Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Key Found : HKLM\SOFTWARE\EZ Software Updater


  • This topic is locked This topic is locked
59 replies to this topic

#1 Rick605

Rick605

  • Members
  • 355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:08:03 AM

Posted 25 August 2014 - 04:32 PM

Adwcleaner found : HKLM\SOFTWARE\EZ Software Updater. And after removing it a couple of times, it's still there.

 

I've run ESET from IE, superantispyware, malwarebytes, Kapersky, Emisoft anti-malware, and JRT and it's still showing up on adwcleaner.

 

 

Can someone help? :)

 

 

Rick



BC AdBot (Login to Remove)

 


#2 Rick605

Rick605
  • Topic Starter

  • Members
  • 355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:08:03 AM

Posted 27 August 2014 - 03:21 PM

I found that I was able to remove the Updater by rebooting my modem. :)

 

I'm all set.

 

Now it's back, I'm no longer all set and rebooting after adwcleaner removes it doesn't help.


Edited by Rick605, 27 August 2014 - 04:03 PM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:03 AM

Posted 29 August 2014 - 07:53 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Get the latest version of AdwCleaner.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:03 AM

Posted 04 September 2014 - 09:05 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:03 AM

Posted 04 September 2014 - 12:14 PM

This topic has been re-opened at the request of the person who originally posted.

#6 Rick605

Rick605
  • Topic Starter

  • Members
  • 355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:08:03 AM

Posted 04 September 2014 - 01:31 PM

This time adwcleaner appears to have removed it.

 

# AdwCleaner v3.308 - Report created 25/08/2014 at 15:18:09
# Updated 20/08/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Richard - RICK
# Running from : C:\Users\Richard\Desktop\adwcleaner_3.308.exe
# Option : Clean

***** [ Services ] *****

 


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\EZ Software Updater

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\sz8gk6ir.default\prefs.js ]


-\\ Google Chrome v36.0.1985.143

[ File : C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [938 octets] - [30/06/2014 13:23:14]
AdwCleaner[R10].txt - [1482 octets] - [11/07/2014 21:36:06]
AdwCleaner[R11].txt - [1543 octets] - [13/07/2014 18:14:38]
AdwCleaner[R12].txt - [1604 octets] - [14/07/2014 19:18:21]
AdwCleaner[R13].txt - [1665 octets] - [15/07/2014 16:18:06]
AdwCleaner[R14].txt - [1805 octets] - [17/07/2014 17:25:58]
AdwCleaner[R15].txt - [1866 octets] - [17/07/2014 18:07:56]
AdwCleaner[R16].txt - [1909 octets] - [17/07/2014 18:12:51]
AdwCleaner[R17].txt - [1970 octets] - [19/07/2014 21:17:21]
AdwCleaner[R18].txt - [2031 octets] - [20/07/2014 18:01:27]
AdwCleaner[R19].txt - [621 octets] - [22/07/2014 20:26:56]
AdwCleaner[R1].txt - [997 octets] - [30/06/2014 18:50:05]
AdwCleaner[R20].txt - [621 octets] - [22/07/2014 20:27:44]
AdwCleaner[R21].txt - [625 octets] - [24/07/2014 21:42:46]
AdwCleaner[R22].txt - [619 octets] - [24/07/2014 21:44:16]
AdwCleaner[R23].txt - [625 octets] - [24/07/2014 21:48:47]
AdwCleaner[R24].txt - [2396 octets] - [25/07/2014 18:28:35]
AdwCleaner[R25].txt - [2612 octets] - [02/08/2014 21:32:56]
AdwCleaner[R26].txt - [2673 octets] - [02/08/2014 21:39:32]
AdwCleaner[R27].txt - [2676 octets] - [03/08/2014 16:49:49]
AdwCleaner[R28].txt - [2737 octets] - [05/08/2014 17:04:47]
AdwCleaner[R29].txt - [2798 octets] - [05/08/2014 20:11:16]
AdwCleaner[R2].txt - [1056 octets] - [02/07/2014 17:39:44]
AdwCleaner[R30].txt - [2859 octets] - [06/08/2014 19:52:56]
AdwCleaner[R31].txt - [2920 octets] - [07/08/2014 13:21:23]
AdwCleaner[R32].txt - [2981 octets] - [09/08/2014 21:19:48]
AdwCleaner[R33].txt - [3042 octets] - [10/08/2014 16:17:54]
AdwCleaner[R34].txt - [3103 octets] - [11/08/2014 13:14:57]
AdwCleaner[R35].txt - [3282 octets] - [15/08/2014 18:12:28]
AdwCleaner[R36].txt - [3343 octets] - [16/08/2014 18:36:21]
AdwCleaner[R37].txt - [3404 octets] - [18/08/2014 23:12:35]
AdwCleaner[R38].txt - [3465 octets] - [19/08/2014 16:54:11]
AdwCleaner[R39].txt - [3526 octets] - [19/08/2014 16:55:42]
AdwCleaner[R3].txt - [1117 octets] - [03/07/2014 22:19:39]
AdwCleaner[R40].txt - [3772 octets] - [21/08/2014 17:29:59]
AdwCleaner[R41].txt - [3637 octets] - [21/08/2014 17:38:31]
AdwCleaner[R42].txt - [3710 octets] - [21/08/2014 17:44:14]
AdwCleaner[R43].txt - [3771 octets] - [21/08/2014 18:27:59]
AdwCleaner[R44].txt - [3832 octets] - [22/08/2014 14:13:00]
AdwCleaner[R45].txt - [3893 octets] - [22/08/2014 20:50:05]
AdwCleaner[R46].txt - [4001 octets] - [25/08/2014 15:17:21]
AdwCleaner[R4].txt - [1178 octets] - [04/07/2014 18:49:32]
AdwCleaner[R5].txt - [1238 octets] - [05/07/2014 21:40:41]
AdwCleaner[R6].txt - [1298 octets] - [06/07/2014 15:19:12]
AdwCleaner[R7].txt - [1358 octets] - [07/07/2014 19:09:05]
AdwCleaner[R8].txt - [1361 octets] - [08/07/2014 21:24:35]
AdwCleaner[R9].txt - [1421 octets] - [09/07/2014 18:31:27]
AdwCleaner[S0].txt - [1928 octets] - [17/07/2014 18:09:32]
AdwCleaner[S1].txt - [2739 octets] - [02/08/2014 21:41:21]
AdwCleaner[S2].txt - [3838 octets] - [21/08/2014 17:34:36]
AdwCleaner[S3].txt - [712 octets] - [21/08/2014 17:43:34]
AdwCleaner[S4].txt - [3923 octets] - [25/08/2014 15:18:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [3983 octets] ##########
# AdwCleaner v3.309 - Report created 04/09/2014 at 14:18:16
# Updated 02/09/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Richard - RICK
# Running from : C:\Users\Richard\Desktop\adwcleaner_3.309.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : EZ Software Updater

***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****

 

 

 

When I open Farbar a box pops up that says "application error". I've downloaded it three times and it still comes up. should I run it that way?

 

 

 

 

 

Thanks for your help. :)



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:03 AM

Posted 05 September 2014 - 07:51 AM


You are downloading the version for your operating system?

===

Try this way if you can.

Using a good computer Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a flash drive.

Plug the flash drive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter. Or FRST.exe if 32 bit system.

