Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unable to run Malwarebytes


  • This topic is locked This topic is locked
53 replies to this topic

#1 Benny T

Benny T

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 09 August 2014 - 07:13 PM

I have done general cleanup on this computer removing adware and unused/unnecessary files. The computer runs well except I cannot get it to run Malwarebytes. I uninstalled and then reinstalled it but that didn't help. It's funny since I can download/install/run other software just fine but not malwarebytes. I have also run Rkill to stop other processes from running but that didn't help either. I just assume there is a virus buried somewhere in my computer and I would like to remove it if at all possible. 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,385 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:08 PM

Posted 14 August 2014 - 11:47 AM

Greetings Benny T and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Benny T

Benny T
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 14 August 2014 - 01:27 PM

 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2014 01

Ran by Nathan at 2014-08-14 11:10:26
Running from C:\Users\Nathan\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2Wire Wireless Client (HKLM-x32\...\{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}) (Version:  - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.2.602 - Adobe Systems, Inc.)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Yahoo! High Speed Internet Home Networking Installer (HKLM-x32\...\2Wire SetupWiz) (Version:  - )
ATT-PRT22 (HKLM-x32\...\ATT-PRT22) (Version:  - )
Backup Manager Advance (x32 Version: 2.0.2.19 - NewTech Infosystems) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Burn My Files (HKLM-x32\...\Burn My Files_is1) (Version: 3.4.0.420 - GetData Pty Ltd)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.6.0.12 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.2.7 - Canon Inc.)
Canon MP Navigator EX 4.1 (HKLM-x32\...\MP Navigator EX 4.1) (Version:  - )
Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version:  - )
Canon MX410 series User Registration (HKLM-x32\...\Canon MX410 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.0.0.3 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.2.0.29 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.0.9 - Canon Inc.)
CardRd81 (x32 Version: 4.00.0000.0004 - EASTMAN KODAK Company) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
CCScore (x32 Version: 5.00.0000.0011 - EASTMAN KODAK Company) Hidden
CDDRV_Installer (x32 Version: 1.00.0000 - Logitech) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CR2 (x32 Version: 4.00.0000.0003 - EASTMAN KODAK Company) Hidden
ESSBrwr (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
ESSCDBK (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
ESScore (x32 Version: 5.00.0000.0037 - EASTMAN KODAK Company) Hidden
ESSCT (x32 Version: 5.00.0000.0003 - EASTMAN KODAK Company) Hidden
ESSgui (x32 Version: 5.00.0000.0013 - EASTMAN KODAK Company) Hidden
ESShelp (x32 Version: 5.00.0000.0005 - EASTMAN KODAK Company) Hidden
ESSini (x32 Version: 5.00.0000.0010 - EASTMAN KODAK Company) Hidden
ESSPCD (x32 Version: 5.00.0000.0007 - EASTMAN KODAK Company) Hidden
ESSPDock (x32 Version: 5.00.0000.0020 - EASTMAN KODAK Company) Hidden
ESSSONIC (x32 Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
ESSTUTOR (x32 Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
ESSvpaht (x32 Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSvpot (x32 Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
Facebook Plug-In (HKCU\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Gateway InfoCentre (HKLM-x32\...\Gateway InfoCentre) (Version: 3.02.3000 - Gateway Incorporated)
Gateway MyBackup (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.2.19 - NewTech Infosystems)
Gateway Photo Frame 4.2.3.10 (HKLM-x32\...\Gateway Photo Frame) (Version: 4.2.3.10 - I/O Interconnect)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3003 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.02.3005 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0812 - Gateway Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HLPIndex (x32 Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
HLPPDOCK (x32 Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
HLPRFO (x32 Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Gateway Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 3.2.1.0 - Microsoft Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
KB0817 Keyboard Driver (HKLM-x32\...\{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}) (Version: 1.30.0000 - Gateway)
KhalInstallWrapper (Version: 4.00.121 - Logitech) Hidden
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
KSU (x32 Version: 632.62.0002.0001 - EASTMAN KODAK Company) Hidden
Logitech SetPoint (HKLM-x32\...\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}) (Version: 4.00 - Logitech)
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2000 Premium (HKLM-x32\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office Sounds (HKLM-x32\...\{10CE1EA2-12E9-11D3-825E-00C04F6843FE}) (Version: 1.0.0.0 - Microsoft Corp)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{C02E178A-52FA-3266-E945-BE38D3171033}) (Version: 7.00.2028 - Nero AG)
Nero 9 Essentials (HKLM-x32\...\{0253931e-0ed4-4006-a42a-a1a6ad6d860f}) (Version:  - Nero AG)
Nero BurnLite 10 (HKLM-x32\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG)
Nero BurnLite 10 (HKLM-x32\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG)
Nero Control Center 10 (x32 Version: 10.0.13100.3.1 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.15100.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.7.201 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.7.201 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.9.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.7.201 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.8.1 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.11.209 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.1.100 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
NeroExpress (x32 Version: 9.4.10.505 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Notifier (x32 Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - )
OTtBP (x32 Version: 5.00.0000.0003 - EASTMAN KODAK Company) Hidden
OTtBPSDK (x32 Version: 4.00.0000.0000 - EASTMAN KODAK Company) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
SFR (x32 Version: 5.00.0000.0005 - Eastman Kodak Company) Hidden
SHASTA (x32 Version: 5.00.0000.0003 - EASTMAN KODAK Company) Hidden
SKIN0001 (x32 Version: 5.00.0000.0007 - EASTMAN KODAK Company) Hidden
SKINXSDK (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Synctunes Desktop (HKLM-x32\...\{4A14B3B7-5D71-4C3F-967B-50D6A42BF7F7}) (Version: 1.1.0 - The Bit Studio)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2011 wcaiper (x32 Version: 011.000.1647 - Intuit Inc.) Hidden
TurboTax 2011 WinPerFedFormset (x32 Version: 011.000.2999 - Intuit Inc.) Hidden
TurboTax 2011 WinPerReleaseEngine (x32 Version: 011.000.0474 - Intuit Inc.) Hidden
TurboTax 2011 WinPerTaxSupport (x32 Version: 011.000.0214 - Intuit Inc.) Hidden
TurboTax 2011 wrapper (x32 Version: 011.000.0121 - Intuit Inc.) Hidden
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 wcaiper (x32 Version: 012.000.1508 - Intuit Inc.) Hidden
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2309 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0474 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0186 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Vista Shortcut Manager x64 (HKLM\...\{C7311329-C491-427B-8880-133E84869B3A}) (Version: 2.0 - Frameworkx)
VPRINTOL (x32 Version: 5.00.0000.0002 - EASTMAN KODAK Company) Hidden
Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 3.1.1.0 - Microsoft Corporation)
WIRELESS (x32 Version: 5.00.0000.0001 - EASTMAN KODAK Company) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {283A173B-B362-47C6-86BD-B61429D031B2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {507E7F71-2BD7-4ABF-B456-97173BD7D239} - System32\Tasks\MHotkey => C:\Windows\MHotKey.exe [2008-05-30] ()
Task: {6A15EF51-99F0-4D23-A718-9547A9AE072E} - System32\Tasks\Registry Repair => C:\Program Files (x86)\StompSoft\RegistryRepair4\Registry Repair.exe
Task: {7B162594-C63A-4754-B837-78FFDE946457} - System32\Tasks\GoogleUpdateTaskMachineUA1cf2db2c3efcac0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30] (Google Inc.)
Task: {9BF0AEC0-CBFC-4CAB-9246-4A20A96F0E10} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-13] (Adobe Systems Incorporated)
Task: {AE7A04B4-E05B-4D84-9748-81107B7DCE93} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Gateway\Gateway Recovery Management\NotificationCenter\Notification.exe [2009-07-09] (Acer)
Task: {B502F348-BA73-4BF2-A8E7-6E047ECAA809} - System32\Tasks\One-Click Tweak => C:\Program Files (x86)\Advanced PC Tweaker\OneClick.exe
Task: {DF5FBCD6-0C2F-44E6-9156-7B99D06BBD2D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E20EC6A2-E03B-4023-A08C-CD423E0D011A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FixMeStickRunOnReboot.job => C:\FixMeStick\RunFixMeStick.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf2db2c3efcac0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\One-Click Tweak.job => C:\Program Files (x86)\Advanced PC Tweaker\AdvancedPCTweaker.exe
Task: C:\Windows\Tasks\Registry Repair.job => C:\Program Files (x86)\StompSoft\RegistryRepair4\Registry Repair.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-04-09 12:38 - 2010-07-27 02:44 - 00137680 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2009-09-14 17:18 - 2008-05-30 10:50 - 00581120 _____ () C:\Windows\MHotKey.exe
2010-08-11 15:51 - 2007-04-23 04:00 - 00077824 _____ () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2009-02-02 17:33 - 2009-02-02 17:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
2008-09-28 17:55 - 2008-09-28 17:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\ACE.dll
2009-06-12 16:37 - 2009-06-12 16:37 - 00032768 _____ () C:\Program Files (x86)\Gateway Photo Frame\IOIUSBLib.dll
2009-06-12 16:37 - 2009-06-12 16:37 - 00025088 _____ () C:\Program Files (x86)\Gateway Photo Frame\IOIHIDLib.dll
2014-08-13 20:41 - 2014-08-06 20:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-13 20:41 - 2014-08-06 20:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-13 20:41 - 2014-08-06 20:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-13 20:41 - 2014-08-06 20:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-13 20:41 - 2014-08-06 20:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:AC6124CA
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: 0140861380852754mcinstcleanup => 2
MSCONFIG\Services: mfefire => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk => C:\Windows\pss\Kodak EasyShare software.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak software updater.lnk => C:\Windows\pss\Kodak software updater.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: autoauto => 20780664.bat
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\Common~1\McAfee\Platform\mcuicnt.exe" /platui /runkey
MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\SysWOW64\NeroCheck.exe
MSCONFIG\startupreg: pcreg => C:\Program Files\pcreg\service.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
 
