Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Kaspersky stuck in "reboot to disinfect" mode


  • This topic is locked This topic is locked
24 replies to this topic

#1 kkoz83

kkoz83

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 09 August 2014 - 11:32 AM

Hi everybody, how  are you?

 

I'm using Teamviewer to update an HP Windows 7 laptop.  I need help because Kaspersky Internet Security keeps saying it needs to reboot to complete disinfection.  After doing so, it pops up again.

 

The files path is:  C:\Windows\system32\config\systemproofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\8abnzhos\wssetupp{1}.exe

 

Object name:  not-a-virus:WebToolbar:Win32.Perinet.d

 

I'm asking help here because this forum is the best :)



BC AdBot (Login to Remove)

 


m

#2 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 09 August 2014 - 07:24 PM

The following finished clean:  MBAM, Hitman, TDSKiller & AdwCleaner.

 

ESET online found the following but "remove found threats" was unchecked:

 

C:\AdwCleaner\Quarantine\C\Program Files\Web Assistant\InstallerHelper.dll.vir a variant of Win32/Toolbar.BitCocktail.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Web Assistant\source.crx.vir Win32/Toolbar.Perion.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Web Assistant\Firefox\chrome\content\main.js.vir Win32/Toolbar.Perion.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Web Assistant\Firefox\chrome\content\resources\localscript.js.vir Win32/Toolbar.Perion.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\Web Assistant\resources\localscript.js.vir Win32/Toolbar.Perion.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\SLYLAP\AppData\Local\NativeMessaging\CT3043298\1_0_0_2\TBMessagingHost.exe.vir a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Junk\avira_free_antivirus_en.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Junk\ccsetup316.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Junk\sd-setup.exe Win32/ELEX.AH potentially unwanted application
C:\Users\Default\AppData\Local\AskToolbar\Downloaded Program Files\AviraIDW.dll a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\SLYLAP\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\e4836bf-2bd7bd4c a variant of Java/JShrink.A potentially unsafe application
C:\Users\SLYLAP\Downloads\ccsetup410.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\SLYLAP\Downloads\imfv2-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Users\SLYLAP\Downloads\IObit-Malware-Figher-Setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Users\SLYLAP\Downloads\smart-defrag-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Windows\Installer\MSI4973.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Windows\Installer\MSIF3A5.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\update[1] a variant of Win32/Toolbar.Perion.A potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\update[1] a variant of Win32/Toolbar.Perion.G potentially unwanted application
C:\Windows\System32\config\systemprofile\AppData\LocalLow\AskToolbar\avira.cab a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\update[1] a variant of Win32/Toolbar.Perion.A potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\update[1] a variant of Win32/Toolbar.Perion.G potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AskToolbar\avira.cab a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application


#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:13 PM

Posted 14 August 2014 - 08:59 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

When completed it will create a log. Please post the content on your next reply.
===


--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
Wair for further instructions.
=======

#4 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 14 August 2014 - 04:05 PM

RogueKiller V9.2.6.0 (x64) [Jul 11 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : SLYLAP [Admin rights]
Mode : Remove -- Date : 08/14/2014  15:03:34
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 16 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3297453287-4288755749-1460869233-1000\Software\Microsoft\Windows\CurrentVersion\Run | AmazonMP3DownloaderHelper : C:\Users\SLYLAP\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [x] -> DELETED
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3297453287-4288755749-1460869233-1000\Software\Microsoft\Windows\CurrentVersion\Run | AmazonMP3DownloaderHelper : C:\Users\SLYLAP\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe  -> ERROR [2]
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 74.81.99.1 74.81.99.2  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 74.81.99.1 74.81.99.2  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 74.81.99.1 74.81.99.2  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{07ABD271-8054-4AD2-90A0-ADFE5A50D7A3} | DhcpNameServer : 74.81.99.1 74.81.99.2  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{07ABD271-8054-4AD2-90A0-ADFE5A50D7A3} | DhcpNameServer : 74.81.99.1 74.81.99.2  -> NOT SELECTED
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{07ABD271-8054-4AD2-90A0-ADFE5A50D7A3} | DhcpNameServer : 74.81.99.1 74.81.99.2  -> NOT SELECTED
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3297453287-4288755749-1460869233-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3297453287-4288755749-1460869233-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3297453287-4288755749-1460869233-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3297453287-4288755749-1460869233-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 1 ¤¤¤
[Suspicious.Startup][File] PowerReg Scheduler.exe -- C:\Users\SLYLAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe -> DELETED
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 5 (Driver: LOADED) ¤¤¤
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass5 : \Driver\SynTP @ \Device\000000ab (\SystemRoot\system32\DRIVERS\atikmpag.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass4 : \Driver\SynTP @ \Device\000000aa (\SystemRoot\system32\DRIVERS\atikmpag.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass3 : \Driver\SynTP @ \Device\000000a9 (\SystemRoot\system32\DRIVERS\atikmpag.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass2 : \Driver\SynTP @ \Device\00000093 (\SystemRoot\system32\DRIVERS\atikmpag.sys)
[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass0 : \Driver\SynTP @ \Device\00000089 (\SystemRoot\system32\DRIVERS\atikmpag.sys)
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS725050A9A364 +++++
--- User ---
[MBR] 3c1091e1e623e337f3d67906fb76a0c0
[BSP] 44e2b3504f45ba1bdb2e0d9c6a3f6135 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_08142014_150100.log


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:13 PM

Posted 15 August 2014 - 07:18 AM

Please download AdwCleaner by Xplode onto your Desktop.
  •  
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the  Scan  button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
 
IMPORTANT
 
  •  
  • If you click the Clean button all items listed in the report will be removed.
 
 
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
 
  •  
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the  Scan  button and wait for the process to complete.
  • Uncheck the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
 
====
 
To restore an item quarantined by AdwCleaner
  •  
  • Double click on AdwCleaner.exe to run the tool.
  • Go to Tools > Quarantine Manager
  • Place a checkmark in the item(s) you want to restore and click Restaurer
  • Click Quitter to close the program
 
===
 
Download the version of this tool for your operating system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===
 
How is the computer running now?
 


#6 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 15 August 2014 - 11:57 AM

AdwCleaner found these - should I click "Clean"?

 

# AdwCleaner v3.305 - Report created 15/08/2014 at 10:53:14
# Updated 14/08/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : SLYLAP - KARLAP
# Running from : C:\Users\SLYLAP\Desktop\adwcleaner_3.305.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Windows\System32\GroupPolicy\User\Registry.pol
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Mozilla Firefox v17.0.1 (en-US)
 
-\\ Google Chrome v
 
[ File : C:\Users\SLYLAP\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Extension] : gkcefkcdkepgkpbgncjchhbjgoanleod
 
*************************
 
AdwCleaner[R0].txt - [8767 octets] - [06/07/2014 17:19:53]
AdwCleaner[R1].txt - [1274 octets] - [28/07/2014 14:32:22]
AdwCleaner[R2].txt - [1440 octets] - [08/08/2014 20:44:50]
AdwCleaner[R3].txt - [1182 octets] - [09/08/2014 10:39:18]
AdwCleaner[R4].txt - [1165 octets] - [15/08/2014 10:53:14]
AdwCleaner[S0].txt - [8476 octets] - [06/07/2014 17:20:39]
AdwCleaner[S1].txt - [1515 octets] - [08/08/2014 20:46:26]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1345 octets] ##########


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:13 PM

Posted 15 August 2014 - 12:14 PM

Yes!



