29 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SettingsManager.A, c:\program files (x86)\settings manager\systemk\x64\syskldr.dll, Quarantine, [01533a8badce0036110dac0f37cba858]
Error, 8/11/2014 4:41:29 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\systemkbho.dll, 
Protection, 8/11/2014 4:41:29 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settinr\systemk\x64\syskldr.dll, 
Error, 8/11/2014 4:41:30 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\syskldr.dll, 
Detection, 8/11/2014 4:41:46 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\systemkbho.dll, Quarantine, [5202279e9dde6ccab563a9dea958966a]
Detection, 8/11/2014 4:41:46 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SettingsManager.A, c:\program files (x86)\settings manager\systemk\x64\syskldr.dll, Quarantine, [01533a8badce0036110dac0f37cba858]
Detection, 8/11/2014 4:41:47 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\x64\systemk.dll, Quarantine, [a5afa4213e3d9e9834e41d6a45bc24dc]
Protection, 8/11/2014 4:41:47 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\systemkbho.dll, 
Protection, 8/11/2014 4:41:47 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\syskldr.dll, 
Error, 8/11/2014 4:41:47 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\systemkbho.dll, 
Error, 8/11/2014 4:41:47 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\syskldr.dll, 
Protection, 8/11/2014 4:41:47 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemk.dll, 
Error, 8/11/2014 4:41:47 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemk.dll, 
Detection, 8/11/2014 4:41:52 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\systemkbho.dll, Quarantine, [5202279e9dde6ccab563a9dea958966a]
Protection, 8/11/2014 4:41:53 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\systemkbho.dll, 
Error, 8/11/2014 4:41:53 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\systemkbho.dll, 
Detection, 8/11/2014 4:41:53 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SettingsManager.A, c:\program files (x86)\settings manager\systemk\x64\syskldr.dll, Quarantine, [01533a8badce0036110dac0f37cba858]
Protection, 8/11/2014 4:41:54 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\syskldr.dll, 
Error, 8/11/2014 4:41:54 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\syskldr.dll, 
Detection, 8/11/2014 4:41:55 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\x64\systemk.dll, Quarantine, [a5afa4213e3d9e9834e41d6a45bc24dc]
Protection, 8/11/2014 4:41:55 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemk.dll, 
Error, 8/11/2014 4:41:55 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemk.dll, 
Detection, 8/11/2014 4:41:56 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, Quarantine, [1f35cafb63189d99ba5ee5a21de4ed13]
Protection, 8/11/2014 4:41:56 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, 
Error, 8/11/2014 4:41:56 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, 
Detection, 8/11/2014 4:41:58 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\systemkbho.dll, Quarantine, [5202279e9dde6ccab563a9dea958966a]
Detection, 8/11/2014 4:41:58 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SettingsManager.A, c:\program files (x86)\settings manager\systemk\x64\syskldr.dll, Quarantine, [01533a8badce0036110dac0f37cba858]
Detection, 8/11/2014 4:41:58 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\x64\systemk.dll, Quarantine, [a5afa4213e3d9e9834e41d6a45bc24dc]
Protection, 8/11/2014 4:41:58 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemk.dll, 
Protection, 8/11/2014 4:41:58 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\systemkbho.dll, 
Error, 8/11/2014 4:41:58 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\systemkbho.dll, 
Detection, 8/11/2014 4:41:59 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, Quarantine, [85cf5e671b6083b38e90f0cb45bd916f]
Detection, 8/11/2014 4:42:00 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, Quarantine, [1f35cafb63189d99ba5ee5a21de4ed13]
Protection, 8/11/2014 4:42:00 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, 
Error, 8/11/2014 4:42:00 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, 
Protection, 8/11/2014 4:42:00 PM, SYSTEM, EAST, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, 
Error, 8/11/2014 4:42:00 PM, SYSTEM, EAST, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, 
Detection, 8/11/2014 4:42:09 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\systemkbho.dll, Quarantine, [5202279e9dde6ccab563a9dea958966a]
Protection, 8/11/2014 4:42:09 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\systemkbho.dll, 
Error, 8/11/2014 4:42:09 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\systemkbho.dll, 
Detection, 8/11/2014 4:42:09 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SettingsManager.A, c:\program files (x86)\settings manager\systemk\x64\syskldr.dll, Quarantine, [01533a8badce0036110dac0f37cba858]
Protection, 8/11/2014 4:42:10 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\syskldr.dll, 
Error, 8/11/2014 4:42:10 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\syskldr.dll, 
Detection, 8/11/2014 4:42:25 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\systemkbho.dll, Quarantine, [5202279e9dde6ccab563a9dea958966a]
Protection, 8/11/2014 4:42:25 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\systemkbho.dll, 
Error, 8/11/2014 4:42:25 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\systemkbho.dll, 
Detection, 8/11/2014 4:42:27 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SettingsManager.A, c:\program files (x86)\settings manager\systemk\x64\syskldr.dll, Quarantine, [01533a8badce0036110dac0f37cba858]
Protection, 8/11/2014 4:42:28 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\syskldr.dll, 
Error, 8/11/2014 4:42:28 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\syskldr.dll, 
Detection, 8/11/2014 4:43:18 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\systemkbho.dll, Quarantine, [5202279e9dde6ccab563a9dea958966a]
Detection, 8/11/2014 4:43:18 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SettingsManager.A, c:\program files (x86)\settings manager\systemk\x64\syskldr.dll, Quarantine, [01533a8badce0036110dac0f37cba858]
Detection, 8/11/2014 4:43:19 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\x64\systemk.dll, Quarantine, [a5afa4213e3d9e9834e41d6a45bc24dc]
Protection, 8/11/2014 4:43:19 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\systemkbho.dll, 
Protection, 8/11/2014 4:43:19 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemk.dll, 
Error, 8/11/2014 4:43:19 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemk.dll, 
Protection, 8/11/2014 4:43:19 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\syskldr.dll, 
Error, 8/11/2014 4:43:19 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\syskldr.dll, 
Error, 8/11/2014 4:43:19 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\systemkbho.dll, 
Detection, 8/11/2014 4:43:20 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, Quarantine, [1f35cafb63189d99ba5ee5a21de4ed13]
Protection, 8/11/2014 4:43:20 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, 
Error, 8/11/2014 4:43:21 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, 
Detection, 8/11/2014 4:43:23 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SettingsManager.A, c:\program files (x86)\settings manager\systemk\x64\syskldr.dll, Quarantine, [01533a8badce0036110dac0f37cba858]
Detection, 8/11/2014 4:43:23 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\systemkbho.dll, Quarantine, [5202279e9dde6ccab563a9dea958966a]
Detection, 8/11/2014 4:43:23 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\x64\systemk.dll, Quarantine, [a5afa4213e3d9e9834e41d6a45bc24dc]
Protection, 8/11/2014 4:43:23 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\systemkbho.dll, 
Error, 8/11/2014 4:43:23 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\systemkbho.dll, 
Protection, 8/11/2014 4:43:23 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemk.dll, 
Error, 8/11/2014 4:43:23 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemk.dll, 
Detection, 8/11/2014 4:43:24 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, Quarantine, [85cf5e671b6083b38e90f0cb45bd916f]
Protection, 8/11/2014 4:43:25 PM, SYSTEM, EAST, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, 
Error, 8/11/2014 4:43:25 PM, SYSTEM, EAST, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, 
Detection, 8/11/2014 4:43:25 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, Quarantine, [1f35cafb63189d99ba5ee5a21de4ed13]
Protection, 8/11/2014 4:43:25 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, 
Error, 8/11/2014 4:43:25 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, 
Detection, 8/11/2014 4:43:32 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\systemkbho.dll, Quarantine, [5202279e9dde6ccab563a9dea958966a]
Protection, 8/11/2014 4:43:33 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\systemkbho.dll, 
Error, 8/11/2014 4:43:33 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\systemkbho.dll, 
Detection, 8/11/2014 4:43:33 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\x64\systemk.dll, Quarantine, [a5afa4213e3d9e9834e41d6a45bc24dc]
Protection, 8/11/2014 4:43:33 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemk.dll, 
Error, 8/11/2014 4:43:33 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemk.dll, 
Detection, 8/11/2014 4:43:33 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SettingsManager.A, c:\program files (x86)\settings manager\systemk\x64\syskldr.dll, Quarantine, [01533a8badce0036110dac0f37cba858]
Detection, 8/11/2014 4:43:33 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, Quarantine, [85cf5e671b6083b38e90f0cb45bd916f]
Protection, 8/11/2014 4:43:33 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\syskldr.dll, 
Error, 8/11/2014 4:43:33 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\syskldr.dll, 
Protection, 8/11/2014 4:43:34 PM, SYSTEM, EAST, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, 
Error, 8/11/2014 4:43:34 PM, SYSTEM, EAST, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, 
Detection, 8/11/2014 4:43:35 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, Quarantine, [1f35cafb63189d99ba5ee5a21de4ed13]
Protection, 8/11/2014 4:43:35 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, 
Error, 8/11/2014 4:43:35 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, 
Detection, 8/11/2014 4:44:03 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\systemkbho.dll, Quarantine, [5202279e9dde6ccab563a9dea958966a]
Detection, 8/11/2014 4:44:03 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\x64\systemk.dll, Quarantine, [a5afa4213e3d9e9834e41d6a45bc24dc]
Detection, 8/11/2014 4:44:03 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, Quarantine, [1f35cafb63189d99ba5ee5a21de4ed13]
Detection, 8/11/2014 4:44:03 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SettingsManager.A, c:\program files (x86)\settings manager\systemk\x64\syskldr.dll, Quarantine, [01533a8badce0036110dac0f37cba858]
Protection, 8/11/2014 4:44:03 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, 
Error, 8/11/2014 4:44:03 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, 
Protection, 8/11/2014 4:44:03 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\syskldr.dll, 
Error, 8/11/2014 4:44:03 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\systemkbho.dll, 
Error, 8/11/2014 4:44:03 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\syskldr.dll, 
Error, 8/11/2014 4:44:03 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemk.dll, 
Detection, 8/11/2014 4:44:04 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, Quarantine, [85cf5e671b6083b38e90f0cb45bd916f]
Protection, 8/11/2014 4:44:04 PM, SYSTEM, EAST, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, 
Error, 8/11/2014 4:44:04 PM, SYSTEM, EAST, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, 
Detection, 8/11/2014 4:44:07 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\systemkbho.dll, Quarantine, [5202279e9dde6ccab563a9dea958966a]
Detection, 8/11/2014 4:44:07 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\x64\systemk.dll, Quarantine, [a5afa4213e3d9e9834e41d6a45bc24dc]
Detection, 8/11/2014 4:44:07 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SystemK.A, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, Quarantine, [1f35cafb63189d99ba5ee5a21de4ed13]
Protection, 8/11/2014 4:44:08 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\systemkbho.dll, 
Protection, 8/11/2014 4:44:08 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemkbho.dll, 
Error, 8/11/2014 4:44:08 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\systemkbho.dll, 
Error, 8/11/2014 4:44:08 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\systemk.dll, 
Protection, 8/11/2014 4:44:08 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\syskldr.dll, 
Error, 8/11/2014 4:44:08 PM, SYSTEM, EAST, Protection, SDKQuarantine, 2, Failed, c:\program files (x86)\settings manager\systemk\x64\syskldr.dll, 
Detection, 8/11/2014 4:44:09 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, Quarantine, [85cf5e671b6083b38e90f0cb45bd916f]
Protection, 8/11/2014 4:44:09 PM, SYSTEM, EAST, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, 
Error, 8/11/2014 4:44:09 PM, SYSTEM, EAST, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, 
Detection, 8/11/2014 4:46:37 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, Quarantine, [85cf5e671b6083b38e90f0cb45bd916f]
Protection, 8/11/2014 4:46:38 PM, SYSTEM, EAST, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, 
Error, 8/11/2014 4:46:38 PM, SYSTEM, EAST, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, 
Detection, 8/11/2014 4:48:05 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.SettingsManager.A, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, Quarantine, [85cf5e671b6083b38e90f0cb45bd916f]
Protection, 8/11/2014 4:48:06 PM, SYSTEM, EAST, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, 
Error, 8/11/2014 4:48:06 PM, SYSTEM, EAST, Protection, DeleteFile, 5, Failed, C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll, 
Detection, 8/11/2014 4:48:07 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, Quarantine, [6be97a4bea91b28464abf36ee21f49b7]
Detection, 8/11/2014 4:48:07 PM, SYSTEM, EAST, Protection, Malware Protection, File, PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, Quarantine, [c193972e3a41033312118b09cd34d12f]
Protection, 8/11/2014 4:48:08 PM, SYSTEM, EAST, Protection, DeleteFile, 5, Failed, C:\ProgramData\IePluginServices\PluginService.exe, 
Error, 8/11/2014 4:48:08 PM, SYSTEM, EAST, Protection, DeleteFile, 5, Failed, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 
Error, 8/11/2014 4:48:08 PM, SYSTEM, EAST, Protection, DeleteFile, 5, Failed, C:\ProgramData\IePluginServices\PluginService.exe, 
Protection, 8/11/2014 4:56:57 PM, SYSTEM, EAST, Protection, Malware Protection, Starting, 
Protection, 8/11/2014 4:56:57 PM, SYSTEM, EAST, Protection, Malware Protection, Started, 
Protection, 8/11/2014 4:56:58 PM, SYSTEM, EAST, Protection, Malicious Website Protection, Starting, 
Protection, 8/11/2014 4:56:59 PM, SYSTEM, EAST, Protection, Malicious Website Protection, Started, 
 
