Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

deal_keeper_installer_v#.exe and DealKepperBHO.dll


  • This topic is locked This topic is locked
8 replies to this topic

#1 michaelg12251

michaelg12251

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tucson, Az
  • Local time:12:29 PM

Posted 11 August 2014 - 05:15 PM

My Kaspersky Anti virus found these problems but I don't know how to get rid of them.

Error above.  it is v3 not v#.


Edited by michaelg12251, 12 August 2014 - 10:39 AM.


BC AdBot (Login to Remove)

 


m

#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:29 PM

Posted 12 August 2014 - 01:44 PM

Hi there,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 michaelg12251

michaelg12251
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tucson, Az
  • Local time:12:29 PM

Posted 13 August 2014 - 03:27 PM

I get a different message now "Description for "not-a-virus:ADWARE" not found without the outside quotes.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014
Ran by Zack (administrator) on ZACK-PC on 13-08-2014 12:48:26
Running from C:\Users\Zack\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
() C:\Program Files (x86)\Dell\PowerNap\PowerNap.Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
( ) C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\wmi64.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [148888 2010-02-04] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2009-06-10] (Sonic Solutions)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1053192 2014-01-31] (Carbonite, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [emsisoft anti-malware] => C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe [4841824 2014-08-13] (Emsisoft GmbH)
HKU\S-1-5-21-1947354871-2890716121-2095011163-1000\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [5673824 2014-08-07] (PC Drivers Headquarters)
HKU\S-1-5-21-1947354871-2890716121-2095011163-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6265624 2014-07-23] (Piriform Ltd)
HKU\S-1-5-21-1947354871-2890716121-2095011163-1000\...\MountPoints2: {03ac23b8-81ec-11e3-93f2-a4badbe6b391} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1947354871-2890716121-2095011163-1000\...\MountPoints2: {03ac26ba-81ec-11e3-93f2-a4badbe6b391} - "F:\WD SmartWare.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bitmeter2.lnk
ShortcutTarget: Bitmeter2.lnk -> C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe ( )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk
ShortcutTarget: Event Reminder.lnk -> C:\Program Files (x86)\PrintMaster Platinum 17\Remind.exe (Broderbund Properties LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk
ShortcutTarget: NETGEAR WNA3100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Zack\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Linda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Linda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Linda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Linda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: KAVOverlayIcon -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: KAVOverlayIcon -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll (Kaspersky Lab ZAO)
BootExecute: autocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Hosts: 127.0.0.1 d3oxij66pru1i3.cloudfront.net
Tcpip\Parameters: [DhcpNameServer] 10.10.50.1
 
