Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast files require system permissions to delete and more issues.


  • This topic is locked This topic is locked
15 replies to this topic

#1 bwrighttwo

bwrighttwo

  • Members
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 AM

Posted 15 August 2014 - 01:29 PM

Here is link to referral topic.

 

http://www.bleepingcomputer.com/forums/t/544302/avast-files-require-system-permissions-to-delete-and-other-things/

 

 

 

Issues include topic title +

 

Blinking cursor at post before Windows boots

Optical/CD drive makes clicking noise at boot and other random times.

Unable to copy and paste on some sites including here. I have to copy to clipboard first. I am able to C&P on PM's normally here.

Many skipped files and folders skipped during scans or require permissions other than admin.

Seems like machine has turned into an enterprise machine. Like it has been pre-configured.

I am only user and this machine should not have ever been networked in any way other than to connect to internet.

Group policies may have something to do with issues. (IMO)

DDS scan seems incomplete.(Tried 3 times)

 

I am sure there are more issues i can't remember and will add as they come to mind.

 

Programs i have ran recently to resolve issues include:

MBAM

AdwCleaner

Tdsskiller

Junkware Remv. Tool

Rogue Killer

 

 

DDS will not attach. Says it is too big. This can't be the issue as it is the shortest one i have ever had. Should i just paste it?


Edited by bwrighttwo, 15 August 2014 - 01:33 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:02 AM

Posted 20 August 2014 - 01:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/544527 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 bwrighttwo

bwrighttwo
  • Topic Starter

  • Members
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 AM

Posted 20 August 2014 - 03:20 PM

DDS is only producing part of the scan logs.

 

Addition to list of issues i am having:

Windows search does not work.

 

 

 

I had mentioned in my original topic on the "Am I infected" board that i only have access to this machine between certain hours. This no longer applies as i hav started bringing the machine home.

 

This is supposed to be a Windows 7 64bit machine.

I do have a purchased W7 disc.

Dell Inspiron N7110 i5

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 3/31/2014 10:18:36 AM

System Uptime: 8/20/2014 9:29:06 AM (7 hours ago)

.

Motherboard: Dell Inc. |  |      

Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz | CPU | 2501/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 912 GiB total, 848.795 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {36fc9e60-c465-11cf-8056-444553540000}

Description: USB Composite Device

Device ID: USB\VID_1BCF&PID_2881\6&196C4F63&0&4

Manufacturer: (Standard USB Host Controller)

Name: USB Composite Device

PNP Device ID: USB\VID_1BCF&PID_2881\6&196C4F63&0&4

Service: usbccgp

.

==== System Restore Points ===================

.

RP110: 7/24/2014 1:25:51 PM - Windows Update

RP111: 7/24/2014 3:21:13 PM - Windows Update

RP112: 7/28/2014 1:16:06 PM - Windows Update

RP113: 8/4/2014 10:08:37 AM - Windows Update

RP114: 8/5/2014 2:01:13 PM - DDU System Restored Point

RP115: 8/5/2014 2:18:30 PM - DDU System Restored Point

RP116: 8/5/2014 2:44:43 PM - Windows Update

RP117: 8/11/2014 10:02:13 AM - Windows Update

RP118: 8/13/2014 9:59:19 AM - Revo Uninstaller's restore point - Spybot - Search & Destroy

RP119: 8/13/2014 10:20:28 AM - Revo Uninstaller's restore point - Spybot - Search & Destroy

RP120: 8/13/2014 11:12:23 AM - Revo Uninstaller's restore point - ArcadeGiant

RP121: 8/13/2014 11:13:38 AM - Revo Uninstaller's restore point - ArcadeGiant

RP122: 8/13/2014 12:44:03 PM - Revo Uninstaller's restore point - KNCTR

RP123: 8/15/2014 10:00:00 AM - Windows Update

RP124: 8/15/2014 5:28:01 PM - Windows Update

RP125: 8/18/2014 9:39:53 AM - Windows Update

.

==== Image File Execution Options =============

.

.

==== Installed Programs ======================

.

.

==== End Of File ===========================


Edited by bwrighttwo, 20 August 2014 - 07:05 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:02 AM

Posted 21 August 2014 - 10:21 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
  • =======
     
    Please download AdwCleaner by Xplode onto your Desktop.
    • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the  Scan  button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  •  
    IMPORTANT
     
    • If you click the Clean button all items listed in the report will be removed.
     
    If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
     
    • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the  Scan  button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
  • ===
     
    Download the  version of this tool for your operating system.
    and save it to a folder on your computer's Desktop.
    Double-click to run it. When the tool opens click Yes to disclaimer.
    Press Scan button.
    It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
    ===
     
    Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
    To attach a file select the "More Reply Option" and follow the instructions.
     
    How is the computer running?
    Wait for further instructions.


    #5 bwrighttwo

    bwrighttwo
    • Topic Starter

    • Members
    • 717 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:01:02 AM

    Posted 21 August 2014 - 06:11 PM

    I am going to go ahead and post the RK report and then run the next 2 scans. I had a bunch of items in the Rootkit section colored green. There was no option to delete. Here is the report and i will now run the next two scans and put them in one reply.

     

    I am unable to c&p normally. I have to use the clipboard option.

     

    RogueKiller V9.2.8.0 (x64) [Jul 11 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : new [Admin rights]
    Mode : Remove -- Date : 08/21/2014  19:01:37

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 0 ¤¤¤

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ HOSTS File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++
    --- User ---
    [MBR] c150186c094173aaa4affe6181b49c9c
    [BSP] 0d9bdc844c4d286fe0b40717de6e9b3f : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 212992 | Size: 20000 MB
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 41172992 | Size: 933764 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_DEL_08052014_133552.log - RKreport_DEL_08132014_123558.log - RKreport_SCN_08052014_133311.log - RKreport_SCN_08122014_172345.log
    RKreport_SCN_08132014_123140.log - RKreport_SCN_08212014_190028.log

     



    #6 bwrighttwo

    bwrighttwo
    • Topic Starter

    • Members
    • 717 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:01:02 AM

    Posted 21 August 2014 - 06:25 PM

    I just wanted to make you aware of a couple of things. The SDK stuff you see in the FRST logs wwould have been something i downloaded. When i first saw that some programs were recognizing this machine as an "Enterprise" machine I thought I might b able to get some info using some of the tools. I really can't remember what i discovered using it.

     

    Another thing,....At work this machine uses wireless to get online and at home it uses ethernet connection.

     

     

     

    # AdwCleaner v3.308 - Report created 21/08/2014 at 19:13:53
    # Updated 20/08/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : new - NEW-PC
    # Running from : C:\Users\new\Downloads\adwcleaner_3.308.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17239


    -\\ Mozilla Firefox v31.0 (x86 en-US)

    [ File : C:\Users\new\AppData\Roaming\Mozilla\Firefox\Profiles\oneflxwp.default\prefs.js ]


    -\\ Google Chrome v36.0.1985.143

    *************************

    AdwCleaner[R0].txt - [1190 octets] - [04/04/2014 13:20:34]
    AdwCleaner[R1].txt - [961 octets] - [11/04/2014 17:04:09]
    AdwCleaner[R2].txt - [1001 octets] - [17/04/2014 12:42:53]
    AdwCleaner[R3].txt - [1336 octets] - [05/06/2014 14:13:22]
    AdwCleaner[R4].txt - [1400 octets] - [24/06/2014 14:44:55]
    AdwCleaner[R5].txt - [1374 octets] - [24/06/2014 16:29:02]
    AdwCleaner[R6].txt - [1488 octets] - [16/07/2014 12:57:08]
    AdwCleaner[R7].txt - [1595 octets] - [05/08/2014 13:25:50]
    AdwCleaner[R8].txt - [1727 octets] - [13/08/2014 12:18:11]
    AdwCleaner[R9].txt - [2080 octets] - [21/08/2014 19:12:34]
    AdwCleaner[S0].txt - [1261 octets] - [04/04/2014 13:21:44]
    AdwCleaner[S1].txt - [981 octets] - [11/04/2014 17:05:27]
    AdwCleaner[S2].txt - [1465 octets] - [24/06/2014 14:45:41]
    AdwCleaner[S3].txt - [1435 octets] - [24/06/2014 16:29:31]
    AdwCleaner[S4].txt - [1796 octets] - [13/08/2014 12:19:18]
    AdwCleaner[S5].txt - [1999 octets] - [21/08/2014 19:13:53]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [2059 octets] ##########

     

     

     

     