(end)
 
# AdwCleaner v3.304 - Report created 11/08/2014 at 16:54:38
# Updated 08/08/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : wenewman - EAST
# Running from : C:\Users\wenewman\Desktop\tools for fixing the computer so it runs good and does other stuff well\adwcleaner_3.304.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : IePluginServices
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\systemk
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\cosstminn
Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\Settings Manager
Folder Deleted : C:\Program Files (x86)\supporter
Folder Deleted : C:\Program Files (x86)\cosstminn
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\wenewman\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\wenewman\AppData\Local\globalUpdate
Folder Deleted : C:\Users\wenewman\AppData\Local\PackageAware
Folder Deleted : C:\Users\wenewman\AppData\Local\torch
Folder Deleted : C:\Users\wenewman\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\wenewman\AppData\Roaming\GroovorioUpdater
Folder Deleted : C:\Users\wenewman\Documents\Optimizer Pro
File Deleted : C:\END
File Deleted : C:\windows\System32\roboot64.exe
File Deleted : C:\Users\wenewman\AppData\Roaming\Mozilla\Firefox\Profiles\wqwu9bbe.default\user.js
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : Optimizer Pro Schedule
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\Users\wenewman\Desktop\Search.lnk
Shortcut Disinfected : C:\Users\wenewman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DealKeeper_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DealKeeper_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateDealKeeper_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateDealKeeper_RASMANCS
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\GlobalUpdate
Key Deleted : HKLM\Software\supWPM
Key Deleted : HKLM\Software\Tutorials
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17028
 
 
-\\ Mozilla Firefox v31.0 (x86 en-US)
 
[ File : C:\Users\wenewman\AppData\Roaming\Mozilla\Firefox\Profiles\wqwu9bbe.default\prefs.js ]
 
Line Deleted : user_pref("browser.search.order.1", "default-search.net");
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.helperbar.Visibility", false);
Line Deleted : user_pref("extensions.helperbar.keepAliveLastevent", "1406917836");
Line Deleted : user_pref("extensions.helperbar.lastExternalJsUpdate", "1406875726816");
Line Deleted : user_pref("extensions.zaG1VqiE.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorob[...]
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\wenewman\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : blmchfpimpbbdmgpcieclabeafkljbhm
 