FireFox:
========
FF ProfilePath: C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\82ac13xs.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\82ac13xs.default\Extensions\staged [2014-08-13]
FF Extension: Avery Toolbar - C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\82ac13xs.default\Extensions\toolbar_AVRV7@apn.ask.com.xpi [2014-01-16]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-05-29]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-05-29]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Gevaarlijke websiteblokkering - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-05-29]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-05-29]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-05-29]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchKeyword: astromenda.com
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-20]
CHR Extension: (Google Drive) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-30]
CHR Extension: (YouTube) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-20]
CHR Extension: (Google Search) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-20]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-07-30]
CHR Extension: (Safe Money) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-07-30]
CHR Extension: (Content Blocker) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-07-30]
CHR Extension: (Virtual Keyboard) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-07-30]
CHR Extension: (Google Wallet) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-20]
CHR Extension: (Gmail) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-20]
CHR Extension: (Anti-Banner) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-07-30]
CHR HKLM-x32\...\Chrome\Extension: [aaaaigmelgfmkfjicbbgbkcbagedejhj] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVRV7\CRX\ToolbarCR.crx [2014-07-30]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]
CHR StartMenuInternet: Google Chrome - chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4741384 2014-08-13] (Emsisoft GmbH)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
R2 dell_power_nap_service; C:\Program Files (x86)\Dell\PowerNap\PowerNap.Service.exe [11776 2011-06-14] () [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe [119408 2014-05-06] (Mozilla Foundation)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [307928 2013-11-11] ()
S2 HitmanPro37CrusaderBoot; "\\wdmycloud\guest\HitmanPro_x64.exe" /crusader:boot [X]
S2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
S0 AFS; C:\Windows\SysWow64\Drivers\AFS.sys [79052 2014-01-26] (Oak Technology Inc.) [File not signed]
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-29] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-06-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2014-06-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-05-29] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-11-11] (Kaspersky Lab ZAO)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-08-07] ()
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [146928 2009-05-11] (CyberLink Corp.)
S0 hitmanpro37duringboot; system32\drivers\hitmanpro37.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-13 12:25 - 2014-08-13 12:26 - 00000000 ____D () C:\Users\Zack\Desktop\FRST
2014-08-13 12:22 - 2014-08-13 12:22 - 00038190 _____ () C:\Users\Zack\Desktop\Addition.txt
2014-08-13 12:21 - 2014-08-13 12:49 - 00025715 _____ () C:\Users\Zack\Desktop\FRST.txt
2014-08-13 12:21 - 2014-08-13 12:48 - 00000000 ____D () C:\FRST
2014-08-13 12:18 - 2014-08-13 12:17 - 02100224 _____ (Farbar) C:\Users\Zack\Desktop\FRST64.exe
2014-08-13 12:16 - 2014-08-13 12:17 - 02100224 _____ (Farbar) C:\Users\Zack\Downloads\FRST64.exe
2014-08-13 11:48 - 2014-08-13 11:48 - 00000894 _____ () C:\EamClean.log
2014-08-13 11:46 - 2014-08-13 11:46 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-08-13 07:30 - 2014-08-13 07:30 - 00001097 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-08-13 07:30 - 2014-08-13 07:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-08-13 07:29 - 2014-08-13 12:46 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-08-13 07:28 - 2014-08-13 06:19 - 233663808 _____ (Emsisoft GmbH ) C:\Users\Zack\Desktop\EmsisoftAntiMalwareSetup.exe
2014-08-13 05:46 - 2014-08-13 06:19 - 233663808 _____ (Emsisoft GmbH ) C:\Users\Zack\Downloads\EmsisoftAntiMalwareSetup.exe
2014-08-11 17:08 - 2014-08-11 17:06 - 02347384 _____ (ESET) C:\Users\Zack\Desktop\esetsmartinstaller_enu.exe
2014-08-11 17:05 - 2014-08-11 17:06 - 02347384 _____ (ESET) C:\Users\Zack\Downloads\esetsmartinstaller_enu.exe
2014-08-11 17:04 - 2014-08-11 17:04 - 00001086 _____ () C:\Users\Zack\Desktop\JRT.txt
2014-08-11 16:58 - 2014-08-11 16:56 - 01016261 _____ (Thisisu) C:\Users\Zack\Desktop\JRT.exe
2014-08-11 16:56 - 2014-08-11 16:56 - 01016261 _____ (Thisisu) C:\Users\Zack\Downloads\JRT.exe
2014-08-11 16:52 - 2014-08-11 16:52 - 00004310 _____ () C:\Windows\System32\Tasks\Driver Support-RTMScan
2014-08-11 16:52 - 2014-08-11 16:52 - 00003772 _____ () C:\Windows\System32\Tasks\Driver Support-RTMUpdater
2014-08-11 16:52 - 2014-08-11 16:52 - 00003764 _____ () C:\Windows\System32\Tasks\Driver Support-RTMRules
2014-08-11 16:51 - 2014-08-13 12:44 - 00000280 _____ () C:\Windows\setupact.log
2014-08-11 16:51 - 2014-08-13 11:48 - 00004512 _____ () C:\Windows\PFRO.log
2014-08-11 16:51 - 2014-08-11 16:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-11 16:46 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-11 16:31 - 2014-08-11 16:49 - 00000000 ____D () C:\AdwCleaner
2014-08-11 16:30 - 2014-08-11 16:30 - 01366203 _____ () C:\Users\Zack\Desktop\AdwCleaner.exe
2014-08-11 16:28 - 2014-08-11 16:30 - 01366203 _____ () C:\Users\Zack\Downloads\AdwCleaner.exe
2014-08-11 15:50 - 2014-08-11 15:50 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Zack\Desktop\tdsskiller.exe
2014-08-11 15:48 - 2014-08-11 15:50 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Zack\Downloads\tdsskiller.exe
2014-08-11 15:44 - 2014-08-11 15:47 - 00037656 _____ () C:\Users\Zack\Desktop\Result.txt
2014-08-11 15:42 - 2014-08-11 15:41 - 00401920 _____ (Farbar) C:\Users\Zack\Desktop\MiniToolBox.exe
2014-08-11 15:41 - 2014-08-11 15:41 - 00401920 _____ (Farbar) C:\Users\Zack\Downloads\MiniToolBox.exe
2014-08-11 14:21 - 2014-08-11 14:22 - 00000000 ____D () C:\Windows\pss
2014-08-07 16:42 - 2014-08-07 16:42 - 00004072 _____ () C:\Linda.txt
2014-08-06 17:20 - 2014-08-07 13:57 - 00000000 ____D () C:\Users\Zack\Documents\Registry
2014-08-06 17:15 - 2014-08-06 17:18 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-06 17:15 - 2014-08-06 17:15 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-06 17:15 - 2014-08-06 17:15 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-06 17:15 - 2014-08-06 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-06 17:13 - 2014-08-06 17:15 - 04813544 _____ (Piriform Ltd) C:\Users\Zack\Downloads\ccsetup416.exe
2014-08-06 17:08 - 2014-08-06 17:10 - 04814696 _____ (Piriform Ltd) C:\Users\Zack\Downloads\ccsetup416pro.exe
2014-08-06 16:06 - 2014-08-06 16:06 - 00000000 ____D () C:\ProgramData\REGSERVO64
2014-08-04 07:54 - 2014-08-04 07:58 - 00000000 ____D () C:\Users\Linda\Documents\Health
2014-07-31 15:24 - 2014-07-31 15:29 - 13087456 _____ (Microsoft Corporation) C:\Users\Linda\Downloads\Silverlight_x64(2).exe
2014-07-31 14:44 - 2014-07-31 14:50 - 13087456 _____ (Microsoft Corporation) C:\Users\Linda\Downloads\Silverlight_x64(1).exe
2014-07-31 14:40 - 2014-07-31 14:53 - 111992144 _____ (Apple Inc.) C:\Users\Linda\Downloads\iTunesSetup(1).exe
2014-07-31 07:42 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 07:42 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 07:42 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-31 07:42 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 07:42 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-31 07:42 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 07:42 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 07:42 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 07:42 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-31 07:42 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 07:42 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 07:42 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-31 07:42 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-31 07:42 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 17:17 - 2014-08-07 09:22 - 00000000 ____D () C:\ProgramData\UAB
2014-07-30 17:17 - 2014-07-30 17:17 - 00002303 _____ () C:\Users\Public\Desktop\Driver Support.lnk
2014-07-30 17:17 - 2014-07-30 17:17 - 00000000 ____D () C:\Users\Zack\Downloads\Driver Support
2014-07-30 17:17 - 2014-07-30 17:17 - 00000000 ____D () C:\Users\Zack\AppData\Local\PC_Drivers_Headquarters
2014-07-30 17:17 - 2014-07-30 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
2014-07-30 17:17 - 2014-07-30 17:17 - 00000000 ____D () C:\ProgramData\Driver Support
2014-07-30 17:13 - 2014-07-30 17:13 - 00000000 ____D () C:\Program Files (x86)\Driver Support
2014-07-30 14:46 - 2014-07-30 14:54 - 13087456 _____ (Microsoft Corporation) C:\Users\Linda\Downloads\Silverlight_x64.exe
2014-07-30 10:22 - 2014-07-30 10:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-28 14:16 - 2014-07-28 14:16 - 00000000 __SHD () C:\Users\Michael\AppData\Local\EmieUserList
2014-07-28 14:16 - 2014-07-28 14:16 - 00000000 __SHD () C:\Users\Michael\AppData\Local\EmieSiteList
2014-07-28 13:43 - 2014-07-28 13:55 - 00000000 ____D () C:\Users\Michael\Documents\Housing
2014-07-28 07:32 - 2014-07-30 17:26 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\BitMeter2
2014-07-28 06:41 - 2014-07-28 15:46 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\BitMeter2
2014-07-27 14:40 - 2014-07-27 14:40 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\CyberLink
2014-07-27 14:40 - 2014-07-27 14:40 - 00000000 ____D () C:\Users\Michael\AppData\Local\PowerDVD DX
2014-07-26 23:33 - 2014-07-28 15:10 - 00000000 ____D () C:\Users\Michael\Documents\Ruku
2014-07-26 08:22 - 2014-07-26 10:18 - 00000000 ____D () C:\Users\Michael\Documents\Dish
2014-07-25 16:26 - 2014-08-13 12:49 - 00000000 ____D () C:\ProgramData\Bitmeter2
2014-07-25 16:26 - 2014-07-27 09:59 - 00000000 ____D () C:\Users\Zack\AppData\Roaming\Bitmeter2
2014-07-25 16:26 - 2014-07-25 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitMeter
2014-07-25 16:26 - 2014-07-25 16:26 - 00000000 ____D () C:\Program Files (x86)\Codebox
2014-07-24 11:02 - 2014-07-24 11:02 - 00000000 ____D () C:\Users\Michael\Documents\Military MyPay
2014-07-24 07:02 - 2014-07-28 15:12 - 00000000 ____D () C:\Users\Michael\Documents\orders
2014-07-22 10:05 - 2014-07-22 10:05 - 00001544 _____ () C:\Users\Michael\Downloads\seminar.ics
2014-07-20 12:14 - 2014-07-20 12:16 - 20105895 _____ () C:\Users\Michael\Downloads\projectlab_centurycd_driver_dds102.zip
2014-07-19 09:01 - 2014-07-20 08:55 - 00000000 ____D () C:\Users\Michael\Documents\Direct TV
2014-07-19 08:42 - 2014-07-19 08:42 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\TeamViewer
2014-07-18 07:50 - 2014-07-18 08:04 - 00000000 ____D () C:\Users\Michael\Documents\Qigong
2014-07-18 07:43 - 2010-02-03 11:21 - 00096784 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\Packet.dll
2014-07-18 07:39 - 2014-07-18 07:39 - 00000000 ____D () C:\Users\Michael\Downloads\NETGEAR
2014-07-17 09:20 - 2014-07-17 09:21 - 00000000 ____D () C:\Users\Michael\Documents\diet
2014-07-14 17:57 - 2014-07-14 17:58 - 00000000 ____D () C:\Users\Michael\Documents\Tile
2014-07-14 12:51 - 2014-07-14 12:52 - 00000000 ____D () C:\Users\Michael\Documents\Autocad
2014-07-14 11:30 - 2014-07-14 11:30 - 00000189 _____ () C:\Windows\PowerReg.dat
2014-07-14 11:30 - 2014-07-14 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blast! Software
2014-07-14 11:30 - 2014-07-14 11:30 - 00000000 ____D () C:\Program Files (x86)\Blast! Software
2014-07-14 11:29 - 1998-10-02 19:00 - 00327168 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2014-07-14 08:55 - 2014-07-14 08:55 - 00002305 _____ () C:\Users\Michael\Desktop\Chrome App Launcher.lnk
2014-07-14 08:55 - 2014-07-14 08:55 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-14 08:14 - 2014-07-14 10:37 - 00008650 _____ () C:\Users\Michael\Documents\Website links.xlsx
