Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trouble downloading to Desktop DDS logs here


  • This topic is locked This topic is locked
31 replies to this topic

#1 wpfast

wpfast

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 28 August 2014 - 12:04 AM

hello

after working with noknojon I was referred here for higher level help

I cleaned off all extra programs per his instructions, like IOBIT and JRT

 

I have new ESET Smart Security I am testing with Free Trial Offer

I ran it's Smart Scan twice and both were clean

 

but downloading programs has been a problem

Here is DDS program scan logs

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 10.65.2
Run by Wells at 23:55:05 on 2014-08-27
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3839.2252 [GMT -5:00]
.
AV: ESET Smart Security 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Smart Security 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_176_ActiveX.exe
C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
C:\Windows\System32\WScript.exe
C:\Program Files (x86)\TunnelBear\TBear.Client.exe
C:\Program Files (x86)\TunnelBear\v2\OpenSSL\vpn.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://duckduckgo.com
uWindow Title = Internet Explorer, enhanced for Bing and MSN
mStart Page = about:blank
mDefault_Page_URL = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
mCustomizeSearch = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [WsmUpdater] "C:\Program Files (x86)\Web Solution Mart\Windows 8 Codecs Pack\Updater.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Secunia PSI Tray.lnk - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 8.8.8.8
TCP: Interfaces\{3399840B-161A-4D35-B42D-353679E1D4D0} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{49D2F846-FD41-48D8-BF88-EF2012E44B80} : DHCPNameServer = 8.8.8.8 24.178.162.3 24.247.15.53
LSA: Notification Packages =  msv1_0 scecli
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-mSearchAssistant = hxxp://www.google.com
x64-mCustomizeSearch = hxxp://www.google.com
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Wells\AppData\Roaming\Mozilla\Firefox\Profiles\y57ymsby.default-1357964766865\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - duckduckgo.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2013-9-17 62136]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-9-17 239320]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2013-9-17 44120]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [2014-4-13 62168]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-26 203776]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2014-2-24 1343408]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-9-26 335168]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2011-4-22 72216]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [2014-4-13 319288]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-7-3 1228504]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-7-3 660184]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2011-4-28 618896]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-7-3 18456]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-21 413800]
R3 tap-tb-0901;TunnelBear Adapter V9;C:\Windows\System32\drivers\tap-tb-0901.sys [2014-6-17 39168]
R3 TunnelBearMaintenance;TunnelBear Maintenance;C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [2014-7-5 26048]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-4-26 819032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-4-17 2152736]
S2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-4-22 375728]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [?]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-15 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-8-22 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-8-22 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-8-22 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-20 1255736]
.
=============== Created Last 30 ================
.
2014-08-27 17:24:11 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-27 17:24:11 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-27 17:24:11 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-26 10:57:40 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BA6541E2-6EED-43F0-9226-7C065A25FD33}\offreg.dll
2014-08-26 10:56:03 11319192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BA6541E2-6EED-43F0-9226-7C065A25FD33}\mpengine.dll
2014-08-23 06:34:05 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-08-23 06:34:05 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-08-23 04:56:53 -------- d-----w- C:\Users\Wells\AppData\Local\ESET
2014-08-23 04:56:52 -------- d-----w- C:\Users\Wells\AppData\Roaming\ESET
2014-08-23 04:55:07 -------- d-----w- C:\Program Files\ESET
2014-08-23 04:42:12 201263 ----a-w- C:\ProgramData\1408768737.bdinstall.bin
2014-08-23 04:42:12 -------- d-----w- C:\Program Files\Bitdefender
2014-08-16 08:01:04 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-16 08:01:04 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-16 08:01:03 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-16 08:01:03 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-16 08:01:03 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-16 08:01:03 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-16 08:00:53 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-16 08:00:53 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-15 08:09:18 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-08-15 08:09:18 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-08-15 08:09:09 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-08-15 08:09:09 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-08-15 08:09:09 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-08-15 08:09:09 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-08-15 08:09:08 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-08-15 08:09:08 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-08-15 08:09:08 112064 ----a-w- C:\Windows\System32\consent.exe
2014-08-15 08:09:01 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-08-15 08:07:14 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-08-15 08:07:14 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-08-15 08:03:34 529920 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-15 08:03:34 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-08-10 16:10:23 -------- d-----w- C:\Users\Wells\AppData\Local\Adobe
2014-08-06 08:00:23 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2014-08-05 17:20:22 227728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-08-01 07:21:02 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-01 07:20:53 97792 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-01 07:20:53 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-08-01 07:20:42 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-01 07:20:42 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-01 07:20:42 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-01 07:20:42 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
.
==================== Find3M  ====================
.
2014-08-28 04:12:11 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-15 08:07:45 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-15 08:07:45 699568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-05 14:20:00 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-18 08:36:29 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-07-18 08:35:23 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-09 09:02:03 5659136 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-17 17:06:44 39168 ----a-w- C:\Windows\System32\drivers\tap-tb-0901.sys
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 23:55:15.47 ===============