*************************
 
AdwCleaner[R0].txt - [6124 octets] - [11/08/2014 16:49:52]
AdwCleaner[S0].txt - [5684 octets] - [11/08/2014 16:54:38]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5744 octets] ##########
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01
Ran by wenewman (administrator) on EAST on 11-08-2014 16:58:32
Running from C:\Users\wenewman\Desktop\tools for fixing the computer so it runs good and does other stuff well
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6549136 2012-07-02] (Realtek Semiconductor)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2014-02-07] (LogMeIn, Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-10-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-04-25] (Check Point Software Technologies Ltd.)
HKU\S-1-5-21-458158165-3605172897-2890421040-1001\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-458158165-3605172897-2890421040-1001\...\MountPoints2: {21668a7b-f97e-11e3-be9a-7054d23c78af} - "F:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-458158165-3605172897-2890421040-1001\...\MountPoints2: {75fdac69-82b1-11e3-be8b-7054d23c78af} - "F:\MotoCastSetup.exe" -a
HKU\S-1-5-21-458158165-3605172897-2890421040-1001\...\MountPoints2: {7b5251a4-f030-11e2-be7b-7054d23c78af} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-458158165-3605172897-2890421040-1001\...\MountPoints2: {ef4bd43d-b0e0-11e3-be90-7054d23c78af} - "F:\VZW_Software_upgrade_assistant.exe" 
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\wenewman\AppData\Roaming\Mozilla\Firefox\Profiles\wqwu9bbe.default
FF DefaultSearchEngine: Astromenda
FF SelectedSearchEngine: Astromenda
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @EDVR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\wenewman\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Extension: cosstminn - C:\Users\wenewman\AppData\Roaming\Mozilla\Firefox\Profiles\wqwu9bbe.default\Extensions\yyyeba0wg@e-uouym.co.uk [2014-08-01]
FF Extension: No Name - C:\Users\wenewman\AppData\Roaming\Mozilla\Firefox\Profiles\wqwu9bbe.default\Extensions\{73843edf-1075-4a55-947c-e13e0dc9349e} [2014-07-25]
FF Extension: No Name - C:\Users\wenewman\AppData\Roaming\Mozilla\Firefox\Profiles\wqwu9bbe.default\Extensions\{849ded12-59e9-4dae-8f86-918b70d213dc} [2014-08-01]
FF Extension: No Name - C:\Users\wenewman\AppData\Roaming\Mozilla\Firefox\Profiles\wqwu9bbe.default\Extensions\{D01EF1DB-DEC8-D2A8-026B-DB6EC54E6979} [2014-07-24]
FF Extension: QuickJava - C:\Users\wenewman\AppData\Roaming\Mozilla\Firefox\Profiles\wqwu9bbe.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2014-07-24]
 