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2014
    Ran by new (administrator) on NEW-PC on 21-08-2014 19:19:51
    Running from C:\Users\new\Downloads
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NANO Security) C:\Program Files (x86)\NANO Antivirus\bin\nanosvc.exe
    (Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    (Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
    (Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
    (Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (NANO Security) C:\Program Files (x86)\NANO Antivirus\bin\nanoav.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Intel® Corporation) C:\Intel\WiFi\bin\EvtEng.exe
    (Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    (Intel® Corporation) C:\Intel\WiFi\bin\ZeroConfigService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
    (Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
    (Intel Corporation) C:\Intel\BluetoothHS\BTHSAmpPalService.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4500640 2011-03-10] (Dell Inc.)
    HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2190704 2011-11-03] ()
    HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4802864 2012-06-25] (Intel® Corporation)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-08] (AVAST Software)
    HKLM-x32\...\Run: [NANO Antivirus] => c:\program files (x86)\nano antivirus\bin\nanoav.exe [5568800 2014-08-18] (NANO Security)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    HKU\S-1-5-21-3195569476-3954131397-1123240221-1000\...\MountPoints2: {4c8535c8-6ce3-11e1-8a6d-806e6f6e6963} - D:\setup.exe
    ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
    ShellIconOverlayIdentifiers: KAVOverlayIcon -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll (Kaspersky Lab ZAO)
    ShellIconOverlayIdentifiers-x32: KAVOverlayIcon -> {dd230880-495a-11d1-b064-008048ec2fc5} =>  No File
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKCU - {2D8FCC20-8F17-44AD-A7DF-E83015B1970E} URL =
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
    BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
    Toolbar: HKLM-x32 - No Name - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} -  No File
    DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
    Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
    Winsock: Catalog9 01 C:\Program Files (x86)\NANO Antivirus\bin\nanolsp.dll [1796440] (NANO Security)
    Winsock: Catalog9 13 C:\Program Files (x86)\NANO Antivirus\bin\nanolsp.dll [1796440] (NANO Security)
    Winsock: Catalog9-x64 01 C:\Program Files (x86)\NANO Antivirus\bin\nanolsp64.dll [2637456] (NANO Security)
    Winsock: Catalog9-x64 13 C:\Program Files (x86)\NANO Antivirus\bin\nanolsp64.dll [2637456] (NANO Security)
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

    FireFox:
    ========
    FF ProfilePath: C:\Users\new\AppData\Roaming\Mozilla\Firefox\Profiles\oneflxwp.default
    FF DefaultSearchEngine: Bing
    FF SelectedSearchEngine: Bing
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
    FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
    FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
    FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
    FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx []
    CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx []
    CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx []
    CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx []
    CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx []

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
    R2 AMPPALR3; C:\Intel\BluetoothHS\BTHSAmpPalService.exe [659976 2012-03-15] (Intel Corporation)
    S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-01] (AVAST Software)
    S4 BTHSSecurityMgr; C:\Intel\BluetoothHS\BTHSSecurityMgr.exe [135952 2012-04-23] (Intel® Corporation)
    S4 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
    R2 EvtEng; C:\Intel\WiFi\bin\EvtEng.exe [628016 2012-06-25] (Intel® Corporation)
    S3 MyWiFiDHCPDNS; C:\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
    R2 nanosvc; C:\Program Files (x86)\NANO Antivirus\bin\nanosvc.exe [13398328 2014-08-18] (NANO Security)
    R2 ZeroConfigService; C:\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-01] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-01] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-01] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-01] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-01] ()
    R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
    R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
    S3 Impcd; C:\Windows\system32\drivers\Impcd.sys [158976 2010-02-27] (Intel Corporation) [File not signed]
    S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [317440 2010-10-15] (Intel® Corporation) [File not signed]
    R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-04-01] (Kaspersky Lab ZAO)
    U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-11-11] (Kaspersky Lab ZAO)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-11-11] (Kaspersky Lab ZAO)
    R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-04-01] (Kaspersky Lab ZAO)
    R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
    R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
    R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO)
    R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-11-11] (Kaspersky Lab ZAO)
    R1 nanoflt; C:\Program Files (x86)\NANO Antivirus\bin\nanoflt64.sys [44464 2014-08-18] (NANO Security)
    R1 nanokrn; C:\Program Files (x86)\NANO Antivirus\bin\nanokrn64.sys [61960 2014-08-18] (NANO Security)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-21 19:19 - 2014-08-21 19:20 - 00012401 _____ () C:\Users\new\Downloads\FRST.txt
    2014-08-21 19:19 - 2014-08-21 19:19 - 00000000 ____D () C:\FRST
    2014-08-21 19:18 - 2014-08-21 19:19 - 02101760 _____ (Farbar) C:\Users\new\Downloads\FRST64.exe
    2014-08-21 19:12 - 2014-08-21 19:12 - 01364531 _____ () C:\Users\new\Downloads\adwcleaner_3.308.exe
    2014-08-21 18:53 - 2014-08-21 18:53 - 05421656 _____ () C:\Users\new\Downloads\RogueKillerX64(1).exe
    2014-08-21 18:48 - 2014-08-21 18:48 - 00000000 ____D () C:\Users\new\Documents\My Received Files
    2014-08-21 00:40 - 2014-08-21 00:40 - 02809824 _____ () C:\Users\new\Downloads\netscan.zip
    2014-08-20 22:32 - 2014-08-20 22:32 - 00779776 _____ (Process Checker) C:\Users\new\Downloads\processchecker_setup.exe
    2014-08-20 16:17 - 2014-08-20 16:18 - 00688992 ____R (Swearware) C:\Users\new\Downloads\dds(2).com
    2014-08-18 09:44 - 2014-08-18 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NANO Antivirus
    2014-08-15 17:29 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
    2014-08-15 17:29 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
    2014-08-15 17:29 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
    2014-08-15 17:29 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
    2014-08-15 17:29 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
    2014-08-15 17:29 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
    2014-08-15 17:29 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
    2014-08-15 17:29 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
    2014-08-15 10:02 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-08-15 10:02 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2014-08-15 10:02 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2014-08-15 10:02 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2014-08-15 10:02 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2014-08-15 10:02 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2014-08-15 10:02 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2014-08-15 10:01 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-08-15 10:01 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-08-15 10:01 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-08-15 10:01 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-08-15 10:01 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-08-15 10:01 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-08-15 10:01 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-08-15 10:01 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-08-15 10:01 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-08-15 10:01 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-08-15 10:01 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-08-15 10:01 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-08-15 10:01 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-08-15 10:01 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-08-15 10:01 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-08-15 10:01 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-08-15 10:01 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-08-15 10:01 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-08-15 10:01 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-08-15 10:01 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-08-15 10:01 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-08-15 10:01 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-08-15 10:01 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-08-15 10:01 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-08-15 10:01 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-08-15 10:01 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-08-15 10:01 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-08-15 10:01 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-08-15 10:01 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-08-15 10:01 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-08-15 10:01 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-08-15 10:01 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-08-15 10:01 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-08-15 10:01 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-08-15 10:01 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-08-15 10:01 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-08-15 10:01 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-08-15 10:01 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-08-15 10:01 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-08-15 10:01 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-08-15 10:01 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-08-15 10:01 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-08-15 10:01 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-08-15 10:01 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-08-15 10:01 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-08-15 10:01 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-08-15 10:01 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-08-15 10:01 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-08-15 10:01 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-08-15 10:01 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-08-15 10:01 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-08-15 10:01 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-08-15 10:01 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-08-15 10:01 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-08-15 10:01 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-08-15 10:01 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-08-15 10:01 - 2014-07-15 23:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2014-08-15 10:01 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-08-15 10:01 - 2014-07-15 22:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2014-08-15 10:01 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2014-08-15 10:01 - 2014-07-15 22:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-08-15 10:01 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
    2014-08-15 10:01 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
    2014-08-15 10:01 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
    2014-08-15 10:01 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
    2014-08-15 10:01 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
    2014-08-15 10:01 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
    2014-08-15 10:01 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
    2014-08-15 10:01 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
    2014-08-15 10:01 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
    2014-08-15 10:01 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
    2014-08-15 10:01 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
    2014-08-15 10:01 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
    2014-08-15 10:01 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2014-08-15 10:01 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2014-08-15 10:01 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2014-08-15 09:59 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-08-15 09:59 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-08-15 09:59 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2014-08-15 09:59 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2014-08-15 09:55 - 2014-08-15 09:55 - 00688992 ____R (Swearware) C:\Users\new\Downloads\dds(1).com
    2014-08-13 14:37 - 2014-08-13 14:37 - 00854410 _____ () C:\Users\new\Downloads\SecurityCheck.exe
    2014-08-13 14:30 - 2014-08-13 14:34 - 00035914 _____ () C:\Users\new\Desktop\Show-Hidden.txt
    2014-08-13 14:30 - 2014-08-13 14:30 - 00386464 _____ (Bleeping Computer, LLC) C:\Users\new\Downloads\show-hidden.exe
    2014-08-13 14:29 - 2014-08-13 14:29 - 00977520 _____ () C:\Users\new\Downloads\HashTab v5.2.0.14 Setup.exe
    2014-08-13 14:29 - 2014-08-13 14:29 - 00000000 ____D () C:\Program Files\HashTab Shell Extension
    2014-08-13 14:07 - 2014-08-20 19:03 - 00002016 _____ () C:\Users\new\Desktop\attach.txt
    2014-08-13 14:05 - 2014-08-13 14:05 - 00688992 ____R (Swearware) C:\Users\new\Downloads\dds.com
    2014-08-13 14:00 - 2014-08-13 14:00 - 00000260 _____ () C:\Users\new\Desktop\vgyuop.txt
    2014-08-13 12:48 - 2014-05-01 14:41 - 00002296 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-08-13 12:47 - 2014-08-13 12:47 - 00270848 _____ (Secure By Design Inc.) C:\Users\new\Downloads\Ninite Chrome Installer.exe
    2014-08-13 12:25 - 2014-08-21 18:55 - 00036456 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-08-13 12:25 - 2014-08-13 12:25 - 05392984 _____ () C:\Users\new\Downloads\RogueKillerX64.exe
    2014-08-13 12:17 - 2014-08-13 12:17 - 01366203 _____ () C:\Users\new\Downloads\adwcleaner_3.304.exe
    2014-08-13 12:16 - 2014-08-13 12:16 - 00000339 _____ () C:\Users\new\Desktop\nan01.txt
    2014-08-13 11:07 - 2014-08-13 11:07 - 01320048 _____ () C:\Windows\Minidump\081314-22744-01.dmp
    2014-08-13 10:42 - 2014-08-13 11:41 - 00000000 ____D () C:\Users\new\AppData\Local\nanoav
    2014-08-13 10:41 - 2014-08-13 10:41 - 00000150 _____ () C:\Windows\SysWOW64\{E54A1EE6-F03F-BA46-A814-6F837F3DE309}
    2014-08-13 10:40 - 2014-08-21 19:19 - 00000000 ____D () C:\ProgramData\nanolsp
    2014-08-13 10:40 - 2014-08-21 18:46 - 00000000 ____D () C:\Program Files (x86)\NANO Antivirus
    2014-08-13 10:35 - 2014-08-13 10:35 - 00002303 _____ () C:\Users\Public\Desktop\Driver Support.lnk
    2014-08-13 10:35 - 2014-08-13 10:35 - 00000000 ____D () C:\Users\new\Downloads\Driver Support
    2014-08-13 10:35 - 2014-08-13 10:35 - 00000000 ____D () C:\Users\new\AppData\Local\PC_Drivers_Headquarters
    2014-08-13 10:35 - 2014-08-13 10:35 - 00000000 ____D () C:\ProgramData\UAB
    2014-08-13 10:35 - 2014-08-13 10:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
    2014-08-13 10:35 - 2014-08-13 10:35 - 00000000 ____D () C:\ProgramData\Driver Support
    2014-08-13 10:35 - 2014-08-13 10:35 - 00000000 ____D () C:\Program Files (x86)\Driver Support
    2014-08-13 10:33 - 2014-08-13 10:33 - 00000085 _____ () C:\Windows\wininit.ini
    2014-08-13 10:27 - 2014-08-21 19:16 - 00000000 ____D () C:\ProgramData\nanoav
    2014-08-13 10:24 - 2014-08-13 10:24 - 00699016 _____ (CNET Download.com) C:\Users\new\Downloads\cbsidlm-cbsi213-NANO_Antivirus-SEO-75712430.exe
    2014-08-05 14:00 - 2014-08-05 14:00 - 00000000 ____D () C:\Users\new\Downloads\x64
    2014-08-05 13:59 - 2014-08-05 13:59 - 01658971 _____ () C:\Users\new\Downloads\DDU-v12.9.7.0.exe
    2014-08-05 13:59 - 2014-07-10 08:45 - 03295232 _____ () C:\Users\new\Downloads\Display Driver Uninstaller.exe
    2014-08-05 13:59 - 2014-07-10 08:45 - 00179712 _____ () C:\Users\new\Downloads\Display Driver Uninstaller.pdb
    2014-08-05 13:59 - 2014-06-24 20:54 - 00000000 ____D () C:\Users\new\Downloads\settings
    2014-08-05 13:37 - 2014-08-05 13:37 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\new\Downloads\tdsskiller(1).exe
    2014-08-05 13:28 - 2014-08-13 12:24 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
    2014-08-05 13:28 - 2014-08-05 13:28 - 04806744 _____ () C:\Users\new\Downloads\RogueKiller.exe
    2014-08-05 13:28 - 2014-08-05 13:28 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-08-05 12:57 - 2014-08-05 12:57 - 02091520 _____ (Conner Bernhard) C:\Users\new\Downloads\NetAdapterRepair1.2.exe
    2014-07-22 11:21 - 2014-07-22 11:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-08-21 19:20 - 2014-08-21 19:19 - 00012401 _____ () C:\Users\new\Downloads\FRST.txt
    2014-08-21 19:19 - 2014-08-21 19:19 - 00000000 ____D () C:\FRST
    2014-08-21 19:19 - 2014-08-21 19:18 - 02101760 _____ (Farbar) C:\Users\new\Downloads\FRST64.exe
    2014-08-21 19:19 - 2014-08-13 10:40 - 00000000 ____D () C:\ProgramData\nanolsp
    2014-08-21 19:19 - 2014-04-30 17:04 - 01816425 _____ () C:\Windows\WindowsUpdate.log
    2014-08-21 19:16 - 2014-08-13 10:27 - 00000000 ____D () C:\ProgramData\nanoav
    2014-08-21 19:16 - 2014-05-01 14:41 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-08-21 19:16 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-08-21 19:14 - 2014-05-29 09:25 - 00028062 _____ () C:\Windows\PFRO.log
    2014-08-21 19:14 - 2014-05-05 17:04 - 00007408 _____ () C:\Windows\setupact.log
    2014-08-21 19:13 - 2014-04-04 13:20 - 00000000 ____D () C:\AdwCleaner
    2014-08-21 19:12 - 2014-08-21 19:12 - 01364531 _____ () C:\Users\new\Downloads\adwcleaner_3.308.exe
    2014-08-21 19:03 - 2014-05-01 14:41 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-08-21 18:55 - 2014-08-13 12:25 - 00036456 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-08-21 18:53 - 2014-08-21 18:53 - 05421656 _____ () C:\Users\new\Downloads\RogueKillerX64(1).exe
    2014-08-21 18:50 - 2014-06-12 09:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-08-21 18:48 - 2014-08-21 18:48 - 00000000 ____D () C:\Users\new\Documents\My Received Files
    2014-08-21 18:47 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-08-21 18:47 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-08-21 18:46 - 2014-08-13 10:40 - 00000000 ____D () C:\Program Files (x86)\NANO Antivirus
    2014-08-21 18:43 - 2009-07-14 01:13 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-08-21 18:38 - 2009-07-14 00:45 - 00266104 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-08-21 01:00 - 2014-04-26 13:27 - 00002914 _____ () C:\Users\new\Desktop\SoftPerfect Scan 1.xml
    2014-08-21 00:40 - 2014-08-21 00:40 - 02809824 _____ () C:\Users\new\Downloads\netscan.zip
    2014-08-21 00:27 - 2014-04-07 14:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-08-20 22:45 - 2014-04-07 17:08 - 00002296 ____H () C:\Users\new\Documents\Default.rdp
    2014-08-20 22:32 - 2014-08-20 22:32 - 00779776 _____ (Process Checker) C:\Users\new\Downloads\processchecker_setup.exe
    2014-08-20 19:03 - 2014-08-13 14:07 - 00002016 _____ () C:\Users\new\Desktop\attach.txt
    2014-08-20 16:18 - 2014-08-20 16:17 - 00688992 ____R (Swearware) C:\Users\new\Downloads\dds(2).com
    2014-08-18 15:14 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
    2014-08-18 09:44 - 2014-08-18 09:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NANO Antivirus
    2014-08-18 09:34 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-08-15 17:37 - 2014-03-31 12:00 - 00000000 ____D () C:\Windows\system32\MRT
    2014-08-15 17:36 - 2014-03-31 12:00 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-08-15 17:28 - 2014-04-30 17:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-08-15 09:55 - 2014-08-15 09:55 - 00688992 ____R (Swearware) C:\Users\new\Downloads\dds(1).com
    2014-08-13 14:37 - 2014-08-13 14:37 - 00854410 _____ () C:\Users\new\Downloads\SecurityCheck.exe
    2014-08-13 14:34 - 2014-08-13 14:30 - 00035914 _____ () C:\Users\new\Desktop\Show-Hidden.txt
    2014-08-13 14:30 - 2014-08-13 14:30 - 00386464 _____ (Bleeping Computer, LLC) C:\Users\new\Downloads\show-hidden.exe
    2014-08-13 14:29 - 2014-08-13 14:29 - 00977520 _____ () C:\Users\new\Downloads\HashTab v5.2.0.14 Setup.exe
    2014-08-13 14:29 - 2014-08-13 14:29 - 00000000 ____D () C:\Program Files\HashTab Shell Extension
    2014-08-13 14:05 - 2014-08-13 14:05 - 00688992 ____R (Swearware) C:\Users\new\Downloads\dds.com
    2014-08-13 14:00 - 2014-08-13 14:00 - 00000260 _____ () C:\Users\new\Desktop\vgyuop.txt
    2014-08-13 12:47 - 2014-08-13 12:47 - 00270848 _____ (Secure By Design Inc.) C:\Users\new\Downloads\Ninite Chrome Installer.exe
    2014-08-13 12:25 - 2014-08-13 12:25 - 05392984 _____ () C:\Users\new\Downloads\RogueKillerX64.exe
    2014-08-13 12:24 - 2014-08-05 13:28 - 00029160 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
    2014-08-13 12:17 - 2014-08-13 12:17 - 01366203 _____ () C:\Users\new\Downloads\adwcleaner_3.304.exe
    2014-08-13 12:16 - 2014-08-13 12:16 - 00000339 _____ () C:\Users\new\Desktop\nan01.txt
    2014-08-13 11:47 - 2014-05-01 14:41 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2014-08-13 11:41 - 2014-08-13 10:42 - 00000000 ____D () C:\Users\new\AppData\Local\nanoav
    2014-08-13 11:07 - 2014-08-13 11:07 - 01320048 _____ () C:\Windows\Minidump\081314-22744-01.dmp
    2014-08-13 11:07 - 2014-05-05 17:07 - 675422724 _____ () C:\Windows\MEMORY.DMP
    2014-08-13 11:07 - 2014-04-17 14:19 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-08-13 11:07 - 2014-04-03 11:29 - 00000000 ____D () C:\Windows\Minidump
    2014-08-13 10:41 - 2014-08-13 10:41 - 00000150 _____ () C:\Windows\SysWOW64\{E54A1EE6-F03F-BA46-A814-6F837F3DE309}
    2014-08-13 10:35 - 2014-08-13 10:35 - 00002303 _____ () C:\Users\Public\Desktop\Driver Support.lnk
    2014-08-13 10:35 - 2014-08-13 10:35 - 00000000 ____D () C:\Users\new\Downloads\Driver Support
    2014-08-13 10:35 - 2014-08-13 10:35 - 00000000 ____D () C:\Users\new\AppData\Local\PC_Drivers_Headquarters
    2014-08-13 10:35 - 2014-08-13 10:35 - 00000000 ____D () C:\ProgramData\UAB
    2014-08-13 10:35 - 2014-08-13 10:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
    2014-08-13 10:35 - 2014-08-13 10:35 - 00000000 ____D () C:\ProgramData\Driver Support
    2014-08-13 10:35 - 2014-08-13 10:35 - 00000000 ____D () C:\Program Files (x86)\Driver Support
    2014-08-13 10:35 - 2014-04-30 13:51 - 00000000 ____D () C:\Users\new\AppData\Local\CrashDumps
    2014-08-13 10:33 - 2014-08-13 10:33 - 00000085 _____ () C:\Windows\wininit.ini
    2014-08-13 10:33 - 2014-04-17 14:19 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-08-13 10:24 - 2014-08-13 10:24 - 00699016 _____ (CNET Download.com) C:\Users\new\Downloads\cbsidlm-cbsi213-NANO_Antivirus-SEO-75712430.exe
    2014-08-13 10:23 - 2014-06-18 15:34 - 00001945 _____ () C:\Windows\epplauncher.mif
    2014-08-06 22:06 - 2014-08-15 09:59 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-08-06 22:01 - 2014-08-15 09:59 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-08-05 14:46 - 2012-03-13 04:07 - 00000000 ____D () C:\Program Files (x86)\Intel
    2014-08-05 14:15 - 2012-03-13 02:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
    2014-08-05 14:14 - 2012-03-13 04:07 - 00000000 ____D () C:\Program Files\Common Files\Intel
    2014-08-05 14:00 - 2014-08-05 14:00 - 00000000 ____D () C:\Users\new\Downloads\x64
    2014-08-05 13:59 - 2014-08-05 13:59 - 01658971 _____ () C:\Users\new\Downloads\DDU-v12.9.7.0.exe
    2014-08-05 13:37 - 2014-08-05 13:37 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\new\Downloads\tdsskiller(1).exe
    2014-08-05 13:28 - 2014-08-05 13:28 - 04806744 _____ () C:\Users\new\Downloads\RogueKiller.exe
    2014-08-05 13:28 - 2014-08-05 13:28 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-08-05 13:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-08-05 12:57 - 2014-08-05 12:57 - 02091520 _____ (Conner Bernhard) C:\Users\new\Downloads\NetAdapterRepair1.2.exe
    2014-08-05 09:20 - 2010-11-20 23:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-07-31 19:41 - 2014-08-15 10:01 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-07-31 19:16 - 2014-08-15 10:01 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-07-28 13:05 - 2014-06-18 17:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-07-28 13:05 - 2014-06-18 17:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-07-25 10:52 - 2014-08-15 10:01 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-07-25 10:02 - 2014-08-15 10:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-07-25 10:01 - 2014-08-15 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-07-25 09:51 - 2014-08-15 10:01 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-07-25 09:30 - 2014-08-15 10:01 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-07-25 09:28 - 2014-08-15 10:01 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-07-25 09:28 - 2014-08-15 10:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-07-25 09:25 - 2014-08-15 10:01 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-07-25 09:25 - 2014-08-15 10:01 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-07-25 09:11 - 2014-08-15 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-07-25 09:10 - 2014-08-15 10:01 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-07-25 09:04 - 2014-08-15 10:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-07-25 09:03 - 2014-08-15 10:01 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-07-25 09:00 - 2014-08-15 10:01 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-07-25 09:00 - 2014-08-15 10:01 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-07-25 08:59 - 2014-08-15 10:01 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-07-25 08:47 - 2014-08-15 10:01 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-07-25 08:40 - 2014-08-15 10:01 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-07-25 08:34 - 2014-08-15 10:01 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-07-25 08:34 - 2014-08-15 10:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-07-25 08:33 - 2014-08-15 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-07-25 08:30 - 2014-08-15 10:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-07-25 08:28 - 2014-08-15 10:01 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-07-25 08:28 - 2014-08-15 10:01 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-07-25 08:21 - 2014-08-15 10:01 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-07-25 08:19 - 2014-08-15 10:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-07-25 08:18 - 2014-08-15 10:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-07-25 08:17 - 2014-08-15 10:01 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-07-25 08:17 - 2014-08-15 10:01 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-07-25 08:12 - 2014-08-15 10:01 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-07-25 08:10 - 2014-08-15 10:01 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-07-25 08:10 - 2014-08-15 10:01 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-07-25 08:08 - 2014-08-15 10:01 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-07-25 08:06 - 2014-08-15 10:01 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-07-25 07:52 - 2014-08-15 10:01 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-07-25 07:47 - 2014-08-15 10:01 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-07-25 07:43 - 2014-08-15 10:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-07-25 07:42 - 2014-08-15 10:01 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-07-25 07:39 - 2014-08-15 10:01 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-07-25 07:39 - 2014-08-15 10:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-07-25 07:36 - 2014-08-15 10:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-07-25 07:34 - 2014-08-15 10:01 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-07-25 07:29 - 2014-08-15 10:01 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-07-25 07:23 - 2014-08-15 10:01 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-07-25 07:13 - 2014-08-15 10:01 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-07-25 07:07 - 2014-08-15 10:01 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-07-25 07:07 - 2014-08-15 10:01 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-07-25 07:03 - 2014-08-15 10:01 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-07-25 06:52 - 2014-08-15 10:01 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-07-25 06:26 - 2014-08-15 10:01 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-07-25 06:17 - 2014-08-15 10:01 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-07-25 06:09 - 2014-08-15 10:01 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-07-25 06:05 - 2014-08-15 10:01 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-07-25 06:00 - 2014-08-15 10:01 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-07-24 15:22 - 2014-06-18 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-07-24 10:07 - 2014-04-01 14:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-07-22 11:21 - 2014-07-22 11:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