    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
===

#8 Rick605

Rick605
  • Topic Starter

  • Members
  • 355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:08:03 AM

Posted 05 September 2014 - 01:22 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by Richard (administrator) on RICK on 05-09-2014 14:18:38
Running from C:\Users\Richard\Desktop
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMeeting\1468\g2mstart.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMeeting\1468\g2mcomm.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMeeting\1468\g2mlauncher.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [382608 2014-06-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-09-05] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-2639599823-3024943084-2445285041-1001\...\Run: [Google Update] => C:\Users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-21] (Google Inc.)
HKU\S-1-5-21-2639599823-3024943084-2445285041-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-04-21] (Google Inc.)
HKU\S-1-5-21-2639599823-3024943084-2445285041-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-15] (SUPERAntiSpyware)
HKU\S-1-5-21-2639599823-3024943084-2445285041-1001\...\Run: [GoToMeeting] => C:\Program Files (x86)\Citrix\GoToMeeting\1468\g2mstart.exe [40304 2014-08-14] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-2639599823-3024943084-2445285041-1001\...\MountPoints2: {c4acd2ae-cd91-11e3-825c-5435304166ae} - "D:\WD SmartWare.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: DBARFileBackuped -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: DBARFileNotBackuped -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6159D41ABD64CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?fr=avantsearch6
SearchScopes: HKLM - {2EB247C0-64A8-4F19-9C57-FDEAF8D03393} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM-x32 - {2EB247C0-64A8-4F19-9C57-FDEAF8D03393} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKCU - {2EB247C0-64A8-4F19-9C57-FDEAF8D03393} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\sz8gk6ir.default
FF Homepage: www.eckankar.org
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Richard\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Richard\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Richard\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Richard\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Richard\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Richard\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Richard\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Bluhell Firewall - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\sz8gk6ir.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2014-06-14]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-04-21]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-04-21]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-04-21]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-04-21]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-04-21]

Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSearchProvider: Default -> true
CHR Profile: C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-04-21]
CHR Extension: (No Name) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-04-21]
CHR Extension: (No Name) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-04-21]
CHR Extension: (No Name) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-04-21]
CHR Extension: (No Name) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-05-19]
CHR Extension: (No Name) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-30]
CHR Extension: (No Name) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-04-21]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2014-03-26]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2014-03-26]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-03-26]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2014-03-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2014-03-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-15] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4754256 2014-08-13] (Emsisoft GmbH)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-09-05] (Windows ® Win 7 DDK provider)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-03-26] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 HPSLPSVC; C:\Users\Richard\AppData\Local\Temp\7zS483D\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [360592 2014-06-04] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915920 2013-11-21] (SoftThinks SAS)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-05] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-06] (Microsoft Corporation)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62392 2014-06-04] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-03-26] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-03-26] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-03-26] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-03-26] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-03-26] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-03-26] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2014-03-26] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-03-26] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-03-26] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-05 14:18 - 2014-09-05 14:18 - 00026482 _____ () C:\Users\Richard\Desktop\FRST.txt
2014-09-05 07:33 - 2014-09-05 07:33 - 00000000 ___RD () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-09-04 15:03 - 2014-09-04 15:03 - 00026044 _____ () C:\Users\Richard\Desktop\A Letter of Separation.zip
2014-09-04 14:28 - 2014-09-05 14:18 - 00000000 ____D () C:\FRST
2014-09-04 14:19 - 2014-09-04 14:19 - 00000310 _____ () C:\Windows\PFRO.log
2014-09-04 11:38 - 2014-09-04 14:29 - 02104832 _____ (Farbar) C:\Users\Richard\Desktop\FRST64.exe
2014-09-04 10:50 - 2014-09-04 10:50 - 01370467 _____ () C:\Users\Richard\Desktop\adwcleaner_3.309.exe
2014-08-28 13:43 - 2014-08-28 13:43 - 00015003 _____ () C:\Users\Richard\Desktop\matchrate.odt
2014-08-27 20:26 - 2014-08-27 20:26 - 00000624 _____ () C:\Users\Richard\Desktop\JRT.txt
2014-08-27 19:59 - 2014-08-22 20:42 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 19:03 - 2014-08-27 19:53 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-15 19:54 - 2014-08-01 20:17 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-15 19:54 - 2014-08-01 20:17 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-15 16:07 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 16:07 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 16:07 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 16:07 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 16:07 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 16:07 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 16:07 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 16:07 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 16:07 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 16:07 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 16:07 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 16:07 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 16:07 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 16:07 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 16:07 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 16:07 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 16:07 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 16:07 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 16:07 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 16:07 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 16:07 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 16:07 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 16:07 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 16:07 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 16:06 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 16:06 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 16:06 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 16:06 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 16:06 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 16:06 - 2014-07-25 07:43 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 16:06 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 16:06 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 16:06 - 2014-07-25 07:09 - 00291840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 16:06 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 16:06 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 16:05 - 2014-06-19 21:48 - 01273184 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 16:05 - 2014-06-19 19:52 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-15 16:05 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 16:05 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 16:05 - 2014-05-31 02:27 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-08-15 16:04 - 2014-07-15 14:16 - 03048880 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2014-08-15 16:04 - 2014-07-15 04:29 - 03118080 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-08-15 16:04 - 2014-07-15 04:22 - 02861056 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll
2014-08-15 16:04 - 2014-07-15 04:03 - 02344448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-08-15 16:04 - 2014-07-10 00:16 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-08-15 16:04 - 2014-07-10 00:03 - 04756992 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-08-15 16:04 - 2014-07-09 23:33 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-08-15 16:04 - 2014-06-12 21:15 - 00517528 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-08-15 16:04 - 2014-06-12 21:14 - 01557848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 16:04 - 2014-06-12 20:10 - 00406400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-08-15 16:04 - 2014-06-06 07:34 - 02133504 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-08-15 16:04 - 2014-05-13 03:01 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\BulkOperationHost.exe
2014-08-15 16:04 - 2014-05-13 01:07 - 02844160 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-15 16:04 - 2014-05-13 00:41 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-08-15 16:04 - 2014-05-13 00:26 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-08-15 16:04 - 2014-05-12 23:59 - 01035264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-15 16:04 - 2014-05-12 23:31 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-08-15 16:04 - 2014-05-03 07:29 - 01726224 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-08-15 16:04 - 2014-05-03 05:20 - 01473080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-08-15 16:04 - 2014-05-03 01:36 - 00997888 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2014-08-15 16:04 - 2014-05-03 01:19 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\ncobjapi.dll
2014-08-15 16:04 - 2014-05-03 01:08 - 00301056 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll
2014-08-15 16:04 - 2014-05-03 01:07 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll
2014-08-15 16:04 - 2014-05-03 00:46 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncobjapi.dll
2014-08-15 16:04 - 2014-05-03 00:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll
2014-08-15 16:04 - 2014-05-03 00:37 - 00207360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll
2014-08-15 16:04 - 2014-05-02 19:26 - 00050745 _____ () C:\Windows\system32\srms.dat
2014-08-15 16:04 - 2014-05-01 01:44 - 01025536 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-08-15 16:04 - 2014-04-30 02:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys
2014-08-15 16:04 - 2014-04-30 02:41 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-08-15 16:04 - 2014-04-30 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2014-08-15 16:04 - 2014-04-30 02:41 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys
2014-08-15 16:04 - 2014-04-30 01:45 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-08-15 16:04 - 2014-04-30 00:48 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-08-15 16:04 - 2014-04-30 00:24 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-08-15 16:04 - 2014-04-30 00:23 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2014-08-15 16:04 - 2014-04-30 00:23 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-08-15 16:04 - 2014-04-30 00:23 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2014-08-15 16:04 - 2014-04-30 00:14 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-08-15 16:04 - 2014-04-29 23:59 - 01063424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-08-15 16:04 - 2014-04-29 23:46 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2014-08-15 16:04 - 2014-04-29 23:46 - 00229888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2014-08-15 16:04 - 2014-04-29 23:46 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-08-15 16:04 - 2014-04-29 23:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2014-08-15 16:04 - 2014-04-29 23:42 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2014-08-15 16:04 - 2014-04-28 18:40 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2014-08-15 16:04 - 2014-04-26 18:03 - 02140888 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-08-15 16:04 - 2014-04-26 16:14 - 02144984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-08-15 16:04 - 2014-04-26 12:39 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2014-08-15 16:04 - 2014-04-14 05:37 - 02125344 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2014-08-15 16:04 - 2014-04-14 04:08 - 01797896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2014-08-15 16:04 - 2014-04-14 01:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d8thk.dll
2014-08-15 16:04 - 2014-04-09 02:11 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-08-15 16:04 - 2014-04-09 01:20 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-08-15 16:03 - 2014-08-06 22:12 - 01336624 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-15 16:03 - 2014-08-06 18:38 - 00697856 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 16:03 - 2014-08-02 01:44 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 16:03 - 2014-08-01 23:56 - 01064448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-15 16:03 - 2014-08-01 23:11 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-08-15 16:03 - 2014-07-12 00:17 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2014-08-15 16:03 - 2014-06-05 10:13 - 00216368 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2014-08-15 16:03 - 2014-06-05 09:14 - 00189016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2014-08-15 16:03 - 2014-06-01 22:10 - 00423768 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2014-08-15 16:03 - 2014-05-31 06:07 - 00467800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-08-15 16:03 - 2014-05-31 06:07 - 00440664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-08-15 16:03 - 2014-05-31 06:07 - 00419672 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-08-15 16:03 - 2014-05-31 06:07 - 00089944 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-08-15 16:03 - 2014-05-31 06:07 - 00027480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-08-15 16:03 - 2014-05-31 02:30 - 00037376 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-08-15 16:03 - 2014-05-31 02:27 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-08-15 16:03 - 2014-05-31 02:26 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-08-15 16:03 - 2014-05-31 00:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-08-15 16:03 - 2014-05-31 00:01 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-08-15 16:03 - 2014-05-31 00:01 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-08-15 16:03 - 2014-05-27 11:53 - 02518360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-08-15 16:03 - 2014-05-27 05:56 - 00323584 _____ (Microsoft Corporation) C:\Windows\system32\DaOtpCredentialProvider.dll
2014-08-15 16:03 - 2014-05-27 05:53 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DaOtpCredentialProvider.dll
2014-08-15 16:03 - 2014-05-17 00:59 - 16871936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-08-15 16:03 - 2014-05-17 00:13 - 12711424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-08-15 16:01 - 2014-06-04 05:27 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 16:01 - 2014-06-04 01:31 - 00356352 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 16:01 - 2014-06-04 01:22 - 02790912 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 16:01 - 2014-06-04 00:43 - 00281088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 16:01 - 2014-06-04 00:38 - 03304448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 16:01 - 2014-06-03 22:15 - 02642944 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 16:01 - 2014-06-03 22:14 - 02318336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 21:23 - 2014-08-27 19:53 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-08-14 21:23 - 2014-08-14 21:23 - 00001398 _____ () C:\Users\Richard\Desktop\GoToMeeting.lnk
2014-08-14 21:22 - 2014-09-05 14:15 - 00000552 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2639599823-3024943084-2445285041-1001.job
2014-08-14 21:22 - 2014-08-27 19:50 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-08-14 21:22 - 2014-08-14 21:23 - 00003552 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2639599823-3024943084-2445285041-1001
2014-08-14 21:17 - 2014-08-14 21:18 - 06507561 _____ () C:\Users\Richard\Desktop\G2M_Global_v6.3.1_b1468_MSI.zip
2014-08-09 18:44 - 2014-08-09 18:44 - 00014036 _____ () C:\Users\Richard\Desktop\5 points.odt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-05 14:18 - 2014-09-05 14:18 - 00026482 _____ () C:\Users\Richard\Desktop\FRST.txt
2014-09-05 14:18 - 2014-09-04 14:28 - 00000000 ____D () C:\FRST
2014-09-05 14:16 - 2014-05-03 19:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-05 14:15 - 2014-08-14 21:22 - 00000552 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2639599823-3024943084-2445285041-1001.job
2014-09-05 14:06 - 2014-04-25 19:51 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2639599823-3024943084-2445285041-1001UA.job
2014-09-05 14:00 - 2014-04-21 05:22 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-05 14:00 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2014-09-05 13:57 - 2014-04-21 21:17 - 00004966 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for RICK-Richard Rick
2014-09-05 13:48 - 2014-04-21 06:27 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-05 13:22 - 2014-05-04 19:43 - 01996827 _____ () C:\Windows\WindowsUpdate.log
2014-09-05 13:11 - 2014-04-21 05:55 - 00019489 _____ () C:\Windows\system32\lvcoinst.log
2014-09-05 07:43 - 2014-04-21 09:20 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2639599823-3024943084-2445285041-1001
2014-09-05 07:33 - 2014-09-05 07:33 - 00000000 ___RD () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-09-05 07:33 - 2014-04-21 09:16 - 00000000 __RDO () C:\Users\Richard\SkyDrive
2014-09-05 07:33 - 2014-04-21 06:27 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-05 07:33 - 2014-04-21 06:27 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-05 07:32 - 2014-04-21 05:56 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-09-04 21:06 - 2014-04-25 19:51 - 00000874 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2639599823-3024943084-2445285041-1001Core.job
2014-09-04 17:16 - 2014-04-21 11:37 - 00000000 ____D () C:\Users\Richard\AppData\Local\CrashDumps
2014-09-04 16:58 - 2014-04-21 09:17 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{35A475B4-1176-481D-BA78-5892E06E0A82}
2014-09-04 16:55 - 2014-06-30 13:22 - 00000000 ____D () C:\AdwCleaner
2014-09-04 15:03 - 2014-09-04 15:03 - 00026044 _____ () C:\Users\Richard\Desktop\A Letter of Separation.zip
2014-09-04 14:29 - 2014-09-04 11:38 - 02104832 _____ (Farbar) C:\Users\Richard\Desktop\FRST64.exe
2014-09-04 14:28 - 2014-01-14 09:07 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-09-04 14:21 - 2014-05-20 17:35 - 00000000 ____D () C:\Users\Richard\AppData\Local\Adobe
2014-09-04 14:19 - 2014-09-04 14:19 - 00000310 _____ () C:\Windows\PFRO.log
2014-09-04 14:19 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-04 14:19 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-04 10:50 - 2014-09-04 10:50 - 01370467 _____ () C:\Users\Richard\Desktop\adwcleaner_3.309.exe
2014-09-04 05:21 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-09-03 21:30 - 2014-04-21 10:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 15:34 - 2014-05-20 10:59 - 02976256 ___SH () C:\Users\Richard\Desktop\Thumbs.db
2014-09-03 10:21 - 2014-04-21 09:16 - 00000000 ____D () C:\Users\Richard\Documents\Bluetooth Folder
2014-09-02 13:53 - 2014-01-14 08:46 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-30 22:08 - 2014-05-23 21:45 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-29 21:05 - 2014-05-15 14:06 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Skype
2014-08-28 13:43 - 2014-08-28 13:43 - 00015003 _____ () C:\Users\Richard\Desktop\matchrate.odt
2014-08-28 10:01 - 2013-08-22 10:44 - 05181960 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 20:26 - 2014-08-27 20:26 - 00000624 _____ () C:\Users\Richard\Desktop\JRT.txt
2014-08-27 19:59 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-27 19:54 - 2014-07-17 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-08-27 19:54 - 2014-07-17 19:01 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-08-27 19:54 - 2014-04-21 09:14 - 00000000 ____D () C:\Users\Richard
2014-08-27 19:53 - 2014-08-27 19:03 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-27 19:53 - 2014-08-14 21:23 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-08-27 19:53 - 2014-04-21 09:15 - 00000000 ____D () C:\ProgramData\Atheros
2014-08-27 19:53 - 2014-04-21 06:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-27 19:51 - 2014-05-08 20:13 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\SUPERAntiSpyware.com
2014-08-27 19:51 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\registration
2014-08-27 19:51 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-08-27 19:50 - 2014-08-14 21:22 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-08-27 19:30 - 2014-07-17 17:54 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-08-23 09:25 - 2014-04-21 19:35 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-22 20:42 - 2014-08-27 19:59 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-17 10:01 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2014-08-15 19:50 - 2014-07-09 19:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-15 19:50 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData
2014-08-15 19:50 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 19:50 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-08-15 19:50 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\FileManager
2014-08-15 19:50 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Camera
2014-08-15 18:06 - 2014-04-23 03:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 18:04 - 2014-04-23 03:20 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-15 16:01 - 2014-07-09 09:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 16:01 - 2014-06-15 04:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 16:01 - 2014-06-15 04:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 16:01 - 2014-06-15 04:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 16:01 - 2014-06-15 04:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 16:01 - 2014-06-15 04:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 16:01 - 2014-06-15 04:09 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 16:01 - 2014-06-15 04:09 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 16:01 - 2014-06-15 04:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 16:01 - 2014-06-15 04:09 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 16:01 - 2014-05-06 17:26 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 16:00 - 2014-07-09 09:36 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 16:00 - 2014-06-15 04:09 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 16:00 - 2014-06-15 04:09 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 16:00 - 2014-05-06 17:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 16:00 - 2014-05-06 17:25 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 16:00 - 2014-01-14 08:32 - 00233912 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-08-15 15:58 - 2014-06-12 00:08 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-08-14 21:24 - 2014-05-14 14:54 - 00000000 ____D () C:\Users\Richard\AppData\Local\Citrix
2014-08-14 21:23 - 2014-08-14 21:23 - 00001398 _____ () C:\Users\Richard\Desktop\GoToMeeting.lnk
2014-08-14 21:23 - 2014-08-14 21:22 - 00003552 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2639599823-3024943084-2445285041-1001
2014-08-14 21:18 - 2014-08-14 21:17 - 06507561 _____ () C:\Users\Richard\Desktop\G2M_Global_v6.3.1_b1468_MSI.zip
2014-08-10 16:10 - 2014-05-15 14:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-09 18:44 - 2014-08-09 18:44 - 00014036 _____ () C:\Users\Richard\Desktop\5 points.odt
2014-08-09 08:52 - 2014-05-15 14:06 - 00000000 ____D () C:\ProgramData\Skype
2014-08-06 22:12 - 2014-08-15 16:03 - 01336624 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-06 18:38 - 2014-08-15 16:03 - 00697856 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-31 10:55