Chrome: 
=======
CHR HomePage: hxxp://www.gmail.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\wenewman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-17]
CHR Extension: (Google Drive) - C:\Users\wenewman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\wenewman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\wenewman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-17]
CHR Extension: (Google Cast) - C:\Users\wenewman\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-04-03]
CHR Extension: (Google Search) - C:\Users\wenewman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-17]
CHR Extension: (cosstminn) - C:\Users\wenewman\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfeafjkmjlbfodngcjfbdddmgndmafle [2014-08-01]
CHR Extension: (videos MediaPlay-Air) - C:\Users\wenewman\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklgpchfbohgmghgfagediakopecfmbm [2014-08-01]
CHR Extension: (Boomerang for Gmail) - C:\Users\wenewman\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2013-04-17]
CHR Extension: (Google Wallet) - C:\Users\wenewman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Gmail) - C:\Users\wenewman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-17]
CHR Extension: (cosstminn) - C:\Users\wenewman\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfeafjkmjlbfodngcjfbdddmgndmafle\2.0 [2014-08-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356912 2014-07-19] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-07-18] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-07-18] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2014-02-07] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-04-25] (Check Point Software Technologies Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [92176 2014-04-09] (Check Point Software Technologies, Ltd.)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2014-03-19] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2014-03-19] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-03-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [490080 2014-03-19] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-03-19] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [49760 2014-03-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [177760 2014-03-19] (Kaspersky Lab ZAO)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2014-02-07] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [122584 2014-08-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450968 2014-04-24] (Check Point Software Technologies Ltd.)
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [X]
S3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [X]
S3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-11 16:58 - 2014-08-11 16:58 - 00000000 ____D () C:\FRST
2014-08-11 16:50 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-08-11 16:49 - 2014-08-11 16:55 - 00000000 ____D () C:\AdwCleaner
2014-08-11 16:09 - 2014-08-11 16:57 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-11 16:08 - 2014-08-11 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-11 16:08 - 2014-08-11 16:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-11 16:08 - 2014-08-11 16:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-11 16:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-08-11 16:08 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-08-11 16:08 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-08-09 09:12 - 2014-08-09 09:12 - 00000000 ____D () C:\Users\wenewman\AppData\Local\LogMeIn Client
2014-08-09 09:11 - 2014-08-09 09:11 - 03716768 _____ (LogMeIn, Inc.) C:\Users\wenewman\Downloads\LogMeIn Client (2).exe
2014-08-09 09:10 - 2014-08-09 09:10 - 03716768 _____ (LogMeIn, Inc.) C:\Users\wenewman\Downloads\LogMeIn Client.exe
2014-08-09 09:10 - 2014-08-09 09:10 - 03716768 _____ (LogMeIn, Inc.) C:\Users\wenewman\Downloads\LogMeIn Client (1).exe
2014-08-08 16:18 - 2014-08-08 16:18 - 00008138 _____ () C:\Users\wenewman\Desktop\Catering Bank Log.xlsx
2014-08-08 10:33 - 2014-08-08 10:33 - 00911232 _____ () C:\Users\wenewman\Downloads\WebClient (3).exe
2014-08-06 18:02 - 2014-08-06 18:02 - 634016690 _____ () C:\windows\MEMORY.DMP
2014-08-06 18:02 - 2014-08-06 18:02 - 00296112 _____ () C:\windows\Minidump\080614-18345-01.dmp
2014-08-06 18:02 - 2014-08-06 18:02 - 00000000 ____D () C:\windows\Minidump
2014-08-06 09:36 - 2014-08-06 09:36 - 00279040 _____ () C:\Users\wenewman\Downloads\EDE Bevinco Reports for 7-23-2014 to 7-29-2014 (5).xls
2014-08-06 09:24 - 2014-08-06 09:24 - 00279040 _____ () C:\Users\wenewman\Downloads\EDE Bevinco Reports for 7-23-2014 to 7-29-2014 (4).xls
2014-08-06 09:23 - 2014-08-06 09:23 - 00279040 _____ () C:\Users\wenewman\Downloads\EDE Bevinco Reports for 7-23-2014 to 7-29-2014 (3).xls
2014-08-06 09:23 - 2014-08-06 09:23 - 00279040 _____ () C:\Users\wenewman\Downloads\EDE Bevinco Reports for 7-23-2014 to 7-29-2014 (2).xls
2014-08-06 09:21 - 2014-08-06 09:21 - 00281600 _____ () C:\Users\wenewman\Downloads\EDE Bevinco Reports for 7-17-2014 to 7-22-2014.xls
2014-08-06 09:21 - 2014-08-06 09:21 - 00279040 _____ () C:\Users\wenewman\Downloads\EDE Bevinco Reports for 7-23-2014 to 7-29-2014 (1).xls
2014-08-06 09:20 - 2014-08-06 09:20 - 00279040 _____ () C:\Users\wenewman\Downloads\EDE Bevinco Reports for 7-23-2014 to 7-29-2014.xls
2014-08-06 00:52 - 2014-08-06 00:52 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-08-05 19:37 - 2014-08-06 18:01 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-08-05 19:31 - 2014-08-05 19:36 - 233663808 _____ (Emsisoft GmbH ) C:\Users\wenewman\Downloads\EmsisoftAntiMalwareSetup.exe
2014-08-05 19:23 - 2014-08-09 03:51 - 00003369 ____H () C:\windows\SysWOW64\BTImages.dat
2014-08-05 19:23 - 2014-08-06 17:37 - 00025369 _____ () C:\Users\wenewman\Desktop\dds.txt
2014-08-05 19:23 - 2014-08-06 17:37 - 00013383 _____ () C:\Users\wenewman\Desktop\attach.txt
2014-08-05 18:16 - 2014-08-05 18:24 - 00431011 _____ () C:\windows\system32\Drivers\vsconfig.xml
2014-08-05 18:16 - 2014-03-19 19:08 - 07717984 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\kl1.sys
2014-08-05 18:16 - 2014-03-19 19:08 - 00490080 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klif.sys
2014-08-05 18:16 - 2014-03-19 19:08 - 00177760 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\kneps.sys
2014-08-05 18:16 - 2014-03-19 19:08 - 00092768 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klflt.sys
2014-08-05 18:16 - 2014-03-19 19:08 - 00064856 _____ (Kaspersky Lab) C:\windows\system32\klfphc.dll
2014-08-05 18:16 - 2014-03-19 19:08 - 00049760 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klwfp.sys
2014-08-05 18:16 - 2014-03-19 19:08 - 00030304 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klim6.sys
2014-08-05 18:15 - 2014-08-05 18:15 - 00000762 _____ () C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2014-08-05 18:15 - 2014-08-05 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2014-08-05 18:10 - 2014-08-05 18:15 - 00000000 ____D () C:\Program Files (x86)\CheckPoint
2014-08-05 18:09 - 2014-08-05 18:09 - 03384000 _____ (Check Point Software Technologies Ltd.) C:\Users\wenewman\Downloads\zaAvSetupWeb_131_211_000.exe
2014-08-05 18:09 - 2014-08-05 18:09 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-08-04 18:27 - 2014-08-04 18:27 - 00000017 _____ () C:\Users\wenewman\AppData\Local\resmon.resmoncfg
2014-08-04 18:23 - 2014-08-11 16:56 - 00274680 _____ () C:\windows\PFRO.log
2014-08-04 18:22 - 2014-08-11 16:54 - 00001238 _____ () C:\Users\wenewman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-04 18:14 - 2014-08-11 16:58 - 00000000 ____D () C:\Users\wenewman\Desktop\tools for fixing the computer so it runs good and does other stuff well
2014-08-04 18:14 - 2014-08-04 18:14 - 00069662 _____ () C:\Users\wenewman\Downloads\PageDefrag.zip
2014-08-04 13:01 - 2014-08-04 13:01 - 19399426 _____ () C:\Users\wenewman\Downloads\fwdnewplans.zip
2014-08-01 23:17 - 2014-08-01 23:17 - 00002778 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-08-01 23:17 - 2014-08-01 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-01 23:17 - 2014-08-01 23:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-01 23:16 - 2014-08-01 23:16 - 04813544 _____ (Piriform Ltd) C:\Users\wenewman\Downloads\ccsetup416.exe
2014-08-01 23:07 - 2014-08-01 23:10 - 111309048 _____ (Microsoft Corporation) C:\Users\wenewman\Downloads\msert.exe
2014-08-01 19:04 - 2014-08-01 19:04 - 00002219 _____ () C:\Users\wenewman\Desktop\HP Support Assistant.lnk
2014-08-01 19:02 - 2014-08-01 19:02 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-08-01 19:00 - 2014-08-01 19:00 - 00000000 ____D () C:\Users\wenewman\AppData\Roaming\hpqLog
2014-08-01 16:38 - 2014-08-01 16:38 - 00003110 _____ () C:\windows\System32\Tasks\{AE6B9DBA-D9FF-4924-B440-1ADAB191441B}
2014-08-01 16:21 - 2014-08-01 16:21 - 00000000 _____ () C:\ProgramData\2d282020_c
2014-08-01 14:45 - 2014-08-01 11:24 - 00061584 _____ () C:\windows\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys
2014-08-01 14:16 - 2014-08-01 16:12 - 00000552 _____ () C:\windows\SysWOW64\schtasks.bin
2014-08-01 14:11 - 2014-08-01 16:19 - 00000000 ____D () C:\Users\wenewman\AppData\Roaming\Probit Software
2014-08-01 13:36 - 2014-08-01 13:35 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-08-01 13:35 - 2014-08-01 13:35 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-08-01 13:35 - 2014-08-01 13:35 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-08-01 13:35 - 2014-08-01 13:35 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-01 13:35 - 2014-08-01 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-01 13:33 - 2014-08-01 13:33 - 00918440 _____ (Oracle Corporation) C:\Users\wenewman\Downloads\jxpiinstall(2).exe
2014-08-01 13:29 - 2014-08-11 16:54 - 00001208 _____ () C:\Users\wenewman\Desktop\Search.lnk
2014-08-01 13:28 - 2014-08-01 13:28 - 00000000 ____D () C:\Users\wenewman\AppData\Local\com
2014-08-01 13:25 - 2014-08-01 16:21 - 00000000 ____D () C:\ProgramData\e3ee6a4c8583885b
2014-08-01 13:24 - 2014-08-01 13:24 - 00000000 ____D () C:\Users\wenewman\AppData\Local\Comodo
2014-08-01 13:24 - 2014-08-01 13:24 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-01 13:24 - 2014-08-01 13:24 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-01 13:24 - 2014-08-01 13:24 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-01 13:24 - 2014-08-01 13:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-01 13:24 - 2014-08-01 13:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-01 13:24 - 2014-08-01 13:24 - 00000000 ____D () C:\Users\Guest