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/20/2011 2:54:42 PM
System Uptime: 8/27/2014 11:23:37 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | M3A78-EM
Processor: AMD Phenom™ II X4 940 Processor | AM2 | 3000/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 410.92 GiB free.
D: is FIXED (NTFS) - 465 GiB total, 65.603 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: LogMeIn Kernel Information Provider
Device ID: ROOT\LEGACY_LMIINFO\0000
Manufacturer:
Name: LogMeIn Kernel Information Provider
PNP Device ID: ROOT\LEGACY_LMIINFO\0000
Service: LMIInfo
.
==== System Restore Points ===================
.
RP785: 8/19/2014 3:44:23 AM - Windows Update
RP786: 8/22/2014 11:46:54 PM - Windows Modules Installer
RP787: 8/22/2014 11:47:43 PM - Windows Modules Installer
RP788: 8/23/2014 1:34:51 AM - Windows Update
RP789: 8/23/2014 8:41:44 PM - Revo Uninstaller's restore point - ESET Online Scanner v3
RP790: 8/23/2014 10:33:58 PM - Revo Uninstaller's restore point - Advanced SystemCare 7
RP791: 8/24/2014 12:00:05 AM - Windows Backup
RP792: 8/25/2014 9:31:31 AM - Revo Uninstaller's restore point - IObit Uninstaller
RP793: 8/25/2014 9:33:05 AM - Revo Uninstaller's restore point - Surfing Protection
RP794: 8/25/2014 9:34:23 AM - Revo Uninstaller's restore point - LogMeIn
RP795: 8/25/2014 9:36:08 AM - Revo Uninstaller's restore point - Glary Utilities 2.49.0.1600
RP796: 8/25/2014 9:46:21 AM - Removed RegHunter
RP797: 8/26/2014 5:55:25 AM - Windows Update
RP798: 8/27/2014 10:44:23 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX 64-bit
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Reader XI (11.0.08)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audio Creator LE
Auslogics Disk Defrag
Bonjour
CCleaner
CDBurnerXP
Compatibility Pack for the 2007 Office system
DC-Bass Source 1.3.0
DownloadTerms
ESET Online Scanner v3
ESET Smart Security
ffdshow v1.1.4399 [2012-03-22]
Google Chrome
Google Earth
Google Update Helper
Haali Media Splitter
IE Java Block 32bit Shim
IE Java Block 64bit Shim
iTunes
Java 7 Update 65
Java 7 Update 65 (64-bit)
K-Lite Codec Pack 7.1.0 (Full)
Malwarebytes Anti-Exploit version 0.10.0.1000
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.1
Microsoft IntelliType Pro 8.1
Microsoft Office Converter Pack
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 31.0 (x86 en-US)
MPC-HC 1.7.0
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Revo Uninstaller 1.94
Secunia PSI (3.0.0.7011)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
TunnelBear
VC80CRTRedist - 8.0.50727.6195
Vensim PLE
VLC media player
Window Washer
Windows 8 Codecs Pack 1.0.0
.
==== Event Viewer Messages From Past Week ========
.
8/27/2014 11:24:50 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  aswSnx
8/27/2014 11:24:41 PM, Error: Service Control Manager [7000]  - The vToolbarUpdater15.3.0 service failed to start due to the following error:  The system cannot find the file specified.
8/27/2014 11:24:36 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the LMIGuardianSvc service to connect.
8/27/2014 11:24:36 PM, Error: Service Control Manager [7000]  - The LMIGuardianSvc service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/27/2014 11:23:54 PM, Error: volmgr [46]  - Crash dump initialization failed!
8/27/2014 10:26:53 PM, Error: Service Control Manager [7034]  - The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
8/27/2014 10:26:04 PM, Error: Service Control Manager [7034]  - The IMF Service service terminated unexpectedly.  It has done this 1 time(s).
8/25/2014 11:25:21 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
8/25/2014 10:56:29 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
8/25/2014 10:40:17 AM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
8/25/2014 10:40:16 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/25/2014 10:40:16 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/25/2014 10:40:13 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/25/2014 10:40:06 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/25/2014 10:40:03 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  aswSnx discache eamonm ehdrv ESProtectionDriver spldr Wanarpv6
8/23/2014 9:39:41 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/23/2014 9:39:41 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/23/2014 9:39:15 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD aswSnx CSC DfsC discache eamonm ehdrv EpfwLWF ESProtectionDriver NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl
8/23/2014 9:39:15 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
8/23/2014 9:39:15 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
8/23/2014 9:39:15 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
8/23/2014 9:39:15 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
8/23/2014 9:39:15 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
8/23/2014 9:39:15 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
8/23/2014 9:39:15 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
8/23/2014 9:39:15 PM, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
8/23/2014 9:39:15 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
8/23/2014 9:39:15 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
8/23/2014 10:34:20 PM, Error: Service Control Manager [7034]  - The Advanced SystemCare Service 7 service terminated unexpectedly.  It has done this 1 time(s).
8/23/2014 10:00:20 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
.
==== End Of File ===========================

wpfast

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:22 PM

Posted 02 September 2014 - 12:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/546002 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 wpfast

wpfast
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 02 September 2014 - 08:24 AM

Note I am still unable to Save DDS to Desktop...had to Run it from Safe Mode

 