#8 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 15 August 2014 - 12:21 PM

Okay, I did.  I'll repost new AdwCleaner log & also FRST.



#9 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 15 August 2014 - 07:21 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-08-2014
Ran by SLYLAP (administrator) on KARLAP on 15-08-2014 18:18:43
Running from C:\Users\SLYLAP\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe
(IOBit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCAvSvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\Monitor.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Logitech\FlowScroll\KhalScroll.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(magicJack L.P.) C:\Users\SLYLAP\AppData\Roaming\mjusbsp\magicJack.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Desktop.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [LogiScrollApp] => C:\Program Files\Logitech\FlowScroll\KhalScroll.exe [166680 2012-02-08] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1601856 2014-05-23] (IObit)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3297453287-4288755749-1460869233-1000\...\Run: [Google Update] => C:\Users\SLYLAP\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-30] (Google Inc.)
HKU\S-1-5-21-3297453287-4288755749-1460869233-1000\...\Run: [Facebook Update] => C:\Users\SLYLAP\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-3297453287-4288755749-1460869233-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-3297453287-4288755749-1460869233-1000\...\Run: [cdloader] => C:\Users\SLYLAP\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-3297453287-4288755749-1460869233-1000\...\Run: [Advanced SystemCare Ultimate] => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCTray.exe [2562368 2013-12-02] (IObit)
HKU\S-1-5-21-3297453287-4288755749-1460869233-1000\...\MountPoints2: E - E:\autorun.exe
HKU\S-1-5-21-3297453287-4288755749-1460869233-1000\...\MountPoints2: {028ce178-c57a-11e0-ad21-806e6f6e6963} - D:\SETUP.EXE -autorun
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
URLSearchHook: HKCU - (No Name) - {1c68c940-1b2f-46eb-bd8c-2e1612ff6a58} - No File
SearchScopes: HKCU - DefaultScope {9A02782E-9C5E-4D90-AA1B-DC70B578F571} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {431DBA62-036F-4DA3-B08C-6F3E15E1CE9F} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms}
SearchScopes: HKCU - {9A02782E-9C5E-4D90-AA1B-DC70B578F571} URL = http://www.google.com/search?q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Logitech Flow Scroll -> {E11DB59D-5008-42ff-9069-535843BC0BE1} -> C:\Program Files\Logitech\FlowScroll\LogiSmooth.dll (Logitech, Inc.)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Logitech Flow Scroll -> {E11DB59D-5008-42ff-9069-535843BC0BE1} -> C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll (Logitech, Inc.)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 74.81.99.1 74.81.99.2
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\SLYLAP\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\SLYLAP\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\SLYLAP\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\SLYLAP\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}] - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt
FF Extension: Logitech Flow Scroll - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt [2012-02-25]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-25]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-25]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-25]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-25]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-25]
 
Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\SLYLAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (Ads Removal) - C:\Users\SLYLAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-02-25]
CHR Extension: (Logitech Flow Scroll) - C:\Users\SLYLAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\geooogfhpjdpeiphckpbgkhpbeobcaoi [2012-04-30]
CHR Extension: (Google Wallet) - C:\Users\SLYLAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKCU\...\Chrome\Extension: [ifcbjghlcdpkfaikncnblpalhpghdnhe] - C:\Users\SLYLAP\AppData\Local\CRE\ifcbjghlcdpkfaikncnblpalhpghdnhe.crx [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [dlopielgodpjhkbapdlbbicpiefpaack] - C:\Users\SLYLAP\AppData\Local\Shopping Sidekick Plugin\Chrome\Shopping Sidekick Plugin.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [geooogfhpjdpeiphckpbgkhpbeobcaoi] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2011-12-14]
CHR HKLM-x32\...\Chrome\Extension: [ifcbjghlcdpkfaikncnblpalhpghdnhe] - C:\Users\SLYLAP\AppData\Local\CRE\ifcbjghlcdpkfaikncnblpalhpghdnhe.crx [2011-12-14]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-08]
CHR StartMenuInternet: Google Chrome - C:\Users\SLYLAP\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASCService.exe [886592 2013-12-16] (IObit)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-01] (Andrea Electronics Corporation)
R2 ASCAntivirusSrv; C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ascavsvc.exe [647488 2013-12-10] (IOBit)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-08] (Kaspersky Lab ZAO)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-08-10] (SurfRight B.V.)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [342336 2014-05-15] (IObit)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151232 2013-12-02] (IObit)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 bdfsfltr; C:\Windows\system32\Drivers\bdfsfltr.sys [431176 2011-03-24] (BitDefender)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 hitmanpro37; C:\Windows\SysWOW64\drivers\hitmanpro37.sys [30616 2014-08-15] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-25] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-04-17] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-04-17] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-08] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-25] (Kaspersky Lab ZAO)
R3 Ntfs; C:\Windows\SysWow64\Drivers\Ntfs.sys [1687408 2012-08-31] (Microsoft Corporation)
S3 RdpVideoMiniport; C:\Windows\SysWOW64\drivers\rdpvideominiport.sys [20992 2010-11-20] (Microsoft Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)
S3 Trufos; C:\Windows\System32\DRIVERS\TRUFOS.sys [329800 2011-11-21] (BitDefender S.R.L.)
S3 TsUsbFlt; C:\Windows\SysWOW64\drivers\tsusbflt.sys [59392 2010-11-20] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-15 18:18 - 2014-08-15 18:19 - 00019388 _____ () C:\Users\SLYLAP\Desktop\FRST.txt
2014-08-15 18:18 - 2014-08-15 18:18 - 00000000 ____D () C:\FRST
2014-08-15 18:15 - 2014-08-15 18:15 - 02100224 _____ (Farbar) C:\Users\SLYLAP\Desktop\FRST64.exe
2014-08-15 18:12 - 2014-08-15 18:13 - 01361203 _____ () C:\Users\SLYLAP\Desktop\adwcleaner_3.306.exe
2014-08-15 11:21 - 2014-08-15 11:21 - 00005970 _____ () C:\Windows\PFRO.log
2014-08-15 11:21 - 2014-08-15 11:21 - 00000056 _____ () C:\Windows\setupact.log
2014-08-15 11:21 - 2014-08-15 11:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-15 11:20 - 2014-08-15 11:20 - 00000000 _____ () C:\asc_rdflag
2014-08-14 14:48 - 2014-08-14 14:53 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-14 14:48 - 2014-08-14 14:48 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-14 14:47 - 2014-08-14 14:47 - 05392984 _____ () C:\Users\SLYLAP\Desktop\RogueKillerX64.exe
2014-08-12 13:02 - 2014-06-30 16:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-12 13:02 - 2014-06-30 16:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-12 13:02 - 2014-06-06 00:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-12 13:02 - 2014-06-06 00:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-12 13:02 - 2014-03-09 15:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-12 13:02 - 2014-03-09 15:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-12 13:02 - 2014-03-09 15:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-12 13:02 - 2014-03-09 15:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-12 13:01 - 2014-07-31 17:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-12 13:01 - 2014-07-31 17:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-12 13:01 - 2014-07-25 08:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-12 13:01 - 2014-07-25 08:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-12 13:01 - 2014-07-25 08:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-12 13:01 - 2014-07-25 07:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-12 13:01 - 2014-07-25 07:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-12 13:01 - 2014-07-25 07:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-12 13:01 - 2014-07-25 07:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-12 13:01 - 2014-07-25 07:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-12 13:01 - 2014-07-25 07:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-12 13:01 - 2014-07-25 07:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-12 13:01 - 2014-07-25 07:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-12 13:01 - 2014-07-25 07:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-12 13:01 - 2014-07-25 07:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-12 13:01 - 2014-07-25 07:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-12 13:01 - 2014-07-25 07:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-12 13:01 - 2014-07-25 06:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-12 13:01 - 2014-07-25 06:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-12 13:01 - 2014-07-25 06:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-12 13:01 - 2014-07-25 06:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-12 13:01 - 2014-07-25 06:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-12 13:01 - 2014-07-25 06:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-12 13:01 - 2014-07-25 06:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-12 13:01 - 2014-07-25 06:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-12 13:01 - 2014-07-25 06:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-12 13:01 - 2014-07-25 06:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-12 13:01 - 2014-07-25 06:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-12 13:01 - 2014-07-25 06:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-12 13:01 - 2014-07-25 06:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-12 13:01 - 2014-07-25 06:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-12 13:01 - 2014-07-25 06:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-12 13:01 - 2014-07-25 06:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-12 13:01 - 2014-07-25 06:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-12 13:01 - 2014-07-25 06:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-12 13:01 - 2014-07-25 06:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-12 13:01 - 2014-07-25 05:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-12 13:01 - 2014-07-25 05:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-12 13:01 - 2014-07-25 05:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-12 13:01 - 2014-07-25 05:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-12 13:01 - 2014-07-25 05:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-12 13:01 - 2014-07-25 05:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-12 13:01 - 2014-07-25 05:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-12 13:01 - 2014-07-25 05:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-12 13:01 - 2014-07-25 05:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-12 13:01 - 2014-07-25 05:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-12 13:01 - 2014-07-25 05:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-12 13:01 - 2014-07-25 05:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-12 13:01 - 2014-07-25 05:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-12 13:01 - 2014-07-25 05:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-12 13:01 - 2014-07-25 04:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-12 13:01 - 2014-07-25 04:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-12 13:01 - 2014-07-25 04:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-12 13:01 - 2014-07-25 04:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-12 13:01 - 2014-07-25 04:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-12 13:01 - 2014-07-25 04:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-12 13:00 - 2014-08-06 20:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-12 13:00 - 2014-08-06 20:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-12 13:00 - 2014-07-15 21:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-12 13:00 - 2014-07-15 21:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-12 13:00 - 2014-07-15 20:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-12 13:00 - 2014-07-15 20:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-12 13:00 - 2014-07-15 20:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-12 13:00 - 2014-07-13 20:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-12 13:00 - 2014-07-13 19:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-12 13:00 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-12 13:00 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-12 13:00 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-12 13:00 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-12 13:00 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-12 13:00 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-12 13:00 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-12 13:00 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-12 13:00 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-12 13:00 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-12 13:00 - 2014-07-08 16:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-12 13:00 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-12 13:00 - 2014-06-24 20:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-12 13:00 - 2014-06-24 19:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-12 13:00 - 2014-06-15 20:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-12 13:00 - 2014-06-03 04:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-12 13:00 - 2014-06-03 04:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-12 13:00 - 2014-06-03 04:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-12 13:00 - 2014-06-03 04:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-12 13:00 - 2014-06-03 03:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-12 13:00 - 2014-06-03 03:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-12 13:00 - 2014-06-03 03:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-12 12:17 - 2014-08-12 12:17 - 00005130 _____ () C:\Users\SLYLAP\Downloads\msg0001 (4).WAV
2014-08-10 14:52 - 2014-08-10 14:52 - 00030758 _____ () C:\Windows\SysWOW64\.crusader
2014-08-10 14:52 - 2013-04-05 06:51 - 01054720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsSpellCheckingFacility.exe
2014-08-10 14:52 - 2012-08-31 11:57 - 01687408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\ntfs.sys
2014-08-10 14:52 - 2012-06-02 16:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wucltux.dll
2014-08-10 14:52 - 2011-12-27 22:01 - 00498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\afd.sys
2014-08-10 14:52 - 2011-03-24 21:28 - 00007936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\usbd.sys
2014-08-10 14:52 - 2010-11-20 07:32 - 00112000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\consent.exe
2014-08-10 14:52 - 2010-11-20 05:07 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\tsusbflt.sys
2014-08-10 14:52 - 2010-11-20 05:03 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\rdpvideominiport.sys
2014-08-10 14:52 - 2009-07-13 19:41 - 00229888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wwansvc.dll
2014-08-10 14:37 - 2014-08-15 11:27 - 00030616 _____ () C:\Windows\SysWOW64\Drivers\hitmanpro37.sys
2014-08-10 14:37 - 2014-08-10 14:37 - 00000000 ____D () C:\Program Files (x86)\HitmanPro
2014-08-10 14:35 - 2014-08-10 14:37 - 00001939 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-08-10 14:35 - 2014-08-10 14:36 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-10 14:35 - 2014-08-10 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-08-10 14:13 - 2014-07-22 19:45 - 06213128 _____ (Geek Uninstaller) C:\Users\SLYLAP\Desktop\geek.exe
2014-08-09 18:22 - 2014-08-09 18:22 - 00005016 _____ () C:\Users\SLYLAP\Desktop\eset1.txt
2014-08-09 17:07 - 2014-08-09 17:07 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\SLYLAP\Desktop\tdsskiller.exe
2014-08-09 12:36 - 2014-08-12 12:25 - 00000294 _____ () C:\Users\SLYLAP\Desktop\Karen.txt
2014-08-09 12:09 - 2014-08-10 14:52 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-09 11:21 - 2014-08-09 11:21 - 00001106 _____ () C:\Users\SLYLAP\Desktop\JRT.txt
2014-08-09 10:51 - 2014-08-09 10:51 - 00000000 ____D () C:\Windows\ERUNT
2014-08-09 10:49 - 2014-08-09 10:49 - 01016261 _____ (Thisisu) C:\Users\SLYLAP\Desktop\JRT.exe
2014-08-08 19:58 - 2014-08-08 19:57 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-08 19:57 - 2014-08-08 19:57 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-08 19:57 - 2014-08-08 19:57 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-08 19:57 - 2014-08-08 19:57 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-08 19:57 - 2014-08-08 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-05 12:10 - 2014-08-05 12:10 - 00022679 _____ () C:\Users\SLYLAP\Desktop\Schedule for Martin, Robert Anthony.odt
2014-08-05 10:21 - 2014-08-05 10:21 - 00003168 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Startup
2014-08-05 10:21 - 2014-08-05 10:21 - 00003166 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Update
2014-08-05 10:20 - 2014-08-05 10:20 - 03552760 _____ (tuneuppro.com ) C:\Users\SLYLAP\Downloads\tall_050804202237518739.exe
2014-08-05 10:20 - 2014-08-05 10:20 - 00000000 ____D () C:\Users\SLYLAP\AppData\Roaming\Tuneup Pro
2014-08-05 10:18 - 2014-08-05 10:19 - 13214344 _____ (IObit ) C:\Users\SLYLAP\Downloads\smart-defrag-setup.exe
2014-08-02 08:00 - 2014-05-14 10:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-02 08:00 - 2014-05-14 10:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-02 08:00 - 2014-05-14 10:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-02 08:00 - 2014-05-14 10:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-02 08:00 - 2014-05-14 10:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-02 08:00 - 2014-05-14 10:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-02 08:00 - 2014-05-14 10:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-02 08:00 - 2014-05-14 10:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-02 08:00 - 2014-05-14 10:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-02 08:00 - 2014-05-14 10:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-02 08:00 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-02 08:00 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-02 08:00 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-02 08:00 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-28 18:37 - 2014-07-28 18:37 - 00089955 _____ () C:\Users\SLYLAP\Downloads\msg0005.WAV
2014-07-28 18:37 - 2014-07-28 18:37 - 00063825 _____ () C:\Users\SLYLAP\Downloads\msg0004.WAV
2014-07-28 14:36 - 2014-07-28 14:36 - 00004237 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-27 16:26 - 2014-07-27 16:26 - 00086965 _____ () C:\Users\SLYLAP\Downloads\msg0001 (3).WAV
2014-07-27 16:09 - 2014-07-27 16:09 - 00023915 _____ () C:\Users\SLYLAP\Downloads\msg0002 (1).WAV
2014-07-27 16:09 - 2014-07-27 16:09 - 00006560 _____ () C:\Users\SLYLAP\Downloads\msg0003 (3).WAV
2014-07-21 11:30 - 2014-07-23 21:07 - 08306688 _____ () C:\Windows\SysWOW64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-15 18:19 - 2014-08-15 18:18 - 00019388 _____ () C:\Users\SLYLAP\Desktop\FRST.txt
2014-08-15 18:18 - 2014-08-15 18:18 - 00000000 ____D () C:\FRST
2014-08-15 18:16 - 2014-07-06 17:19 - 00000000 ____D () C:\AdwCleaner