2014-08-01 13:24 - 2014-08-01 13:24 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-01 13:24 - 2014-08-01 13:24 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-01 13:24 - 2014-08-01 13:24 - 00000000 ____D () C:\Users\Administrator
2014-08-01 13:23 - 2014-08-01 13:23 - 00000000 ____D () C:\Program Files (x86)\Probit Software
2014-08-01 13:21 - 2014-08-01 13:21 - 00918440 _____ (Oracle Corporation) C:\Users\wenewman\Downloads\jxpiinstall(1).exe
2014-08-01 13:16 - 2014-07-15 17:51 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hdaudbus.sys
2014-08-01 13:15 - 2014-05-28 23:04 - 00094552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2014-08-01 13:15 - 2014-05-07 20:34 - 00328024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
2014-07-30 21:40 - 2014-08-01 16:20 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-30 09:15 - 2014-08-11 16:56 - 00000354 _____ () C:\windows\Tasks\HPCeeScheduleForwenewman.job
2014-07-30 09:15 - 2014-08-10 01:04 - 00003174 _____ () C:\windows\System32\Tasks\HPCeeScheduleForwenewman
2014-07-28 08:50 - 2014-07-28 08:50 - 00000045 _____ () C:\Users\wenewman\AppData\Roaming\WB.CFG
2014-07-25 18:13 - 2014-07-25 18:13 - 00918952 _____ (Oracle Corporation) C:\Users\wenewman\Downloads\chromeinstall-7u65 (2).exe
2014-07-25 18:13 - 2014-07-25 18:13 - 00918952 _____ (Oracle Corporation) C:\Users\wenewman\Downloads\chromeinstall-7u65 (1).exe
2014-07-25 18:08 - 2014-07-25 18:08 - 00135977 _____ () C:\Users\wenewman\Downloads\securedoc(1).html
2014-07-25 14:53 - 2014-07-25 12:44 - 00061120 _____ () C:\windows\system32\Drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64.sys
2014-07-25 12:32 - 2014-07-25 12:32 - 00009099 _____ () C:\Users\wenewman\Downloads\1.xlsb
2014-07-25 08:49 - 2014-07-30 09:14 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-07-25 08:49 - 2014-07-30 09:13 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-07-25 08:47 - 2014-07-25 08:47 - 00000000 ____D () C:\Users\wenewman\AppData\Roaming\HP Support Assistant
2014-07-24 12:29 - 2014-07-24 12:30 - 00918440 _____ (Oracle Corporation) C:\Users\wenewman\Downloads\jxpiinstall.exe
2014-07-24 10:38 - 2014-07-24 10:38 - 00000000 ____D () C:\Program Files (x86)\Setup Support for Consumer Input
2014-07-23 12:27 - 2014-07-23 12:27 - 00918952 _____ (Oracle Corporation) C:\Users\wenewman\Downloads\chromeinstall-7u65.exe
2014-07-23 09:16 - 2014-07-23 09:16 - 00918440 _____ (Oracle Corporation) C:\Users\wenewman\Downloads\JavaSetup7u65 (1).exe
2014-07-23 09:05 - 2014-07-23 09:06 - 00325488 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-23 09:00 - 2014-07-23 09:00 - 00004653 _____ () C:\windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-23 08:57 - 2014-07-23 08:57 - 00918440 _____ (Oracle Corporation) C:\Users\wenewman\Downloads\JavaSetup7u65.exe
2014-07-19 17:35 - 2014-07-20 10:58 - 00041472 _____ () C:\Users\wenewman\Downloads\Nathan Poss (1).xls
2014-07-19 17:35 - 2014-07-19 17:35 - 00033792 _____ () C:\Users\wenewman\Downloads\Nathan Poss.xls
2014-07-16 13:04 - 2014-07-16 13:04 - 00008503 _____ () C:\Users\wenewman\Downloads\reportRunAction (25).xlsx
2014-07-15 11:17 - 2014-07-15 14:07 - 00278048 _____ () C:\Users\wenewman\Downloads\Edley's East 07-20-14 Wkly_&_Daily_VBI Management System-2 (Recovered) (2).xlsx
2014-07-14 14:34 - 2014-07-14 14:34 - 00280459 _____ () C:\Users\wenewman\Downloads\Edley's East 07-13-14 Wkly_&_Daily_VBI Management System-2 (Recovered) (2).xlsx
2014-07-13 08:50 - 2014-06-26 15:53 - 00703968 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-13 08:50 - 2014-06-26 15:53 - 00105440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-13 08:46 - 2014-07-13 08:46 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-12 14:27 - 2014-07-12 14:27 - 00279897 _____ () C:\Users\wenewman\Downloads\Edley's East 07-13-14 Wkly_&_Daily_VBI Management System-2 (Recovered) (1).xlsx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-11 17:01 - 2013-04-17 09:43 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-458158165-3605172897-2890421040-1001
2014-08-11 17:00 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\sru
2014-08-11 16:59 - 2013-05-29 12:35 - 00004970 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for East-wenewman East
2014-08-11 16:58 - 2014-08-11 16:58 - 00000000 ____D () C:\FRST
2014-08-11 16:58 - 2014-08-04 18:14 - 00000000 ____D () C:\Users\wenewman\Desktop\tools for fixing the computer so it runs good and does other stuff well
2014-08-11 16:58 - 2013-04-17 09:31 - 01225248 _____ () C:\windows\WindowsUpdate.log
2014-08-11 16:57 - 2014-08-11 16:09 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-11 16:57 - 2013-04-17 09:41 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-11 16:56 - 2014-08-04 18:23 - 00274680 _____ () C:\windows\PFRO.log
2014-08-11 16:56 - 2014-07-30 09:15 - 00000354 _____ () C:\windows\Tasks\HPCeeScheduleForwenewman.job
2014-08-11 16:56 - 2014-05-29 12:51 - 00000966 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-08-11 16:56 - 2014-05-29 12:51 - 00000950 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-08-11 16:56 - 2012-07-26 02:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-11 16:56 - 2012-07-26 00:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-08-11 16:55 - 2014-08-11 16:49 - 00000000 ____D () C:\AdwCleaner
2014-08-11 16:54 - 2014-08-04 18:22 - 00001238 _____ () C:\Users\wenewman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-11 16:54 - 2014-08-01 13:29 - 00001208 _____ () C:\Users\wenewman\Desktop\Search.lnk
2014-08-11 16:48 - 2013-08-22 08:42 - 00000000 ____D () C:\Users\wenewman\Desktop\BANK
2014-08-11 16:45 - 2013-04-17 09:41 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-11 16:41 - 2014-04-04 17:34 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-11 16:18 - 2014-04-25 10:50 - 00000590 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-458158165-3605172897-2890421040-1001.job
2014-08-11 16:08 - 2014-08-11 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-11 16:08 - 2014-08-11 16:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-11 16:08 - 2014-08-11 16:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-11 13:30 - 2013-06-01 10:49 - 00000000 ____D () C:\Users\wenewman\Desktop\CASH DUE
2014-08-11 12:48 - 2014-05-29 12:51 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-08-11 12:45 - 2013-04-17 09:36 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{FB35EEFD-EFB7-4519-B638-21C2D72C2764}
2014-08-10 22:52 - 2013-10-08 15:57 - 00000000 ____D () C:\Users\wenewman\Desktop\TIPS!
2014-08-10 01:04 - 2014-07-30 09:15 - 00003174 _____ () C:\windows\System32\Tasks\HPCeeScheduleForwenewman
2014-08-10 01:04 - 2013-04-17 09:32 - 00000000 ____D () C:\Users\wenewman
2014-08-09 09:12 - 2014-08-09 09:12 - 00000000 ____D () C:\Users\wenewman\AppData\Local\LogMeIn Client
2014-08-09 09:11 - 2014-08-09 09:11 - 03716768 _____ (LogMeIn, Inc.) C:\Users\wenewman\Downloads\LogMeIn Client (2).exe
2014-08-09 09:10 - 2014-08-09 09:10 - 03716768 _____ (LogMeIn, Inc.) C:\Users\wenewman\Downloads\LogMeIn Client.exe
2014-08-09 09:10 - 2014-08-09 09:10 - 03716768 _____ (LogMeIn, Inc.) C:\Users\wenewman\Downloads\LogMeIn Client (1).exe
2014-08-09 03:51 - 2014-08-05 19:23 - 00003369 ____H () C:\windows\SysWOW64\BTImages.dat
2014-08-09 00:58 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-08-08 16:18 - 2014-08-08 16:18 - 00008138 _____ () C:\Users\wenewman\Desktop\Catering Bank Log.xlsx
2014-08-08 10:33 - 2014-08-08 10:33 - 00911232 _____ () C:\Users\wenewman\Downloads\WebClient (3).exe
2014-08-06 18:12 - 2012-07-26 02:28 - 00005446 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-06 18:02 - 2014-08-06 18:02 - 634016690 _____ () C:\windows\MEMORY.DMP
2014-08-06 18:02 - 2014-08-06 18:02 - 00296112 _____ () C:\windows\Minidump\080614-18345-01.dmp
2014-08-06 18:02 - 2014-08-06 18:02 - 00000000 ____D () C:\windows\Minidump
2014-08-06 18:01 - 2014-08-05 19:37 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-08-06 18:01 - 2012-07-26 03:12 - 00000000 ___HD () C:\windows\ELAMBKUP
2014-08-06 18:01 - 2012-07-26 00:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-08-06 17:58 - 2012-12-10 20:35 - 00000000 ____D () C:\Program Files (x86)\HP Games
2014-08-06 17:56 - 2012-12-10 20:34 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-06 17:53 - 2012-12-10 20:34 - 00000000 ____D () C:\ProgramData\WildTangent
2014-08-06 17:53 - 2012-12-10 20:34 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-08-06 17:37 - 2014-08-05 19:23 - 00025369 _____ () C:\Users\wenewman\Desktop\dds.txt
2014-08-06 17:37 - 2014-08-05 19:23 - 00013383 _____ () C:\Users\wenewman\Desktop\attach.txt
2014-08-06 10:03 - 2013-04-17 09:32 - 00000000 ____D () C:\Users\wenewman\AppData\Local\Packages
2014-08-06 09:36 - 2014-08-06 09:36 - 00279040 _____ () C:\Users\wenewman\Downloads\EDE Bevinco Reports for 7-23-2014 to 7-29-2014 (5).xls
2014-08-06 09:24 - 2014-08-06 09:24 - 00279040 _____ () C:\Users\wenewman\Downloads\EDE Bevinco Reports for 7-23-2014 to 7-29-2014 (4).xls
2014-08-06 09:23 - 2014-08-06 09:23 - 00279040 _____ () C:\Users\wenewman\Downloads\EDE Bevinco Reports for 7-23-2014 to 7-29-2014 (3).xls
2014-08-06 09:23 - 2014-08-06 09:23 - 00279040 _____ () C:\Users\wenewman\Downloads\EDE Bevinco Reports for 7-23-2014 to 7-29-2014 (2).xls
2014-08-06 09:21 - 2014-08-06 09:21 - 00281600 _____ () C:\Users\wenewman\Downloads\EDE Bevinco Reports for 7-17-2014 to 7-22-2014.xls
2014-08-06 09:21 - 2014-08-06 09:21 - 00279040 _____ () C:\Users\wenewman\Downloads\EDE Bevinco Reports for 7-23-2014 to 7-29-2014 (1).xls
2014-08-06 09:20 - 2014-08-06 09:20 - 00279040 _____ () C:\Users\wenewman\Downloads\EDE Bevinco Reports for 7-23-2014 to 7-29-2014.xls
2014-08-06 00:52 - 2014-08-06 00:52 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-08-05 19:36 - 2014-08-05 19:31 - 233663808 _____ (Emsisoft GmbH ) C:\Users\wenewman\Downloads\EmsisoftAntiMalwareSetup.exe
2014-08-05 18:24 - 2014-08-05 18:16 - 00431011 _____ () C:\windows\system32\Drivers\vsconfig.xml
2014-08-05 18:15 - 2014-08-05 18:15 - 00000762 _____ () C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2014-08-05 18:15 - 2014-08-05 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2014-08-05 18:15 - 2014-08-05 18:10 - 00000000 ____D () C:\Program Files (x86)\CheckPoint