    Some content of TEMP:
    ====================
    C:\Users\new\AppData\Local\Temp\avxdisk.dll
    C:\Users\new\AppData\Local\Temp\bdc.exe
    C:\Users\new\AppData\Local\Temp\bdcore.dll
    C:\Users\new\AppData\Local\Temp\bdfltlib.dll
    C:\Users\new\AppData\Local\Temp\bdfltlib2k.dll
    C:\Users\new\AppData\Local\Temp\bdupdateservice.dll
    C:\Users\new\AppData\Local\Temp\DEVCON.EXE
    C:\Users\new\AppData\Local\Temp\eEmpty.exe
    C:\Users\new\AppData\Local\Temp\encdec.dll
    C:\Users\new\AppData\Local\Temp\esupdate.exe
    C:\Users\new\AppData\Local\Temp\FSSync.dll
    C:\Users\new\AppData\Local\Temp\Getvlist.exe
    C:\Users\new\AppData\Local\Temp\ikave.dll
    C:\Users\new\AppData\Local\Temp\ipc.dll
    C:\Users\new\AppData\Local\Temp\kave.dll
    C:\Users\new\AppData\Local\Temp\kavvlg.dll
    C:\Users\new\AppData\Local\Temp\msvclnt.dll
    C:\Users\new\AppData\Local\Temp\msvcp80.dll
    C:\Users\new\AppData\Local\Temp\msvcr80.dll
    C:\Users\new\AppData\Local\Temp\msvl64.dll
    C:\Users\new\AppData\Local\Temp\msvlclnt.dll
    C:\Users\new\AppData\Local\Temp\mwavdwnl.exe
    C:\Users\new\AppData\Local\Temp\MWAVL.exe
    C:\Users\new\AppData\Local\Temp\mwavscan.exe
    C:\Users\new\AppData\Local\Temp\mwunzip.dll
    C:\Users\new\AppData\Local\Temp\nsu4AF7.tmp.exe
    C:\Users\new\AppData\Local\Temp\prLoader.dll
    C:\Users\new\AppData\Local\Temp\Quarantine.exe
    C:\Users\new\AppData\Local\Temp\red32.dll
    C:\Users\new\AppData\Local\Temp\Reload.exe
    C:\Users\new\AppData\Local\Temp\scan.dll
    C:\Users\new\AppData\Local\Temp\ScanningProcess.exe
    C:\Users\new\AppData\Local\Temp\setpriv.exe
    C:\Users\new\AppData\Local\Temp\test2.exe
    C:\Users\new\AppData\Local\Temp\unregx.exe
    C:\Users\new\AppData\Local\Temp\ViewTCP.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-08-18 11:10