==================== Faulty Device Manager Devices =============
 
Name: PS/2 Mouse
Description: PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Logitech
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/14/2014 11:05:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xe44
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (08/13/2014 08:33:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xd90
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (08/13/2014 08:32:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (08/13/2014 08:32:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (08/13/2014 01:16:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xd00
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (08/13/2014 00:56:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1128
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (08/13/2014 00:37:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1040
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (08/09/2014 09:10:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x798
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (08/09/2014 08:59:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xb98
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (08/09/2014 08:57:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ProcExp64.exe, version: 16.3.0.0, time stamp: 0x53de404a
Faulting module name: ProcExp64.exe, version: 16.3.0.0, time stamp: 0x53de404a
Exception code: 0xc0000417
Fault offset: 0x00000000000a4ae5
Faulting process id: 0x11d0
Faulting application start time: 0xProcExp64.exe0
Faulting application path: ProcExp64.exe1
Faulting module path: ProcExp64.exe2
Report Id: ProcExp64.exe3
 
 
System errors:
=============
Error: (08/13/2014 01:26:56 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume G: encountered a non-retryable error and could not start.  The data contains the error code.
 
Error: (08/09/2014 09:10:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/09/2014 09:10:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/09/2014 09:10:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/09/2014 09:10:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/09/2014 09:10:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/09/2014 09:10:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/09/2014 09:10:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/09/2014 09:10:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/09/2014 09:10:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (08/14/2014 11:05:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fde4401cfb7ea603915e6C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlla091b6cc-23dd-11e4-84e5-001f16f3fb04
 
Error: (08/13/2014 08:33:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdd9001cfb7708dc27de0C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllcf1b484c-2363-11e4-a5f6-001f16f3fb04
 
Error: (08/13/2014 08:32:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (08/13/2014 08:32:03 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (08/13/2014 01:16:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdd0001cfb7337dffd143C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllc02ed788-2326-11e4-bdc3-001f16f3fb04
 
Error: (08/13/2014 00:56:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd112801cfb73095c4318bC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dlld8ace326-2323-11e4-bdc3-001f16f3fb04
 
Error: (08/13/2014 00:37:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd104001cfb72df92ee32eC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll3a476873-2321-11e4-9185-001f16f3fb04
 
Error: (08/09/2014 09:10:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd79801cfb451050de441C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll52e5e81d-2044-11e4-bd21-001f16f3fb04
 
Error: (08/09/2014 08:59:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdb9801cfb44f6cd23a58C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dllae1a5b23-2042-11e4-8407-001f16f3fb04
 