2014-08-05 18:09 - 2014-08-05 18:09 - 03384000 _____ (Check Point Software Technologies Ltd.) C:\Users\wenewman\Downloads\zaAvSetupWeb_131_211_000.exe
2014-08-05 18:09 - 2014-08-05 18:09 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-08-05 18:09 - 2013-04-17 09:55 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-04 21:04 - 2013-05-29 21:31 - 00405504 ___SH () C:\Users\wenewman\Desktop\Thumbs.db
2014-08-04 18:27 - 2014-08-04 18:27 - 00000017 _____ () C:\Users\wenewman\AppData\Local\resmon.resmoncfg
2014-08-04 18:14 - 2014-08-04 18:14 - 00069662 _____ () C:\Users\wenewman\Downloads\PageDefrag.zip
2014-08-04 13:01 - 2014-08-04 13:01 - 19399426 _____ () C:\Users\wenewman\Downloads\fwdnewplans.zip
2014-08-02 10:37 - 2014-07-02 10:59 - 00000000 ____D () C:\Users\wenewman\Desktop\FCO
2014-08-02 10:37 - 2014-07-02 10:46 - 00000000 ____D () C:\Users\wenewman\Desktop\TRACRITE
2014-08-01 23:18 - 2012-08-01 22:02 - 00000000 ____D () C:\windows\Panther
2014-08-01 23:17 - 2014-08-01 23:17 - 00002778 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-08-01 23:17 - 2014-08-01 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-01 23:17 - 2014-08-01 23:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-01 23:16 - 2014-08-01 23:16 - 04813544 _____ (Piriform Ltd) C:\Users\wenewman\Downloads\ccsetup416.exe
2014-08-01 23:10 - 2014-08-01 23:07 - 111309048 _____ (Microsoft Corporation) C:\Users\wenewman\Downloads\msert.exe
2014-08-01 19:04 - 2014-08-01 19:04 - 00002219 _____ () C:\Users\wenewman\Desktop\HP Support Assistant.lnk
2014-08-01 19:04 - 2012-12-10 20:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-08-01 19:04 - 2012-12-10 20:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-01 19:03 - 2012-12-10 20:09 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-08-01 19:02 - 2014-08-01 19:02 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-08-01 19:00 - 2014-08-01 19:00 - 00000000 ____D () C:\Users\wenewman\AppData\Roaming\hpqLog
2014-08-01 19:00 - 2012-12-10 20:19 - 00000000 ____D () C:\windows\System32\Tasks\Hewlett-Packard
2014-08-01 19:00 - 2012-12-10 20:12 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-08-01 19:00 - 2012-08-01 22:15 - 00000000 ____D () C:\SWSETUP
2014-08-01 18:08 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\rescache
2014-08-01 16:38 - 2014-08-01 16:38 - 00003110 _____ () C:\windows\System32\Tasks\{AE6B9DBA-D9FF-4924-B440-1ADAB191441B}
2014-08-01 16:21 - 2014-08-01 16:21 - 00000000 _____ () C:\ProgramData\2d282020_c
2014-08-01 16:21 - 2014-08-01 13:25 - 00000000 ____D () C:\ProgramData\e3ee6a4c8583885b
2014-08-01 16:20 - 2014-07-30 21:40 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-08-01 16:19 - 2014-08-01 14:11 - 00000000 ____D () C:\Users\wenewman\AppData\Roaming\Probit Software
2014-08-01 16:14 - 2014-07-02 10:46 - 00000000 ____D () C:\Users\wenewman\Desktop\EMPLOYEE
2014-08-01 16:12 - 2014-08-01 14:16 - 00000552 _____ () C:\windows\SysWOW64\schtasks.bin
2014-08-01 16:11 - 2012-07-26 00:26 - 00000194 _____ () C:\windows\win.ini
2014-08-01 16:00 - 2013-04-17 09:41 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-01 15:30 - 2012-12-10 20:20 - 00000000 ____D () C:\ProgramData\Temp
2014-08-01 14:10 - 2013-04-17 09:42 - 00002243 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-01 13:36 - 2013-10-16 06:40 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-01 13:35 - 2014-08-01 13:36 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-08-01 13:35 - 2014-08-01 13:35 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-08-01 13:35 - 2014-08-01 13:35 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-08-01 13:35 - 2014-08-01 13:35 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-01 13:35 - 2014-08-01 13:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-01 13:33 - 2014-08-01 13:33 - 00918440 _____ (Oracle Corporation) C:\Users\wenewman\Downloads\jxpiinstall(2).exe
2014-08-01 13:28 - 2014-08-01 13:28 - 00000000 ____D () C:\Users\wenewman\AppData\Local\com
2014-08-01 13:24 - 2014-08-01 13:24 - 00000000 ____D () C:\Users\wenewman\AppData\Local\Comodo
2014-08-01 13:24 - 2014-08-01 13:24 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-08-01 13:24 - 2014-08-01 13:24 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-08-01 13:24 - 2014-08-01 13:24 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-08-01 13:24 - 2014-08-01 13:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-01 13:24 - 2014-08-01 13:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-01 13:24 - 2014-08-01 13:24 - 00000000 ____D () C:\Users\Guest
2014-08-01 13:24 - 2014-08-01 13:24 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-01 13:24 - 2014-08-01 13:24 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-01 13:24 - 2014-08-01 13:24 - 00000000 ____D () C:\Users\Administrator
2014-08-01 13:24 - 2013-04-17 09:41 - 00000000 ____D () C:\Users\wenewman\AppData\Local\Google
2014-08-01 13:23 - 2014-08-01 13:23 - 00000000 ____D () C:\Program Files (x86)\Probit Software
2014-08-01 13:21 - 2014-08-01 13:21 - 00918440 _____ (Oracle Corporation) C:\Users\wenewman\Downloads\jxpiinstall(1).exe
2014-08-01 13:16 - 2012-07-26 02:59 - 00000000 ____D () C:\windows\CbsTemp
2014-08-01 12:50 - 2014-06-11 10:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-01 12:50 - 2014-03-06 13:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-01 12:50 - 2013-04-18 18:12 - 00000000 ____D () C:\Program Files\Webroot
2014-08-01 11:33 - 2014-03-06 13:06 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-01 11:32 - 2014-03-06 13:06 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-01 11:24 - 2014-08-01 14:45 - 00061584 _____ () C:\windows\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys
2014-07-30 21:40 - 2012-07-26 03:12 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-07-30 21:40 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
2014-07-30 09:15 - 2013-04-17 17:50 - 00000000 ____D () C:\Users\wenewman\AppData\Local\Hewlett-Packard
2014-07-30 09:14 - 2014-07-25 08:49 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-07-30 09:13 - 2014-07-25 08:49 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-07-28 16:05 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-07-28 10:25 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\NDF
2014-07-28 08:50 - 2014-07-28 08:50 - 00000045 _____ () C:\Users\wenewman\AppData\Roaming\WB.CFG
2014-07-27 10:43 - 2013-09-08 16:00 - 00000000 ____D () C:\Users\wenewman\Desktop\PASSWORDS
2014-07-25 18:13 - 2014-07-25 18:13 - 00918952 _____ (Oracle Corporation) C:\Users\wenewman\Downloads\chromeinstall-7u65 (2).exe
2014-07-25 18:13 - 2014-07-25 18:13 - 00918952 _____ (Oracle Corporation) C:\Users\wenewman\Downloads\chromeinstall-7u65 (1).exe
2014-07-25 18:08 - 2014-07-25 18:08 - 00135977 _____ () C:\Users\wenewman\Downloads\securedoc(1).html
2014-07-25 12:44 - 2014-07-25 14:53 - 00061120 _____ () C:\windows\system32\Drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64.sys
2014-07-25 12:32 - 2014-07-25 12:32 - 00009099 _____ () C:\Users\wenewman\Downloads\1.xlsb
2014-07-25 08:47 - 2014-07-25 08:47 - 00000000 ____D () C:\Users\wenewman\AppData\Roaming\HP Support Assistant
2014-07-25 08:47 - 2013-04-18 17:33 - 00000000 ____D () C:\Users\wenewman\AppData\Roaming\HpUpdate
2014-07-24 12:30 - 2014-07-24 12:29 - 00918440 _____ (Oracle Corporation) C:\Users\wenewman\Downloads\jxpiinstall.exe
2014-07-24 10:38 - 2014-07-24 10:38 - 00000000 ____D () C:\Program Files (x86)\Setup Support for Consumer Input
2014-07-23 12:27 - 2014-07-23 12:27 - 00918952 _____ (Oracle Corporation) C:\Users\wenewman\Downloads\chromeinstall-7u65.exe
2014-07-23 09:16 - 2014-07-23 09:16 - 00918440 _____ (Oracle Corporation) C:\Users\wenewman\Downloads\JavaSetup7u65 (1).exe
2014-07-23 09:06 - 2014-07-23 09:05 - 00325488 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-23 09:00 - 2014-07-23 09:00 - 00004653 _____ () C:\windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-23 09:00 - 2013-06-27 17:40 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-23 08:57 - 2014-07-23 08:57 - 00918440 _____ (Oracle Corporation) C:\Users\wenewman\Downloads\JavaSetup7u65.exe
2014-07-20 10:58 - 2014-07-19 17:35 - 00041472 _____ () C:\Users\wenewman\Downloads\Nathan Poss (1).xls
2014-07-20 08:32 - 2013-09-05 14:12 - 00000000 ____D () C:\Users\wenewman\Desktop\Edley's Master Files
2014-07-19 17:35 - 2014-07-19 17:35 - 00033792 _____ () C:\Users\wenewman\Downloads\Nathan Poss.xls
2014-07-18 14:44 - 2014-05-29 12:51 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-07-18 14:43 - 2014-05-29 12:51 - 00107368 _____ (LogMeIn, Inc.) C:\windows\system32\LMIRfsClientNP.dll
2014-07-18 14:43 - 2014-05-29 12:51 - 00092488 _____ (LogMeIn, Inc.) C:\windows\system32\LMIinit.dll
2014-07-18 14:43 - 2014-05-29 12:51 - 00035656 _____ (LogMeIn, Inc.) C:\windows\system32\LMIport.dll
2014-07-17 12:05 - 2013-10-08 15:58 - 00000000 ____D () C:\Users\wenewman\Desktop\PAYROLL
2014-07-16 13:04 - 2014-07-16 13:04 - 00008503 _____ () C:\Users\wenewman\Downloads\reportRunAction (25).xlsx
2014-07-15 17:51 - 2014-08-01 13:16 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hdaudbus.sys
2014-07-15 14:07 - 2014-07-15 11:17 - 00278048 _____ () C:\Users\wenewman\Downloads\Edley's East 07-20-14 Wkly_&_Daily_VBI Management System-2 (Recovered) (2).xlsx
2014-07-14 14:34 - 2014-07-14 14:34 - 00280459 _____ () C:\Users\wenewman\Downloads\Edley's East 07-13-14 Wkly_&_Daily_VBI Management System-2 (Recovered) (2).xlsx
2014-07-13 10:09 - 2014-04-25 10:50 - 00003588 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-458158165-3605172897-2890421040-1001
2014-07-13 08:55 - 2014-07-02 10:53 - 00000000 ____D () C:\Users\wenewman\Desktop\LOGO
2014-07-13 08:46 - 2014-07-13 08:46 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-13 08:46 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-13 08:46 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-13 08:46 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\WinStore
2014-07-13 08:46 - 2012-07-26 02:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 14:27 - 2014-07-12 14:27 - 00279897 _____ () C:\Users\wenewman\Downloads\Edley's East 07-13-14 Wkly_&_Daily_VBI Management System-2 (Recovered) (1).xlsx
 