    ==================== End Of Log ============================

     

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2014
    Ran by new at 2014-08-21 19:21:26
    Running from C:\Users\new\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: NANO AntiVirus (Enabled - Up to date) {6042C874-D09C-FAB4-B62E-5E03234AF460}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: NANO AntiVirus (Enabled - Up to date) {DB232990-F6A6-F53A-8C9E-657158CDBEDD}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
    Adobe Community Help (x32 Version: 3.2.1 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
    Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 9 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
    Adobe Premiere Elements 9 (HKLM-x32\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated)
    Adobe Premiere Elements 9 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
    Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
    Application Verifier (x64) (HKLM\...\{89026002-A893-42D9-9E20-6829B844735E}) (Version: 4.1.1078 - Microsoft Corporation)
    Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
    Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
    Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
    Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
    Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Debugging Tools for Windows (x64) (HKLM\...\{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}) (Version: 6.12.2.633 - Microsoft Corporation)
    Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.61 - Dell Inc.)
    Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.61 - Dell Inc.)
    Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
    Dell Digital Delivery (HKLM-x32\...\{03A9F528-A754-460F-B2C1-AC125A147114}) (Version: 2.8.5000.0 - Dell Products, LP)
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
    Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
    Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
    Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
    Dell Stage (HKLM-x32\...\{0F99CA59-7CB4-4167-A43A-4B1D5E584281}) (Version: 1.6.301.0 - Fingertapps)
    Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
    Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
    Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.6.0.4 - Dell)
    Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
    Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2214 - CyberLink Corp.)
    Dell VideoStage  (x32 Version: 1.3.0.2214 - CyberLink Corp.) Hidden
    Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
    Driver Support (HKLM-x32\...\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}) (Version: 8.1 - Driver Support)
    Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
    Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Google Chrome (HKLM-x32\...\{E2FA067B-11BC-318B-B325-31127E6243F5}) (Version: 65.240.16527 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    HashTab 5.2.0.14 (HKLM\...\HashTab) (Version: 5.2.0.14 - Implbits Software)
    Intel PROSet Wireless (Version:  - ) Hidden
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
    Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
    Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation)
    Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
    Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
    Intel® PROSet/Wireless WiFi Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
    Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Media Preview (HKLM\...\{52AFC3E1-0FAA-4C05-88FF-373911EA68F5}) (Version: 1.4.3.429 - BabelSoft)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
    Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++  Compilers 2010 Standard - enu - x64 (HKLM\...\{88387B3B-B110-392F-B919-1A15B48F21D4}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++  Compilers 2010 Standard - enu - x86 (HKLM-x32\...\{370187B9-6964-38D0-851F-6C4898B0C2B1}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Windows Performance Toolkit (HKLM\...\{E7F9E526-2324-437B-A609-E8C5309465CB}) (Version: 4.8.0 - Microsoft Corporation)
    Microsoft Windows SDK .NET Framework Tools (30514) (Version: 7.1.30514 - Microsoft) Hidden
    Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools (Version: 7.1.30514 - Microsoft Corporation) Hidden
    Microsoft Windows SDK for Windows 7 (7.1) (HKLM\...\SDKSetup_7.1.7600.0.30514) (Version: 7.1.7600.0.30514 - Microsoft Corporation)
    Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.30514 - Microsoft Corporation) Hidden
    Microsoft Windows SDK for Windows 7 Common Utilities (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
    Microsoft Windows SDK for Windows 7 Headers and Libraries (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
    Microsoft Windows SDK for Windows 7 Redistributable Components for Application Verifier (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
    Microsoft Windows SDK for Windows 7 Redistributable Components for Common Tools (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
    Microsoft Windows SDK for Windows 7 Redistributable Components for Windows Debugging Tools (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
    Microsoft Windows SDK for Windows 7 Samples (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
    Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
    Microsoft Windows SDK Intellisense and Reference Assemblies (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
    Microsoft Windows SDK MSHelp (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
    Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514) (Version: 7.1.30514 - Microsoft Corporation) Hidden
    Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
    Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
    Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    NANO Antivirus beta (HKLM-x32\...\NANO Antivirus) (Version: 0.28.2.61721 - Nano Security Ltd)
    Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
    QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.15 - Dell Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6383 - Realtek Semiconductor Corp.)
    Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
    SoftPerfect Switch Port Mapper version 1.0.3 (HKLM\...\{AAB4DDA3-D705-4D91-9AFC-46F43422E46A}_is1) (Version: 1.0.3 - SoftPerfect Research)
    Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.4 - Sophos Limited)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
    Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
    WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows SDK IntellisenseNFX (x32 Version: 7.1.30514 - Microsoft) Hidden
    Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
    Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points  =========================

    24-07-2014 17:25:51 Windows Update
    24-07-2014 19:21:13 Windows Update
    28-07-2014 17:16:06 Windows Update
    04-08-2014 14:08:37 Windows Update
    05-08-2014 18:01:13 DDU System Restored Point
    05-08-2014 18:18:30 DDU System Restored Point
    05-08-2014 18:44:43 Windows Update
    11-08-2014 14:02:13 Windows Update
    13-08-2014 13:59:19 Revo Uninstaller's restore point - Spybot - Search & Destroy
    13-08-2014 14:20:28 Revo Uninstaller's restore point - Spybot - Search & Destroy
    13-08-2014 15:12:23 Revo Uninstaller's restore point - ArcadeGiant
    13-08-2014 15:13:38 Revo Uninstaller's restore point - ArcadeGiant
    13-08-2014 16:44:03 Revo Uninstaller's restore point - KNCTR
    15-08-2014 14:00:00 Windows Update
    15-08-2014 21:28:01 Windows Update
    18-08-2014 13:39:53 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2014-08-13 12:35 - 00000747 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {1E6927E3-29B1-4099-A019-5D82A49D6282} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-01] (AVAST Software)
    Task: {6730C090-B6ED-432B-9B00-BD346A8C5D7D} - System32\Tasks\{14B55ED0-BB60-49C8-BB4D-B5477AE7F537} => C:\Users\new\Downloads\s8jsr1a1.exe [2014-04-18] ()
    Task: {700B2F2A-0B87-4EE1-B082-A94DC263948E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-01] (Google Inc.)
    Task: {7FF70752-3C16-4AE3-9334-3A293C31F048} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2011-12-14] (PC-Doctor, Inc.)
    Task: {8FCAFF8E-AA66-4D48-87F0-95D104CFC201} - System32\Tasks\{2F1F5C3B-3AD0-4F64-A961-72DB92F7F3F7} => C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTgui.exe [2014-03-18] (Sophos Limited)
    Task: {C2254460-34FA-4357-8D16-9507C3D1289D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
    Task: {DD7F6194-0FA9-4DF8-8E4C-FADA9989914F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-01] (Google Inc.)
    Task: {E30A0FC0-CF0D-4C67-93FF-9583A3DEB0EE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
    Task: {ED4BEE2C-912C-4937-B794-5F381261D376} - System32\Tasks\{82EDDAFD-A8DE-4EE9-AD66-CAE30EC517BB} => C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTgui.exe [2014-03-18] (Sophos Limited)
    Task: {EE429BC3-7475-44E9-8D7E-655CBAFD86B1} - System32\Tasks\{B0BB2017-AD3E-46ED-AA22-DC34BE9CA0A1} => C:\PostVistaPE\RogueKiller.exe [2014-06-24] ()
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-01-29 23:02 - 2014-01-29 23:02 - 00094208 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll
    2014-05-01 14:40 - 2014-05-01 14:40 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-08-13 10:40 - 2014-08-18 09:41 - 09221640 _____ () C:\Program Files (x86)\NANO Antivirus\bin\QtGui4.dll
    2014-08-13 10:40 - 2014-08-18 09:41 - 02791400 _____ () C:\Program Files (x86)\NANO Antivirus\bin\QtCore4.dll
    2014-08-13 10:40 - 2014-08-18 09:41 - 14956680 _____ () C:\Program Files (x86)\NANO Antivirus\bin\QtWebKit4.dll
    2014-08-13 10:40 - 2014-08-18 09:42 - 00489280 _____ () C:\Program Files (x86)\NANO Antivirus\bin\phonon4.dll
    2014-08-13 10:40 - 2014-08-18 09:41 - 01009552 _____ () C:\Program Files (x86)\NANO Antivirus\bin\QtNetwork4.dll
    2014-08-18 09:44 - 2014-08-18 09:41 - 00156136 _____ () C:\Program Files (x86)\NANO Antivirus\bin\imageformats\qgif4.dll
    2014-07-22 11:21 - 2014-07-22 11:21 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\49442068.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\49442068.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeActiveFileMonitor9.0 => 2
    MSCONFIG\Services: AERTFilters => 2
    MSCONFIG\Services: Bluetooth Media Service => 3
    MSCONFIG\Services: GamesAppService => 3
    MSCONFIG\Services: McAWFwk => 3
    MSCONFIG\Services: mcmscsvc => 2
    MSCONFIG\Services: McNaiAnn => 2
    MSCONFIG\Services: McNASvc => 2
    MSCONFIG\Services: McODS => 3
    MSCONFIG\Services: McProxy => 2
    MSCONFIG\Services: MSiSCSI => 3
    MSCONFIG\Services: RemoteRegistry => 3
    MSCONFIG\Services: SessionEnv => 3
    MSCONFIG\Services: SftService => 2
    MSCONFIG\Services: Spooler => 2
    MSCONFIG\Services: TapiSrv => 3
    MSCONFIG\Services: TermService => 3
    MSCONFIG\Services: WinRM => 3
    MSCONFIG\Services: wlidsvc => 2
    MSCONFIG\Services: WPCSvc => 3
    MSCONFIG\Services: WPDBusEnum => 3
    MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