here are logs

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 10.65.2
Run by Wells at 8:19:54 on 2014-09-02
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3839.2626 [GMT -5:00]
.
AV: ESET Smart Security 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Smart Security 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://duckduckgo.com
uWindow Title = Internet Explorer, enhanced for Bing and MSN
mStart Page = about:blank
mDefault_Page_URL = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
mCustomizeSearch = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
uRun: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [WsmUpdater] "C:\Program Files (x86)\Web Solution Mart\Windows 8 Codecs Pack\Updater.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Secunia PSI Tray.lnk - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 8.8.8.8 24.178.162.3 24.247.15.53
TCP: Interfaces\{3399840B-161A-4D35-B42D-353679E1D4D0} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{49D2F846-FD41-48D8-BF88-EF2012E44B80} : DHCPNameServer = 8.8.8.8 24.178.162.3 24.247.15.53
LSA: Notification Packages =  msv1_0 scecli
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-mSearchAssistant = hxxp://www.google.com
x64-mCustomizeSearch = hxxp://www.google.com
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Wells\AppData\Roaming\Mozilla\Firefox\Profiles\y57ymsby.default-1357964766865\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - duckduckgo.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll
FF - ExtSQL: 2014-08-31 22:06; ascsurfingprotection@iobit.com; C:\Users\Wells\AppData\Roaming\Mozilla\Firefox\Profiles\y57ymsby.default-1357964766865\extensions\ascsurfingprotection@iobit.com
.
============= SERVICES / DRIVERS ===============
.
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2013-9-17 44120]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-21 413800]
R3 tap-tb-0901;TunnelBear Adapter V9;C:\Windows\System32\drivers\tap-tb-0901.sys [2014-6-17 39168]
S0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2013-9-17 62136]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-4-26 819032]
S1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-9-17 239320]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [2014-4-13 62168]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2014-9-1 893216]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-26 203776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2014-2-24 1343408]
S2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-9-26 335168]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-4-17 2282272]
S2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-4-22 375728]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2011-4-22 72216]
S2 MbaeSvc;Malwarebytes Anti-Exploit Service;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [2014-4-13 319288]
S2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-7-3 1228504]
S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-7-3 660184]
S2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [?]
S2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2011-4-28 618896]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-15 111616]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-7-3 18456]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-8-22 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-8-22 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-8-22 30208]
S3 TunnelBearMaintenance;TunnelBear Maintenance;C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [2014-7-5 26048]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-20 1255736]
.
=============== Created Last 30 ================
.
2014-09-02 07:21:08 11319192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{504A6626-62FA-477A-B30C-5D83A330ECC7}\mpengine.dll
2014-08-27 17:24:11 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-27 17:24:11 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-27 17:24:11 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-23 06:34:05 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-08-23 06:34:05 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-08-23 04:56:53 -------- d-----w- C:\Users\Wells\AppData\Local\ESET
2014-08-23 04:56:52 -------- d-----w- C:\Users\Wells\AppData\Roaming\ESET
2014-08-23 04:55:07 -------- d-----w- C:\Program Files\ESET
2014-08-23 04:42:12 201263 ----a-w- C:\ProgramData\1408768737.bdinstall.bin
2014-08-23 04:42:12 -------- d-----w- C:\Program Files\Bitdefender
2014-08-16 08:01:04 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-16 08:01:04 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-16 08:01:03 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-16 08:01:03 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-16 08:01:03 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-16 08:01:03 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-16 08:00:53 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-16 08:00:53 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-15 08:09:18 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-08-15 08:09:18 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-08-15 08:09:09 3241984 ----a-w- C:\Windows\System32\msi.dll
2014-08-15 08:09:09 2363392 ----a-w- C:\Windows\SysWow64\msi.dll
2014-08-15 08:09:09 1941504 ----a-w- C:\Windows\System32\authui.dll
2014-08-15 08:09:09 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2014-08-15 08:09:08 504320 ----a-w- C:\Windows\System32\msihnd.dll
2014-08-15 08:09:08 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2014-08-15 08:09:08 112064 ----a-w- C:\Windows\System32\consent.exe
2014-08-15 08:09:01 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-08-15 08:07:14 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-08-15 08:07:14 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-08-15 08:03:34 529920 ----a-w- C:\Windows\System32\aepdu.dll
2014-08-15 08:03:34 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-08-10 16:10:23 -------- d-----w- C:\Users\Wells\AppData\Local\Adobe
2014-08-06 08:00:23 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2014-08-05 17:20:22 227728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2014-08-28 04:12:11 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-08-15 08:07:45 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-15 08:07:45 699568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-05 14:20:00 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-18 08:36:29 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-07-18 08:35:23 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-09 09:02:03 5659136 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-17 17:06:44 39168 ----a-w- C:\Windows\System32\drivers\tap-tb-0901.sys
2014-06-06 10:10:34 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH:  8:20:24.40 ===============

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/20/2011 2:54:42 PM
System Uptime: 9/2/2014 8:16:38 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | M3A78-EM
Processor: AMD Phenom™ II X4 940 Processor | AM2 | 3013/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 410.662 GiB free.
D: is FIXED (NTFS) - 465 GiB total, 57.153 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: ehdrv
Device ID: ROOT\LEGACY_EHDRV\0000
Manufacturer:
Name: ehdrv
PNP Device ID: ROOT\LEGACY_EHDRV\0000
Service: ehdrv
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: epfwwfp
Device ID: ROOT\LEGACY_EPFWWFP\0000
Manufacturer:
Name: epfwwfp
PNP Device ID: ROOT\LEGACY_EPFWWFP\0000
Service: epfwwfp
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP788: 8/23/2014 1:34:51 AM - Windows Update
RP789: 8/23/2014 8:41:44 PM - Revo Uninstaller's restore point - ESET Online Scanner v3
RP790: 8/23/2014 10:33:58 PM - Revo Uninstaller's restore point - Advanced SystemCare 7
RP791: 8/24/2014 12:00:05 AM - Windows Backup
RP792: 8/25/2014 9:31:31 AM - Revo Uninstaller's restore point - IObit Uninstaller
RP793: 8/25/2014 9:33:05 AM - Revo Uninstaller's restore point - Surfing Protection
RP794: 8/25/2014 9:34:23 AM - Revo Uninstaller's restore point - LogMeIn
RP795: 8/25/2014 9:36:08 AM - Revo Uninstaller's restore point - Glary Utilities 2.49.0.1600
RP796: 8/25/2014 9:46:21 AM - Removed RegHunter
RP797: 8/26/2014 5:55:25 AM - Windows Update
RP798: 8/27/2014 10:44:23 PM - Windows Update
RP799: 8/31/2014 12:00:11 AM - Windows Backup
RP800: 9/2/2014 2:20:33 AM - Windows Update
.
==== Installed Programs ======================
.
.
==== End Of File ===========================
 

 



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,741 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:22 PM

Posted 03 September 2014 - 08:35 AM

Greetings wpfast and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 wpfast

wpfast
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 04 September 2014 - 10:49 PM

here are frst64 logs..