2014-07-14 08:14 - 2014-07-14 08:14 - 00000165 ____H () C:\Users\Michael\Documents\~$Website links.xlsx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-13 12:49 - 2014-08-13 12:21 - 00025715 _____ () C:\Users\Zack\Desktop\FRST.txt
2014-08-13 12:49 - 2014-07-25 16:26 - 00000000 ____D () C:\ProgramData\Bitmeter2
2014-08-13 12:48 - 2014-08-13 12:21 - 00000000 ____D () C:\FRST
2014-08-13 12:48 - 2014-01-20 08:23 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-13 12:48 - 2009-07-13 22:10 - 01651180 _____ () C:\Windows\WindowsUpdate.log
2014-08-13 12:46 - 2014-08-13 07:29 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-08-13 12:46 - 2014-02-06 12:02 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-13 12:45 - 2014-01-20 08:23 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-13 12:44 - 2014-08-11 16:51 - 00000280 _____ () C:\Windows\setupact.log
2014-08-13 12:44 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-13 12:38 - 2009-07-13 21:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-13 12:38 - 2009-07-13 21:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-13 12:36 - 2009-07-13 22:13 - 00795574 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-13 12:35 - 2014-01-22 09:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-13 12:26 - 2014-08-13 12:25 - 00000000 ____D () C:\Users\Zack\Desktop\FRST
2014-08-13 12:22 - 2014-08-13 12:22 - 00038190 _____ () C:\Users\Zack\Desktop\Addition.txt
2014-08-13 12:17 - 2014-08-13 12:18 - 02100224 _____ (Farbar) C:\Users\Zack\Desktop\FRST64.exe
2014-08-13 12:17 - 2014-08-13 12:16 - 02100224 _____ (Farbar) C:\Users\Zack\Downloads\FRST64.exe
2014-08-13 11:48 - 2014-08-13 11:48 - 00000894 _____ () C:\EamClean.log
2014-08-13 11:48 - 2014-08-11 16:51 - 00004512 _____ () C:\Windows\PFRO.log
2014-08-13 11:46 - 2014-08-13 11:46 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-08-13 10:16 - 2014-01-20 17:18 - 00000000 ___RD () C:\Users\Linda\Dropbox
2014-08-13 07:30 - 2014-08-13 07:30 - 00001097 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-08-13 07:30 - 2014-08-13 07:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-08-13 06:19 - 2014-08-13 07:28 - 233663808 _____ (Emsisoft GmbH ) C:\Users\Zack\Desktop\EmsisoftAntiMalwareSetup.exe
2014-08-13 06:19 - 2014-08-13 05:46 - 233663808 _____ (Emsisoft GmbH ) C:\Users\Zack\Downloads\EmsisoftAntiMalwareSetup.exe
2014-08-12 08:44 - 2014-05-29 16:42 - 00000000 ____D () C:\Users\Zack\Documents\Kapersky
2014-08-11 18:45 - 2014-01-26 14:58 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Dropbox
2014-08-11 18:40 - 2014-01-20 09:34 - 00348632 _____ () C:\Users\Linda\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-11 17:06 - 2014-08-11 17:08 - 02347384 _____ (ESET) C:\Users\Zack\Desktop\esetsmartinstaller_enu.exe
2014-08-11 17:06 - 2014-08-11 17:05 - 02347384 _____ (ESET) C:\Users\Zack\Downloads\esetsmartinstaller_enu.exe
2014-08-11 17:04 - 2014-08-11 17:04 - 00001086 _____ () C:\Users\Zack\Desktop\JRT.txt
2014-08-11 16:56 - 2014-08-11 16:58 - 01016261 _____ (Thisisu) C:\Users\Zack\Desktop\JRT.exe
2014-08-11 16:56 - 2014-08-11 16:56 - 01016261 _____ (Thisisu) C:\Users\Zack\Downloads\JRT.exe
2014-08-11 16:52 - 2014-08-11 16:52 - 00004310 _____ () C:\Windows\System32\Tasks\Driver Support-RTMScan
2014-08-11 16:52 - 2014-08-11 16:52 - 00003772 _____ () C:\Windows\System32\Tasks\Driver Support-RTMUpdater
2014-08-11 16:52 - 2014-08-11 16:52 - 00003764 _____ () C:\Windows\System32\Tasks\Driver Support-RTMRules
2014-08-11 16:52 - 2014-01-18 14:03 - 00348632 _____ () C:\Users\Zack\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-11 16:51 - 2014-08-11 16:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-11 16:51 - 2009-07-14 00:46 - 00000000 __SHD () C:\Windows\BitLockerDiscoveryVolumeContents
2014-08-11 16:51 - 2009-07-13 21:45 - 01063008 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-11 16:49 - 2014-08-11 16:31 - 00000000 ____D () C:\AdwCleaner
2014-08-11 16:48 - 2014-01-20 09:32 - 00000000 ____D () C:\Users\Linda
2014-08-11 16:30 - 2014-08-11 16:30 - 01366203 _____ () C:\Users\Zack\Desktop\AdwCleaner.exe
2014-08-11 16:30 - 2014-08-11 16:28 - 01366203 _____ () C:\Users\Zack\Downloads\AdwCleaner.exe
2014-08-11 15:50 - 2014-08-11 15:50 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Zack\Desktop\tdsskiller.exe
2014-08-11 15:50 - 2014-08-11 15:48 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Zack\Downloads\tdsskiller.exe
2014-08-11 15:47 - 2014-08-11 15:44 - 00037656 _____ () C:\Users\Zack\Desktop\Result.txt
2014-08-11 15:41 - 2014-08-11 15:42 - 00401920 _____ (Farbar) C:\Users\Zack\Desktop\MiniToolBox.exe
2014-08-11 15:41 - 2014-08-11 15:41 - 00401920 _____ (Farbar) C:\Users\Zack\Downloads\MiniToolBox.exe
2014-08-11 14:22 - 2014-08-11 14:21 - 00000000 ____D () C:\Windows\pss
2014-08-11 14:18 - 2014-05-13 08:19 - 00000000 ____D () C:\temp
2014-08-07 16:45 - 2014-05-20 14:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-07 16:42 - 2014-08-07 16:42 - 00004072 _____ () C:\Linda.txt
2014-08-07 13:57 - 2014-08-06 17:20 - 00000000 ____D () C:\Users\Zack\Documents\Registry
2014-08-07 13:53 - 2014-06-16 11:02 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-08-07 09:22 - 2014-07-30 17:17 - 00000000 ____D () C:\ProgramData\UAB
2014-08-06 17:19 - 2014-03-11 17:57 - 00000000 ____D () C:\Windows\Minidump
2014-08-06 17:19 - 2010-02-04 12:06 - 00000000 ____D () C:\Windows\Panther
2014-08-06 17:18 - 2014-08-06 17:15 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-06 17:15 - 2014-08-06 17:15 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-06 17:15 - 2014-08-06 17:15 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-06 17:15 - 2014-08-06 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-06 17:15 - 2014-08-06 17:13 - 04813544 _____ (Piriform Ltd) C:\Users\Zack\Downloads\ccsetup416.exe
2014-08-06 17:10 - 2014-08-06 17:08 - 04814696 _____ (Piriform Ltd) C:\Users\Zack\Downloads\ccsetup416pro.exe
2014-08-06 16:06 - 2014-08-06 16:06 - 00000000 ____D () C:\ProgramData\REGSERVO64
2014-08-06 14:06 - 2014-05-20 14:37 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-06 14:06 - 2014-05-20 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-06 14:06 - 2014-05-20 14:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-06 10:53 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-08-04 11:04 - 2013-10-01 14:23 - 00045554 _____ () C:\Users\Linda\Documents\2014 (Recovered).xlsm
2014-08-04 07:58 - 2014-08-04 07:54 - 00000000 ____D () C:\Users\Linda\Documents\Health
2014-08-03 12:18 - 2014-02-28 09:46 - 00000000 __RSD () C:\Users\Linda\Documents\My Stationery
2014-08-01 11:34 - 2012-05-01 13:50 - 00064545 _____ () C:\Users\Linda\Documents\Mom's checkbook register.xlsx
2014-08-01 04:29 - 2014-05-29 16:41 - 00002222 _____ () C:\Users\Zack\Desktop\Safe Money.lnk
2014-08-01 04:29 - 2014-01-18 14:05 - 00000000 ____D () C:\Users\Zack\AppData\Local\VirtualStore
2014-08-01 04:28 - 2009-07-13 19:34 - 00000580 _____ () C:\Windows\win.ini
2014-07-31 15:29 - 2014-07-31 15:24 - 13087456 _____ (Microsoft Corporation) C:\Users\Linda\Downloads\Silverlight_x64(2).exe
2014-07-31 14:53 - 2014-07-31 14:40 - 111992144 _____ (Apple Inc.) C:\Users\Linda\Downloads\iTunesSetup(1).exe
2014-07-31 14:50 - 2014-07-31 14:44 - 13087456 _____ (Microsoft Corporation) C:\Users\Linda\Downloads\Silverlight_x64(1).exe
2014-07-31 07:35 - 2014-05-20 12:15 - 00001332 _____ () C:\Users\Linda\Desktop\Clean Registry for Free!.lnk
2014-07-30 17:26 - 2014-07-28 07:32 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\BitMeter2
2014-07-30 17:17 - 2014-07-30 17:17 - 00002303 _____ () C:\Users\Public\Desktop\Driver Support.lnk
2014-07-30 17:17 - 2014-07-30 17:17 - 00000000 ____D () C:\Users\Zack\Downloads\Driver Support
2014-07-30 17:17 - 2014-07-30 17:17 - 00000000 ____D () C:\Users\Zack\AppData\Local\PC_Drivers_Headquarters
2014-07-30 17:17 - 2014-07-30 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
2014-07-30 17:17 - 2014-07-30 17:17 - 00000000 ____D () C:\ProgramData\Driver Support
2014-07-30 17:13 - 2014-07-30 17:13 - 00000000 ____D () C:\Program Files (x86)\Driver Support
2014-07-30 17:07 - 2014-05-14 09:46 - 00001141 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-30 14:54 - 2014-07-30 14:46 - 13087456 _____ (Microsoft Corporation) C:\Users\Linda\Downloads\Silverlight_x64.exe
2014-07-30 10:22 - 2014-07-30 10:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-30 09:04 - 2012-01-19 11:17 - 00017358 _____ () C:\Users\Linda\Desktop\Mike and Dian Paid.xlsx
2014-07-28 15:46 - 2014-07-28 06:41 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\BitMeter2
2014-07-28 15:12 - 2014-07-24 07:02 - 00000000 ____D () C:\Users\Michael\Documents\orders
2014-07-28 15:10 - 2014-07-26 23:33 - 00000000 ____D () C:\Users\Michael\Documents\Ruku
2014-07-28 15:09 - 2014-01-20 17:20 - 00000000 ____D () C:\Users\Michael\Documents\Today
2014-07-28 14:16 - 2014-07-28 14:16 - 00000000 __SHD () C:\Users\Michael\AppData\Local\EmieUserList
2014-07-28 14:16 - 2014-07-28 14:16 - 00000000 __SHD () C:\Users\Michael\AppData\Local\EmieSiteList
2014-07-28 13:55 - 2014-07-28 13:43 - 00000000 ____D () C:\Users\Michael\Documents\Housing
2014-07-28 06:39 - 2014-01-24 08:51 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 06:39 - 2014-01-24 08:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-27 14:40 - 2014-07-27 14:40 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\CyberLink
2014-07-27 14:40 - 2014-07-27 14:40 - 00000000 ____D () C:\Users\Michael\AppData\Local\PowerDVD DX
2014-07-27 14:40 - 2010-02-04 10:35 - 00000000 ____D () C:\ProgramData\CyberLink
2014-07-27 13:09 - 2009-07-14 00:45 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-07-27 09:59 - 2014-07-25 16:26 - 00000000 ____D () C:\Users\Zack\AppData\Roaming\Bitmeter2
2014-07-26 10:18 - 2014-07-26 08:22 - 00000000 ____D () C:\Users\Michael\Documents\Dish
2014-07-26 10:18 - 2014-01-22 09:05 - 00000000 ____D () C:\Users\Michael\Documents\Health
2014-07-26 09:53 - 2014-01-20 12:39 - 00000000 ____D () C:\Users\Michael\AppData\Local\VirtualStore
2014-07-25 16:26 - 2014-07-25 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitMeter
2014-07-25 16:26 - 2014-07-25 16:26 - 00000000 ____D () C:\Program Files (x86)\Codebox
2014-07-25 03:01 - 2014-01-24 08:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 11:02 - 2014-07-24 11:02 - 00000000 ____D () C:\Users\Michael\Documents\Military MyPay
2014-07-24 09:48 - 2014-01-26 15:00 - 00001020 _____ () C:\Users\Linda\Desktop\Dropbox.lnk
2014-07-24 09:48 - 2014-01-26 14:58 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-23 18:07 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-07-22 10:05 - 2014-07-22 10:05 - 00001544 _____ () C:\Users\Michael\Downloads\seminar.ics
2014-07-20 12:16 - 2014-07-20 12:14 - 20105895 _____ () C:\Users\Michael\Downloads\projectlab_centurycd_driver_dds102.zip
2014-07-20 08:55 - 2014-07-19 09:01 - 00000000 ____D () C:\Users\Michael\Documents\Direct TV
2014-07-19 08:42 - 2014-07-19 08:42 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\TeamViewer
2014-07-18 08:04 - 2014-07-18 07:50 - 00000000 ____D () C:\Users\Michael\Documents\Qigong
2014-07-18 07:43 - 2014-01-18 14:08 - 00001119 _____ () C:\Users\Public\Desktop\NETGEAR WNA3100 Genie.lnk
2014-07-18 07:39 - 2014-07-18 07:39 - 00000000 ____D () C:\Users\Michael\Downloads\NETGEAR
2014-07-17 09:21 - 2014-07-17 09:20 - 00000000 ____D () C:\Users\Michael\Documents\diet
2014-07-14 17:58 - 2014-07-14 17:57 - 00000000 ____D () C:\Users\Michael\Documents\Tile
2014-07-14 12:52 - 2014-07-14 12:51 - 00000000 ____D () C:\Users\Michael\Documents\Autocad
2014-07-14 12:50 - 2014-01-20 16:41 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Adobe
2014-07-14 11:30 - 2014-07-14 11:30 - 00000189 _____ () C:\Windows\PowerReg.dat
2014-07-14 11:30 - 2014-07-14 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blast! Software
2014-07-14 11:30 - 2014-07-14 11:30 - 00000000 ____D () C:\Program Files (x86)\Blast! Software
2014-07-14 10:37 - 2014-07-14 08:14 - 00008650 _____ () C:\Users\Michael\Documents\Website links.xlsx
2014-07-14 08:55 - 2014-07-14 08:55 - 00002305 _____ () C:\Users\Michael\Desktop\Chrome App Launcher.lnk
2014-07-14 08:55 - 2014-07-14 08:55 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-14 08:14 - 2014-07-14 08:14 - 00000165 ____H () C:\Users\Michael\Documents\~$Website links.xlsx
 