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02
Ran by Richard at 2014-09-05 14:19:09
Running from C:\Users\Richard\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Disabled - Out of date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Disabled - Out of date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1400 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
1400_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
1400Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink LabelPrint 2.5 (x32 Version: 2.5.0.6603 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.3214 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.3123 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.3126 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (x32 Version: 12.0.3205.55 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.4 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.4 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.3.0.1440 (HKCU\...\GoToMeeting) (Version: 6.3.0.1440 - CitrixOnline)
GoToMeeting 6.3.1468 IT Installer (x32 Version: 6.3.1468 - Citrix) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Officejet and Deskjet All-In-One Driver Software (HKLM\...\{6F5B70F0-EA6C-4A5B-BB16-8390BD66B251}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3262 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes Anti-Exploit version 1.03.1.1220 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.03.1.1220 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.304 - Qualcomm Atheros Communications)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (03/06/2009 1.0.0008.0) (HKLM\...\422991454CB076E9B856C21BBF99AF2B82317EDA) (Version: 03/06/2009 1.0.0008.0 - Western Digital Technologies)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2639599823-3024943084-2445285041-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2639599823-3024943084-2445285041-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Richard\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2639599823-3024943084-2445285041-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Richard\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2639599823-3024943084-2445285041-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Richard\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

18-08-2014 00:35:15 Windows Update
21-08-2014 11:43:14 Windows Update
25-08-2014 14:33:27 Windows Update
27-08-2014 20:10:23 Revo Uninstaller's restore point - Emsisoft Anti-Malware
27-08-2014 23:41:57 Restore Operation
28-08-2014 00:01:10 8-27-2014 8:01pm
31-08-2014 14:55:24 Windows Update
03-09-2014 15:46:12 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2014-05-04 20:46 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01791DAC-9F5B-4F3F-B523-33B0628128CA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-21] (Google Inc.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2AB38F04-6A10-4082-A712-AEE7B985C56B} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2639599823-3024943084-2445285041-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {42436887-F747-4EA5-A8C5-0FAF085D40F8} - System32\Tasks\Microsoft Office 15 Sync Maintenance for RICK-Richard Rick => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-08-23] (Microsoft Corporation)
Task: {46B3BABF-9B67-4C5B-9EC1-E5BDB75A8676} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {46F21030-9AFE-4186-8184-9E2346C17FED} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2639599823-3024943084-2445285041-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4DA36ED2-33D3-4966-B7E6-8012A643F8A6} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {50514D51-25B4-4F0C-821D-7BBEC7309964} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {554F115F-D287-4159-BAF6-18E2BCBF41FD} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {5A9DE6B6-417B-4D42-A839-2683C8F945A4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-15] (Microsoft Corporation)
Task: {632BFF6A-0CEE-4F07-AA6F-64857A80E014} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {744D62B9-C242-4DF7-AAE1-370B3F1721AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7EDB988D-524E-4417-A016-62E4387B79A0} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {81B33B4D-3015-4AF2-A7E5-6A733FE8C731} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2639599823-3024943084-2445285041-1001Core => C:\Users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-21] (Google Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9D18590A-7E70-470F-8293-8EC159CA9789} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {9DA153BD-4096-4881-8369-4A0BD7F8243B} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A5A6DFC7-9352-4A00-A30A-756E7294E803} - System32\Tasks\G2MUpdateTask-S-1-5-21-2639599823-3024943084-2445285041-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\1468\g2mupdate.exe [2014-08-14] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {AA2A76E3-044F-4A7C-A9E7-0A246D72F684} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
Task: {B3F66EB7-E899-4FE3-8DF2-D034CF5D1425} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {B61524EF-9FF1-4D76-9688-DE46C769CFC9} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-08-23] (Microsoft Corporation)
Task: {C0F380CA-7FA8-4E25-9E69-2757EFF2A7A3} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {C7722B85-36FF-48F9-909B-A5D6D7EA01AA} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-05-06] (Microsoft Corporation)
Task: {C7B34617-DF88-4A10-8270-99D342A2E8FC} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2639599823-3024943084-2445285041-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {CF41A81C-6A3E-4445-9BC0-31C3EF6D0606} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D61F191B-0F88-419A-AF26-657AF4E37624} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-21] (Google Inc.)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E345EC99-5CAF-4303-ADEE-52E7F3DD555D} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E70ACC05-B2D2-46A4-A09A-D8BC8CD6AAE5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2639599823-3024943084-2445285041-1001UA => C:\Users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-21] (Google Inc.)
Task: {FA0A8E35-BB85-41E9-92E1-BBBCBB683B2E} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {FC1C7494-EC9B-4B56-8AF4-5719E42164EA} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2639599823-3024943084-2445285041-1001.job => C:\Program Files (x86)\Citrix\GoToMeeting\1468\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2639599823-3024943084-2445285041-1001Core.job => C:\Users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2639599823-3024943084-2445285041-1001UA.job => C:\Users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WebReg HP PSC 1400 series.job => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe

==================== Loaded Modules (whitelisted) =============

2014-04-21 20:41 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-08-22 15:40 - 2013-08-22 15:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2013-08-22 15:40 - 2013-08-22 15:40 - 00040240 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll
2013-08-22 15:40 - 2013-08-22 15:40 - 00046384 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll
2014-08-23 09:20 - 2014-08-23 09:20 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-01-14 09:08 - 2013-08-19 14:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-01-14 09:08 - 2013-08-19 14:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2013-09-05 03:20 - 2013-09-05 03:20 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-05 03:17 - 2013-09-05 03:17 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-05 03:24 - 2013-09-05 03:24 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-04-10 14:30 - 2014-04-10 14:30 - 00134664 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-01-14 08:56 - 2013-09-03 20:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-07-17 19:01 - 2014-08-15 08:23 - 00746536 _____ () C:\Program Files (x86)\Emsisoft Anti-Malware\fw32.dll
2014-01-14 08:53 - 2013-03-04 23:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 15:41 - 2013-03-05 15:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-07-22 22:23 - 2014-07-22 22:23 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Richard\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "LWS"
HKCU\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"
HKCU\...\StartupApproved\Run: => "Skype"
HKCU\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKCU\...\StartupApproved\Run: => "swg"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/05/2014 08:10:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_aepdu.dll, version: 6.3.9600.16384, time stamp: 0x5215f00d
Faulting module name: msvcrt.dll, version: 7.0.9600.16384, time stamp: 0x5215f944
Exception code: 0xc0000005
Fault offset: 0x00000000000019c1
Faulting process id: 0x1978
Faulting application start time: 0xrundll32.exe_aepdu.dll0
Faulting application path: rundll32.exe_aepdu.dll1
Faulting module path: rundll32.exe_aepdu.dll2
Report Id: rundll32.exe_aepdu.dll3
Faulting package full name: rundll32.exe_aepdu.dll4
Faulting package-relative application ID: rundll32.exe_aepdu.dll5

Error: (09/05/2014 08:09:26 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (09/05/2014 08:09:12 AM) (Source: MsiInstaller) (EventID: 11935) (User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.MFCLOC,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80073712. assembly interface: IAssemblyCacheItem, function: Commit, component: {ACF659FB-90F9-349C-99A2-5F7A62F0E7D6}

Error: (09/05/2014 07:52:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_aepdu.dll, version: 6.3.9600.16384, time stamp: 0x5215f00d
Faulting module name: msvcrt.dll, version: 7.0.9600.16384, time stamp: 0x5215f944
Exception code: 0xc0000005
Fault offset: 0x00000000000019c1
Faulting process id: 0x1b18
Faulting application start time: 0xrundll32.exe_aepdu.dll0
Faulting application path: rundll32.exe_aepdu.dll1
Faulting module path: rundll32.exe_aepdu.dll2
Report Id: rundll32.exe_aepdu.dll3
Faulting package full name: rundll32.exe_aepdu.dll4
Faulting package-relative application ID: rundll32.exe_aepdu.dll5

Error: (09/05/2014 07:51:21 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (09/05/2014 07:46:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_aepdu.dll, version: 6.3.9600.16384, time stamp: 0x5215f00d
Faulting module name: msvcrt.dll, version: 7.0.9600.16384, time stamp: 0x5215f944
Exception code: 0xc0000005
Fault offset: 0x00000000000019c1
Faulting process id: 0x1018
Faulting application start time: 0xrundll32.exe_aepdu.dll0
Faulting application path: rundll32.exe_aepdu.dll1
Faulting module path: rundll32.exe_aepdu.dll2
Report Id: rundll32.exe_aepdu.dll3
Faulting package full name: rundll32.exe_aepdu.dll4
Faulting package-relative application ID: rundll32.exe_aepdu.dll5

Error: (09/05/2014 07:44:44 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (09/05/2014 07:44:19 AM) (Source: MsiInstaller) (EventID: 11935) (User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.MFCLOC,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80073712. assembly interface: IAssemblyCacheItem, function: Commit, component: {ACF659FB-90F9-349C-99A2-5F7A62F0E7D6}

Error: (09/05/2014 00:15:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_aepdu.dll, version: 6.3.9600.16384, time stamp: 0x5215f00d
Faulting module name: msvcrt.dll, version: 7.0.9600.16384, time stamp: 0x5215f944
Exception code: 0xc0000005
Fault offset: 0x00000000000019c1
Faulting process id: 0x1884
Faulting application start time: 0xrundll32.exe_aepdu.dll0
Faulting application path: rundll32.exe_aepdu.dll1
Faulting module path: rundll32.exe_aepdu.dll2
Report Id: rundll32.exe_aepdu.dll3
Faulting package full name: rundll32.exe_aepdu.dll4
Faulting package-relative application ID: rundll32.exe_aepdu.dll5

Error: (09/04/2014 05:16:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 31.0.0.5310, time stamp: 0x53c75e91
Faulting module name: mozalloc.dll, version: 31.0.0.5310, time stamp: 0x53c72e91
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0x1590
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5


System errors:
=============
Error: (09/05/2014 08:09:24 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).

Error: (09/05/2014 07:44:34 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).

Error: (09/04/2014 05:17:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Emsisoft Protection Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (09/04/2014 02:19:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error:
%%577

Error: (09/04/2014 04:19:31 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).

Error: (09/03/2014 10:28:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).

Error: (09/03/2014 08:07:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).

Error: (09/03/2014 07:48:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).

Error: (09/03/2014 05:16:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).

Error: (09/03/2014 05:06:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).


Microsoft Office Sessions:
=========================
Error: (09/05/2014 08:10:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_aepdu.dll6.3.9600.163845215f00dmsvcrt.dll7.0.9600.163845215f944c000000500000000000019c1197801cfc902279c1851C:\Windows\system32\rundll32.exeC:\Windows\system32\msvcrt.dll92634986-34f5-11e4-8289-5435304166ae

Error: (09/05/2014 08:09:26 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/05/2014 08:09:12 AM) (Source: MsiInstaller) (EventID: 11935) (User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.MFCLOC,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80073712. assembly interface: IAssemblyCacheItem, function: Commit, component: {ACF659FB-90F9-349C-99A2-5F7A62F0E7D6}(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/05/2014 07:52:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_aepdu.dll6.3.9600.163845215f00dmsvcrt.dll7.0.9600.163845215f944c000000500000000000019c11b1801cfc8ffa9349978C:\Windows\system32\rundll32.exeC:\Windows\system32\msvcrt.dll0dca2964-34f3-11e4-8289-5435304166ae

Error: (09/05/2014 07:51:21 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/05/2014 07:46:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_aepdu.dll6.3.9600.163845215f00dmsvcrt.dll7.0.9600.163845215f944c000000500000000000019c1101801cfc8fea32e8ac4C:\Windows\system32\rundll32.exeC:\Windows\system32\msvcrt.dll43f3f6e1-34f2-11e4-8289-5435304166ae