Error: (08/09/2014 08:57:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ProcExp64.exe16.3.0.053de404aProcExp64.exe16.3.0.053de404ac000041700000000000a4ae511d001cfb44ef326dad1C:\Users\Nathan\AppData\Local\Temp\ProcExp64.exeC:\Users\Nathan\AppData\Local\Temp\ProcExp64.exe7a997515-2042-11e4-8407-001f16f3fb04
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 45%
Total physical RAM: 4061.18 MB
Available physical RAM: 2221.8 MB
Total Pagefile: 8122.35 MB
Available Pagefile: 6067.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: (Gateway) (Fixed) (Total:581.89 GB) (Free:248.21 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 881E4EC6)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=283 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=582 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2014 01
Ran by Nathan (administrator) on THETHOMPSON on 14-08-2014 11:08:54
Running from C:\Users\Nathan\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
(Acer) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
() C:\Windows\mHotkey.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(IOI) C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Chicony) C:\Windows\ChiFuncExt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [134416 2007-04-11] (Logitech Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-25] (CANON INC.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [NWEReboot] => [X]
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-06-13] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Gateway Photo Frame] => C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe [124416 2009-07-20] (IOI)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-504415395-2054630939-660048953-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1563440 2014-06-13] (Samsung)
HKU\S-1-5-21-504415395-2054630939-660048953-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-07-18] (Samsung Electronics)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\common\yinsthelper.dll
DPF: HKLM-x32 {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: HKLM-x32 {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gateway.com/support/serialharvest/gwCID.CAB
Handler: ipp - No CLSID Value - 
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - No CLSID Value - 
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Nathan\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [fbphotozoom@installdaddy.com] - C:\Program Files (x86)\fbphotozoom\fbphotozoom13.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR HomePage: hxxp://www.yahoo.com/
CHR StartupUrls: "hxxp://www.yahoo.com/"
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Motive Plugin) - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
CHR Plugin: (Fun Web Products Plugin Stub) - C:\Program Files (x86)\FunWebProducts\Installr\1.bin\NPFunWeb.dll No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (BrowserPlus (from Yahoo!) v2.6.0) - C:\Users\Nathan\AppData\Local\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll No File
CHR Plugin: (Facebook Plugin) - C:\Users\Nathan\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CHR Plugin: (Move Streaming Media Player) - C:\Users\Nathan\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Yahoo Web) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2014-08-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-08-28]
CHR Extension: (Google Search) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-08-28]
CHR Extension: (Google Wallet) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Gmail) - C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-28]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-05-13] (McAfee, Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [137680 2010-07-27] ()
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2009-08-14] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2009-08-14] (Alcatel-Lucent) [File not signed]
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-05-13] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-05-13] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-05-13] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-05-13] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-05-02] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-05-02] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-05-13] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-05-02] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-14] (Malwarebytes Corporation)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [76064 2014-05-26] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-05-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-05-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-05-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-05-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [94736 2010-08-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-05-02] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-14 11:07 - 2014-08-14 11:07 - 02100224 _____ (Farbar) C:\Users\Nathan\Downloads\FRST64.exe
2014-08-14 11:07 - 2014-08-14 11:07 - 00001461 _____ () C:\Users\Nathan\Desktop\FRST64.exe.lnk
2014-08-14 11:05 - 2014-08-14 11:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-14 11:05 - 2014-08-14 11:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-14 11:05 - 2014-08-14 11:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-14 11:05 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-14 11:05 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-14 11:05 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-14 11:04 - 2014-08-14 11:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nathan\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-13 21:05 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 21:05 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 21:05 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 21:05 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 21:05 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 21:05 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 21:05 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 21:05 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 21:05 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 21:05 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 21:05 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 21:05 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 21:05 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 21:05 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 20:56 - 2014-08-14 10:56 - 00000168 _____ () C:\Windows\setupact.log
2014-08-13 20:56 - 2014-08-13 20:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-13 20:44 - 2014-08-13 20:44 - 17385800 _____ (Google Inc.) C:\Users\Nathan\Downloads\picasa39-setup (1).exe
2014-08-13 20:40 - 2014-08-13 20:40 - 00895120 _____ (Google Inc.) C:\Users\Nathan\Downloads\ChromeSetup.exe
2014-08-13 20:38 - 2014-08-13 20:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-13 20:37 - 2014-08-13 20:37 - 76971416 _____ (Adobe Systems Incorporated) C:\Users\Nathan\Downloads\AdbeRdr11008_en_US.exe
2014-08-13 20:30 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 20:30 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 20:30 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 20:30 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 20:30 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 20:30 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 20:29 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 20:29 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 13:27 - 2014-08-13 13:27 - 00217383 _____ () C:\FixMeSB
2014-08-13 13:27 - 2014-08-13 13:27 - 00009216 _____ () C:\FixMeSB.mbr
2014-08-13 13:27 - 2014-08-13 13:27 - 00004391 _____ () C:\FixMeSB.lst
2014-08-13 13:27 - 2014-08-13 13:27 - 00000242 _____ () C:\Windows\Tasks\FixMeStickRunOnReboot.job
2014-08-13 13:27 - 2014-08-13 13:27 - 00000001 _____ () C:\fixmestick.marker.flag
2014-08-13 13:27 - 2014-08-13 13:27 - 00000000 ____D () C:\FixMeStick
2014-08-13 13:20 - 2014-08-14 11:06 - 00000000 ____D () C:\Users\Nathan\AppData\Local\CrashDumps
2014-08-13 13:06 - 2014-08-13 13:06 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-13 13:00 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-13 12:52 - 2014-08-13 12:52 - 00070632 _____ () C:\Windows\system32\bootdelete.lst
2014-08-13 12:52 - 2014-08-13 12:52 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-08-13 12:39 - 2014-08-13 12:53 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-13 12:37 - 2014-08-13 12:38 - 11188736 _____ (SurfRight B.V.) C:\Users\Nathan\Downloads\hitmanpro_x64.exe
2014-08-13 12:28 - 2014-07-31 16:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 12:28 - 2014-07-25 07:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 12:28 - 2014-07-25 07:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 12:28 - 2014-07-25 06:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 12:28 - 2014-07-25 06:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 12:28 - 2014-07-25 06:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 12:28 - 2014-07-25 06:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 12:28 - 2014-07-25 05:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 12:28 - 2014-07-25 05:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 12:28 - 2014-07-25 05:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 12:28 - 2014-07-25 05:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 12:28 - 2014-07-25 05:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 12:28 - 2014-07-25 05:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 12:28 - 2014-07-25 05:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 12:28 - 2014-07-25 05:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 12:28 - 2014-07-25 05:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 12:28 - 2014-07-25 04:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 12:28 - 2014-07-25 04:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 12:28 - 2014-07-25 04:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 12:28 - 2014-07-25 04:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 12:28 - 2014-07-25 04:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 12:28 - 2014-07-25 04:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 12:28 - 2014-07-25 04:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 12:28 - 2014-07-25 04:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 12:28 - 2014-07-25 03:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 12:28 - 2014-07-25 03:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 12:28 - 2014-07-15 20:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 12:28 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 12:28 - 2014-07-15 19:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 12:28 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 12:28 - 2014-07-15 19:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 12:28 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 12:28 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 12:28 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 12:28 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 12:28 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 12:28 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 12:28 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 12:28 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 12:27 - 