Some content of TEMP:
====================
C:\Users\Linda\AppData\Local\Temp\4yipzgjm.dll
C:\Users\Linda\AppData\Local\Temp\c7j-v1st.dll
C:\Users\Linda\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp98ubue.dll
C:\Users\Linda\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsss8ni.dll
C:\Users\Linda\AppData\Local\Temp\fbpu7vwk.dll
C:\Users\Linda\AppData\Local\Temp\ghnvli5h.dll
C:\Users\Linda\AppData\Local\Temp\gwuwf8je.dll
C:\Users\Linda\AppData\Local\Temp\gwv7vcwl.dll
C:\Users\Linda\AppData\Local\Temp\hg8y5fw3.dll
 
 
==================== Bamital & volsnap Check =================
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014
Ran by Zack (administrator) on ZACK-PC on 13-08-2014 12:48:26
Running from C:\Users\Zack\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
() C:\Program Files (x86)\Dell\PowerNap\PowerNap.Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
( ) C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\wmi64.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [148888 2010-02-04] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2009-06-10] (Sonic Solutions)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1053192 2014-01-31] (Carbonite, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [emsisoft anti-malware] => C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe [4841824 2014-08-13] (Emsisoft GmbH)
HKU\S-1-5-21-1947354871-2890716121-2095011163-1000\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [5673824 2014-08-07] (PC Drivers Headquarters)
HKU\S-1-5-21-1947354871-2890716121-2095011163-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6265624 2014-07-23] (Piriform Ltd)
HKU\S-1-5-21-1947354871-2890716121-2095011163-1000\...\MountPoints2: {03ac23b8-81ec-11e3-93f2-a4badbe6b391} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1947354871-2890716121-2095011163-1000\...\MountPoints2: {03ac26ba-81ec-11e3-93f2-a4badbe6b391} - "F:\WD SmartWare.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bitmeter2.lnk
ShortcutTarget: Bitmeter2.lnk -> C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe ( )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk
ShortcutTarget: Event Reminder.lnk -> C:\Program Files (x86)\PrintMaster Platinum 17\Remind.exe (Broderbund Properties LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk
ShortcutTarget: NETGEAR WNA3100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Zack\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Linda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Linda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Linda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Linda\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: KAVOverlayIcon -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: KAVOverlayIcon -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll (Kaspersky Lab ZAO)
BootExecute: autocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Hosts: 127.0.0.1 d3oxij66pru1i3.cloudfront.net
Tcpip\Parameters: [DhcpNameServer] 10.10.50.1
 