Error: (09/05/2014 07:44:44 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/05/2014 07:44:19 AM) (Source: MsiInstaller) (EventID: 11935) (User: NT AUTHORITY)
Description: Product: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 -- Error 1935.An error occurred during the installation of assembly 'Microsoft.VC90.MFCLOC,version="9.0.30729.6161",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64",type="win32"'. Please refer to Help and Support for more information. HRESULT: 0x80073712. assembly interface: IAssemblyCacheItem, function: Commit, component: {ACF659FB-90F9-349C-99A2-5F7A62F0E7D6}(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/05/2014 00:15:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_aepdu.dll6.3.9600.163845215f00dmsvcrt.dll7.0.9600.163845215f944c000000500000000000019c1188401cfc8bfd35f3fdeC:\Windows\system32\rundll32.exeC:\Windows\system32\msvcrt.dll48fd73ca-34b3-11e4-8289-5435304166ae

Error: (09/04/2014 05:16:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b159001cfc8856fb1e6d9C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllc29903ca-3478-11e4-8289-5435304166ae


CodeIntegrity Errors:
===================================
  Date: 2014-09-04 14:19:59.259
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-28 21:08:57.964
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-28 10:01:56.915
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-27 19:54:40.305
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-27 19:30:17.290
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-27 19:14:35.276
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-27 19:12:39.774
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-27 16:56:38.945
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-27 16:53:41.415
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-27 16:14:56.291
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 28%
Total physical RAM: 8108.94 MB
Available physical RAM: 5805.99 MB
Total Pagefile: 9388.94 MB
Available Pagefile: 6767.32 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:922.84 GB) (Free:875.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A4D9BEB5)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

My computer seems to be running fine, but I'm not able to update windows.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:03 AM

Posted 06 September 2014 - 07:46 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?fr=avantsearch6
SearchScopes: HKLM - {2EB247C0-64A8-4F19-9C57-FDEAF8D03393} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM-x32 - {2EB247C0-64A8-4F19-9C57-FDEAF8D03393} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now.

#10 Rick605

Rick605
  • Topic Starter

  • Members
  • 355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:08:03 AM

Posted 06 September 2014 - 12:53 PM

I think I messed up. After restarting my computer I was able o run Farbar so I did it that way.

 

I copied and pasted into notepad and then dragged and dropped into Farbar. It said it was there but after scanning and clikcing on fix, it said fixlist.txt wasn't there.

 

Am I doing this correctly?

 

The following is what it gave me....

 

 

Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMeeting\1468\g2mstart.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMeeting\1468\g2mcomm.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMeeting\1468\g2mlauncher.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [382608 2014-06-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-09-05] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-2639599823-3024943084-2445285041-1001\...\Run: [Google Update] => C:\Users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-21] (Google Inc.)
HKU\S-1-5-21-2639599823-3024943084-2445285041-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-04-21] (Google Inc.)
HKU\S-1-5-21-2639599823-3024943084-2445285041-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-15] (SUPERAntiSpyware)
HKU\S-1-5-21-2639599823-3024943084-2445285041-1001\...\Run: [GoToMeeting] => C:\Program Files (x86)\Citrix\GoToMeeting\1468\g2mstart.exe [40304 2014-08-14] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-2639599823-3024943084-2445285041-1001\...\MountPoints2: {c4acd2ae-cd91-11e3-825c-5435304166ae} - "D:\WD SmartWare.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: DBARFileBackuped -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: DBARFileNotBackuped -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6159D41ABD64CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?fr=avantsearch6
SearchScopes: HKLM - {2EB247C0-64A8-4F19-9C57-FDEAF8D03393} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM-x32 - {2EB247C0-64A8-4F19-9C57-FDEAF8D03393} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKCU - {2EB247C0-64A8-4F19-9C57-FDEAF8D03393} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\sz8gk6ir.default
FF Homepage: www.eckankar.org
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Richard\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Richard\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Richard\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Richard\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Richard\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Richard\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Richard\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Bluhell Firewall - C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\sz8gk6ir.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2014-06-14]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-04-21]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-04-21]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-04-21]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-04-21]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-04-21]