2014-07-31 16:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 12:27 - 2014-07-25 07:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 12:27 - 2014-07-25 06:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 12:27 - 2014-07-25 06:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 12:27 - 2014-07-25 06:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 12:27 - 2014-07-25 06:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 12:27 - 2014-07-25 06:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 12:27 - 2014-07-25 06:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 12:27 - 2014-07-25 06:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 12:27 - 2014-07-25 06:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 12:27 - 2014-07-25 05:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 12:27 - 2014-07-25 05:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 12:27 - 2014-07-25 05:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 12:27 - 2014-07-25 05:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 12:27 - 2014-07-25 05:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 12:27 - 2014-07-25 05:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 12:27 - 2014-07-25 05:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 12:27 - 2014-07-25 05:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 12:27 - 2014-07-25 05:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 12:27 - 2014-07-25 05:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 12:27 - 2014-07-25 04:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 12:27 - 2014-07-25 04:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 12:27 - 2014-07-25 04:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 12:27 - 2014-07-25 04:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 12:27 - 2014-07-25 04:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 12:27 - 2014-07-25 04:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 12:27 - 2014-07-25 03:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 12:27 - 2014-07-25 03:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 12:27 - 2014-07-25 03:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 12:27 - 2014-07-25 03:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 12:27 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 12:27 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 11:53 - 2014-08-13 11:53 - 00000001 _____ () C:\fixmestick.scan.quarantined.flag
2014-08-13 11:50 - 2014-08-13 11:50 - 00000001 _____ () C:\fixmestick.scan.malware.flag
2014-08-13 11:50 - 2014-08-13 11:50 - 00000000 ____D () C:\FixMeStick Quarantine
2014-08-13 06:30 - 2014-08-13 06:31 - 00000001 _____ () C:\fixmestick.boot.flag
2014-08-13 06:30 - 2014-08-13 06:30 - 00000001 _____ () C:\fixmestick.connected.flag
2014-08-12 16:00 - 2014-08-12 16:00 - 04575232 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2014-08-09 21:06 - 2014-08-09 21:06 - 01733632 _____ () C:\Users\Nathan\Downloads\FxVisor64.msi
2014-08-09 21:06 - 2014-08-09 21:06 - 00000000 ____D () C:\Users\Nathan\AppData\Local\Frameworkx.com
2014-08-09 21:06 - 2014-08-09 21:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frameworkx
2014-08-09 21:06 - 2014-08-09 21:06 - 00000000 ____D () C:\Program Files\Frameworkx
2014-08-09 21:04 - 2014-08-09 21:04 - 00001750 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-09 21:04 - 2014-08-09 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-09 21:03 - 2014-08-09 21:04 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-09 21:03 - 2014-08-09 21:04 - 00000000 ____D () C:\Program Files\iTunes
2014-08-09 21:03 - 2014-08-09 21:03 - 00000000 ____D () C:\Program Files\iPod
2014-08-09 21:02 - 2014-08-09 21:02 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-08-09 20:59 - 2014-08-09 21:00 - 113492816 _____ (Apple Inc.) C:\Users\Nathan\Downloads\iTunes64Setup.exe
2014-08-09 20:54 - 2014-08-09 20:54 - 00000000 ____D () C:\Users\Nathan\Downloads\ProcessExplorer
2014-08-09 20:53 - 2014-08-09 20:53 - 01187960 _____ () C:\Users\Nathan\Downloads\ProcessExplorer.zip
2014-08-07 21:08 - 2014-08-07 21:08 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Nathan\Downloads\rkill.exe
2014-08-07 20:44 - 2014-08-07 20:44 - 04872677 _____ () C:\Users\Nathan\Downloads\mbam-chameleon-3.1.4.0.zip
2014-08-07 20:44 - 2014-08-07 20:44 - 00000000 ____D () C:\Users\Nathan\Downloads\mbam-chameleon-3.1.4.0
2014-08-07 20:22 - 2014-08-07 20:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-07 20:21 - 2014-08-07 20:21 - 17292208 _____ (Malwarebytes Corporation ) C:\Users\Nathan\Downloads\mbam-setup.exe
2014-08-07 20:17 - 2014-08-07 20:17 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Nathan\Downloads\mbam-clean-2.1.1.1001.exe
2014-08-07 20:17 - 2014-08-07 20:17 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Nathan\Downloads\mbam-clean-2.1.1.1001 (1).exe
2014-08-07 13:37 - 2014-08-07 13:37 - 01475072 _____ () C:\Users\Nathan\Downloads\AdwCleaner.exe
2014-08-07 13:29 - 2014-08-07 13:29 - 00008372 _____ () C:\Users\Nathan\Downloads\fixlist (1).txt
2014-08-07 11:32 - 2014-08-07 11:33 - 00034774 _____ () C:\Users\Nathan\Downloads\Addition.txt
2014-08-07 11:29 - 2014-08-14 11:09 - 00019080 _____ () C:\Users\Nathan\Downloads\FRST.txt
2014-08-07 11:29 - 2014-08-14 11:09 - 00000000 ____D () C:\FRST
2014-08-06 21:56 - 2014-01-08 19:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-08-06 21:56 - 2014-01-03 15:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-08-06 18:40 - 2014-08-06 18:41 - 111920888 _____ (Microsoft Corporation) C:\Users\Nathan\Downloads\msert.exe
2014-08-05 18:16 - 2014-08-06 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-05 18:16 - 2014-08-05 18:16 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-05 18:16 - 2014-08-05 18:16 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-05 17:58 - 2014-08-05 17:58 - 00000000 __RSD () C:\Users\Nathan\Documents\My Stationery
2014-08-05 17:50 - 2014-08-05 17:50 - 32747816 _____ (Nero AG) C:\Users\Nathan\Downloads\Nero_BurnLite-10.0.10600.exe
2014-08-05 17:47 - 2014-08-05 17:47 - 17312072 _____ (Google Inc.) C:\Users\Nathan\Downloads\picasa39-setup.exe
2014-08-05 17:42 - 2014-08-05 17:42 - 18732144 _____ (Adobe Systems Inc.) C:\Users\Nathan\Downloads\AdobeAIRInstaller.exe
2014-08-05 17:40 - 2014-08-05 17:46 - 00002006 _____ () C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2014-08-05 17:40 - 2014-08-05 17:40 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2014-08-05 16:53 - 2013-05-09 22:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-08-05 16:53 - 2013-05-09 22:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-08-05 16:53 - 2013-05-09 21:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-08-05 16:53 - 2013-05-09 21:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-08-05 16:46 - 2013-10-01 19:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-08-05 16:46 - 2013-10-01 19:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-05 16:46 - 2013-10-01 19:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-05 16:46 - 2013-10-01 18:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-08-05 16:46 - 2013-10-01 18:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-08-05 16:46 - 2013-10-01 18:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-08-05 16:46 - 2013-10-01 18:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-08-05 16:46 - 2013-10-01 17:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-08-05 16:46 - 2013-10-01 17:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-08-05 16:46 - 2013-10-01 17:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-08-05 16:46 - 2013-10-01 17:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-08-05 16:46 - 2013-10-01 17:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-08-05 16:46 - 2013-10-01 16:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-08-05 16:46 - 2013-10-01 16:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-08-05 16:46 - 2013-10-01 16:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-08-05 16:46 - 2013-10-01 15:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-08-05 16:45 - 2013-12-03 19:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-08-05 16:45 - 2013-12-03 19:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-08-05 16:45 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-08-05 16:45 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-08-05 16:45 - 2013-12-03 19:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-08-05 16:45 - 2013-12-03 19:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-08-05 16:45 - 2013-12-03 19:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-08-05 16:45 - 2013-12-03 19:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-08-05 16:45 - 2013-12-03 19:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-08-05 16:45 - 2013-12-03 19:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-08-05 16:45 - 2013-12-03 19:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-08-05 16:45 - 2013-12-03 19:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-08-05 16:45 - 2013-12-03 18:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-08-05 16:45 - 2013-12-03 18:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-08-05 16:45 - 2013-12-03 18:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-08-05 16:45 - 2013-12-03 18:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-08-05 16:45 - 2013-11-23 11:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-08-05 16:45 - 2013-11-23 10:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-08-05 16:45 - 2013-07-04 05:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-08-05 16:45 - 2013-07-04 05:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-08-05 16:45 - 2013-07-04 04:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-08-05 16:45 - 2013-07-04 04:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-08-05 16:45 - 2013-07-04 03:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-08-05 16:44 - 2014-05-30 01:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-08-05 16:44 - 2014-05-30 01:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-08-05 16:44 - 2014-05-30 01:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-08-05 16:44 - 2014-05-30 01:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-08-05 16:44 - 2014-05-30 01:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-08-05 16:44 - 2014-05-30 00:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-08-05 16:44 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-08-05 16:44 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-08-05 16:44 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-08-05 16:44 - 2014-01-23 19:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-08-05 16:44 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-08-05 16:44 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-08-05 16:44 - 2013-10-29 19:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-08-05 16:44 - 2013-10-29 19:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-08-05 16:44 - 2013-10-03 19:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-08-05 16:44 - 2013-10-03 19:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-08-05 16:44 - 2013-10-03 18:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-08-05 16:44 - 2013-10-03 18:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-08-05 16:44 - 2013-09-24 19:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-08-05 16:44 - 2013-09-24 18:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-08-05 16:43 - 2014-05-30 01:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-08-05 16:43 - 2014-05-30 01:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-08-05 16:43 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-08-05 16:43 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-08-05 16:43 - 2014-05-30 00:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-08-05 16:43 - 2014-05-30 00:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-08-05 16:43 - 2014-02-03 19:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-08-05 16:43 - 2014-02-03 19:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-08-05 16:43 - 2014-02-03 19:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-08-05 16:43 - 2014-02-03 19:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-08-05 16:43 - 2014-02-03 19:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-08-05 16:41 - 2014-02-03 19:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-08-05 16:41 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-08-05 16:41 - 2013-08-27 18:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-08-05 16:10 - 2014-08-05 16:10 - 13829304 _____ (Microsoft Corporation) C:\Users\Nathan\Downloads\mseinstall.exe