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by Wells (administrator) on WELLS-PC on 04-09-2014 22:29:51
Running from C:\Users\Wells\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1860496 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [404712 2013-01-04] (BillP Studios)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5581888 2014-02-24] (ESET)
HKLM-x32\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [404712 2013-01-04] (BillP Studios)
HKLM-x32\...\Run: [WsmUpdater] => C:\Program Files (x86)\Web Solution Mart\Windows 8 Codecs Pack\Updater.exe [292208 2012-05-18] (Web Solution Mart)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [1294136 2014-02-21] (Malwarebytes Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKU\S-1-5-21-2524746469-604534309-456938349-1000\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2281248 2014-08-22] (IObit)
HKU\S-1-5-21-2524746469-604534309-456938349-1000\...\Policies\Explorer: [NoRecentDocsHistory] 1
Lsa: [Notification Packages] msv1_0 scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://duckduckgo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - {606F3F31-9930-42FF-9D35-8C35F6252D53} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=114576&p={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 24.178.162.3 24.247.15.53

FireFox:
========
FF ProfilePath: C:\Users\Wells\AppData\Roaming\Mozilla\Firefox\Profiles\y57ymsby.default-1357964766865
FF SelectedSearchEngine: Google
FF Homepage: duckduckgo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Wells\AppData\Roaming\Mozilla\Firefox\Profiles\y57ymsby.default-1357964766865\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Wells\AppData\Roaming\Mozilla\Firefox\Profiles\y57ymsby.default-1357964766865\searchplugins\yahoo_ff.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Wells\AppData\Roaming\Mozilla\Firefox\Profiles\y57ymsby.default-1357964766865\Extensions\ascsurfingprotection@iobit.com [2014-09-01]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Wells\AppData\Roaming\Mozilla\Firefox\Profiles\y57ymsby.default-1357964766865\Extensions\adblockpopups@jessehakanen.net.xpi [2014-08-30]
FF Extension: Remove Google Tracking - C:\Users\Wells\AppData\Roaming\Mozilla\Firefox\Profiles\y57ymsby.default-1357964766865\Extensions\jid0-DpogclPgnN9OvqNntEBbPZxBinY@jetpack.xpi [2014-08-30]
FF Extension: Adblock Plus - C:\Users\Wells\AppData\Roaming\Mozilla\Firefox\Profiles\y57ymsby.default-1357964766865\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-30]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-08-22]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\pdf.dll ()
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Profile: C:\Users\Wells\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\Wells\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
S2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1343408 2014-02-24] (ESET)
S2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [335168 2013-04-25] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [375728 2012-12-22] (LogMeIn, Inc.)
S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [319288 2014-02-21] (Malwarebytes Corporation)
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S3 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [26048 2014-07-05] ()
S2 wwEngineSvc; C:\Program Files\Webroot\Washer\WasherSvc.exe [618896 2011-04-20] (Webroot Software, Inc.)
S2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-06] (AVAST Software)
S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
S2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
S0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
S1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62168 2014-02-21] ()
S4 LMIRfsClientNP; No ImagePath
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
R3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [39168 2014-06-17] (The OpenVPN Project)
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [X]
U4 SBRE; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-04 22:29 - 2014-09-04 22:30 - 00015215 _____ () C:\Users\Wells\Desktop\FRST.txt
2014-09-04 22:28 - 2014-09-04 22:28 - 02104832 _____ (Farbar) C:\Users\Wells\Desktop\FRST64.exe
2014-09-04 22:26 - 2014-09-04 22:27 - 02104832 _____ (Farbar) C:\Users\Wells\Downloads\FRST64.exe
2014-09-02 08:28 - 2014-09-02 08:28 - 00000056 _____ () C:\Windows\setupact.log
2014-09-02 08:28 - 2014-09-02 08:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-02 08:16 - 2014-09-02 08:16 - 00003708 _____ () C:\Windows\PFRO.log
2014-09-01 03:07 - 2014-09-01 03:07 - 00003094 _____ () C:\Windows\System32\Tasks\ASC7_PerformanceMonitor
2014-09-01 03:06 - 2014-09-01 03:07 - 00002177 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-09-01 03:06 - 2014-09-01 03:06 - 00002886 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-09-01 03:06 - 2014-09-01 03:06 - 00002854 _____ () C:\Windows\System32\Tasks\ASC7_SkipUac_Wells
2014-09-01 03:06 - 2014-09-01 03:06 - 00001206 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-09-01 03:06 - 2014-09-01 03:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-09-01 03:04 - 2014-09-01 03:04 - 38662680 _____ (IObit ) C:\Users\Wells\Downloads\advanced-systemcare-setup.exe
2014-09-01 03:00 - 2014-09-01 03:00 - 00000000 ____D () C:\Users\Wells\Downloads\iobit_toolbox(2)
2014-09-01 02:59 - 2014-09-01 02:59 - 22508192 _____ () C:\Users\Wells\Downloads\iobit_toolbox(2).zip
2014-08-28 00:10 - 2014-09-02 08:20 - 00015247 _____ () C:\Users\Wells\Desktop\dds.txt
2014-08-28 00:10 - 2014-09-02 08:20 - 00002384 _____ () C:\Users\Wells\Desktop\attach.txt
2014-08-27 12:24 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 12:24 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 12:24 - 2014-08-22 19:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-24 14:39 - 2014-08-24 14:39 - 00000000 _____ () C:\Users\Wells\Downloads\SecurityCheck_exe (1).a64h0pz.partial
2014-08-24 14:33 - 2014-08-24 14:34 - 00854417 _____ () C:\Users\Wells\Downloads\SecurityCheck_exe
2014-08-23 01:34 - 2014-05-08 04:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-08-23 01:34 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-08-22 23:56 - 2014-08-22 23:56 - 00000000 ____D () C:\Users\Wells\AppData\Roaming\ESET
2014-08-22 23:56 - 2014-08-22 23:56 - 00000000 ____D () C:\Users\Wells\AppData\Local\ESET
2014-08-22 23:55 - 2014-08-22 23:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-08-22 23:55 - 2014-08-22 23:55 - 00000000 ____D () C:\ProgramData\ESET
2014-08-22 23:55 - 2014-08-22 23:55 - 00000000 ____D () C:\Program Files\ESET
2014-08-22 23:48 - 2014-08-22 23:48 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-08-22 23:48 - 2014-08-22 23:48 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-08-22 23:48 - 2014-08-22 23:48 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-08-22 23:48 - 2014-08-22 23:48 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-08-22 23:48 - 2014-08-22 23:48 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-08-22 23:48 - 2014-08-22 23:48 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-08-22 23:48 - 2014-08-22 23:48 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-08-22 23:48 - 2014-08-22 23:48 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-22 23:42 - 2014-08-22 23:42 - 00201263 _____ () C:\ProgramData\1408768737.bdinstall.bin
2014-08-22 23:42 - 2014-08-22 23:42 - 00000000 ____D () C:\Program Files\Bitdefender
2014-08-22 23:36 - 2014-08-22 23:36 - 01415824 _____ (ESET) C:\Users\Wells\Downloads\eset_smart_security_live_installer.exe
2014-08-16 03:01 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 03:01 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 03:01 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 03:01 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 03:01 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 03:01 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 03:00 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 03:00 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 03:09 - 2014-07-15 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 03:09 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 03:09 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 03:09 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 03:09 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 03:09 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 03:09 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 03:09 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 03:09 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 03:09 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 03:08 - 2014-07-31 18:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 03:08 - 2014-07-31 18:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 03:08 - 2014-07-25 09:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 03:08 - 2014-07-25 09:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 03:08 - 2014-07-25 09:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 03:08 - 2014-07-25 08:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 03:08 - 2014-07-25 08:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 03:08 - 2014-07-25 08:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 03:08 - 2014-07-25 08:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 03:08 - 2014-07-25 08:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 03:08 - 2014-07-25 08:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 03:08 - 2014-07-25 08:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 03:08 - 2014-07-25 08:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 03:08 - 2014-07-25 08:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 03:08 - 2014-07-25 08:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 03:08 - 2014-07-25 08:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 03:08 - 2014-07-25 08:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 03:08 - 2014-07-25 07:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 03:08 - 2014-07-25 07:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 03:08 - 2014-07-25 07:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 03:08 - 2014-07-25 07:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 03:08 - 2014-07-25 07:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 03:08 - 2014-07-25 07:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 03:08 - 2014-07-25 07:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 03:08 - 2014-07-25 07:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 03:08 - 2014-07-25 07:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 03:08 - 2014-07-25 07:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 03:08 - 2014-07-25 07:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 03:08 - 2014-07-25 07:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 03:08 - 2014-07-25 07:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 03:08 - 2014-07-25 07:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 03:08 - 2014-07-25 07:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 03:08 - 2014-07-25 07:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 03:08 - 2014-07-25 07:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 03:08 - 2014-07-25 07:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 03:08 - 2014-07-25 07:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 03:08 - 2014-07-25 06:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 03:08 - 2014-07-25 06:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 03:08 - 2014-07-25 06:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 03:08 - 2014-07-25 06:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 03:08 - 2014-07-25 06:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 03:08 - 2014-07-25 06:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 03:08 - 2014-07-25 06:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 03:08 - 2014-07-25 06:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 03:08 - 2014-07-25 06:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 03:08 - 2014-07-25 06:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 03:08 - 2014-07-25 06:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 03:08 - 2014-07-25 06:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 03:08 - 2014-07-25 06:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 03:08 - 2014-07-25 06:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 03:08 - 2014-07-25 05:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 03:08 - 2014-07-25 05:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 03:08 - 2014-07-25 05:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 03:08 - 2014-07-25 05:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 03:08 - 2014-07-25 05:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 03:08 - 2014-07-25 05:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 03:08 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 03:08 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 03:07 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 03:07 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-15 03:03 - 2014-08-06 21:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 03:03 - 2014-08-06 21:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-10 11:10 - 2014-08-10 11:10 - 00000000 ____D () C:\Users\Wells\AppData\Local\Adobe
2014-08-06 03:00 - 2010-02-23 03:16 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-04 22:30 - 2014-09-04 22:29 - 00015215 _____ () C:\Users\Wells\Desktop\FRST.txt
2014-09-04 22:29 - 2013-11-23 14:49 - 00000000 ____D () C:\FRST
2014-09-04 22:28 - 2014-09-04 22:28 - 02104832 _____ (Farbar) C:\Users\Wells\Desktop\FRST64.exe
2014-09-04 22:27 - 2014-09-04 22:26 - 02104832 _____ (Farbar) C:\Users\Wells\Downloads\FRST64.exe
2014-09-04 22:22 - 2014-07-27 08:40 - 00000000 ____D () C:\Program Files (x86)\TunnelBear
2014-09-04 22:22 - 2013-09-26 22:38 - 01213549 _____ () C:\Windows\WindowsUpdate.log
2014-09-04 22:20 - 2009-07-13 23:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-04 22:20 - 2009-07-13 23:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-04 22:19 - 2011-06-11 23:13 - 00000000 ____D () C:\Users\Wells\AppData\Local\CrashDumps
2014-09-04 22:02 - 2012-04-12 00:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-04 22:01 - 2012-04-02 07:54 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-04 19:01 - 2012-04-02 07:54 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-02 23:38 - 2014-07-27 08:40 - 00000000 ____D () C:\Users\Wells\AppData\Local\HockeyCrashes
2014-09-02 23:04 - 2013-04-20 19:53 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-02 08:29 - 2014-04-17 10:51 - 00000000 ____D () C:\ProgramData\ProductData
2014-09-02 08:28 - 2014-09-02 08:28 - 00000056 _____ () C:\Windows\setupact.log
2014-09-02 08:28 - 2014-09-02 08:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-02 08:28 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-02 08:20 - 2014-08-28 00:10 - 00015247 _____ () C:\Users\Wells\Desktop\dds.txt
2014-09-02 08:20 - 2014-08-28 00:10 - 00002384 _____ () C:\Users\Wells\Desktop\attach.txt
2014-09-02 08:16 - 2014-09-02 08:16 - 00003708 _____ () C:\Windows\PFRO.log
2014-09-01 03:07 - 2014-09-01 03:07 - 00003094 _____ () C:\Windows\System32\Tasks\ASC7_PerformanceMonitor
2014-09-01 03:07 - 2014-09-01 03:06 - 00002177 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-09-01 03:06 - 2014-09-01 03:06 - 00002886 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-09-01 03:06 - 2014-09-01 03:06 - 00002854 _____ () C:\Windows\System32\Tasks\ASC7_SkipUac_Wells
2014-09-01 03:06 - 2014-09-01 03:06 - 00001206 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-09-01 03:06 - 2014-09-01 03:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-09-01 03:06 - 2011-05-10 15:15 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-09-01 03:04 - 2014-09-01 03:04 - 38662680 _____ (IObit ) C:\Users\Wells\Downloads\advanced-systemcare-setup.exe
2014-09-01 03:00 - 2014-09-01 03:00 - 00000000 ____D () C:\Users\Wells\Downloads\iobit_toolbox(2)
2014-09-01 02:59 - 2014-09-01 02:59 - 22508192 _____ () C:\Users\Wells\Downloads\iobit_toolbox(2).zip
2014-08-27 23:12 - 2014-05-16 22:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-27 22:48 - 2009-07-13 23:45 - 00453624 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-25 09:36 - 2012-08-06 22:04 - 00000000 ____D () C:\Users\Wells\AppData\Roaming\GlarySoft
2014-08-25 09:35 - 2011-04-22 17:59 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-08-24 23:16 - 2013-08-21 23:31 - 00000000 ____D () C:\AdwCleaner
2014-08-24 14:39 - 2014-08-24 14:39 - 00000000 _____ () C:\Users\Wells\Downloads\SecurityCheck_exe (1).a64h0pz.partial
2014-08-24 14:34 - 2014-08-24 14:33 - 00854417 _____ () C:\Users\Wells\Downloads\SecurityCheck_exe
2014-08-23 22:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-23 21:16 - 2011-04-20 14:54 - 00000000 ____D () C:\Users\Wells
2014-08-23 21:03 - 2013-04-25 19:38 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-23 21:03 - 2012-01-17 22:33 - 00000000 ____D () C:\Users\Guest
2014-08-23 21:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-08-23 02:24 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-08-23 01:27 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-23 01:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-22 23:56 - 2014-08-22 23:56 - 00000000 ____D () C:\Users\Wells\AppData\Roaming\ESET
2014-08-22 23:56 - 2014-08-22 23:56 - 00000000 ____D () C:\Users\Wells\AppData\Local\ESET
2014-08-22 23:55 - 2014-08-22 23:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-08-22 23:55 - 2014-08-22 23:55 - 00000000 ____D () C:\ProgramData\ESET
2014-08-22 23:55 - 2014-08-22 23:55 - 00000000 ____D () C:\Program Files\ESET
2014-08-22 23:48 - 2014-08-22 23:48 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-08-22 23:48 - 2014-08-22 23:48 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-08-22 23:48 - 2014-08-22 23:48 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-08-22 23:48 - 2014-08-22 23:48 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-08-22 23:48 - 2014-08-22 23:48 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-08-22 23:48 - 2014-08-22 23:48 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-08-22 23:48 - 2014-08-22 23:48 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-08-22 23:48 - 2014-08-22 23:48 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-22 23:42 - 2014-08-22 23:42 - 00201263 _____ () C:\ProgramData\1408768737.bdinstall.bin
2014-08-22 23:42 - 2014-08-22 23:42 - 00000000 ____D () C:\Program Files\Bitdefender
2014-08-22 23:39 - 2012-07-13 20:02 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-08-22 23:36 - 2014-08-22 23:36 - 01415824 _____ (ESET) C:\Users\Wells\Downloads\eset_smart_security_live_installer.exe
2014-08-22 21:07 - 2014-08-27 12:24 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 20:45 - 2014-08-27 12:24 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 19:59 - 2014-08-27 12:24 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-17 09:03 - 2012-07-18 11:22 - 00000362 _____ () C:\Windows\system32\checkdnsid.xml
2014-08-16 03:31 - 2013-03-14 03:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-16 03:31 - 2013-03-14 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-16 03:09 - 2013-08-16 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-16 03:05 - 2011-04-20 15:08 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-16 03:04 - 2013-03-14 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-16 03:00 - 2014-05-01 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-15 03:07 - 2012-04-12 00:31 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-15 03:07 - 2012-04-12 00:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-15 03:07 - 2012-04-12 00:31 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-10 11:10 - 2014-08-10 11:10 - 00000000 ____D () C:\Users\Wells\AppData\Local\Adobe
2014-08-08 15:44 - 2014-06-18 22:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-06 21:06 - 2014-08-15 03:03 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 21:01 - 2014-08-15 03:03 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 13:42 - 2011-04-20 16:12 - 00799430 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-08-05 09:20 - 2010-11-20 22:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-27 00:33