2014-08-15 18:15 - 2014-08-15 18:15 - 02100224 _____ (Farbar) C:\Users\SLYLAP\Desktop\FRST64.exe
2014-08-15 18:15 - 2012-05-01 12:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-15 18:13 - 2014-08-15 18:12 - 01361203 _____ () C:\Users\SLYLAP\Desktop\adwcleaner_3.306.exe
2014-08-15 18:13 - 2012-04-30 19:33 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3297453287-4288755749-1460869233-1000UA.job
2014-08-15 18:08 - 2014-01-25 15:00 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-15 17:29 - 2012-05-01 19:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-15 17:24 - 2014-07-12 14:54 - 01934280 _____ () C:\Windows\WindowsUpdate.log
2014-08-15 17:04 - 2012-05-03 18:54 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3297453287-4288755749-1460869233-1000UA.job
2014-08-15 17:04 - 2012-05-03 18:54 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3297453287-4288755749-1460869233-1000Core.job
2014-08-15 15:29 - 2012-05-01 19:24 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-15 11:30 - 2009-07-13 22:45 - 00021200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-15 11:30 - 2009-07-13 22:45 - 00021200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-15 11:27 - 2014-08-10 14:37 - 00030616 _____ () C:\Windows\SysWOW64\Drivers\hitmanpro37.sys
2014-08-15 11:23 - 2013-12-16 08:48 - 00000000 ____D () C:\ProgramData\ProductData
2014-08-15 11:23 - 2012-07-02 22:32 - 00000992 _____ () C:\Users\SLYLAP\Desktop\magicJack.lnk
2014-08-15 11:23 - 2012-07-02 22:32 - 00000978 _____ () C:\Users\SLYLAP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2014-08-15 11:23 - 2012-07-02 22:32 - 00000000 ____D () C:\Users\SLYLAP\AppData\Roaming\mjusbsp
2014-08-15 11:21 - 2014-08-15 11:21 - 00005970 _____ () C:\Windows\PFRO.log
2014-08-15 11:21 - 2014-08-15 11:21 - 00000056 _____ () C:\Windows\setupact.log
2014-08-15 11:21 - 2014-08-15 11:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-15 11:21 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-15 11:20 - 2014-08-15 11:20 - 00000000 _____ () C:\asc_rdflag
2014-08-15 11:20 - 2013-12-30 15:24 - 66433024 _____ () C:\Windows\system32\config\software.iodefrag.bak
2014-08-15 11:20 - 2013-12-30 15:24 - 00438272 _____ () C:\Windows\system32\config\default.iodefrag.bak
2014-08-15 11:20 - 2013-12-30 15:24 - 00061440 _____ () C:\Windows\system32\config\sam.iodefrag.bak
2014-08-15 11:20 - 2013-12-30 15:24 - 00028672 _____ () C:\Windows\system32\config\security.iodefrag.bak
2014-08-15 11:20 - 2011-08-12 06:35 - 00000000 ____D () C:\Users\SLYLAP
2014-08-15 11:17 - 2012-04-30 19:34 - 00002371 _____ () C:\Users\SLYLAP\Desktop\Google Chrome.lnk
2014-08-14 22:13 - 2012-04-30 19:33 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3297453287-4288755749-1460869233-1000Core.job
2014-08-14 18:42 - 2011-11-10 04:45 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-08-14 14:53 - 2014-08-14 14:48 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-14 14:48 - 2014-08-14 14:48 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-14 14:47 - 2014-08-14 14:47 - 05392984 _____ () C:\Users\SLYLAP\Desktop\RogueKillerX64.exe
2014-08-13 21:27 - 2013-12-16 08:48 - 00002214 _____ () C:\Users\Public\Desktop\Advanced SystemCare Ultimate 7.lnk
2014-08-13 21:27 - 2013-05-03 08:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-08-12 14:28 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-08-12 13:22 - 2009-07-13 22:45 - 00298280 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-12 13:19 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-12 13:09 - 2013-07-16 06:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-12 13:06 - 2011-08-12 06:29 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-12 13:01 - 2014-05-01 11:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-12 12:51 - 2012-05-01 12:01 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-12 12:51 - 2012-05-01 12:01 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-12 12:51 - 2011-09-22 21:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-12 12:25 - 2014-08-09 12:36 - 00000294 _____ () C:\Users\SLYLAP\Desktop\Karen.txt
2014-08-12 12:17 - 2014-08-12 12:17 - 00005130 _____ () C:\Users\SLYLAP\Downloads\msg0001 (4).WAV
2014-08-10 14:52 - 2014-08-10 14:52 - 00030758 _____ () C:\Windows\SysWOW64\.crusader
2014-08-10 14:52 - 2014-08-09 12:09 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-10 14:37 - 2014-08-10 14:37 - 00000000 ____D () C:\Program Files (x86)\HitmanPro
2014-08-10 14:37 - 2014-08-10 14:35 - 00001939 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-08-10 14:36 - 2014-08-10 14:35 - 00000000 ____D () C:\Program Files\HitmanPro
2014-08-10 14:35 - 2014-08-10 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-08-09 18:22 - 2014-08-09 18:22 - 00005016 _____ () C:\Users\SLYLAP\Desktop\eset1.txt
2014-08-09 17:07 - 2014-08-09 17:07 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\SLYLAP\Desktop\tdsskiller.exe
2014-08-09 12:18 - 2013-11-30 13:50 - 00000000 ____D () C:\Program Files (x86)\Zylom Games
2014-08-09 11:21 - 2014-08-09 11:21 - 00001106 _____ () C:\Users\SLYLAP\Desktop\JRT.txt
2014-08-09 10:51 - 2014-08-09 10:51 - 00000000 ____D () C:\Windows\ERUNT
2014-08-09 10:49 - 2014-08-09 10:49 - 01016261 _____ (Thisisu) C:\Users\SLYLAP\Desktop\JRT.exe
2014-08-09 09:39 - 2014-05-13 10:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-08 19:58 - 2013-10-07 15:12 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-08 19:57 - 2014-08-08 19:58 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-08 19:57 - 2014-08-08 19:57 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-08 19:57 - 2014-08-08 19:57 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-08 19:57 - 2014-08-08 19:57 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-08 19:57 - 2014-08-08 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-08 10:43 - 2013-12-04 11:47 - 00001102 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-08 10:43 - 2013-12-04 11:47 - 00001090 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-08-06 20:06 - 2014-08-12 13:00 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 20:01 - 2014-08-12 13:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 12:10 - 2014-08-05 12:10 - 00022679 _____ () C:\Users\SLYLAP\Desktop\Schedule for Martin, Robert Anthony.odt
2014-08-05 10:21 - 2014-08-05 10:21 - 00003168 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Startup
2014-08-05 10:21 - 2014-08-05 10:21 - 00003166 _____ () C:\Windows\System32\Tasks\SmartDefrag3_Update
2014-08-05 10:20 - 2014-08-05 10:20 - 03552760 _____ (tuneuppro.com ) C:\Users\SLYLAP\Downloads\tall_050804202237518739.exe
2014-08-05 10:20 - 2014-08-05 10:20 - 00000000 ____D () C:\Users\SLYLAP\AppData\Roaming\Tuneup Pro
2014-08-05 10:19 - 2014-08-05 10:18 - 13214344 _____ (IObit ) C:\Users\SLYLAP\Downloads\smart-defrag-setup.exe
2014-08-02 18:42 - 2013-09-05 18:51 - 00000000 ____D () C:\Users\SLYLAP\Desktop\Karens
2014-07-31 17:41 - 2014-08-12 13:01 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 17:16 - 2014-08-12 13:01 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-28 19:40 - 2014-02-22 08:58 - 00001119 _____ () C:\Users\SLYLAP\Desktop\mbnc.txt
2014-07-28 18:37 - 2014-07-28 18:37 - 00089955 _____ () C:\Users\SLYLAP\Downloads\msg0005.WAV
2014-07-28 18:37 - 2014-07-28 18:37 - 00063825 _____ () C:\Users\SLYLAP\Downloads\msg0004.WAV
2014-07-28 14:36 - 2014-07-28 14:36 - 00004237 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-28 14:36 - 2013-09-06 12:18 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-28 14:25 - 2012-06-29 15:38 - 00000000 ____D () C:\Users\SLYLAP\AppData\Local\CRE
2014-07-27 16:26 - 2014-07-27 16:26 - 00086965 _____ () C:\Users\SLYLAP\Downloads\msg0001 (3).WAV
2014-07-27 16:09 - 2014-07-27 16:09 - 00023915 _____ () C:\Users\SLYLAP\Downloads\msg0002 (1).WAV
2014-07-27 16:09 - 2014-07-27 16:09 - 00006560 _____ () C:\Users\SLYLAP\Downloads\msg0003 (3).WAV