Some content of TEMP:
====================
C:\Users\wenewman\AppData\Local\Temp\Quarantine.exe
C:\Users\wenewman\AppData\Local\Temp\SEVINST64x86.EXE
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-06 03:02
 
==================== End Of Log ============================

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:53 AM

Posted 12 August 2014 - 08:10 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

In Windows 7 and 8.
Press the [Windows Icon + R] and enter "notepad" in the box to open Notepad
 
start

HKLM-x32\...\Run: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2516} URL = http://www.default-search.net/search?sid=516&aid=104&itype=n&ver=12791&tm=418&src=ds&p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_tuto_14_18&cd=2XzuyEtN2Y1L1Qzu0AyEtCyBtAtCzz0EyD0D0EyCtCyDtByDtN0D0Tzu0SzytAyBtN1L2XzutBtFtBtCtFtCyBtFtCtN1L1Czu1N1C2X1V2Z2Y2Z1F1VtCyE1VtCzztN1L1G1B1V1N2Y1L1Qzu2SyBzztD0BtA0DzyyCtGzyzyyC0CtGzztAtDyEtGtCzyyD0DtGtAyEtDtBtBtAtB0DyEyBtAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyB0FyE0D0AyCyDtG0DyBtBzztGyD0EzyyCtG0A0A0A0BtGyB0EzytDtA0FyDtA0EzztAtD2Q&cr=25306395&ir=
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2516} URL = http://www.default-search.net/search?sid=516&aid=104&itype=n&ver=12791&tm=418&src=ds&p={searchTerms}
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll No File
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll No File
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File
FF DefaultSearchEngine: Astromenda
FF SelectedSearchEngine: Astromenda
FF Plugin-x32: @EDVR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Extension: cosstminn - C:\Users\wenewman\AppData\Roaming\Mozilla\Firefox\Profiles\wqwu9bbe.default\Extensions\yyyeba0wg@e-uouym.co.uk [2014-08-01]
FF Extension: No Name - C:\Users\wenewman\AppData\Roaming\Mozilla\Firefox\Profiles\wqwu9bbe.default\Extensions\{73843edf-1075-4a55-947c-e13e0dc9349e} [2014-07-25]
FF Extension: No Name - C:\Users\wenewman\AppData\Roaming\Mozilla\Firefox\Profiles\wqwu9bbe.default\Extensions\{849ded12-59e9-4dae-8f86-918b70d213dc} [2014-08-01]
FF Extension: No Name - C:\Users\wenewman\AppData\Roaming\Mozilla\Firefox\Profiles\wqwu9bbe.default\Extensions\{D01EF1DB-DEC8-D2A8-026B-DB6EC54E6979} [2014-07-24]
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Extension: (cosstminn) - C:\Users\wenewman\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfeafjkmjlbfodngcjfbdddmgndmafle [2014-08-01]
CHR Extension: (videos MediaPlay-Air) - C:\Users\wenewman\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklgpchfbohgmghgfagediakopecfmbm [2014-08-01]
CHR Extension: (cosstminn) - C:\Users\wenewman\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfeafjkmjlbfodngcjfbdddmgndmafle\2.0 [2014-08-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [X]
S3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [X]
S3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [X]
C:\Users\wenewman\AppData\Local\Temp\SEVINST64x86.EXE
AlternateDataStreams: C:\ProgramData\Temp:373E1720
C:\Users\wenewman\AppData\Roaming\Mozilla\Firefox\Profiles\wqwu9bbe.default\Extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}
C:\Users\wenewman\AppData\Roaming\Mozilla\Firefox\Profiles\wqwu9bbe.default\Extensions\{849ded12-59e9-4dae-8f86-918b70d213dc}
C:\Users\wenewman\AppData\Roaming\Mozilla\Firefox\Profiles\wqwu9bbe.default\Extensions\{D01EF1DB-DEC8-D2A8-026B-DB6EC54E6979}
C:\Users\wenewman\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfeafjkmjlbfodngcjfbdddmgndmafle
C:\Users\wenewman\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklgpchfbohgmghgfagediakopecfmbm