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02
Ran by Wells at 2014-09-04 22:30:48
Running from C:\Users\Wells\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 7.0 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 7.0 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Disabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX 64) (Version: 10.3.162.28 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\{15AE611F-5A40-4BD0-9291-1C6856BDB9A4}) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\{16E20D9D-E7E2-4951-A944-6FFC40870AD4}) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.4.0 - IObit)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audio Creator LE (HKLM-x32\...\AudioCreator_is1) (Version: 1.0 - Cakewalk Music Software)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.5 - Auslogics Software Pty Ltd)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.09 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2523 - CDBurnerXP)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DC-Bass Source 1.3.0 (HKLM-x32\...\DC-Bass Source) (Version:  - )
DownloadTerms (HKCU\...\DownloadTerms) (Version: 1.0 - Unlimited Downloads, LLC) <==== ATTENTION
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESET Smart Security (HKLM\...\{5E6F6CE8-1A35-4629-A550-376D4FF74F9B}) (Version: 7.0.317.4 - ESET, spol s r. o.)
ffdshow v1.1.4399 [2012-03-22] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.4399.0 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
IE Java Block 32bit Shim (HKLM\...\{01cf069a-f8a1-4067-adc4-5ef7e922733c}.sdb) (Version:  - )
IE Java Block 64bit Shim (HKLM\...\{b6631758-86a3-42a8-a308-9fe150096f25}.sdb) (Version:  - )
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.3.9.2622 - IObit)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
K-Lite Codec Pack 7.1.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.1.0 - )
Malwarebytes Anti-Exploit version 0.10.0.1000 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 0.10.0.1000 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.1 (HKLM\...\Microsoft IntelliPoint 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0 - Microsoft) Hidden
Microsoft IntelliType Pro 8.1 (HKLM\...\Microsoft IntelliType Pro 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft IntelliType Pro 8.1 (Version: 8.15.406.0 - Microsoft) Hidden
Microsoft Office Converter Pack (HKLM-x32\...\{6EECB283-E65F-40EF-86D3-D51BF02A8D43}) (Version: 11.0.0.0 - Microsoft Corporation - Office Resource Kit Group)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
Secunia PSI (3.0.0.7011) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
TunnelBear (HKLM-x32\...\{24ab069f-4a6a-43db-a29a-ab0daf2e8f2e}) (Version: 2.2.25.0 - TunnelBear)
TunnelBear (x32 Version: 2.2.25.0 - TunnelBear) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vensim PLE (HKLM-x32\...\Vensim PLE) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Window Washer (HKLM-x32\...\Window Washer) (Version:  - Webroot Software, Inc.)
Windows 8 Codecs Pack 1.0.0 (HKLM\...\w8cpsetup_is1) (Version: 1.0.0 - Web Solution Mart)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