Chrome:
=======
CHR HomePage: Default ->
CHR DefaultSearchProvider: Default -> true
CHR Profile: C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-04-21]
CHR Extension: (No Name) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-04-21]
CHR Extension: (No Name) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-04-21]
CHR Extension: (No Name) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-04-21]
CHR Extension: (No Name) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-05-19]
CHR Extension: (No Name) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-30]
CHR Extension: (No Name) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-04-21]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2014-03-26]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2014-03-26]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2014-03-26]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2014-03-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2014-03-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-15] (SUPERAntiSpyware.com)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-09-05] (Windows ® Win 7 DDK provider)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-03-26] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 HPSLPSVC; C:\Users\Richard\AppData\Local\Temp\7zS483D\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [360592 2014-06-04] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915920 2013-11-21] (SoftThinks SAS)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-05] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2014-05-06] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62392 2014-06-04] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-03-26] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-03-26] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-03-26] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-03-26] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-03-26] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-03-26] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2014-03-26] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-03-26] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-03-26] (Kaspersky Lab ZAO)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-06 13:45 - 2014-09-06 13:47 - 00026146 _____ () C:\Users\Richard\Desktop\FRST.txt
2014-09-06 07:22 - 2014-09-06 07:22 - 00000000 ___RD () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-09-05 16:53 - 2014-09-05 16:54 - 00000000 ____D () C:\Users\Richard\Documents\Eckankar
2014-09-04 15:03 - 2014-09-04 15:03 - 00026044 _____ () C:\Users\Richard\Desktop\A Letter of Separation.zip
2014-09-04 14:28 - 2014-09-06 13:47 - 00000000 ____D () C:\FRST
2014-09-04 14:19 - 2014-09-04 14:19 - 00000310 _____ () C:\Windows\PFRO.log
2014-09-04 11:38 - 2014-09-04 14:29 - 02104832 _____ (Farbar) C:\Users\Richard\Desktop\FRST64.exe
2014-09-04 10:50 - 2014-09-04 10:50 - 01370467 _____ () C:\Users\Richard\Desktop\adwcleaner_3.309.exe
2014-08-28 13:43 - 2014-08-28 13:43 - 00015003 _____ () C:\Users\Richard\Desktop\matchrate.odt
2014-08-27 19:59 - 2014-08-22 20:42 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 19:03 - 2014-08-27 19:53 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-15 19:54 - 2014-08-01 20:17 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-15 19:54 - 2014-08-01 20:17 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-15 16:07 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 16:07 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 16:07 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 16:07 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 16:07 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 16:07 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 16:07 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 16:07 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 16:07 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 16:07 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 16:07 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 16:07 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 16:07 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 16:07 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 16:07 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 16:07 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 16:07 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 16:07 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 16:07 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 16:07 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 16:07 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 16:07 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 16:07 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 16:07 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 16:06 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 16:06 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 16:06 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 16:06 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 16:06 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 16:06 - 2014-07-25 07:43 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 16:06 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 16:06 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 16:06 - 2014-07-25 07:09 - 00291840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 16:06 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 16:06 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 16:05 - 2014-06-19 21:48 - 01273184 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 16:05 - 2014-06-19 19:52 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-15 16:05 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 16:05 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 16:05 - 2014-05-31 02:27 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-08-15 16:04 - 2014-07-15 14:16 - 03048880 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2014-08-15 16:04 - 2014-07-15 04:29 - 03118080 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-08-15 16:04 - 2014-07-15 04:22 - 02861056 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll
2014-08-15 16:04 - 2014-07-15 04:03 - 02344448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-08-15 16:04 - 2014-07-10 00:16 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-08-15 16:04 - 2014-07-10 00:03 - 04756992 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-08-15 16:04 - 2014-07-09 23:33 - 01120256 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-08-15 16:04 - 2014-06-12 21:15 - 00517528 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-08-15 16:04 - 2014-06-12 21:14 - 01557848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 16:04 - 2014-06-12 20:10 - 00406400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-08-15 16:04 - 2014-06-06 07:34 - 02133504 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-08-15 16:04 - 2014-05-13 03:01 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\BulkOperationHost.exe
2014-08-15 16:04 - 2014-05-13 01:07 - 02844160 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-15 16:04 - 2014-05-13 00:41 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-08-15 16:04 - 2014-05-13 00:26 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-08-15 16:04 - 2014-05-12 23:59 - 01035264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-15 16:04 - 2014-05-12 23:31 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-08-15 16:04 - 2014-05-03 07:29 - 01726224 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-08-15 16:04 - 2014-05-03 05:20 - 01473080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-08-15 16:04 - 2014-05-03 01:36 - 00997888 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2014-08-15 16:04 - 2014-05-03 01:19 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\ncobjapi.dll
2014-08-15 16:04 - 2014-05-03 01:08 - 00301056 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll
2014-08-15 16:04 - 2014-05-03 01:07 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll
2014-08-15 16:04 - 2014-05-03 00:46 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncobjapi.dll
2014-08-15 16:04 - 2014-05-03 00:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedynos.dll
2014-08-15 16:04 - 2014-05-03 00:37 - 00207360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\framedyn.dll
2014-08-15 16:04 - 2014-05-02 19:26 - 00050745 _____ () C:\Windows\system32\srms.dat
2014-08-15 16:04 - 2014-05-01 01:44 - 01025536 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-08-15 16:04 - 2014-04-30 02:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys
2014-08-15 16:04 - 2014-04-30 02:41 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-08-15 16:04 - 2014-04-30 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2014-08-15 16:04 - 2014-04-30 02:41 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys
2014-08-15 16:04 - 2014-04-30 01:45 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-08-15 16:04 - 2014-04-30 00:48 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-08-15 16:04 - 2014-04-30 00:24 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-08-15 16:04 - 2014-04-30 00:23 - 00353280 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2014-08-15 16:04 - 2014-04-30 00:23 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-08-15 16:04 - 2014-04-30 00:23 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2014-08-15 16:04 - 2014-04-30 00:14 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-08-15 16:04 - 2014-04-29 23:59 - 01063424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-08-15 16:04 - 2014-04-29 23:46 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2014-08-15 16:04 - 2014-04-29 23:46 - 00229888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2014-08-15 16:04 - 2014-04-29 23:46 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-08-15 16:04 - 2014-04-29 23:45 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2014-08-15 16:04 - 2014-04-29 23:42 - 00403968 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2014-08-15 16:04 - 2014-04-28 18:40 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2014-08-15 16:04 - 2014-04-26 18:03 - 02140888 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-08-15 16:04 - 2014-04-26 16:14 - 02144984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-08-15 16:04 - 2014-04-26 12:39 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2014-08-15 16:04 - 2014-04-14 05:37 - 02125344 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2014-08-15 16:04 - 2014-04-14 04:08 - 01797896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2014-08-15 16:04 - 2014-04-14 01:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d8thk.dll
2014-08-15 16:04 - 2014-04-09 02:11 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-08-15 16:04 - 2014-04-09 01:20 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-08-15 16:03 - 2014-08-06 22:12 - 01336624 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-15 16:03 - 2014-08-06 18:38 - 00697856 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 16:03 - 2014-08-02 01:44 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 16:03 - 2014-08-01 23:56 - 01064448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-15 16:03 - 2014-08-01 23:11 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-08-15 16:03 - 2014-07-12 00:17 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2014-08-15 16:03 - 2014-06-05 10:13 - 00216368 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2014-08-15 16:03 - 2014-06-05 09:14 - 00189016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2014-08-15 16:03 - 2014-06-01 22:10 - 00423768 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2014-08-15 16:03 - 2014-05-31 06:07 - 00467800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-08-15 16:03 - 2014-05-31 06:07 - 00440664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-08-15 16:03 - 2014-05-31 06:07 - 00419672 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-08-15 16:03 - 2014-05-31 06:07 - 00089944 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-08-15 16:03 - 2014-05-31 06:07 - 00027480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-08-15 16:03 - 2014-05-31 02:30 - 00037376 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-08-15 16:03 - 2014-05-31 02:27 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-08-15 16:03 - 2014-05-31 02:26 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-08-15 16:03 - 2014-05-31 00:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-08-15 16:03 - 2014-05-31 00:01 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-08-15 16:03 - 2014-05-31 00:01 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-08-15 16:03 - 2014-05-27 11:53 - 02518360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-08-15 16:03 - 2014-05-27 05:56 - 00323584 _____ (Microsoft Corporation) C:\Windows\system32\DaOtpCredentialProvider.dll
2014-08-15 16:03 - 2014-05-27 05:53 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DaOtpCredentialProvider.dll
2014-08-15 16:03 - 2014-05-17 00:59 - 16871936 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-08-15 16:03 - 2014-05-17 00:13 - 12711424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-08-15 16:01 - 2014-06-04 05:27 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 16:01 - 2014-06-04 01:31 - 00356352 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 16:01 - 2014-06-04 01:22 - 02790912 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 16:01 - 2014-06-04 00:43 - 00281088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 16:01 - 2014-06-04 00:38 - 03304448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 16:01 - 2014-06-03 22:15 - 02642944 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 16:01 - 2014-06-03 22:14 - 02318336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 21:23 - 2014-08-27 19:53 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-08-14 21:23 - 2014-08-14 21:23 - 00001398 _____ () C:\Users\Richard\Desktop\GoToMeeting.lnk
2014-08-14 21:22 - 2014-09-06 13:15 - 00000552 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2639599823-3024943084-2445285041-1001.job
2014-08-14 21:22 - 2014-08-27 19:50 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-08-14 21:22 - 2014-08-14 21:23 - 00003552 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2639599823-3024943084-2445285041-1001
2014-08-14 21:17 - 2014-08-14 21:18 - 06507561 _____ () C:\Users\Richard\Desktop\G2M_Global_v6.3.1_b1468_MSI.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-06 13:47 - 2014-09-06 13:45 - 00026146 _____ () C:\Users\Richard\Desktop\FRST.txt
2014-09-06 13:47 - 2014-09-04 14:28 - 00000000 ____D () C:\FRST
2014-09-06 13:47 - 2014-04-21 05:22 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-06 13:21 - 2014-05-04 19:43 - 01150752 _____ () C:\Windows\WindowsUpdate.log
2014-09-06 13:16 - 2014-05-03 19:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-06 13:15 - 2014-08-14 21:22 - 00000552 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2639599823-3024943084-2445285041-1001.job
2014-09-06 13:11 - 2014-04-21 05:55 - 00020677 _____ () C:\Windows\system32\lvcoinst.log
2014-09-06 13:06 - 2014-04-25 19:51 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2639599823-3024943084-2445285041-1001UA.job
2014-09-06 13:00 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2014-09-06 12:48 - 2014-04-21 06:27 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-06 08:27 - 2014-05-20 10:59 - 02984448 ___SH () C:\Users\Richard\Desktop\Thumbs.db
2014-09-06 07:33 - 2014-04-21 21:17 - 00004966 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for RICK-Richard Rick
2014-09-06 07:32 - 2014-04-21 09:20 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2639599823-3024943084-2445285041-1001
2014-09-06 07:24 - 2014-04-21 09:17 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{35A475B4-1176-481D-BA78-5892E06E0A82}
2014-09-06 07:22 - 2014-09-06 07:22 - 00000000 ___RD () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-09-06 07:21 - 2014-04-21 09:16 - 00000000 __RDO () C:\Users\Richard\SkyDrive
2014-09-06 07:21 - 2014-04-21 06:27 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-06 07:21 - 2014-04-21 06:27 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-06 07:21 - 2014-04-21 05:56 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-09-05 22:01 - 2014-06-30 13:22 - 00000000 ____D () C:\AdwCleaner
2014-09-05 21:06 - 2014-04-25 19:51 - 00000874 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2639599823-3024943084-2445285041-1001Core.job
2014-09-05 17:01 - 2014-01-14 09:07 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-09-05 17:00 - 2014-07-17 19:50 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-09-05 17:00 - 2014-07-17 19:01 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-09-05 16:54 - 2014-09-05 16:53 - 00000000 ____D () C:\Users\Richard\Documents\Eckankar
2014-09-05 16:53 - 2014-05-20 17:35 - 00000000 ____D () C:\Users\Richard\AppData\Local\Adobe
2014-09-05 16:52 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-04 17:16 - 2014-04-21 11:37 - 00000000 ____D () C:\Users\Richard\AppData\Local\CrashDumps
2014-09-04 15:03 - 2014-09-04 15:03 - 00026044 _____ () C:\Users\Richard\Desktop\A Letter of Separation.zip
2014-09-04 14:29 - 2014-09-04 11:38 - 02104832 _____ (Farbar) C:\Users\Richard\Desktop\FRST64.exe
2014-09-04 14:19 - 2014-09-04 14:19 - 00000310 _____ () C:\Windows\PFRO.log
2014-09-04 14:19 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-04 10:50 - 2014-09-04 10:50 - 01370467 _____ () C:\Users\Richard\Desktop\adwcleaner_3.309.exe
2014-09-04 05:21 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-09-03 21:30 - 2014-04-21 10:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 10:21 - 2014-04-21 09:16 - 00000000 ____D () C:\Users\Richard\Documents\Bluetooth Folder
2014-09-02 13:53 - 2014-01-14 08:46 - 00865408 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-30 22:08 - 2014-05-23 21:45 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-29 21:05 - 2014-05-15 14:06 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Skype
2014-08-28 13:43 - 2014-08-28 13:43 - 00015003 _____ () C:\Users\Richard\Desktop\matchrate.odt
2014-08-28 10:01 - 2013-08-22 10:44 - 05181960 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 19:59 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-27 19:54 - 2014-04-21 09:14 - 00000000 ____D () C:\Users\Richard
2014-08-27 19:53 - 2014-08-27 19:03 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-27 19:53 - 2014-08-14 21:23 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-08-27 19:53 - 2014-04-21 09:15 - 00000000 ____D () C:\ProgramData\Atheros
2014-08-27 19:53 - 2014-04-21 06:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-27 19:51 - 2014-05-08 20:13 - 00000000 ____D () C:\Users\Richard\AppData\Roaming\SUPERAntiSpyware.com
2014-08-27 19:51 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\registration
2014-08-27 19:51 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-08-27 19:50 - 2014-08-14 21:22 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-08-27 19:30 - 2014-07-17 17:54 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-08-23 09:25 - 2014-04-21 19:35 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-22 20:42 - 2014-08-27 19:59 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-17 10:01 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2014-08-15 19:50 - 2014-07-09 19:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-15 19:50 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData
2014-08-15 19:50 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 19:50 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-08-15 19:50 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\FileManager
2014-08-15 19:50 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Camera
2014-08-15 18:06 - 2014-04-23 03:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-15 18:04 - 2014-04-23 03:20 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-15 16:01 - 2014-07-09 09:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 16:01 - 2014-06-15 04:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 16:01 - 2014-06-15 04:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 16:01 - 2014-06-15 04:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 16:01 - 2014-06-15 04:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 16:01 - 2014-06-15 04:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 16:01 - 2014-06-15 04:09 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 16:01 - 2014-06-15 04:09 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 16:01 - 2014-06-15 04:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 16:01 - 2014-06-15 04:09 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 16:01 - 2014-05-06 17:26 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 16:00 - 2014-07-09 09:36 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 16:00 - 2014-06-15 04:09 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 16:00 - 2014-06-15 04:09 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 16:00 - 2014-05-06 17:26 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 16:00 - 2014-05-06 17:25 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 16:00 - 2014-01-14 08:32 - 00233912 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-08-15 15:58 - 2014-06-12 00:08 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-08-14 21:24 - 2014-05-14 14:54 - 00000000 ____D () C:\Users\Richard\AppData\Local\Citrix
2014-08-14 21:23 - 2014-08-14 21:23 - 00001398 _____ () C:\Users\Richard\Desktop\GoToMeeting.lnk
2014-08-14 21:23 - 2014-08-14 21:22 - 00003552 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2639599823-3024943084-2445285041-1001
2014-08-14 21:18 - 2014-08-14 21:17 - 06507561 _____ () C:\Users\Richard\Desktop\G2M_Global_v6.3.1_b1468_MSI.zip
2014-08-10 16:10 - 2014-05-15 14:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-09 08:52 - 2014-05-15 14:06 - 00000000 ____D () C:\ProgramData\Skype