    ==================== Faulty Device Manager Devices =============

    Name: USB Composite Device
    Description: USB Composite Device
    Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
    Manufacturer: (Standard USB Host Controller)
    Service: usbccgp
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/21/2014 07:16:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/21/2014 06:39:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/21/2014 01:03:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/20/2014 06:39:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/20/2014 06:39:47 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: ZeroConfigService.exe, version: 15.2.0.3, time stamp: 0x4fe8ea02
    Faulting module name: MurocApi.dll, version: 15.2.0.1, time stamp: 0x4fe8e921
    Exception code: 0xc0000005
    Fault offset: 0x000000000002089b
    Faulting process id: 0x99c
    Faulting application start time: 0xZeroConfigService.exe0
    Faulting application path: ZeroConfigService.exe1
    Faulting module path: ZeroConfigService.exe2
    Report Id: ZeroConfigService.exe3

    Error: (08/20/2014 09:29:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/19/2014 01:45:05 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error: (08/19/2014 11:27:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/18/2014 11:29:15 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error: (08/18/2014 10:26:14 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System.EnterpriseServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x8007000b


    System errors:
    =============
    Error: (08/21/2014 07:16:10 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The NANO Antivirus service service hung on starting.

    Error: (08/21/2014 01:02:41 AM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

    Error: (08/21/2014 01:02:40 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.

    Module Path: C:\Windows\System32\IWMSSvc.dll
    Error Code: 21

    Error: (08/21/2014 01:02:41 AM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error: (08/21/2014 01:02:36 AM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error: (08/21/2014 01:02:30 AM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

    Error: (08/21/2014 01:02:23 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    aswRvrt
    aswSnx
    aswSP
    aswVmm
    CSVirtualDiskDrv
    discache
    KLIF
    kneps
    nanoflt
    nanokrn
    SASDIFSV
    SASKUTIL
    spldr
    Wanarpv6

    Error: (08/21/2014 00:48:58 AM) (Source: DCOM) (EventID: 10009) (User: )
    Description: 10.0.0.1

    Error: (08/21/2014 00:48:10 AM) (Source: DCOM) (EventID: 10009) (User: )
    Description: 10.0.0.2

    Error: (08/20/2014 06:39:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly.  It has done this 1 time(s).


    Microsoft Office Sessions:
    =========================
    Error: (08/21/2014 07:16:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/21/2014 06:39:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/21/2014 01:03:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/20/2014 06:39:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/20/2014 06:39:47 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: ZeroConfigService.exe15.2.0.34fe8ea02MurocApi.dll15.2.0.14fe8e921c0000005000000000002089b99c01cfbcc79dbbe1acC:\Intel\WiFi\bin\ZeroConfigService.exeC:\Intel\WiFi\bin\MurocApi.dlle3184326-28ba-11e4-ad7e-4ceb425a7fb1

    Error: (08/20/2014 09:29:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/19/2014 01:45:05 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Program Files (x86)\Cozi Express\CoziExpress.exe

    Error: (08/19/2014 11:27:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (08/18/2014 11:29:15 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Program Files (x86)\Cozi Express\CoziExpress.exe

    Error: (08/18/2014 10:26:14 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
    Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: System.EnterpriseServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x8007000b
    System.EnterpriseServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a


    CodeIntegrity Errors:
    ===================================
      Date: 2014-08-19 13:44:48.451
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

      Date: 2014-08-19 13:44:48.451
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

      Date: 2014-08-19 13:44:48.451
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

      Date: 2014-08-19 12:14:09.802
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

      Date: 2014-08-19 12:14:09.802
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

      Date: 2014-08-19 12:14:09.802
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

      Date: 2014-08-19 11:38:15.479
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

      Date: 2014-08-19 11:38:15.479
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

      Date: 2014-08-19 11:36:08.994
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

      Date: 2014-08-18 11:33:32.192
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
    Percentage of memory in use: 28%
    Total physical RAM: 8086.17 MB
    Available physical RAM: 5805.27 MB
    Total Pagefile: 16170.52 MB
    Available Pagefile: 13976.86 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:911.88 GB) (Free:848.82 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 07F2837E)
    Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
    Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=911.9 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================


    Edited by bwrighttwo, 21 August 2014 - 06:49 PM.


    #7 nasdaq

    nasdaq

    • Malware Response Team
    • 38,788 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:02:02 AM

    Posted 22 August 2014 - 07:31 AM

     
    Nothing suspicious was found on your lgo.
    This is just a clean up.
     
    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
     

    start
    ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
    ShellIconOverlayIdentifiers-x32: KAVOverlayIcon -> {dd230880-495a-11d1-b064-008048ec2fc5} =>  No File
    BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
    BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
    Toolbar: HKLM-x32 - No Name - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} -  No File
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    EmptyTemp:
    End
    
     
    Save the files as fixlist.txt into the same folder as FRST
     
    Run FRST and click Fix only once and wait.
     
    Restart the computer normally to reset the registry.
     
    The tool will create a log (Fixlog.txt) please post it to your reply.
    ===
     
    I suspect that Avast and NANO Antivirus are both enabled and working against each other.
    It his is correct please disable one and used only one in real life.
     
    p.s.
    Never run two Antivus programs simultaneously.
    ===
     
    Download Security Check by screen317 from here.

    •  


    • Save it to your Desktop.


    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.


    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.
     
    If the site is busy or not available use this mirror site:
    ===
     
    Let me know what problem persists.

    Edited by nasdaq, 22 August 2014 - 07:31 AM.


    #8 bwrighttwo

    bwrighttwo
    • Topic Starter

    • Members
    • 717 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:01:02 AM

    Posted 22 August 2014 - 09:14 AM

     I show Avast as disabled. I thought the same thing about 2 av's and was why i was trying to delete files as listed in my OP. I know not to run 2 at the same time. Here is Sec Ck log. While Sec ck was running it kept saying something like " Can't find the specified file. It does not exist".  Make sure to look at small print on log under, AV/FW check. I will run the fix list now if that is still what you want to do.

     

     

    Results of screen317's Security Check version 0.99.87  
       x64   
     Internet Explorer 11  
    ``````````````Antivirus/Firewall Check:``````````````
     Windows Security Center service is not running! This report may not be accurate!
    NANO AntiVirus   
     WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
     Adobe Flash Player     14.0.0.145  
     Mozilla Firefox (31.0)
     Google Chrome 36.0.1985.125  
     Google Chrome 36.0.1985.143  
    ````````Process Check: objlist.exe by Laurent````````  
     NANO Antivirus bin nanosvc.exe  
     NANO Antivirus bin nanoav.exe  
     AVAST Software Avast avastui.exe  
    `````````````````System Health check`````````````````
     Total Fragmentation on Drive C:  %
    ````````````````````End of Log``````````````````````


    Edited by bwrighttwo, 22 August 2014 - 09:27 AM.


    #9 bwrighttwo

    bwrighttwo
    • Topic Starter

    • Members
    • 717 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:01:02 AM

    Posted 22 August 2014 - 01:07 PM

    I went ahead and did the fix.

    The only difference i notice is Windows takes a lot longer to start. Lag between password and start of desktop is much longer and desktop loading slower as well.