2014-07-27 13:13 - 2009-07-13 23:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-27 13:12 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-26 03:01 - 2012-06-18 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-26 03:00 - 2012-06-18 12:33 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-26 03:00 - 2012-06-18 12:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 08:52 - 2014-08-12 13:01 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 08:02 - 2014-08-12 13:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 08:01 - 2014-08-12 13:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 07:51 - 2014-08-12 13:01 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 07:30 - 2014-08-12 13:01 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 07:28 - 2014-08-12 13:01 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 07:28 - 2014-08-12 13:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 07:25 - 2014-08-12 13:01 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 07:25 - 2014-08-12 13:01 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 07:11 - 2014-08-12 13:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 07:10 - 2014-08-12 13:01 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 07:04 - 2014-08-12 13:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 07:03 - 2014-08-12 13:01 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 07:00 - 2014-08-12 13:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 07:00 - 2014-08-12 13:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 06:59 - 2014-08-12 13:01 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 06:47 - 2014-08-12 13:01 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 06:40 - 2014-08-12 13:01 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 06:34 - 2014-08-12 13:01 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 06:34 - 2014-08-12 13:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 06:33 - 2014-08-12 13:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 06:30 - 2014-08-12 13:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 06:28 - 2014-08-12 13:01 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 06:28 - 2014-08-12 13:01 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 06:21 - 2014-08-12 13:01 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 06:19 - 2014-08-12 13:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 06:18 - 2014-08-12 13:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 06:17 - 2014-08-12 13:01 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 06:17 - 2014-08-12 13:01 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 06:12 - 2014-08-12 13:01 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 06:10 - 2014-08-12 13:01 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 06:10 - 2014-08-12 13:01 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 06:08 - 2014-08-12 13:01 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 06:06 - 2014-08-12 13:01 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 05:52 - 2014-08-12 13:01 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 05:47 - 2014-08-12 13:01 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 05:43 - 2014-08-12 13:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 05:42 - 2014-08-12 13:01 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 05:39 - 2014-08-12 13:01 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 05:39 - 2014-08-12 13:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 05:36 - 2014-08-12 13:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 05:34 - 2014-08-12 13:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 05:29 - 2014-08-12 13:01 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 05:23 - 2014-08-12 13:01 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 05:13 - 2014-08-12 13:01 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 05:07 - 2014-08-12 13:01 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 05:07 - 2014-08-12 13:01 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 05:03 - 2014-08-12 13:01 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 04:52 - 2014-08-12 13:01 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 04:26 - 2014-08-12 13:01 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 04:17 - 2014-08-12 13:01 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 04:09 - 2014-08-12 13:01 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 04:05 - 2014-08-12 13:01 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 04:00 - 2014-08-12 13:01 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-24 11:10 - 2012-07-02 22:31 - 00000000 ____D () C:\Users\SLYLAP\AppData\Local\magicJack
2014-07-23 21:07 - 2014-07-21 11:30 - 08306688 _____ () C:\Windows\SysWOW64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤
2014-07-22 19:45 - 2014-08-10 14:13 - 06213128 _____ (Geek Uninstaller) C:\Users\SLYLAP\Desktop\geek.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-08 22:19
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2014
Ran by SLYLAP at 2014-08-15 18:19:46
Running from C:\Users\SLYLAP\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Advanced SystemCare Ultimate (Enabled - Up to date) {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Advanced SystemCare Ultimate 7 (HKLM-x32\...\Advanced SystemCare Ultimate_is1) (Version: 7.0.1 - IObit)
Amazon MP3 Downloader 1.0.18 (HKCU\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
AMD APP SDK Runtime (Version: 2.5.684.213 - Advanced Micro Devices Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.60707.2331 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{83D663BF-E9AF-0C6B-D278-BB8F90EDA304}) (Version: 3.0.833.0 - ATI Technologies, Inc.)
Big Brainz Launcher (HKLM-x32\...\Big Brainz Launcher O) (Version: O - Big Brainz)
Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version:  - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0707.2346.40825 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0707.2346.40825 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0707.2346.40825 - ATI) Hidden
Catalyst Pro Control Center (x32 Version: 2011.0707.2346.40825 - ATI) Hidden
Catch the Sperm II (HKLM-x32\...\CTS2) (Version:  - )
CCC Help English (x32 Version: 2011.0707.2345.40825 - ATI) Hidden
ccc-utility64 (Version: 2011.0707.2346.40825 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.2) (Version: 5.0.0.2 - Coupons.com Incorporated)
Crazy Drake Special Edition (HKLM-x32\...\Crazy Drake Special Edition) (Version:  - )
Driver Booster (HKLM-x32\...\Driver Booster_is1) (Version: 1.3 - IObit)
ENE CIR Receiver Driver (HKLM\...\FFE7D41DF3C645075BB149E21988B63996C34187) (Version: 2.7.4.0 - ENE)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.221 - SurfRight B.V.)
HitmanPro 3.7 (HKLM-x32\...\HitmanPro37) (Version: 3.7.3.193 - SurfRight B.V.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6225.0 - IDT)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.4 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.0.5.1172 - IObit)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
JMicron JMB38X Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.20.07 - JMicron Technology Corp.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Logitech Flow Scroll 4.0 (HKLM\...\Sn1) (Version: 4.00.33 - Logitech)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
magicJack (HKCU\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Media Player Utilities 5.22 (HKLM-x32\...\{8E79F5DD-4A0A-452B-B3F8-0651E4D24854}) (Version: 5.22 -  ) <==== ATTENTION
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roll (HKLM-x32\...\RollerCoaster Tycoon Setup) (Version:  - )
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.1 - IObit)
Star Miner Special Edition (HKLM-x32\...\Star Miner Special Edition) (Version:  - )
Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.4 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{EFE3D683-903C-4B58-AB8F-C68C69F33758}) (Version: 4.5.3.0 - Husdawg, LLC)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
Winrar 3.93 (HKLM-x32\...\Winrar 3.93) (Version:  - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3297453287-4288755749-1460869233-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\SLYLAP\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3297453287-4288755749-1460869233-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\SLYLAP\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
 