FireFox:
========
FF ProfilePath: C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\82ac13xs.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np32dsw.dll (Macromedia, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\82ac13xs.default\Extensions\staged [2014-08-13]
FF Extension: Avery Toolbar - C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\82ac13xs.default\Extensions\toolbar_AVRV7@apn.ask.com.xpi [2014-01-16]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-05-29]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-05-29]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Gevaarlijke websiteblokkering - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-05-29]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-05-29]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-05-29]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchKeyword: astromenda.com
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-20]
CHR Extension: (Google Drive) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-30]
CHR Extension: (YouTube) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-20]
CHR Extension: (Google Search) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-20]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-07-30]
CHR Extension: (Safe Money) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-07-30]
CHR Extension: (Content Blocker) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-07-30]
CHR Extension: (Virtual Keyboard) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-07-30]
CHR Extension: (Google Wallet) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-20]
CHR Extension: (Gmail) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-20]
CHR Extension: (Anti-Banner) - C:\Users\Zack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-07-30]
CHR HKLM-x32\...\Chrome\Extension: [aaaaigmelgfmkfjicbbgbkcbagedejhj] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVRV7\CRX\ToolbarCR.crx [2014-07-30]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]
CHR StartMenuInternet: Google Chrome - chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4741384 2014-08-13] (Emsisoft GmbH)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
R2 dell_power_nap_service; C:\Program Files (x86)\Dell\PowerNap\PowerNap.Service.exe [11776 2011-06-14] () [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe [119408 2014-05-06] (Mozilla Foundation)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [307928 2013-11-11] ()
S2 HitmanPro37CrusaderBoot; "\\wdmycloud\guest\HitmanPro_x64.exe" /crusader:boot [X]
S2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
S0 AFS; C:\Windows\SysWow64\Drivers\AFS.sys [79052 2014-01-26] (Oak Technology Inc.) [File not signed]
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-29] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-06-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2014-06-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-05-29] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-11-11] (Kaspersky Lab ZAO)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-08-07] ()
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [146928 2009-05-11] (CyberLink Corp.)
S0 hitmanpro37duringboot; system32\drivers\hitmanpro37.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-13 12:25 - 2014-08-13 12:26 - 00000000 ____D () C:\Users\Zack\Desktop\FRST
2014-08-13 12:22 - 2014-08-13 12:22 - 00038190 _____ () C:\Users\Zack\Desktop\Addition.txt
2014-08-13 12:21 - 2014-08-13 12:49 - 00025715 _____ () C:\Users\Zack\Desktop\FRST.txt
2014-08-13 12:21 - 2014-08-13 12:48 - 00000000 ____D () C:\FRST
2014-08-13 12:18 - 2014-08-13 12:17 - 02100224 _____ (Farbar) C:\Users\Zack\Desktop\FRST64.exe
2014-08-13 12:16 - 2014-08-13 12:17 - 02100224 _____ (Farbar) C:\Users\Zack\Downloads\FRST64.exe
2014-08-13 11:48 - 2014-08-13 11:48 - 00000894 _____ () C:\EamClean.log
2014-08-13 11:46 - 2014-08-13 11:46 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-08-13 07:30 - 2014-08-13 07:30 - 00001097 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-08-13 07:30 - 2014-08-13 07:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-08-13 07:29 - 2014-08-13 12:46 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-08-13 07:28 - 2014-08-13 06:19 - 233663808 _____ (Emsisoft GmbH ) C:\Users\Zack\Desktop\EmsisoftAntiMalwareSetup.exe
2014-08-13 05:46 - 2014-08-13 06:19 - 233663808 _____ (Emsisoft GmbH ) C:\Users\Zack\Downloads\EmsisoftAntiMalwareSetup.exe
2014-08-11 17:08 - 2014-08-11 17:06 - 02347384 _____ (ESET) C:\Users\Zack\Desktop\esetsmartinstaller_enu.exe
2014-08-11 17:05 - 2014-08-11 17:06 - 02347384 _____ (ESET) C:\Users\Zack\Downloads\esetsmartinstaller_enu.exe
2014-08-11 17:04 - 2014-08-11 17:04 - 00001086 _____ () C:\Users\Zack\Desktop\JRT.txt
2014-08-11 16:58 - 2014-08-11 16:56 - 01016261 _____ (Thisisu) C:\Users\Zack\Desktop\JRT.exe
2014-08-11 16:56 - 2014-08-11 16:56 - 01016261 _____ (Thisisu) C:\Users\Zack\Downloads\JRT.exe
2014-08-11 16:52 - 2014-08-11 16:52 - 00004310 _____ () C:\Windows\System32\Tasks\Driver Support-RTMScan
2014-08-11 16:52 - 2014-08-11 16:52 - 00003772 _____ () C:\Windows\System32\Tasks\Driver Support-RTMUpdater
2014-08-11 16:52 - 2014-08-11 16:52 - 00003764 _____ () C:\Windows\System32\Tasks\Driver Support-RTMRules
2014-08-11 16:51 - 2014-08-13 12:44 - 00000280 _____ () C:\Windows\setupact.log
2014-08-11 16:51 - 2014-08-13 11:48 - 00004512 _____ () C:\Windows\PFRO.log
2014-08-11 16:51 - 2014-08-11 16:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-11 16:46 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-11 16:31 - 2014-08-11 16:49 - 00000000 ____D () C:\AdwCleaner
2014-08-11 16:30 - 2014-08-11 16:30 - 01366203 _____ () C:\Users\Zack\Desktop\AdwCleaner.exe
2014-08-11 16:28 - 2014-08-11 16:30 - 01366203 _____ () C:\Users\Zack\Downloads\AdwCleaner.exe
2014-08-11 15:50 - 2014-08-11 15:50 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Zack\Desktop\tdsskiller.exe
2014-08-11 15:48 - 2014-08-11 15:50 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Zack\Downloads\tdsskiller.exe
2014-08-11 15:44 - 2014-08-11 15:47 - 00037656 _____ () C:\Users\Zack\Desktop\Result.txt
2014-08-11 15:42 - 2014-08-11 15:41 - 00401920 _____ (Farbar) C:\Users\Zack\Desktop\MiniToolBox.exe
2014-08-11 15:41 - 2014-08-11 15:41 - 00401920 _____ (Farbar) C:\Users\Zack\Downloads\MiniToolBox.exe
2014-08-11 14:21 - 2014-08-11 14:22 - 00000000 ____D () C:\Windows\pss
2014-08-07 16:42 - 2014-08-07 16:42 - 00004072 _____ () C:\Linda.txt
2014-08-06 17:20 - 2014-08-07 13:57 - 00000000 ____D () C:\Users\Zack\Documents\Registry
2014-08-06 17:15 - 2014-08-06 17:18 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-06 17:15 - 2014-08-06 17:15 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-06 17:15 - 2014-08-06 17:15 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-06 17:15 - 2014-08-06 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-06 17:13 - 2014-08-06 17:15 - 04813544 _____ (Piriform Ltd) C:\Users\Zack\Downloads\ccsetup416.exe
2014-08-06 17:08 - 2014-08-06 17:10 - 04814696 _____ (Piriform Ltd) C:\Users\Zack\Downloads\ccsetup416pro.exe
2014-08-06 16:06 - 2014-08-06 16:06 - 00000000 ____D () C:\ProgramData\REGSERVO64
2014-08-04 07:54 - 2014-08-04 07:58 - 00000000 ____D () C:\Users\Linda\Documents\Health
2014-07-31 15:24 - 2014-07-31 15:29 - 13087456 _____ (Microsoft Corporation) C:\Users\Linda\Downloads\Silverlight_x64(2).exe
2014-07-31 14:44 - 2014-07-31 14:50 - 13087456 _____ (Microsoft Corporation) C:\Users\Linda\Downloads\Silverlight_x64(1).exe
2014-07-31 14:40 - 2014-07-31 14:53 - 111992144 _____ (Apple Inc.) C:\Users\Linda\Downloads\iTunesSetup(1).exe
2014-07-31 07:42 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 07:42 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 07:42 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-31 07:42 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 07:42 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-31 07:42 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 07:42 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 07:42 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 07:42 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-31 07:42 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 07:42 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 07:42 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-31 07:42 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-31 07:42 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-30 17:17 - 2014-08-07 09:22 - 00000000 ____D () C:\ProgramData\UAB