end

Save the files as fixlist.txt in to the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#5 urbanizedknave

urbanizedknave
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 13 August 2014 - 05:43 PM

It seems to be running a lot better now than it has been. Thank you so much! Here are the logs

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-08-2014 01
Ran by wenewman at 2014-08-13 17:34:14 Run:1
Running from C:\Users\wenewman\Desktop\tools for fixing the computer so it runs good and does other stuff well
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll No File
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll No File
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File
FF DefaultSearchEngine: Astromenda
FF SelectedSearchEngine: Astromenda
FF Plugin-x32: @EDVR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Extension: cosstminn - C:\Users\wenewman\AppData\Roaming\Mozilla\Firefox\Profiles\wqwu9bbe.default\Extensions\yyyeba0wg@e-uouym.co.uk [2014-08-01]
FF Extension: No Name - C:\Users\wenewman\AppData\Roaming\Mozilla\Firefox\Profiles\wqwu9bbe.default\Extensions\{73843edf-1075-4a55-947c-e13e0dc9349e} [2014-07-25]
FF Extension: No Name - C:\Users\wenewman\AppData\Roaming\Mozilla\Firefox\Profiles\wqwu9bbe.default\Extensions\{849ded12-59e9-4dae-8f86-918b70d213dc} [2014-08-01]
FF Extension: No Name - C:\Users\wenewman\AppData\Roaming\Mozilla\Firefox\Profiles\wqwu9bbe.default\Extensions\{D01EF1DB-DEC8-D2A8-026B-DB6EC54E6979} [2014-07-24]
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Extension: (cosstminn) - C:\Users\wenewman\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfeafjkmjlbfodngcjfbdddmgndmafle [2014-08-01]
CHR Extension: (videos MediaPlay-Air) - C:\Users\wenewman\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklgpchfbohgmghgfagediakopecfmbm [2014-08-01]
CHR Extension: (cosstminn) - C:\Users\wenewman\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfeafjkmjlbfodngcjfbdddmgndmafle\2.0 [2014-08-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [X]
S3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [X]
S3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [X]
C:\Users\wenewman\AppData\Local\Temp\SEVINST64x86.EXE
AlternateDataStreams: C:\ProgramData\Temp:373E1720
C:\Users\wenewman\AppData\Roaming\Mozilla\Firefox\Profiles\wqwu9bbe.default\Extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}
C:\Users\wenewman\AppData\Roaming\Mozilla\Firefox\Profiles\wqwu9bbe.default\Extensions\{849ded12-59e9-4dae-8f86-918b70d213dc}
C:\Users\wenewman\AppData\Roaming\Mozilla\Firefox\Profiles\wqwu9bbe.default\Extensions\{D01EF1DB-DEC8-D2A8-026B-DB6EC54E6979}
C:\Users\wenewman\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfeafjkmjlbfodngcjfbdddmgndmafle
C:\Users\wenewman\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklgpchfbohgmghgfagediakopecfmbm
 
end
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2516}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2516}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2516}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2516}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}" => Key deleted successfully.
"HKCR\CLSID\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{97ab88ef-346b-4179-a0b1-7445896547a5} => value deleted successfully.
"HKCR\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{97ab88ef-346b-4179-a0b1-7445896547a5} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{97ab88ef-346b-4179-a0b1-7445896547a5}" => Key deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@EDVR/WebClient" => Key deleted successfully.
C:\windows\system32\WebClient\npwebclient.dll not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll not found.
C:\Users\wenewman\AppData\Roaming\Mozilla\Firefox\Profiles\wqwu9bbe.default\Extensions\yyyeba0wg@e-uouym.co.uk => Moved successfully.
C:\Users\wenewman\AppData\Roaming\Mozilla\Firefox\Profiles\wqwu9bbe.default\Extensions\{73843edf-1075-4a55-947c-e13e0dc9349e} not found.
C:\Users\wenewman\AppData\Roaming\Mozilla\Firefox\Profiles\wqwu9bbe.default\Extensions\{849ded12-59e9-4dae-8f86-918b70d213dc} not found.
C:\Users\wenewman\AppData\Roaming\Mozilla\Firefox\Profiles\wqwu9bbe.default\Extensions\{D01EF1DB-DEC8-D2A8-026B-DB6EC54E6979} not found.
C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll not found.
C:\Users\wenewman\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfeafjkmjlbfodngcjfbdddmgndmafle => Moved successfully.
C:\Users\wenewman\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklgpchfbohgmghgfagediakopecfmbm => Moved successfully.
C:\Users\wenewman\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfeafjkmjlbfodngcjfbdddmgndmafle\2.0 directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
gupdate => Service deleted successfully.
gupdatem => Service deleted successfully.
cleanhlp => Service deleted successfully.
eeCtrl => Service deleted successfully.
EraserUtilRebootDrv => Service deleted successfully.
SymEvent => Service deleted successfully.
C:\Users\wenewman\AppData\Local\Temp\SEVINST64x86.EXE => Moved successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
"C:\Users\wenewman\AppData\Roaming\Mozilla\Firefox\Profiles\wqwu9bbe.default\Extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}" => File/Directory not found.
"C:\Users\wenewman\AppData\Roaming\Mozilla\Firefox\Profiles\wqwu9bbe.default\Extensions\{849ded12-59e9-4dae-8f86-918b70d213dc}" => File/Directory not found.
"C:\Users\wenewman\AppData\Roaming\Mozilla\Firefox\Profiles\wqwu9bbe.default\Extensions\{D01EF1DB-DEC8-D2A8-026B-DB6EC54E6979}" => File/Directory not found.
"C:\Users\wenewman\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfeafjkmjlbfodngcjfbdddmgndmafle" => File/Directory not found.
"C:\Users\wenewman\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklgpchfbohgmghgfagediakopecfmbm" => File/Directory not found.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 

 Results of screen317's Security Check version 0.99.87  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
ZoneAlarm Antivirus   
Windows Defender      
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 65  
 Java version out of Date! 
 Adobe Flash Player 14.0.0.145  
 Adobe Reader XI  
 Mozilla Firefox (31.0) 
 Google Chrome 35.0.1916.153  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 CheckPoint ZoneAlarm vsmon.exe  
 CheckPoint ZoneAlarm ZAPrivacyService.exe  
 CheckPoint ZoneAlarm zatray.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:53 AM

Posted 14 August 2014 - 08:29 AM

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Latest version is Java JRE 7u65.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java 7 Update 65
===
If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

Edited by nasdaq, 14 August 2014 - 08:30 AM.


#7 urbanizedknave

urbanizedknave
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:53 AM

Posted 14 August 2014 - 05:26 PM

Thank you so much.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:53 AM

Posted 15 August 2014 - 07:25 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users