==================== Restore Points  =========================
 
08-08-2014 19:59:03 Scheduled Checkpoint
09-08-2014 01:56:51 Installed Java 7 Update 67
09-08-2014 18:14:18 Checkpoint by HitmanPro
09-08-2014 18:17:12 Revo Uninstaller's restore point - Roll
09-08-2014 18:17:56 Revo Uninstaller's restore point - Zylom Games Player Plugin
12-08-2014 09:02:32 Windows Update
12-08-2014 19:01:26 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0071DC0F-9C07-4795-8917-CFD5FFBA9A94} - System32\Tasks\{FF5E0426-D7F1-43ED-9070-74DDA49C9B48} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {0A838012-58EB-4766-980C-33214A6132F8} - System32\Tasks\{D57F9D98-6142-43C0-9814-A62BF6DEF192} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {0EEF0061-5E85-4486-AE77-2C67FDD25232} - System32\Tasks\{0F708FB5-605C-409D-87A7-85E53BC78D56} => C:\Program Files (x86)\Media Player Utilities 5.22\MediaManagerWPF\MediaManagerLoader.exe [2008-04-17] ()
Task: {0F6C9368-40FB-4F29-96CA-C87F5F5C31AD} - System32\Tasks\{B17837EE-08C4-4D75-9560-FD555F298090} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {14156D27-FB6E-4F85-A8A5-DF4DACC5AB84} - System32\Tasks\{2E3B7590-41AD-4FE6-8B6E-9265E6A74DA1} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {2F110551-01A1-476F-870A-66869BE2D6A6} - System32\Tasks\{A6EDA1BF-F0BD-4F17-A3F0-B3B9B1677A69} => C:\Program Files (x86)\Media Player Utilities 5.22\MediaManagerWPF\MediaManagerLoader.exe [2008-04-17] ()
Task: {2FEDEB7C-BB33-4F14-9119-EF2765D025DA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-01] (Google Inc.)
Task: {32C90833-E464-4CD4-976F-ED2BE42DC869} - System32\Tasks\{B412B9FA-E08F-48A4-BFEB-219C1088DFD7} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {33C38E14-7A59-4CDA-9AF0-8E10420988C5} - System32\Tasks\{08A0A3FB-A107-4844-BA0E-5FF2613E6444} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {3A088823-52BB-4A86-A1EB-C3BB8503DD36} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3297453287-4288755749-1460869233-1000Core => C:\Users\SLYLAP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-30] (Google Inc.)
Task: {3ACF852B-DABA-491C-9F80-3C477787664B} - System32\Tasks\{0A75DDCC-9DC5-4BA7-B7BB-32F9984B89A2} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {4298B09D-087D-4627-A423-14D28EA110E1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3297453287-4288755749-1460869233-1000UA => C:\Users\SLYLAP\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {43D4A445-B2F8-49A0-95D9-B196E1E4FB87} - System32\Tasks\{222C9645-91DA-424A-B8B9-DC8DBBA7EB00} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {46B81C19-CFD3-421C-9EAB-C3E79C394D52} - System32\Tasks\{4036CBC2-3D05-44DD-AECE-EB3B4D53C8B1} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {5324F80F-6B09-4BE3-AABD-BD1CA400444F} - System32\Tasks\{035DD786-F6FF-42CA-A896-429BF49B5869} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {588B0D80-00BD-4831-BB22-0C6DBD655549} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-07-23] (IObit)
Task: {5A7829AB-34D1-45EF-947D-90DFB2E3D6EB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3297453287-4288755749-1460869233-1000Core => C:\Users\SLYLAP\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {5BB7D4AD-0D99-486A-B5A4-59BC178449F9} - System32\Tasks\ASC7U_SkipUac_SLYLAP => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\ASC.exe [2013-12-16] (IObit)
Task: {6297664F-E98E-4225-813B-98594607906E} - System32\Tasks\{000BA2DE-C406-468B-919D-F899FED50733} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {64CB137A-F279-4EC7-AAA3-D09D3755973A} - System32\Tasks\{164DE7DD-8496-4FB2-B2E1-7E48F4147D58} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {66A08862-5F84-43D5-9BE9-9AB1DC11E8F8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3297453287-4288755749-1460869233-1000UA => C:\Users\SLYLAP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-30] (Google Inc.)
Task: {67250111-ADF0-41D7-8B0B-A4860224B14F} - System32\Tasks\{52327D6E-53C8-414F-A166-8014D0548284} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {6AA99B31-B2D1-40FA-8AB0-A879DEEC9338} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {6FBB1514-FD75-49EB-ACE4-C9EDA6E413DC} - System32\Tasks\{DA188C8E-6703-4A96-9B72-CAD2A2214732} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {881C096A-6D84-4671-8490-0146311A4BE6} - System32\Tasks\{EDD243CE-7554-4CCE-9487-34FF29720A80} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {8F21A624-20A5-4684-BE0E-D6F199F1FF44} - System32\Tasks\{76B1B3A6-53F3-4035-B3ED-4F6177FDF7E0} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {94574A83-E9B4-4E1C-BAA8-91534B386829} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-12] (Adobe Systems Incorporated)
Task: {9553D94C-3E0C-4231-9F87-F561FC6BBD56} - System32\Tasks\{4BF16FA6-5965-4D2E-AD0D-0B99AE97B2FE} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {9591065A-8402-4A01-8095-D94C170A8193} - System32\Tasks\{FE963F64-F1F4-469C-A8FA-01BA9CDED62E} => C:\Program Files (x86)\Media Player Utilities 5.22\MediaManagerWPF\MediaManagerLoader.exe [2008-04-17] ()
Task: {9C64EB41-4828-4B26-B94B-13812D7CCF2B} - System32\Tasks\{E3BFE3F2-B8A5-46AE-BD20-69DCEEFC7DB7} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {A3CDA832-65AA-46DB-BF3A-71F63AE39915} - System32\Tasks\{49ECD130-1C8B-4E46-819A-18AFD09173A5} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {A73615CF-F5C2-4DD7-8AD2-C3DF7832B6D8} - System32\Tasks\{950CF0FD-D9AF-470E-8F95-E719C87FF603} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {B7815763-D574-44DC-B987-B6271E08653A} - System32\Tasks\{81D4D825-4D84-4394-9675-F9DE449B8F06} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {B7B4B290-420D-4E7E-82C9-B8463728B346} - System32\Tasks\{E712F39C-503A-42F8-9536-DF0023E5C4FA} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {C0D47661-8362-46D5-BA38-C2B626012646} - System32\Tasks\{666C1EA4-7486-465C-BB75-7828E670685C} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {D238087B-594D-417A-AD74-6E7EEF961140} - System32\Tasks\{8628CD9E-2AC1-4E93-9442-BCFEF9141D6D} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {D3E04E38-50FC-452E-B595-7716A530F457} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3297453287-4288755749-1460869233-1000
Task: {D4B51490-DD9B-450E-884C-94F570427D28} - System32\Tasks\Driver Booster SkipUAC (SYSTEM) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-05-09] (IObit)
Task: {D5009962-3778-4B89-9320-796D807D4775} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\Monitor.exe [2013-11-29] (IObit)
Task: {D551A54B-1F4E-443D-807D-21C6652E36AC} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe [2014-07-28] (IObit)
Task: {D8BF34A8-6113-4232-8105-A0DC38D0D44A} - System32\Tasks\{CCB02427-B532-4A57-BAFE-4858C26AD1E3} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {DAFC8FB7-57BD-4325-8F45-B3D7F67B11DD} - System32\Tasks\{86F551D9-6BB0-48C2-BABF-90DB5BF7B424} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {E0ABF0EF-F2B0-4C60-9757-DA506860F067} - System32\Tasks\{2E2724D2-7053-41F8-B997-F6B2A7FAF7EA} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {F1FF7A29-7CF0-41A7-A709-74EC7EB844E4} - System32\Tasks\{C212AE67-34A4-4C6D-B77D-9EDB1C19D94A} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {F8804B99-C9A3-4606-94EE-4EEB9561790A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-01] (Google Inc.)
Task: {F9108744-7CC1-416A-A6AF-9A4435A82D69} - System32\Tasks\{9C6EFC28-3A75-4E32-9B78-1A1B3A203F74} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: {FA5F09E4-2B21-4FB2-9792-997CCBEAF58C} - System32\Tasks\{35B00743-67F0-40C5-ABE0-E74F21272454} => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3297453287-4288755749-1460869233-1000Core.job => C:\Users\SLYLAP\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3297453287-4288755749-1460869233-1000UA.job => C:\Users\SLYLAP\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3297453287-4288755749-1460869233-1000Core.job => C:\Users\SLYLAP\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3297453287-4288755749-1460869233-1000UA.job => C:\Users\SLYLAP\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-03-15 11:28 - 2010-03-15 11:28 - 00052224 _____ () C:\Program Files (x86)\Winrar\rarext64.dll
2011-10-07 03:39 - 2011-10-07 03:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2013-12-16 08:48 - 2013-01-15 19:47 - 00517440 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\sqlite3.dll
2013-12-16 08:48 - 2013-11-14 17:02 - 00218944 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\Antivirus\bdfltlib.dll
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-12-16 08:48 - 2013-01-15 19:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\madExcept_.bpl
2013-12-16 08:48 - 2013-01-15 19:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\madBasic_.bpl
2013-12-16 08:48 - 2013-01-15 19:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\madDisAsm_.bpl
2013-12-16 08:48 - 2013-01-15 19:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\webres.dll
2014-01-25 15:26 - 2014-06-04 15:17 - 00892288 _____ () C:\Program Files (x86)\IObit\Smart Defrag 3\webres.dll
2013-12-28 15:57 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl
2013-12-28 15:57 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl
2013-12-28 15:57 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl
2013-12-28 15:57 - 2013-12-12 18:46 - 08001344 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\WebUI.dll
2013-12-28 15:57 - 2013-05-16 19:26 - 00182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2013-12-29 21:18 - 2013-10-16 22:17 - 00185168 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\libcurl-4.dll
2013-12-28 15:57 - 2013-05-16 19:26 - 00145216 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2012-06-08 12:56 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2014-07-04 11:00 - 2014-07-04 11:00 - 00084344 _____ () C:\Users\SLYLAP\AppData\Roaming\mjusbsp\octvqem_apiw.DLL
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/15/2014 11:21:48 AM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost (1460) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\SLYLAP\AppData\Local\Microsoft\Windows\WebCache\V0100036.log.
 
Error: (08/12/2014 01:23:14 PM) (Source: ASCService.exe) (EventID: 0) (User: )
Description: External exception C0000008
 
Error: (08/12/2014 01:22:59 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "Accessibility, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.
 