2014-07-30 17:17 - 2014-07-30 17:17 - 00002303 _____ () C:\Users\Public\Desktop\Driver Support.lnk
2014-07-30 17:17 - 2014-07-30 17:17 - 00000000 ____D () C:\Users\Zack\Downloads\Driver Support
2014-07-30 17:17 - 2014-07-30 17:17 - 00000000 ____D () C:\Users\Zack\AppData\Local\PC_Drivers_Headquarters
2014-07-30 17:17 - 2014-07-30 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
2014-07-30 17:17 - 2014-07-30 17:17 - 00000000 ____D () C:\ProgramData\Driver Support
2014-07-30 17:13 - 2014-07-30 17:13 - 00000000 ____D () C:\Program Files (x86)\Driver Support
2014-07-30 14:46 - 2014-07-30 14:54 - 13087456 _____ (Microsoft Corporation) C:\Users\Linda\Downloads\Silverlight_x64.exe
2014-07-30 10:22 - 2014-07-30 10:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-28 14:16 - 2014-07-28 14:16 - 00000000 __SHD () C:\Users\Michael\AppData\Local\EmieUserList
2014-07-28 14:16 - 2014-07-28 14:16 - 00000000 __SHD () C:\Users\Michael\AppData\Local\EmieSiteList
2014-07-28 13:43 - 2014-07-28 13:55 - 00000000 ____D () C:\Users\Michael\Documents\Housing
2014-07-28 07:32 - 2014-07-30 17:26 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\BitMeter2
2014-07-28 06:41 - 2014-07-28 15:46 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\BitMeter2
2014-07-27 14:40 - 2014-07-27 14:40 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\CyberLink
2014-07-27 14:40 - 2014-07-27 14:40 - 00000000 ____D () C:\Users\Michael\AppData\Local\PowerDVD DX
2014-07-26 23:33 - 2014-07-28 15:10 - 00000000 ____D () C:\Users\Michael\Documents\Ruku
2014-07-26 08:22 - 2014-07-26 10:18 - 00000000 ____D () C:\Users\Michael\Documents\Dish
2014-07-25 16:26 - 2014-08-13 12:49 - 00000000 ____D () C:\ProgramData\Bitmeter2
2014-07-25 16:26 - 2014-07-27 09:59 - 00000000 ____D () C:\Users\Zack\AppData\Roaming\Bitmeter2
2014-07-25 16:26 - 2014-07-25 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitMeter
2014-07-25 16:26 - 2014-07-25 16:26 - 00000000 ____D () C:\Program Files (x86)\Codebox
2014-07-24 11:02 - 2014-07-24 11:02 - 00000000 ____D () C:\Users\Michael\Documents\Military MyPay
2014-07-24 07:02 - 2014-07-28 15:12 - 00000000 ____D () C:\Users\Michael\Documents\orders
2014-07-22 10:05 - 2014-07-22 10:05 - 00001544 _____ () C:\Users\Michael\Downloads\seminar.ics
2014-07-20 12:14 - 2014-07-20 12:16 - 20105895 _____ () C:\Users\Michael\Downloads\projectlab_centurycd_driver_dds102.zip
2014-07-19 09:01 - 2014-07-20 08:55 - 00000000 ____D () C:\Users\Michael\Documents\Direct TV
2014-07-19 08:42 - 2014-07-19 08:42 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\TeamViewer
2014-07-18 07:50 - 2014-07-18 08:04 - 00000000 ____D () C:\Users\Michael\Documents\Qigong
2014-07-18 07:43 - 2010-02-03 11:21 - 00096784 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\Packet.dll
2014-07-18 07:39 - 2014-07-18 07:39 - 00000000 ____D () C:\Users\Michael\Downloads\NETGEAR
2014-07-17 09:20 - 2014-07-17 09:21 - 00000000 ____D () C:\Users\Michael\Documents\diet
2014-07-14 17:57 - 2014-07-14 17:58 - 00000000 ____D () C:\Users\Michael\Documents\Tile
2014-07-14 12:51 - 2014-07-14 12:52 - 00000000 ____D () C:\Users\Michael\Documents\Autocad
2014-07-14 11:30 - 2014-07-14 11:30 - 00000189 _____ () C:\Windows\PowerReg.dat
2014-07-14 11:30 - 2014-07-14 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blast! Software
2014-07-14 11:30 - 2014-07-14 11:30 - 00000000 ____D () C:\Program Files (x86)\Blast! Software
2014-07-14 11:29 - 1998-10-02 19:00 - 00327168 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2014-07-14 08:55 - 2014-07-14 08:55 - 00002305 _____ () C:\Users\Michael\Desktop\Chrome App Launcher.lnk
2014-07-14 08:55 - 2014-07-14 08:55 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-14 08:14 - 2014-07-14 10:37 - 00008650 _____ () C:\Users\Michael\Documents\Website links.xlsx
2014-07-14 08:14 - 2014-07-14 08:14 - 00000165 ____H () C:\Users\Michael\Documents\~$Website links.xlsx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-13 12:49 - 2014-08-13 12:21 - 00025715 _____ () C:\Users\Zack\Desktop\FRST.txt
2014-08-13 12:49 - 2014-07-25 16:26 - 00000000 ____D () C:\ProgramData\Bitmeter2
2014-08-13 12:48 - 2014-08-13 12:21 - 00000000 ____D () C:\FRST
2014-08-13 12:48 - 2014-01-20 08:23 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-13 12:48 - 2009-07-13 22:10 - 01651180 _____ () C:\Windows\WindowsUpdate.log
2014-08-13 12:46 - 2014-08-13 07:29 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-08-13 12:46 - 2014-02-06 12:02 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-08-13 12:45 - 2014-01-20 08:23 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-13 12:44 - 2014-08-11 16:51 - 00000280 _____ () C:\Windows\setupact.log
2014-08-13 12:44 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-13 12:38 - 2009-07-13 21:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-13 12:38 - 2009-07-13 21:45 - 00014224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-13 12:36 - 2009-07-13 22:13 - 00795574 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-13 12:35 - 2014-01-22 09:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-13 12:26 - 2014-08-13 12:25 - 00000000 ____D () C:\Users\Zack\Desktop\FRST
2014-08-13 12:22 - 2014-08-13 12:22 - 00038190 _____ () C:\Users\Zack\Desktop\Addition.txt
2014-08-13 12:17 - 2014-08-13 12:18 - 02100224 _____ (Farbar) C:\Users\Zack\Desktop\FRST64.exe
2014-08-13 12:17 - 2014-08-13 12:16 - 02100224 _____ (Farbar) C:\Users\Zack\Downloads\FRST64.exe
2014-08-13 11:48 - 2014-08-13 11:48 - 00000894 _____ () C:\EamClean.log
2014-08-13 11:48 - 2014-08-11 16:51 - 00004512 _____ () C:\Windows\PFRO.log
2014-08-13 11:46 - 2014-08-13 11:46 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-08-13 10:16 - 2014-01-20 17:18 - 00000000 ___RD () C:\Users\Linda\Dropbox
2014-08-13 07:30 - 2014-08-13 07:30 - 00001097 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-08-13 07:30 - 2014-08-13 07:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-08-13 06:19 - 2014-08-13 07:28 - 233663808 _____ (Emsisoft GmbH ) C:\Users\Zack\Desktop\EmsisoftAntiMalwareSetup.exe
2014-08-13 06:19 - 2014-08-13 05:46 - 233663808 _____ (Emsisoft GmbH ) C:\Users\Zack\Downloads\EmsisoftAntiMalwareSetup.exe
2014-08-12 08:44 - 2014-05-29 16:42 - 00000000 ____D () C:\Users\Zack\Documents\Kapersky
2014-08-11 18:45 - 2014-01-26 14:58 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Dropbox
2014-08-11 18:40 - 2014-01-20 09:34 - 00348632 _____ () C:\Users\Linda\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-11 17:06 - 2014-08-11 17:08 - 02347384 _____ (ESET) C:\Users\Zack\Desktop\esetsmartinstaller_enu.exe
2014-08-11 17:06 - 2014-08-11 17:05 - 02347384 _____ (ESET) C:\Users\Zack\Downloads\esetsmartinstaller_enu.exe
2014-08-11 17:04 - 2014-08-11 17:04 - 00001086 _____ () C:\Users\Zack\Desktop\JRT.txt
2014-08-11 16:56 - 2014-08-11 16:58 - 01016261 _____ (Thisisu) C:\Users\Zack\Desktop\JRT.exe
2014-08-11 16:56 - 2014-08-11 16:56 - 01016261 _____ (Thisisu) C:\Users\Zack\Downloads\JRT.exe
2014-08-11 16:52 - 2014-08-11 16:52 - 00004310 _____ () C:\Windows\System32\Tasks\Driver Support-RTMScan
2014-08-11 16:52 - 2014-08-11 16:52 - 00003772 _____ () C:\Windows\System32\Tasks\Driver Support-RTMUpdater
2014-08-11 16:52 - 2014-08-11 16:52 - 00003764 _____ () C:\Windows\System32\Tasks\Driver Support-RTMRules
2014-08-11 16:52 - 2014-01-18 14:03 - 00348632 _____ () C:\Users\Zack\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-11 16:51 - 2014-08-11 16:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-11 16:51 - 2009-07-14 00:46 - 00000000 __SHD () C:\Windows\BitLockerDiscoveryVolumeContents
2014-08-11 16:51 - 2009-07-13 21:45 - 01063008 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-11 16:49 - 2014-08-11 16:31 - 00000000 ____D () C:\AdwCleaner
2014-08-11 16:48 - 2014-01-20 09:32 - 00000000 ____D () C:\Users\Linda
2014-08-11 16:30 - 2014-08-11 16:30 - 01366203 _____ () C:\Users\Zack\Desktop\AdwCleaner.exe