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-31 10:55

==================== End Of Log ============================



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:03 AM

Posted 07 September 2014 - 07:03 AM

I copied and pasted into notepad and then dragged and dropped into Farbar. It said it was there but after scanning and clikcing on fix, it said fixlist.txt wasn't there.


The idea is to create the file fixlist.txt
The file must be on your Desktop where the Farbar tool is located.

When this is ready, run the Farbar tool and select the Fix button.

Copy and post the log that is created.

#12 Rick605

Rick605
  • Topic Starter

  • Members
  • 355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:08:03 AM

Posted 07 September 2014 - 08:52 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2014 02
Ran by Richard at 2014-09-07 09:50:33 Run:1
Running from C:\Users\Richard\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?fr=avantsearch6
SearchScopes: HKLM - {2EB247C0-64A8-4F19-9C57-FDEAF8D03393} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM-x32 - {2EB247C0-64A8-4F19-9C57-FDEAF8D03393} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB

End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
"HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
"HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
"HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2EB247C0-64A8-4F19-9C57-FDEAF8D03393}" => Key deleted successfully.
"HKCR\CLSID\{2EB247C0-64A8-4F19-9C57-FDEAF8D03393}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2EB247C0-64A8-4F19-9C57-FDEAF8D03393}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{2EB247C0-64A8-4F19-9C57-FDEAF8D03393}" => Key not found.

==== End of Fixlog ====

 

 

 

Results of screen317's Security Check version 0.99.87  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Emsisoft Anti-Malware   
 Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player     14.0.0.145  
 Adobe Reader XI  
 Mozilla Firefox (31.0)
 Google Chrome 36.0.1985.143  
 Google Chrome 37.0.2062.103  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Exploit mbae-svc.exe   
 Malwarebytes Anti-Exploit mbae.exe   
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 klwtblfs.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 


Edited by Rick605, 07 September 2014 - 08:58 AM.


#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:03 AM

Posted 07 September 2014 - 09:21 AM

Emsisoft Anti-Malware
Antivirus out of date!

Take care of this.
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#14 Rick605

Rick605
  • Topic Starter

  • Members
  • 355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Connecticut
  • Local time:08:03 AM

Posted 07 September 2014 - 09:33 AM

Thanks nasdaq. :)

 

I'm unable to update windows, it says error 643. Should I go to another forum for that?



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:03 AM

Posted 07 September 2014 - 10:30 AM

Execute this Microsoft fix.

http://support.microsoft.com/kb/976982




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users