2014-08-05 16:10 - 2014-08-05 16:10 - 00002084 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-08-05 16:10 - 2014-08-05 16:10 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-08-05 16:10 - 2014-08-05 16:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-08-05 15:52 - 2014-08-05 15:53 - 00000000 ____D () C:\Program Files\Unlocker
2014-08-05 15:52 - 2014-08-05 15:52 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2014-08-05 13:59 - 2014-08-05 13:59 - 00000000 _____ () C:\Windows\SysWOW64\RENA296.tmp
2014-08-05 13:59 - 2014-08-05 13:59 - 00000000 _____ () C:\Windows\SysWOW64\RENA295.tmp
2014-08-03 12:13 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-03 12:13 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-03 12:13 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-03 12:13 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-03 12:13 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-03 12:13 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-03 12:13 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-03 12:13 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-03 12:13 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-03 12:13 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-03 12:13 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-03 12:13 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-03 12:13 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-03 12:13 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-28 17:46 - 2014-07-28 17:46 - 00000000 __SHD () C:\found.000
2014-07-26 20:34 - 2014-07-26 20:34 - 00000000 ____D () C:\Users\No Nubes Allowed\AppData\Local\Apple
2014-07-26 13:36 - 2014-07-26 13:36 - 00000000 __SHD () C:\Users\Heather\AppData\Local\EmieUserList
2014-07-26 13:36 - 2014-07-26 13:36 - 00000000 __SHD () C:\Users\Heather\AppData\Local\EmieSiteList
2014-07-26 13:34 - 2014-07-26 13:52 - 00000003 _____ () C:\Users\Heather\AppData\Local\proxy.log
2014-07-25 17:27 - 2014-08-05 12:13 - 00000000 ____D () C:\Users\No Nubes Allowed\AppData\Roaming\Spotify
2014-07-25 17:27 - 2014-07-29 09:08 - 00000000 ____D () C:\Users\No Nubes Allowed\AppData\Local\Spotify
2014-07-25 15:32 - 2014-07-25 15:46 - 00000000 ____D () C:\Users\No Nubes Allowed\AppData\Local\Microsoft Games
2014-07-20 17:59 - 2014-07-20 18:03 - 00000000 ____D () C:\Users\Not Bullbleep\AppData\Local\Microsoft Games
2014-07-16 13:56 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-14 11:09 - 2014-08-07 11:29 - 00019080 _____ () C:\Users\Nathan\Downloads\FRST.txt
2014-08-14 11:09 - 2014-08-07 11:29 - 00000000 ____D () C:\FRST
2014-08-14 11:07 - 2014-08-14 11:07 - 02100224 _____ (Farbar) C:\Users\Nathan\Downloads\FRST64.exe
2014-08-14 11:07 - 2014-08-14 11:07 - 00001461 _____ () C:\Users\Nathan\Desktop\FRST64.exe.lnk
2014-08-14 11:06 - 2014-08-13 13:20 - 00000000 ____D () C:\Users\Nathan\AppData\Local\CrashDumps
2014-08-14 11:06 - 2014-02-19 13:40 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf2db2c3efcac0.job
2014-08-14 11:05 - 2014-08-14 11:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-14 11:05 - 2014-08-14 11:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-14 11:05 - 2014-08-14 11:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-14 11:04 - 2014-08-14 11:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Nathan\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-14 11:04 - 2009-07-13 21:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-14 11:04 - 2009-07-13 21:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-14 11:03 - 2010-01-30 20:08 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-14 11:00 - 2009-09-14 17:05 - 01908146 _____ () C:\Windows\WindowsUpdate.log
2014-08-14 10:57 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-14 10:56 - 2014-08-13 20:56 - 00000168 _____ () C:\Windows\setupact.log
2014-08-14 10:56 - 2009-07-13 21:45 - 00350088 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-13 23:50 - 2012-12-13 23:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-13 20:56 - 2014-08-13 20:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-13 20:54 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 20:46 - 2010-02-15 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-08-13 20:44 - 2014-08-13 20:44 - 17385800 _____ (Google Inc.) C:\Users\Nathan\Downloads\picasa39-setup (1).exe
2014-08-13 20:44 - 2013-08-15 18:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 20:41 - 2014-06-21 21:46 - 00002222 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-13 20:40 - 2014-08-13 20:40 - 00895120 _____ (Google Inc.) C:\Users\Nathan\Downloads\ChromeSetup.exe
2014-08-13 20:38 - 2014-08-13 20:38 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-13 20:37 - 2014-08-13 20:37 - 76971416 _____ (Adobe Systems Incorporated) C:\Users\Nathan\Downloads\AdbeRdr11008_en_US.exe
2014-08-13 20:35 - 2009-11-14 21:41 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 20:33 - 2012-09-10 18:29 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-13 20:33 - 2012-09-10 18:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-13 20:32 - 2009-07-13 22:13 - 00006222 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-13 13:27 - 2014-08-13 13:27 - 00217383 _____ () C:\FixMeSB
2014-08-13 13:27 - 2014-08-13 13:27 - 00009216 _____ () C:\FixMeSB.mbr
2014-08-13 13:27 - 2014-08-13 13:27 - 00004391 _____ () C:\FixMeSB.lst
2014-08-13 13:27 - 2014-08-13 13:27 - 00000242 _____ () C:\Windows\Tasks\FixMeStickRunOnReboot.job
2014-08-13 13:27 - 2014-08-13 13:27 - 00000001 _____ () C:\fixmestick.marker.flag
2014-08-13 13:27 - 2014-08-13 13:27 - 00000000 ____D () C:\FixMeStick
2014-08-13 13:06 - 2014-08-13 13:06 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-13 12:56 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-13 12:53 - 2014-08-13 12:39 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-13 12:52 - 2014-08-13 12:52 - 00070632 _____ () C:\Windows\system32\bootdelete.lst
2014-08-13 12:52 - 2014-08-13 12:52 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-08-13 12:38 - 2014-08-13 12:37 - 11188736 _____ (SurfRight B.V.) C:\Users\Nathan\Downloads\hitmanpro_x64.exe
2014-08-13 11:53 - 2014-08-13 11:53 - 00000001 _____ () C:\fixmestick.scan.quarantined.flag
2014-08-13 11:52 - 2014-04-30 17:50 - 00000000 ____D () C:\temp
2014-08-13 11:52 - 2014-04-13 17:17 - 00000000 ___HD () C:\a
2014-08-13 11:50 - 2014-08-13 11:50 - 00000001 _____ () C:\fixmestick.scan.malware.flag
2014-08-13 11:50 - 2014-08-13 11:50 - 00000000 ____D () C:\FixMeStick Quarantine
2014-08-13 06:31 - 2014-08-13 06:30 - 00000001 _____ () C:\fixmestick.boot.flag
2014-08-13 06:30 - 2014-08-13 06:30 - 00000001 _____ () C:\fixmestick.connected.flag
2014-08-12 16:00 - 2014-08-12 16:00 - 04575232 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2014-08-09 21:06 - 2014-08-09 21:06 - 01733632 _____ () C:\Users\Nathan\Downloads\FxVisor64.msi
2014-08-09 21:06 - 2014-08-09 21:06 - 00000000 ____D () C:\Users\Nathan\AppData\Local\Frameworkx.com
2014-08-09 21:06 - 2014-08-09 21:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frameworkx
2014-08-09 21:06 - 2014-08-09 21:06 - 00000000 ____D () C:\Program Files\Frameworkx
2014-08-09 21:04 - 2014-08-09 21:04 - 00001750 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-09 21:04 - 2014-08-09 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-09 21:04 - 2014-08-09 21:03 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-09 21:04 - 2014-08-09 21:03 - 00000000 ____D () C:\Program Files\iTunes
2014-08-09 21:04 - 2013-04-21 20:37 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-09 21:03 - 2014-08-09 21:03 - 00000000 ____D () C:\Program Files\iPod
2014-08-09 21:02 - 2014-08-09 21:02 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-08-09 21:00 - 2014-08-09 20:59 - 113492816 _____ (Apple Inc.) C:\Users\Nathan\Downloads\iTunes64Setup.exe
2014-08-09 20:54 - 2014-08-09 20:54 - 00000000 ____D () C:\Users\Nathan\Downloads\ProcessExplorer
2014-08-09 20:53 - 2014-08-09 20:53 - 01187960 _____ () C:\Users\Nathan\Downloads\ProcessExplorer.zip
2014-08-07 21:08 - 2014-08-07 21:08 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Nathan\Downloads\rkill.exe
2014-08-07 20:44 - 2014-08-07 20:44 - 04872677 _____ () C:\Users\Nathan\Downloads\mbam-chameleon-3.1.4.0.zip
2014-08-07 20:44 - 2014-08-07 20:44 - 00000000 ____D () C:\Users\Nathan\Downloads\mbam-chameleon-3.1.4.0
2014-08-07 20:22 - 2014-08-07 20:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-07 20:21 - 2014-08-07 20:21 - 17292208 _____ (Malwarebytes Corporation ) C:\Users\Nathan\Downloads\mbam-setup.exe
2014-08-07 20:17 - 2014-08-07 20:17 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Nathan\Downloads\mbam-clean-2.1.1.1001.exe
2014-08-07 20:17 - 2014-08-07 20:17 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Nathan\Downloads\mbam-clean-2.1.1.1001 (1).exe
2014-08-07 14:51 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-08-07 13:37 - 2014-08-07 13:37 - 01475072 _____ () C:\Users\Nathan\Downloads\AdwCleaner.exe
2014-08-07 13:35 - 2012-12-03 00:12 - 00000000 ____D () C:\Users\Nathan\AppData\Local\CRE
2014-08-07 13:35 - 2009-11-06 17:03 - 00000000 ____D () C:\Users\Brettypoo
2014-08-07 13:35 - 2009-11-02 21:18 - 00000000 ____D () C:\Users\The Parentals
2014-08-07 13:35 - 2009-11-02 20:53 - 00000000 ____D () C:\Users\Heather
2014-08-07 13:35 - 2009-11-02 20:31 - 00000000 ____D () C:\Users\Nathan
2014-08-07 13:29 - 2014-08-07 13:29 - 00008372 _____ () C:\Users\Nathan\Downloads\fixlist (1).txt
2014-08-07 11:33 - 2014-08-07 11:32 - 00034774 _____ () C:\Users\Nathan\Downloads\Addition.txt
2014-08-06 22:02 - 2014-08-05 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-06 18:41 - 2014-08-06 18:40 - 111920888 _____ (Microsoft Corporation) C:\Users\Nathan\Downloads\msert.exe
2014-08-05 18:32 - 2009-12-07 22:19 - 00000000 ____D () C:\Windows\Minidump
2014-08-05 18:32 - 2009-12-01 20:59 - 00000000 ____D () C:\Users\Nathan\Tracing
2014-08-05 18:32 - 2007-07-11 18:49 - 00000000 ____D () C:\Windows\Panther
2014-08-05 18:16 - 2014-08-05 18:16 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-05 18:16 - 2014-08-05 18:16 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-05 18:01 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-05 17:58 - 2014-08-05 17:58 - 00000000 __RSD () C:\Users\Nathan\Documents\My Stationery