2014-08-11 16:30 - 2014-08-11 16:28 - 01366203 _____ () C:\Users\Zack\Downloads\AdwCleaner.exe
2014-08-11 15:50 - 2014-08-11 15:50 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Zack\Desktop\tdsskiller.exe
2014-08-11 15:50 - 2014-08-11 15:48 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Zack\Downloads\tdsskiller.exe
2014-08-11 15:47 - 2014-08-11 15:44 - 00037656 _____ () C:\Users\Zack\Desktop\Result.txt
2014-08-11 15:41 - 2014-08-11 15:42 - 00401920 _____ (Farbar) C:\Users\Zack\Desktop\MiniToolBox.exe
2014-08-11 15:41 - 2014-08-11 15:41 - 00401920 _____ (Farbar) C:\Users\Zack\Downloads\MiniToolBox.exe
2014-08-11 14:22 - 2014-08-11 14:21 - 00000000 ____D () C:\Windows\pss
2014-08-11 14:18 - 2014-05-13 08:19 - 00000000 ____D () C:\temp
2014-08-07 16:45 - 2014-05-20 14:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-07 16:42 - 2014-08-07 16:42 - 00004072 _____ () C:\Linda.txt
2014-08-07 13:57 - 2014-08-06 17:20 - 00000000 ____D () C:\Users\Zack\Documents\Registry
2014-08-07 13:53 - 2014-06-16 11:02 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2014-08-07 09:22 - 2014-07-30 17:17 - 00000000 ____D () C:\ProgramData\UAB
2014-08-06 17:19 - 2014-03-11 17:57 - 00000000 ____D () C:\Windows\Minidump
2014-08-06 17:19 - 2010-02-04 12:06 - 00000000 ____D () C:\Windows\Panther
2014-08-06 17:18 - 2014-08-06 17:15 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-06 17:15 - 2014-08-06 17:15 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-08-06 17:15 - 2014-08-06 17:15 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-08-06 17:15 - 2014-08-06 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-06 17:15 - 2014-08-06 17:13 - 04813544 _____ (Piriform Ltd) C:\Users\Zack\Downloads\ccsetup416.exe
2014-08-06 17:10 - 2014-08-06 17:08 - 04814696 _____ (Piriform Ltd) C:\Users\Zack\Downloads\ccsetup416pro.exe
2014-08-06 16:06 - 2014-08-06 16:06 - 00000000 ____D () C:\ProgramData\REGSERVO64
2014-08-06 14:06 - 2014-05-20 14:37 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-06 14:06 - 2014-05-20 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-06 14:06 - 2014-05-20 14:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-06 10:53 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-08-04 11:04 - 2013-10-01 14:23 - 00045554 _____ () C:\Users\Linda\Documents\2014 (Recovered).xlsm
2014-08-04 07:58 - 2014-08-04 07:54 - 00000000 ____D () C:\Users\Linda\Documents\Health
2014-08-03 12:18 - 2014-02-28 09:46 - 00000000 __RSD () C:\Users\Linda\Documents\My Stationery
2014-08-01 11:34 - 2012-05-01 13:50 - 00064545 _____ () C:\Users\Linda\Documents\Mom's checkbook register.xlsx
2014-08-01 04:29 - 2014-05-29 16:41 - 00002222 _____ () C:\Users\Zack\Desktop\Safe Money.lnk
2014-08-01 04:29 - 2014-01-18 14:05 - 00000000 ____D () C:\Users\Zack\AppData\Local\VirtualStore
2014-08-01 04:28 - 2009-07-13 19:34 - 00000580 _____ () C:\Windows\win.ini
2014-07-31 15:29 - 2014-07-31 15:24 - 13087456 _____ (Microsoft Corporation) C:\Users\Linda\Downloads\Silverlight_x64(2).exe
2014-07-31 14:53 - 2014-07-31 14:40 - 111992144 _____ (Apple Inc.) C:\Users\Linda\Downloads\iTunesSetup(1).exe
2014-07-31 14:50 - 2014-07-31 14:44 - 13087456 _____ (Microsoft Corporation) C:\Users\Linda\Downloads\Silverlight_x64(1).exe
2014-07-31 07:35 - 2014-05-20 12:15 - 00001332 _____ () C:\Users\Linda\Desktop\Clean Registry for Free!.lnk
2014-07-30 17:26 - 2014-07-28 07:32 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\BitMeter2
2014-07-30 17:17 - 2014-07-30 17:17 - 00002303 _____ () C:\Users\Public\Desktop\Driver Support.lnk
2014-07-30 17:17 - 2014-07-30 17:17 - 00000000 ____D () C:\Users\Zack\Downloads\Driver Support
2014-07-30 17:17 - 2014-07-30 17:17 - 00000000 ____D () C:\Users\Zack\AppData\Local\PC_Drivers_Headquarters
2014-07-30 17:17 - 2014-07-30 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
2014-07-30 17:17 - 2014-07-30 17:17 - 00000000 ____D () C:\ProgramData\Driver Support
2014-07-30 17:13 - 2014-07-30 17:13 - 00000000 ____D () C:\Program Files (x86)\Driver Support
2014-07-30 17:07 - 2014-05-14 09:46 - 00001141 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-30 14:54 - 2014-07-30 14:46 - 13087456 _____ (Microsoft Corporation) C:\Users\Linda\Downloads\Silverlight_x64.exe
2014-07-30 10:22 - 2014-07-30 10:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-30 09:04 - 2012-01-19 11:17 - 00017358 _____ () C:\Users\Linda\Desktop\Mike and Dian Paid.xlsx
2014-07-28 15:46 - 2014-07-28 06:41 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\BitMeter2
2014-07-28 15:12 - 2014-07-24 07:02 - 00000000 ____D () C:\Users\Michael\Documents\orders
2014-07-28 15:10 - 2014-07-26 23:33 - 00000000 ____D () C:\Users\Michael\Documents\Ruku
2014-07-28 15:09 - 2014-01-20 17:20 - 00000000 ____D () C:\Users\Michael\Documents\Today
2014-07-28 14:16 - 2014-07-28 14:16 - 00000000 __SHD () C:\Users\Michael\AppData\Local\EmieUserList
2014-07-28 14:16 - 2014-07-28 14:16 - 00000000 __SHD () C:\Users\Michael\AppData\Local\EmieSiteList
2014-07-28 13:55 - 2014-07-28 13:43 - 00000000 ____D () C:\Users\Michael\Documents\Housing
2014-07-28 06:39 - 2014-01-24 08:51 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-28 06:39 - 2014-01-24 08:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-27 14:40 - 2014-07-27 14:40 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\CyberLink
2014-07-27 14:40 - 2014-07-27 14:40 - 00000000 ____D () C:\Users\Michael\AppData\Local\PowerDVD DX
2014-07-27 14:40 - 2010-02-04 10:35 - 00000000 ____D () C:\ProgramData\CyberLink
2014-07-27 13:09 - 2009-07-14 00:45 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-07-27 09:59 - 2014-07-25 16:26 - 00000000 ____D () C:\Users\Zack\AppData\Roaming\Bitmeter2
2014-07-26 10:18 - 2014-07-26 08:22 - 00000000 ____D () C:\Users\Michael\Documents\Dish
2014-07-26 10:18 - 2014-01-22 09:05 - 00000000 ____D () C:\Users\Michael\Documents\Health
2014-07-26 09:53 - 2014-01-20 12:39 - 00000000 ____D () C:\Users\Michael\AppData\Local\VirtualStore
2014-07-25 16:26 - 2014-07-25 16:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitMeter
2014-07-25 16:26 - 2014-07-25 16:26 - 00000000 ____D () C:\Program Files (x86)\Codebox
2014-07-25 03:01 - 2014-01-24 08:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 11:02 - 2014-07-24 11:02 - 00000000 ____D () C:\Users\Michael\Documents\Military MyPay
2014-07-24 09:48 - 2014-01-26 15:00 - 00001020 _____ () C:\Users\Linda\Desktop\Dropbox.lnk
2014-07-24 09:48 - 2014-01-26 14:58 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-23 18:07 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-07-22 10:05 - 2014-07-22 10:05 - 00001544 _____ () C:\Users\Michael\Downloads\seminar.ics
2014-07-20 12:16 - 2014-07-20 12:14 - 20105895 _____ () C:\Users\Michael\Downloads\projectlab_centurycd_driver_dds102.zip
2014-07-20 08:55 - 2014-07-19 09:01 - 00000000 ____D () C:\Users\Michael\Documents\Direct TV
2014-07-19 08:42 - 2014-07-19 08:42 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\TeamViewer
2014-07-18 08:04 - 2014-07-18 07:50 - 00000000 ____D () C:\Users\Michael\Documents\Qigong
2014-07-18 07:43 - 2014-01-18 14:08 - 00001119 _____ () C:\Users\Public\Desktop\NETGEAR WNA3100 Genie.lnk
2014-07-18 07:39 - 2014-07-18 07:39 - 00000000 ____D () C:\Users\Michael\Downloads\NETGEAR
2014-07-17 09:21 - 2014-07-17 09:20 - 00000000 ____D () C:\Users\Michael\Documents\diet
2014-07-14 17:58 - 2014-07-14 17:57 - 00000000 ____D () C:\Users\Michael\Documents\Tile
2014-07-14 12:52 - 2014-07-14 12:51 - 00000000 ____D () C:\Users\Michael\Documents\Autocad
2014-07-14 12:50 - 2014-01-20 16:41 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Adobe
2014-07-14 11:30 - 2014-07-14 11:30 - 00000189 _____ () C:\Windows\PowerReg.dat
2014-07-14 11:30 - 2014-07-14 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blast! Software
2014-07-14 11:30 - 2014-07-14 11:30 - 00000000 ____D () C:\Program Files (x86)\Blast! Software
2014-07-14 10:37 - 2014-07-14 08:14 - 00008650 _____ () C:\Users\Michael\Documents\Website links.xlsx
2014-07-14 08:55 - 2014-07-14 08:55 - 00002305 _____ () C:\Users\Michael\Desktop\Chrome App Launcher.lnk
2014-07-14 08:55 - 2014-07-14 08:55 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-14 08:14 - 2014-07-14 08:14 - 00000165 ____H () C:\Users\Michael\Documents\~$Website links.xlsx
 