     

     

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-08-2014
    Ran by new at 2014-08-22 13:58:42 Run:1
    Running from C:\Users\new\Downloads
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    start
    ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
    ShellIconOverlayIdentifiers-x32: KAVOverlayIcon -> {dd230880-495a-11d1-b064-008048ec2fc5} =>  No File
    BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
    BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
    Toolbar: HKLM-x32 - No Name - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} -  No File
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    EmptyTemp:
    End
    *****************

    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
    "HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KAVOverlayIcon" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
    "HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{215BA832-75A3-426E-A4FC-7C5B58CE6A10} => value deleted successfully.
    "HKCR\Wow6432Node\CLSID\{215BA832-75A3-426E-A4FC-7C5B58CE6A10}" => Key not found.
    "HKCR\PROTOCOLS\Handler\cozi" => Key deleted successfully.
    "HKCR\CLSID\{5356518D-FE9C-4E08-9C1F-1E872ECD367F}" => Key not found.
    "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
    EmptyTemp: => Removed 1.3 GB temporary data.


    The system needed a reboot.

    ==== End of Fixlog ====

     

     

     

    I also have a few questions regarding errors on FRST log.


    Edited by bwrighttwo, 22 August 2014 - 02:28 PM.


    #10 nasdaq

    nasdaq

    • Malware Response Team
    • 38,788 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:02:02 AM

    Posted 23 August 2014 - 06:28 AM

     

    I also have a few questions regarding errors on FRST log
    I do not have any answers to this. The tool is robust and I do see these errors often.
     
    Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
     
     
     
    * IMPORTANT !!! Save ComboFix.exe to your Desktop
     
    IMPORTANT....
     
    1. Close any open browsers.
     
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
     
    3. Do not install any other programs until this if fixed.
     
    How to : Disable Anti-virus and Firewall...
     
    Double click on ComboFix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt
    Note:
    Do not mouse click ComboFix's window while it's running. That may cause it to stall
     
    Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
     
    Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
    ==============


    #11 bwrighttwo

    bwrighttwo
    • Topic Starter

    • Members
    • 717 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:01:02 AM

    Posted 23 August 2014 - 09:57 AM

    As far as the error logs go. I do not need an exact answer. The main concern is the Microsoft Office part.   For one thing i have never used Office for anything on this machine. I  understand OS probably uses it for something, but,.....I have never used Cozi and the one that really concerns me is the last one. This has never been an Enterprise machine and couple that with .NET Runtime Optimization Service being part of the error. It makes me suspicious. That brings me to another question. Where is the line between malware issue and network/server issue on this site? 

     

    I also may not have access to the machine we are discussing until tomorrow. I will run CF when i do use it again. Thanks for your time.


    Edited by bwrighttwo, 23 August 2014 - 09:59 AM.


    #12 nasdaq

    nasdaq

    • Malware Response Team
    • 38,788 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:02:02 AM

    Posted 23 August 2014 - 12:37 PM

    I work only in the malware group.

     

    You can start a new topic in the Networking forum

     
    Someone should be able to help you about the other issue.


    #13 bwrighttwo

    bwrighttwo
    • Topic Starter

    • Members
    • 717 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:01:02 AM

    Posted 23 August 2014 - 11:38 PM

    Here is CF.

     

     

     