2014-08-05 17:56 - 2009-08-31 10:56 - 00000000 ____D () C:\ProgramData\Nero
2014-08-05 17:56 - 2009-08-31 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2014-08-05 17:56 - 2009-08-31 10:56 - 00000000 ____D () C:\Program Files (x86)\Nero
2014-08-05 17:50 - 2014-08-05 17:50 - 32747816 _____ (Nero AG) C:\Users\Nathan\Downloads\Nero_BurnLite-10.0.10600.exe
2014-08-05 17:48 - 2009-11-02 20:36 - 00000000 ____D () C:\Users\Nathan\AppData\Local\Google
2014-08-05 17:47 - 2014-08-05 17:47 - 17312072 _____ (Google Inc.) C:\Users\Nathan\Downloads\picasa39-setup.exe
2014-08-05 17:46 - 2014-08-05 17:40 - 00002006 _____ () C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2014-08-05 17:44 - 2009-08-31 10:59 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-05 17:43 - 2009-11-02 20:36 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Adobe
2014-08-05 17:42 - 2014-08-05 17:42 - 18732144 _____ (Adobe Systems Inc.) C:\Users\Nathan\Downloads\AdobeAIRInstaller.exe
2014-08-05 17:40 - 2014-08-05 17:40 - 00000000 ____D () C:\Program Files (x86)\FileHippo.com
2014-08-05 17:35 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-08-05 17:15 - 2009-11-23 13:11 - 00000000 ____D () C:\Users\Nathan\AppData\Local\Apple Computer
2014-08-05 17:10 - 2009-07-13 21:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-08-05 16:55 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-08-05 16:55 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-08-05 16:10 - 2014-08-05 16:10 - 13829304 _____ (Microsoft Corporation) C:\Users\Nathan\Downloads\mseinstall.exe
2014-08-05 16:10 - 2014-08-05 16:10 - 00002084 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-08-05 16:10 - 2014-08-05 16:10 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-08-05 16:10 - 2014-08-05 16:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-08-05 16:10 - 2011-10-04 19:39 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-08-05 15:53 - 2014-08-05 15:52 - 00000000 ____D () C:\Program Files\Unlocker
2014-08-05 15:52 - 2014-08-05 15:52 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2014-08-05 15:37 - 2010-04-25 18:31 - 00000000 ____D () C:\Windows\pss
2014-08-05 14:43 - 2009-08-31 10:52 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gateway
2014-08-05 14:43 - 2009-08-31 10:52 - 00000000 ____D () C:\Program Files (x86)\Gateway
2014-08-05 14:41 - 2013-06-22 14:14 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-08-05 14:37 - 2013-08-16 16:22 - 00000000 ____D () C:\Program Files (x86)\MyFree Codec
2014-08-05 14:35 - 2010-02-20 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PIXELA
2014-08-05 14:35 - 2010-02-20 20:45 - 00000000 ____D () C:\Program Files (x86)\PIXELA
2014-08-05 14:35 - 2009-08-31 10:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-05 13:59 - 2014-08-05 13:59 - 00000000 _____ () C:\Windows\SysWOW64\RENA296.tmp
2014-08-05 13:59 - 2014-08-05 13:59 - 00000000 _____ () C:\Windows\SysWOW64\RENA295.tmp
2014-08-05 13:56 - 2009-08-31 10:55 - 00000000 ____D () C:\ProgramData\Google
2014-08-05 13:56 - 2009-08-31 10:55 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-05 13:49 - 2014-07-04 12:33 - 00000003 _____ () C:\Users\Nathan\AppData\Local\proxy.log
2014-08-05 13:37 - 2013-10-13 13:34 - 00000526 _____ () C:\Windows\Tasks\One-Click Tweak.job
2014-08-05 12:33 - 2014-07-04 19:20 - 00000003 _____ () C:\Users\No Nubes Allowed\AppData\Local\proxy.log
2014-08-05 12:21 - 2014-07-14 16:36 - 00000003 _____ () C:\Users\Brettypoo\AppData\Local\proxy.log
2014-08-05 12:13 - 2014-07-25 17:27 - 00000000 ____D () C:\Users\No Nubes Allowed\AppData\Roaming\Spotify
2014-08-05 06:29 - 2013-10-13 14:37 - 00000518 _____ () C:\Windows\Tasks\Registry Repair.job
2014-08-02 22:26 - 2014-07-05 13:23 - 00000003 _____ () C:\Users\Not Bullbleep\AppData\Local\proxy.log
2014-08-02 01:00 - 2012-04-09 12:38 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-07-31 16:41 - 2014-08-13 12:27 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 16:16 - 2014-08-13 12:28 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-29 09:08 - 2014-07-25 17:27 - 00000000 ____D () C:\Users\No Nubes Allowed\AppData\Local\Spotify
2014-07-28 23:28 - 2013-03-16 15:17 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Spotify
2014-07-28 18:05 - 2009-11-08 10:38 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-07-28 17:46 - 2014-07-28 17:46 - 00000000 __SHD () C:\found.000
2014-07-27 10:17 - 2013-03-16 15:18 - 00000000 ____D () C:\Users\Nathan\AppData\Local\Spotify
2014-07-26 20:34 - 2014-07-26 20:34 - 00000000 ____D () C:\Users\No Nubes Allowed\AppData\Local\Apple
2014-07-26 13:52 - 2014-07-26 13:34 - 00000003 _____ () C:\Users\Heather\AppData\Local\proxy.log
2014-07-26 13:36 - 2014-07-26 13:36 - 00000000 __SHD () C:\Users\Heather\AppData\Local\EmieUserList
2014-07-26 13:36 - 2014-07-26 13:36 - 00000000 __SHD () C:\Users\Heather\AppData\Local\EmieSiteList
2014-07-26 13:36 - 2009-11-02 20:55 - 00000000 ____D () C:\Users\Heather\AppData\Local\Google
2014-07-25 15:46 - 2014-07-25 15:32 - 00000000 ____D () C:\Users\No Nubes Allowed\AppData\Local\Microsoft Games
2014-07-25 15:09 - 2012-05-09 18:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 15:09 - 2012-05-09 18:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 10:19 - 2014-05-17 13:26 - 00000000 ____D () C:\Users\Not Bullbleep\AppData\Roaming\Spotify
2014-07-25 07:52 - 2014-08-13 12:27 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 07:41 - 2014-05-17 13:26 - 00000000 ____D () C:\Users\Not Bullbleep\AppData\Local\Spotify
2014-07-25 07:02 - 2014-08-13 12:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 07:01 - 2014-08-13 12:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 06:51 - 2014-08-13 12:28 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 06:30 - 2014-08-13 12:27 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 06:28 - 2014-08-13 12:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 06:28 - 2014-08-13 12:27 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 06:25 - 2014-08-13 12:27 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 06:25 - 2014-08-13 12:27 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 06:11 - 2014-08-13 12:27 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 06:10 - 2014-08-13 12:28 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 06:04 - 2014-08-13 12:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 06:03 - 2014-08-13 12:27 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 06:00 - 2014-08-13 12:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 06:00 - 2014-08-13 12:27 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 05:59 - 2014-08-13 12:27 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 05:47 - 2014-08-13 12:27 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 05:40 - 2014-08-13 12:28 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 05:34 - 2014-08-13 12:28 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 05:34 - 2014-08-13 12:27 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 05:33 - 2014-08-13 12:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 05:30 - 2014-08-13 12:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 05:28 - 2014-08-13 12:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 05:28 - 2014-08-13 12:27 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 05:21 - 2014-08-13 12:28 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 05:19 - 2014-08-13 12:27 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 05:18 - 2014-08-13 12:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 05:17 - 2014-08-13 12:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 05:17 - 2014-08-13 12:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 05:12 - 2014-08-13 12:28 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 05:10 - 2014-08-13 12:27 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 05:10 - 2014-08-13 12:27 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 05:08 - 2014-08-13 12:28 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 05:06 - 2014-08-13 12:27 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 04:52 - 2014-08-13 12:28 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 04:47 - 2014-08-13 12:28 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 04:43 - 2014-08-13 12:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 04:42 - 2014-08-13 12:28 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 04:39 - 2014-08-13 12:27 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 04:39 - 2014-08-13 12:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 04:36 - 2014-08-13 12:27 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 04:34 - 2014-08-13 12:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 04:29 - 2014-08-13 12:28 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 04:23 - 2014-08-13 12:27 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 04:13 - 2014-08-13 12:28 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 04:07 - 2014-08-13 12:28 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 04:07 - 2014-08-13 12:27 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 04:03 - 2014-08-13 12:27 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 03:52 - 2014-08-13 12:27 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 03:26 - 2014-08-13 12:28 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 03:17 - 2014-08-13 12:27 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 03:09 - 2014-08-13 12:27 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 03:05 - 2014-08-13 12:27 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 03:00 - 2014-08-13 12:28 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-24 18:01 - 2012-05-09 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-22 14:38 - 2014-06-21 21:52 - 00000000 __RSD () C:\Users\No Nubes Allowed\Documents\McAfee Vaults
2014-07-20 18:03 - 2014-07-20 17:59 - 00000000 ____D () C:\Users\Not Bullbleep\AppData\Local\Microsoft Games
2014-07-20 14:35 - 2014-05-17 13:21 - 00000000 __RSD () C:\Users\Not Bullbleep\Documents\McAfee Vaults
2014-07-16 13:57 - 2009-11-08 10:30 - 00000000 ____D () C:\ProgramData\McAfee
2014-07-15 20:25 - 2014-08-13 12:28 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-07-15 20:23 - 2014-08-13 12:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-07-15 19:46 - 2014-08-13 12:28 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-07-15 19:46 - 2014-08-13 12:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-07-15 19:12 - 2014-08-13 12:28 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 
Some content of TEMP:
====================
C:\Users\Heather\AppData\Local\Temp\2_pm1le5.dll
C:\Users\Nathan\AppData\Local\Temp\FMS4B05.tmp.exe
C:\Users\No Nubes Allowed\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\No Nubes Allowed\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Not Bullbleep\AppData\Local\Temp\exec.exe
C:\Users\Not Bullbleep\AppData\Local\Temp\IadHide5.dll
C:\Users\Not Bullbleep\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Not Bullbleep\AppData\Local\Temp\NullsoftHelper.dll
C:\Users\Not Bullbleep\AppData\Local\Temp\uires.dll
C:\Users\The Parentals\AppData\Local\Temp\amtuwrcn.dll
C:\Users\The Parentals\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE
C:\Users\The Parentals\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\The Parentals\AppData\Local\Temp\setpointenu.exe
C:\Users\The Parentals\AppData\Local\Temp\_is2302.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-07 14:43
 