 
System errors:
=============
Error: (08/15/2014 11:27:17 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\hitmanpro37.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (08/15/2014 11:27:17 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\hitmanpro37.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (08/15/2014 11:27:17 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\hitmanpro37.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (08/15/2014 11:27:17 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\hitmanpro37.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (08/15/2014 11:27:17 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\hitmanpro37.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (08/15/2014 11:27:16 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\hitmanpro37.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (08/15/2014 11:27:16 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\hitmanpro37.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (08/15/2014 11:27:16 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\hitmanpro37.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (08/15/2014 11:27:16 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\hitmanpro37.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (08/15/2014 11:27:15 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\hitmanpro37.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
 
Microsoft Office Sessions:
=========================
Error: (08/15/2014 11:21:48 AM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost1460WebCacheLocal: C:\Users\SLYLAP\AppData\Local\Microsoft\Windows\WebCache\V0100036.log-1811
 
Error: (08/12/2014 01:23:14 PM) (Source: ASCService.exe) (EventID: 0) (User: )
Description: External exception C0000008
 
Error: (08/12/2014 01:22:59 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "Accessibility, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies .  The error returned was Error: The specified assembly is not installed.
.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-14 01:24:00.068
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-14 01:24:00.068
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-14 01:24:00.068
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-14 01:24:00.048
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-14 01:24:00.048
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-14 01:24:00.028
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-12 23:38:16.245
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-12 23:38:16.235
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-12 23:38:16.215
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-12 23:38:16.215
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q9000 @ 2.00GHz
Percentage of memory in use: 36%
Total physical RAM: 4063.19 MB
Available physical RAM: 2565.86 MB
Total Pagefile: 8124.55 MB
Available Pagefile: 5906.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:412.23 GB) NTFS
Drive d: (RCTYCOON) (CDROM) (Total:0.17 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: B0ACE6E8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:13 PM

Posted 16 August 2014 - 07:28 AM

 
 
Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
In Windows 7 and 8
Press the [Windows Icon + R] and enter "notepad" in the box to open Notepad
 
start
 
URLSearchHook: HKCU - (No Name) - {1c68c940-1b2f-46eb-bd8c-2e1612ff6a58} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (Ads Removal) - C:\Users\SLYLAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-02-25]
CHR HKCU\...\Chrome\Extension: [ifcbjghlcdpkfaikncnblpalhpghdnhe] - C:\Users\SLYLAP\AppData\Local\CRE\ifcbjghlcdpkfaikncnblpalhpghdnhe.crx [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [dlopielgodpjhkbapdlbbicpiefpaack] - C:\Users\SLYLAP\AppData\Local\Shopping Sidekick Plugin\Chrome\Shopping Sidekick Plugin.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [ifcbjghlcdpkfaikncnblpalhpghdnhe] - C:\Users\SLYLAP\AppData\Local\CRE\ifcbjghlcdpkfaikncnblpalhpghdnhe.crx [2011-12-14]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\SLYLAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen
C:\Users\SLYLAP\AppData\Local\CRE
C:\Users\SLYLAP\AppData\Local\Shopping Sidekick Plugin
 
end
 
 
Save the files as fixlist.txt in to the same folder as FRST
 
Run FRST and click Fix only once and wait.
 
Restart the computer to reset the registry.
 
The tool will create a log (Fixlog.txt) please post it to your reply.
===
 
How is the computer running now?
 
 
 


#11 kkoz83

kkoz83
  • Topic Starter

  • Members
  • 421 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 16 August 2014 - 02:21 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-08-2014 04
Ran by SLYLAP at 2014-08-16 13:19:58 Run:1
Running from C:\Users\SLYLAP\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
URLSearchHook: HKCU - (No Name) - {1c68c940-1b2f-46eb-bd8c-2e1612ff6a58} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (Ads Removal) - C:\Users\SLYLAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen [2014-02-25]
CHR HKCU\...\Chrome\Extension: [ifcbjghlcdpkfaikncnblpalhpghdnhe] - C:\Users\SLYLAP\AppData\Local\CRE\ifcbjghlcdpkfaikncnblpalhpghdnhe.crx [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [dlopielgodpjhkbapdlbbicpiefpaack] - C:\Users\SLYLAP\AppData\Local\Shopping Sidekick Plugin\Chrome\Shopping Sidekick Plugin.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [ifcbjghlcdpkfaikncnblpalhpghdnhe] - C:\Users\SLYLAP\AppData\Local\CRE\ifcbjghlcdpkfaikncnblpalhpghdnhe.crx [2011-12-14]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\SLYLAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen
C:\Users\SLYLAP\AppData\Local\CRE
C:\Users\SLYLAP\AppData\Local\Shopping Sidekick Plugin
 
end
*****************
 
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1c68c940-1b2f-46eb-bd8c-2e1612ff6a58} => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\SLYLAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen => Moved successfully.
"HKCU\SOFTWARE\Google\Chrome\Extensions\ifcbjghlcdpkfaikncnblpalhpghdnhe" => Key deleted successfully.
"C:\Users\SLYLAP\AppData\Local\CRE\ifcbjghlcdpkfaikncnblpalhpghdnhe.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlopielgodpjhkbapdlbbicpiefpaack" => Key deleted successfully.
"C:\Users\SLYLAP\AppData\Local\Shopping Sidekick Plugin\Chrome\Shopping Sidekick Plugin.crx" => File/Directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ifcbjghlcdpkfaikncnblpalhpghdnhe" => Key deleted successfully.
"C:\Users\SLYLAP\AppData\Local\CRE\ifcbjghlcdpkfaikncnblpalhpghdnhe.crx" => File/Directory not found.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
"C:\Users\SLYLAP\AppData\Local\Google\Chrome\User Data\Default\Extensions\fopdddcinljmpmioaklghcalngfhbaen" => File/Directory not found.
C:\Users\SLYLAP\AppData\Local\CRE => Moved successfully.
"C:\Users\SLYLAP\AppData\Local\Shopping Sidekick Plugin" => File/Directory not found.
 
==== End of Fixlog ====


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:13 PM

Posted 17 August 2014 - 07:44 AM

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.
     
    If the site is busy or not available use this mirror site:
    ===
     
    How is the computer running now?


    #13 kkoz83

    kkoz83
    • Topic Starter

    • Members
    • 421 posts
    • OFFLINE
    •  
    • Local time:02:13 PM

    Posted 17 August 2014 - 08:25 PM

     Results of screen317's Security Check version 0.99.87  
     Windows 7 Service Pack 1 x64 (UAC is enabled)  
     Internet Explorer 11  
    ``````````````Antivirus/Firewall Check:``````````````
     Windows Firewall Enabled!  
    Kaspersky Internet Security    
    Advanced SystemCare Ultimate   
     Antivirus up to date!   
    `````````Anti-malware/Other Utilities Check:`````````
     Java 7 Update 67  
     Adobe Flash Player 14.0.0.145  
     Adobe Reader 10.1.11 Adobe Reader out of Date!  
     Google Chrome 36.0.1985.125  
     Google Chrome 36.0.1985.143  
     Google Chrome CTB.log..  
     Google Chrome plugins...  
    ````````Process Check: objlist.exe by Laurent````````  
     IObit IObit Malware Fighter IMFsrv.exe  
     IObit IObit Malware Fighter IMF.exe  
     Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe  
     Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe  
    `````````````````System Health check`````````````````
     Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     



    #14 nasdaq

    nasdaq

    • Malware Response Team
    • 38,228 posts
    • ONLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:02:13 PM

    Posted 18 August 2014 - 08:11 AM

    Get the latest version of the Adobe Reader.
    Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.
     
    When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
    <<<>>>
     

    If all is well.
     
    To learn more about how to protect yourself while on the internet read this little guide  Best security practices Keep safe.
    ===


    #15 kkoz83

    kkoz83
    • Topic Starter

    • Members
    • 421 posts
    • OFFLINE
    •  
    • Local time:02:13 PM

    Posted 18 August 2014 - 11:02 AM

    I switched to a different PDF reader but Kaspersky reboot still re-appears.  What next?






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users