23-08-2014 06:34:51 Windows Update
24-08-2014 01:41:44 Revo Uninstaller's restore point - ESET Online Scanner v3
24-08-2014 03:33:58 Revo Uninstaller's restore point - Advanced SystemCare 7
24-08-2014 05:00:05 Windows Backup
25-08-2014 14:31:31 Revo Uninstaller's restore point - IObit Uninstaller
25-08-2014 14:33:05 Revo Uninstaller's restore point - Surfing Protection
25-08-2014 14:34:23 Revo Uninstaller's restore point - LogMeIn
25-08-2014 14:36:08 Revo Uninstaller's restore point - Glary Utilities 2.49.0.1600
25-08-2014 14:46:21 Removed RegHunter
26-08-2014 10:55:25 Windows Update
28-08-2014 03:44:23 Windows Update
31-08-2014 05:00:11 Windows Backup
02-09-2014 07:20:33 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2013-09-08 23:31 - 00000279 ____A C:\Windows\system32\Drivers\etc\hosts
Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0F04521A-4227-4ACF-94F4-039DDF203E39} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-04-13] (Microsoft Corporation)
Task: {1E69A44B-7645-43E6-B70E-D580D69A0F92} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-04-13] (Microsoft Corporation)
Task: {2CA90EEA-A26D-45DE-8C14-1C08B5715B02} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [2014-08-20] (IObit)
Task: {320D08E5-8583-497D-8595-CDC969B00C83} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {3C6C9A3F-1B49-4BDB-B0F6-F40360BA0744} - System32\Tasks\TunnelBear => C:\Program Files (x86)\TunnelBear\TBear.Client.exe [2014-07-05] (TunnelBear)
Task: {46B6BECF-68E1-4068-B174-8D612EE46833} - System32\Tasks\{6DD27E09-1028-4A4F-9948-F938BC20AA27} => C:\Program Files (x86)\XeroBank\xBBrowser.exe
Task: {54B3DDDD-1041-4F7E-B19E-AF5FACC46164} - System32\Tasks\ASC7_SkipUac_Wells => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-08-22] (IObit)
Task: {68C9C8E2-B9CF-4B93-A1B2-04116DC1D07E} - System32\Tasks\Auslogics\BoostSpeed\Start BoostSpeed оn Wells logon => C:\Program Files (x86)\Auslogics\BoostSpeed\BoostSpeed.exe
Task: {AD76D978-A95A-4F56-B912-95DFA32BAD5B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02] (Google Inc.)
Task: {B4F55620-4753-4293-BE76-A8A4096B496C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02] (Google Inc.)
Task: {BF4B16AE-E418-41E6-8C1B-A068E54CD4B5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-15] (Adobe Systems Incorporated)
Task: {C7B70F19-D567-4912-9A4D-0BC983FC9699} - System32\Tasks\ASC4_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
Task: {D0187A42-584E-44B8-9DEC-5249F4AEF47E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D38952DB-72AC-4B10-88A1-47C154397064} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-08-22] (IObit)
Task: {E9EE2921-822F-4ACC-B862-84E9402E4A33} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater(4204).job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-08-05 10:45 - 2009-08-05 10:45 - 00106312 _____ () C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLCTL.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\49801609.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\55010665.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\59462446.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\71621468.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\77789312.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\93835946.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\93979785.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\98262710.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\49801609.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\55010665.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\59462446.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\71621468.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\77789312.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\93835946.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\93979785.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\98262710.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: SunJavaUpdateSched =>