==================== End Of Log ============================
 
Got an error message when I tried to attach zip file of summary. It said, "You aren't permitted to upload this kind of file."
 


#4 Benny T

Benny T
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 14 August 2014 - 01:50 PM

OS Name Microsoft Windows 7 Home Premium
Version 6.1.7601 Service Pack 1 Build 7601
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Name THETHOMPSON
System Manufacturer Gateway
System Model SX2800
System Type x64-based PC
Processor Intel® Core™2 Quad CPU    Q8200  @ 2.33GHz, 2336 Mhz, 4 Core(s), 4 Logical Processor(s)
BIOS Version/Date AMI P01-A4R, 9/11/2009
SMBIOS Version 2.6
Windows Directory C:\Windows
System Directory C:\Windows\system32
Boot Device \Device\HarddiskVolume2
Locale United States
Hardware Abstraction Layer Version = "6.1.7601.17514"
User Name TheThompson\Nathan
Time Zone Pacific Daylight Time
Installed Physical Memory (RAM) 4.00 GB
Total Physical Memory 3.97 GB
Available Physical Memory 2.15 GB
Total Virtual Memory 7.93 GB
Available Virtual Memory 5.90 GB
Page File Space 3.97 GB
Page File C:\pagefile.sys
 
Here is the summary file.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,385 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:08 PM

Posted 14 August 2014 - 02:28 PM

Greetings,

I know it was suggested you open a Topic at Malwarebytes. Did you do that?