Some content of TEMP:
====================
C:\Users\Linda\AppData\Local\Temp\4yipzgjm.dll
C:\Users\Linda\AppData\Local\Temp\c7j-v1st.dll
C:\Users\Linda\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp98ubue.dll
C:\Users\Linda\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsss8ni.dll
C:\Users\Linda\AppData\Local\Temp\fbpu7vwk.dll
C:\Users\Linda\AppData\Local\Temp\ghnvli5h.dll
C:\Users\Linda\AppData\Local\Temp\gwuwf8je.dll
C:\Users\Linda\AppData\Local\Temp\gwv7vcwl.dll
C:\Users\Linda\AppData\Local\Temp\hg8y5fw3.dll
 
 
==================== Bamital & volsnap Check =================
 


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:29 PM

Posted 14 August 2014 - 07:29 AM

The log is looking good and the detections you've mentioned aren't serious.


Please download this attached Attached File  fixlist.txt   12bytes   5 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#5 michaelg12251

michaelg12251
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tucson, Az
  • Local time:12:29 PM

Posted 14 August 2014 - 11:19 AM

From what I can tell I think I am in good shape.  If Kaspersky knows what it is talking about which I trust it does,  it says I am protected.  The txt file from your last suggestion looked good to me.

When trying to fix this problem I used Google.  Some of the sites were blocked by my ISP.  Some didn't look good when I googled them until I got to BleepingComputer.com.

This site is great site and I am so glad I found it.  I am going to spend a lot of time here in hopes of educating myself.

Thank you so much for your help.

Do you accept donation?  If so maybe you could send me a link.

Thank again

Michael

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-08-2014
Ran by Zack at 2014-08-14 08:32:06 Run:1
Running from C:\Users\Zack\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
EmptyTemp:

*****************

EmptyTemp: => Removed 899 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:29 PM

Posted 14 August 2014 - 11:27 AM

Very good. If Kaspersky is the antivirus software of your choice then you can uninstall Emsisoft now (because it's not recommended to run more than one as they might interfere with each other).

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Java
Adobe Reader



Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#7 michaelg12251

michaelg12251
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tucson, Az
  • Local time:12:29 PM

Posted 14 August 2014 - 04:27 PM

One last question for now.  Do you think Emsisoft is better then Kaspersky?  What is your anti-virus software of choice?

 

Thanks again for everything.

 

Michael



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:29 PM

Posted 15 August 2014 - 07:35 AM

Thank you very much for you donation, Michael!
I don't think that one of these products can really be identified to be "better" than the other. They are both very solid. In the end it comes down to a matter of personal taste. I happen to use Emsisoft as my antivirus software.

#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:29 PM

Posted 03 September 2014 - 06:01 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users