    ComboFix 14-08-24.01 - new 08/24/2014   0:26.1.4 - x64
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8086.5960 [GMT -4:00]
    Running from: c:\users\new\Downloads\ComboFix.exe
    AV: NANO AntiVirus *Disabled/Updated* {6042C874-D09C-FAB4-B62E-5E03234AF460}
    SP: NANO AntiVirus *Disabled/Updated* {DB232990-F6A6-F53A-8C9E-657158CDBEDD}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ADS - Windows: deleted 12 bytes in 1 streams.
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Roaming
    c:\windows\wininit.ini
    .
    .
    (((((((((((((((((((((((((   Files Created from 2014-07-24 to 2014-08-24  )))))))))))))))))))))))))))))))
    .
    .
    2014-08-24 04:30 . 2014-08-24 04:30    --------    d-----w-    c:\users\new\AppData\Local\temp
    2014-08-24 04:30 . 2014-08-24 04:30    --------    d-----w-    c:\users\Default\AppData\Local\temp
    2014-08-24 01:41 . 2014-08-24 01:41    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{58801C2C-C9DA-4BE6-8A31-847F7A025F85}\offreg.dll
    2014-08-23 07:09 . 2014-08-23 07:09    --------    d-----w-    c:\programdata\TamoSoft
    2014-08-23 07:09 . 2014-08-23 07:11    --------    d-----w-    c:\program files (x86)\CommView
    2014-08-22 20:29 . 2014-08-21 03:43    11319192    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{58801C2C-C9DA-4BE6-8A31-847F7A025F85}\mpengine.dll
    2014-08-22 20:24 . 2014-05-14 16:23    44512    ----a-w-    c:\windows\system32\wups2.dll
    2014-08-22 20:24 . 2014-05-14 16:23    58336    ----a-w-    c:\windows\system32\wuauclt.exe
    2014-08-22 20:24 . 2014-05-14 16:23    2477536    ----a-w-    c:\windows\system32\wuaueng.dll
    2014-08-22 20:24 . 2014-05-14 16:21    2620928    ----a-w-    c:\windows\system32\wucltux.dll
    2014-08-22 20:24 . 2014-05-14 16:23    38880    ----a-w-    c:\windows\system32\wups.dll
    2014-08-22 20:24 . 2014-05-14 16:23    36320    ----a-w-    c:\windows\SysWow64\wups.dll
    2014-08-22 20:24 . 2014-05-14 16:23    700384    ----a-w-    c:\windows\system32\wuapi.dll
    2014-08-22 20:24 . 2014-05-14 16:23    581600    ----a-w-    c:\windows\SysWow64\wuapi.dll
    2014-08-22 20:24 . 2014-05-14 16:20    97792    ----a-w-    c:\windows\system32\wudriver.dll
    2014-08-22 20:24 . 2014-05-14 16:17    92672    ----a-w-    c:\windows\SysWow64\wudriver.dll
    2014-08-22 20:23 . 2014-05-14 13:23    198600    ----a-w-    c:\windows\system32\wuwebv.dll
    2014-08-22 20:23 . 2014-05-14 13:23    179656    ----a-w-    c:\windows\SysWow64\wuwebv.dll
    2014-08-22 20:23 . 2014-05-14 13:20    36864    ----a-w-    c:\windows\system32\wuapp.exe
    2014-08-22 20:23 . 2014-05-14 13:17    33792    ----a-w-    c:\windows\SysWow64\wuapp.exe
    2014-08-22 00:40 . 2014-08-22 00:55    --------    d-----w-    c:\users\new\AppData\Roaming\ImgBurn
    2014-08-22 00:33 . 2014-08-22 00:33    --------    d-----w-    c:\program files (x86)\ImgBurn
    2014-08-21 23:19 . 2014-08-22 18:00    --------    d-----w-    C:\FRST
    2014-08-15 21:29 . 2014-03-09 21:48    171160    ----a-w-    c:\windows\system32\infocardapi.dll
    2014-08-15 21:29 . 2014-03-09 21:48    1389208    ----a-w-    c:\windows\system32\icardagt.exe
    2014-08-15 21:29 . 2014-03-09 21:47    99480    ----a-w-    c:\windows\SysWow64\infocardapi.dll
    2014-08-15 21:29 . 2014-03-09 21:47    619672    ----a-w-    c:\windows\SysWow64\icardagt.exe
    2014-08-15 21:29 . 2014-06-30 22:24    8856    ----a-w-    c:\windows\system32\icardres.dll
    2014-08-15 21:29 . 2014-06-30 22:14    8856    ----a-w-    c:\windows\SysWow64\icardres.dll
    2014-08-15 21:29 . 2014-06-06 06:16    35480    ----a-w-    c:\windows\SysWow64\TsWpfWrp.exe
    2014-08-15 21:29 . 2014-06-06 06:12    35480    ----a-w-    c:\windows\system32\TsWpfWrp.exe
    2014-08-15 14:02 . 2014-06-03 10:02    3241984    ----a-w-    c:\windows\system32\msi.dll
    2014-08-15 14:02 . 2014-06-03 09:29    2363392    ----a-w-    c:\windows\SysWow64\msi.dll
    2014-08-15 14:02 . 2014-06-03 10:02    112064    ----a-w-    c:\windows\system32\consent.exe
    2014-08-15 14:02 . 2014-06-03 10:02    504320    ----a-w-    c:\windows\system32\msihnd.dll
    2014-08-15 14:02 . 2014-06-03 10:02    1941504    ----a-w-    c:\windows\system32\authui.dll
    2014-08-15 14:02 . 2014-06-03 09:29    337408    ----a-w-    c:\windows\SysWow64\msihnd.dll
    2014-08-15 14:02 . 2014-06-03 09:29    1805824    ----a-w-    c:\windows\SysWow64\authui.dll
    2014-08-15 13:59 . 2014-07-14 02:02    1216000    ----a-w-    c:\windows\system32\rpcrt4.dll
    2014-08-15 13:59 . 2014-08-07 02:06    529920    ----a-w-    c:\windows\system32\aepdu.dll
    2014-08-15 13:59 . 2014-07-14 01:40    664064    ----a-w-    c:\windows\SysWow64\rpcrt4.dll
    2014-08-15 13:59 . 2014-08-07 02:01    424448    ----a-w-    c:\windows\system32\aeinv.dll
    2014-08-13 18:29 . 2014-08-13 18:29    --------    d-----w-    c:\program files\HashTab Shell Extension
    2014-08-13 16:25 . 2014-08-21 22:55    36456    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
    2014-08-13 14:42 . 2014-08-13 15:41    --------    d-----w-    c:\users\new\AppData\Local\nanoav
    2014-08-13 14:40 . 2014-08-24 04:29    --------    d-----w-    c:\programdata\nanolsp
    2014-08-13 14:40 . 2014-08-24 04:13    --------    d-----w-    c:\program files (x86)\NANO Antivirus
    2014-08-13 14:35 . 2014-08-13 14:35    --------    d-----w-    c:\programdata\UAB
    2014-08-13 14:35 . 2014-08-13 14:35    --------    d-----w-    c:\users\new\AppData\Local\PC_Drivers_Headquarters
    2014-08-13 14:35 . 2014-08-13 14:35    --------    d-----w-    c:\programdata\Driver Support
    2014-08-13 14:35 . 2014-08-13 14:35    --------    d-----w-    c:\program files (x86)\Driver Support
    2014-08-13 14:27 . 2014-08-24 04:25    --------    d-----w-    c:\programdata\nanoav
    2014-08-05 17:28 . 2014-08-13 16:24    29160    ----a-w-    c:\windows\SysWow64\drivers\TrueSight.sys
    2014-08-05 17:28 . 2014-08-05 17:28    --------    d-----w-    c:\programdata\RogueKiller
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-08-24 02:29 . 2014-04-07 18:33    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-08-15 21:36 . 2014-03-31 16:00    99218768    ----a-w-    c:\windows\system32\MRT.exe
    2014-08-05 13:20 . 2010-11-21 03:27    270496    ------w-    c:\windows\system32\MpSigStub.exe
    2014-07-16 20:39 . 2014-07-16 20:39    632064    ----a-w-    c:\windows\SysWow64\msvcr80.dll
    2014-07-16 20:39 . 2014-07-16 20:39    554240    ----a-w-    c:\windows\SysWow64\msvcp80.dll
    2014-07-16 20:39 . 2014-07-16 20:39    34048    ----a-w-    c:\windows\SysWow64\eEmpty.exe
    2014-07-15 21:25 . 2014-04-07 18:32    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
    2014-07-08 18:50 . 2014-04-01 18:54    699056    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
    2014-07-08 18:50 . 2012-03-13 06:15    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-07-08 18:50 . 2014-07-08 17:50    5659136    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
    2014-06-18 02:18 . 2014-07-10 13:48    692736    ----a-w-    c:\windows\system32\osk.exe
    2014-06-18 01:51 . 2014-07-10 13:48    646144    ----a-w-    c:\windows\SysWow64\osk.exe
    2014-06-06 10:10 . 2014-07-10 13:48    624128    ----a-w-    c:\windows\system32\qedit.dll
    2014-06-06 09:44 . 2014-07-10 13:48    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
    2014-06-05 14:45 . 2014-07-10 13:47    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
    2014-06-05 14:26 . 2014-07-10 13:47    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
    2014-06-05 14:25 . 2014-07-10 13:47    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
    2014-05-30 08:08 . 2014-07-10 13:48    210944    ----a-w-    c:\windows\system32\wdigest.dll
    2014-05-30 08:08 . 2014-07-10 13:48    86528    ----a-w-    c:\windows\system32\TSpkg.dll
    2014-05-30 08:08 . 2014-07-10 13:48    340992    ----a-w-    c:\windows\system32\schannel.dll
    2014-05-30 08:08 . 2014-07-10 13:48    314880    ----a-w-    c:\windows\system32\msv1_0.dll
    2014-05-30 08:08 . 2014-07-10 13:48    307200    ----a-w-    c:\windows\system32\ncrypt.dll
    2014-05-30 08:08 . 2014-07-10 13:48    728064    ----a-w-    c:\windows\system32\kerberos.dll
    2014-05-30 08:08 . 2014-07-10 13:48    22016    ----a-w-    c:\windows\system32\credssp.dll
    2014-05-30 07:52 . 2014-07-10 13:48    172032    ----a-w-    c:\windows\SysWow64\wdigest.dll
    2014-05-30 07:52 . 2014-07-10 13:48    65536    ----a-w-    c:\windows\SysWow64\TSpkg.dll
    2014-05-30 07:52 . 2014-07-10 13:48    247808    ----a-w-    c:\windows\SysWow64\schannel.dll
    2014-05-30 07:52 . 2014-07-10 13:48    220160    ----a-w-    c:\windows\SysWow64\ncrypt.dll
    2014-05-30 07:52 . 2014-07-10 13:48    259584    ----a-w-    c:\windows\SysWow64\msv1_0.dll
    2014-05-30 07:52 . 2014-07-10 13:48    550912    ----a-w-    c:\windows\SysWow64\kerberos.dll
    2014-05-30 07:52 . 2014-07-10 13:48    17408    ----a-w-    c:\windows\SysWow64\credssp.dll
    2014-05-30 06:45 . 2014-07-10 13:48    497152    ----a-w-    c:\windows\system32\drivers\afd.sys
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NANO Antivirus"="c:\program files (x86)\nano antivirus\bin\nanoav.exe" [2014-08-18 5568800]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean64.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvastUI.exe]
    2014-08-08 13:46    3890208    ----a-w-    c:\program files\AVAST Software\Avast\avastui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
    R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
    R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
    R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys;c:\windows\SYSNATIVE\DRIVERS\cv2k1.sys [x]
    R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
    R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\intel\WiFi\bin\PanDhcpDns.exe;c:\intel\WiFi\bin\PanDhcpDns.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 TsVlb;TsVlb;c:\windows\system32\DRIVERS\tsvlb.sys;c:\windows\SYSNATIVE\DRIVERS\tsvlb.sys [x]
    R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
    R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
    R4 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
    R4 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\intel\BluetoothHS\BTHSSecurityMgr.exe;c:\intel\BluetoothHS\BTHSSecurityMgr.exe [x]
    R4 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x]
    R4 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
    R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
    R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDrv.sys [x]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
    S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
    S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
    S1 nanoflt;nanoflt;c:\program files (x86)\NANO Antivirus\bin\nanoflt64.sys;c:\program files (x86)\NANO Antivirus\bin\nanoflt64.sys [x]
    S1 nanokrn;nanokrn;c:\program files (x86)\NANO Antivirus\bin\nanokrn64.sys;c:\program files (x86)\NANO Antivirus\bin\nanokrn64.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
    S1 TsVp;TsVp;c:\windows\system32\DRIVERS\tsvp.sys;c:\windows\SYSNATIVE\DRIVERS\tsvp.sys [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
    S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\intel\BluetoothHS\BTHSAmpPalService.exe;c:\intel\BluetoothHS\BTHSAmpPalService.exe [x]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
    S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
    S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
    S2 nanosvc;NANO Antivirus service;c:\program files (x86)\NANO Antivirus\bin\nanosvc.exe;c:\program files (x86)\NANO Antivirus\bin\nanosvc.exe [x]
    S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
    S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\intel\WiFi\bin\ZeroConfigService.exe;c:\intel\WiFi\bin\ZeroConfigService.exe [x]
    S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
    S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
    S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 TSCOMM;CommStudio Virtual Adapter by TamoSoft;c:\windows\system32\DRIVERS\tscomm.sys;c:\windows\SYSNATIVE\DRIVERS\tscomm.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - TSVP
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-08-13 16:48    1104200    ----a-w-    c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-08-24 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-01 18:50]
    .
    2014-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-01 18:41]
    .
    2014-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-01 18:41]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
    @="{dd230880-495a-11d1-b064-008048ec2fc5}"
    [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
    2014-04-01 16:45    491200    ----a-w-    c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-11-03 2190704]
    "IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-06-25 4802864]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-30 171992]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-30 399832]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-30 442328]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
    LSP: c:\program files (x86)\NANO Antivirus\bin\nanolsp.dll
    Trusted Zone: dell.com
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    FF - ProfilePath - c:\users\new\AppData\Roaming\Mozilla\Firefox\Profiles\oneflxwp.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: network.proxy.type - 4
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    SafeBoot-49442068.sys
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.14"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
       00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-08-24  00:32:33
    ComboFix-quarantined-files.txt  2014-08-24 04:32
    .
    Pre-Run: 923,857,133,568 bytes free
    Post-Run: 923,675,389,952 bytes free
    .
    - - End Of File - - D915802027741F11D8660CFDE2AE2DC8



    #14 nasdaq

    nasdaq

    • Malware Response Team
    • 38,788 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:02:02 AM

    Posted 24 August 2014 - 07:54 AM

    The log is clean.



    #15 bwrighttwo

    bwrighttwo
    • Topic Starter

    • Members
    • 717 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:01:02 AM

    Posted 24 August 2014 - 01:21 PM

    I suppose those questions I asked in the OP were nothing.

     

     

    Again,....Thanks for your time.  I will see what the Network and Server people have to say. You may close.


    Edited by bwrighttwo, 24 August 2014 - 01:34 PM.





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users