Upload the System Summary file here.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM-x32\...\Run: [NWEReboot] => [X]
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
Handler: ipp - No CLSID Value - 
Handler-x32: ipp - No CLSID Value - 
2014-08-05 13:59 - 2014-08-05 13:59 - 00000000 _____ () C:\Windows\SysWOW64\RENA296.tmp
2014-08-05 13:59 - 2014-08-05 13:59 - 00000000 _____ () C:\Windows\SysWOW64\RENA295.tmp
C:\Users\Heather\AppData\Local\Temp\2_pm1le5.dll
C:\Users\Nathan\AppData\Local\Temp\FMS4B05.tmp.exe
C:\Users\No Nubes Allowed\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\No Nubes Allowed\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Not Bullbleep\AppData\Local\Temp\exec.exe
C:\Users\Not Bullbleep\AppData\Local\Temp\IadHide5.dll
C:\Users\Not Bullbleep\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Not Bullbleep\AppData\Local\Temp\NullsoftHelper.dll
C:\Users\Not Bullbleep\AppData\Local\Temp\uires.dll
C:\Users\The Parentals\AppData\Local\Temp\amtuwrcn.dll
C:\Users\The Parentals\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE
C:\Users\The Parentals\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\The Parentals\AppData\Local\Temp\setpointenu.exe
C:\Users\The Parentals\AppData\Local\Temp\_is2302.exe
AlternateDataStreams: C:\ProgramData\TEMP:AC6124CA
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Do you have an open Topic with Malwarebytes?
  • Uploaded System Summary file
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Benny T

Benny T
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 14 August 2014 - 02:48 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-08-2014 01
Ran by Nathan at 2014-08-14 12:45:56 Run:2
Running from C:\Users\Nathan\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [NWEReboot] => [X]
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
Handler: ipp - No CLSID Value - 
Handler-x32: ipp - No CLSID Value - 
2014-08-05 13:59 - 2014-08-05 13:59 - 00000000 _____ () C:\Windows\SysWOW64\RENA296.tmp
2014-08-05 13:59 - 2014-08-05 13:59 - 00000000 _____ () C:\Windows\SysWOW64\RENA295.tmp
C:\Users\Heather\AppData\Local\Temp\2_pm1le5.dll
C:\Users\Nathan\AppData\Local\Temp\FMS4B05.tmp.exe
C:\Users\No Nubes Allowed\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\No Nubes Allowed\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Not Bullbleep\AppData\Local\Temp\exec.exe
C:\Users\Not Bullbleep\AppData\Local\Temp\IadHide5.dll
C:\Users\Not Bullbleep\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Not Bullbleep\AppData\Local\Temp\NullsoftHelper.dll
C:\Users\Not Bullbleep\AppData\Local\Temp\uires.dll
C:\Users\The Parentals\AppData\Local\Temp\amtuwrcn.dll
C:\Users\The Parentals\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE
C:\Users\The Parentals\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\The Parentals\AppData\Local\Temp\setpointenu.exe
C:\Users\The Parentals\AppData\Local\Temp\_is2302.exe
AlternateDataStreams: C:\ProgramData\TEMP:AC6124CA
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\NWEReboot => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => Key deleted successfully.
"HKCR\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}" => Key not found.
"HKCR\PROTOCOLS\Handler\Handler: ipp - No CLSID Value -" => Key not found.
"HKCR\Wow6432Node\PROTOCOLS\Handler\Handler-x32: ipp - No CLSID Value -" => Key not found.
C:\Windows\SysWOW64\RENA296.tmp => Moved successfully.
C:\Windows\SysWOW64\RENA295.tmp => Moved successfully.
C:\Users\Heather\AppData\Local\Temp\2_pm1le5.dll => Moved successfully.
C:\Users\Nathan\AppData\Local\Temp\FMS4B05.tmp.exe => Moved successfully.
C:\Users\No Nubes Allowed\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe => Moved successfully.
C:\Users\No Nubes Allowed\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe => Moved successfully.
"C:\Users\Not Bullbleep\AppData\Local\Temp\exec.exe" => File/Directory not found.
"C:\Users\Not Bullbleep\AppData\Local\Temp\IadHide5.dll" => File/Directory not found.
"C:\Users\Not Bullbleep\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Not Bullbleep\AppData\Local\Temp\NullsoftHelper.dll" => File/Directory not found.
"C:\Users\Not Bullbleep\AppData\Local\Temp\uires.dll" => File/Directory not found.
C:\Users\The Parentals\AppData\Local\Temp\amtuwrcn.dll => Moved successfully.
C:\Users\The Parentals\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE => Moved successfully.
C:\Users\The Parentals\AppData\Local\Temp\SearchWithGoogleUpdate.exe => Moved successfully.
C:\Users\The Parentals\AppData\Local\Temp\setpointenu.exe => Moved successfully.
C:\Users\The Parentals\AppData\Local\Temp\_is2302.exe => Moved successfully.
C:\ProgramData\TEMP => ":AC6124CA" ADS removed successfully.
 
==== End of Fixlog ====
 
Yes, I have an open Topic in Malwarebytes. It's been 4 days since I last was in contact with them so I don't know if they dropped me or not.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,385 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:08 PM

Posted 14 August 2014 - 04:38 PM

Thanks,

 

Because of the potential for conflicting direction I prefer you receive help from only one source.  I am going to assume our last steps did not resolve the issue and, if so, it does look like it is a Malwarebytes specific issue. 

 

Could you post the link to the MBAM topic please.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Benny T

Benny T
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 14 August 2014 - 04:42 PM

Thank you for your help thus far. I will close out this post and continue on with Malwarebytes.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,385 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:08 PM

Posted 14 August 2014 - 04:56 PM

Before we close this thread could you do just one thing for me please?

===================================================

Farbar's Recovery Scan Tool Search

--------------------
  • Launch FRST
  • Copy/paste the following in the Search Field
net.conf
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Search results

Edited by Oh My!, 14 August 2014 - 04:57 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Benny T

Benny T
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 14 August 2014 - 05:07 PM

Farbar Recovery Scan Tool (x64) Version: 14-08-2014 01
Ran by Nathan at 2014-08-14 15:01:41
Running from C:\Users\Nathan\Downloads
Boot Mode: Normal
 
================== Search Files: "net.conf" =============
 
C:\Users\All Users\Malwarebytes\Malwarebytes Anti-Malware\Configuration\net.conf
[2014-08-14 11:05][2014-08-14 11:05] 0006076 ____A () 1842E610F7A9C49DEB06C0A88A005C37
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Configuration\net.conf
[2014-08-14 11:05][2014-08-14 11:05] 0006076 ____A () 1842E610F7A9C49DEB06C0A88A005C37
 
====== End Of Search ======


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,385 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:08 PM

Posted 14 August 2014 - 05:10 PM

Do you have another computer with Malwarebytes installed?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Benny T

Benny T
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 14 August 2014 - 05:11 PM

Yes.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,385 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:08 PM

Posted 14 August 2014 - 05:16 PM

I am assuming that MBAM works just fine on the second computer. Please run the instructions in Post #9 on that computer and post the results.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Benny T

Benny T
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 14 August 2014 - 05:24 PM

Unable to copy and paste, so I sent as an attachment.

Attached Files



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,385 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:08 PM

Posted 14 August 2014 - 05:27 PM

Please search this way on the second machine. 
 
===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:filefind
net.conf
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users