==================== Faulty Device Manager Devices =============

Name: ehdrv
Description: ehdrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ehdrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: epfwwfp
Description: epfwwfp
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: epfwwfp
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/04/2014 10:25:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/04/2014 10:23:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/04/2014 10:19:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17239, time stamp: 0x53d22946
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0x0eedfade
Fault offset: 0x0000c42d
Faulting process id: 0x970
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (09/04/2014 10:19:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17239, time stamp: 0x53d22946
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0x0eedfade
Fault offset: 0x0000c42d
Faulting process id: 0x1324
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (09/02/2014 11:58:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/02/2014 08:30:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2014 08:29:09 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/02/2014 08:18:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2014 08:17:22 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/01/2014 03:40:18 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

System errors:
=============
Error: (09/04/2014 10:30:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/04/2014 10:30:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/04/2014 10:30:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/04/2014 10:27:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/04/2014 10:27:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/04/2014 10:27:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/04/2014 10:27:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/04/2014 10:27:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/04/2014 10:27:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/04/2014 10:26:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (09/04/2014 10:25:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/04/2014 10:23:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Wells\Desktop\esetsmartinstaller_enu.exe

Error: (09/04/2014 10:19:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1723953d22946KERNELBASE.dll6.1.7601.1840953159a860eedfade0000c42d97001cfc8b831067a31C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\KERNELBASE.dll6f19604a-34ab-11e4-9b9e-00248c268ba6

Error: (09/04/2014 10:19:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1723953d22946KERNELBASE.dll6.1.7601.1840953159a860eedfade0000c42d132401cfc8b82ee7c031C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\KERNELBASE.dll6d2ca336-34ab-11e4-9b9e-00248c268ba6

Error: (09/02/2014 11:58:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/02/2014 08:30:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2014 08:29:09 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Wells\Desktop\esetsmartinstaller_enu.exe

Error: (09/02/2014 08:18:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2014 08:17:22 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Wells\Desktop\esetsmartinstaller_enu.exe

Error: (09/01/2014 03:40:18 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

==================== Memory info ===========================

Processor: AMD Phenom™ II X4 940 Processor
Percentage of memory in use: 21%
Total physical RAM: 3839.11 MB
Available physical RAM: 2994.89 MB
Total Pagefile: 11337.29 MB
Available Pagefile: 10524.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:466.2 GB) (Free:409.54 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Backup) (Fixed) (Total:465.31 GB) (Free:57.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E4A390EA)
Partition 1: (Active) - (Size=466.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.3 GB) - (Type=OF Extended)

==================== End Of Log ============================

 

OhMy! I'm having no luck saving System Summary to Desktop or anywhere else and retrieving it, compressing it, zipping it. it runs but can't be found after I save it...



#6 wpfast

wpfast
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 04 September 2014 - 10:59 PM

okay...I got the Summary in a sipped file on desktop but there's no Attach button under this comment section for me to execute the attach sequence

not sure what's up

wpfast



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,741 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:22 PM

Posted 05 September 2014 - 12:13 PM

Greetings and thank you for the information.
 

but downloading programs has been a problem

Please explain what this means currently.

I will provide instructions on how to attach a file and also would like you to run a couple things for me.

===================================================

How to Attach a File to Your Reply

--------------------
  • If necessary click the More Reply Options button in the lower right hand corner of the Reply to this topic section of the Post
  • In the lower left hand corner you should see a Browse button under Attach Files
  • Click the Browse button and a new window will open
  • Navigate to and double click on the file you want to attach
  • Once the file path is entered into the box click Attach This File
  • If successful, you will see the file name appear above Attach Files with a green check mark to the left
  • When you are done with your message and hit Reply the file will automatically be attached to your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
S4 LMIRfsClientNP; No ImagePath
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [X]
U4 SBRE; No ImagePath
127.0.0.1       localhost
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Rerun FRST in Normal Mode, placing a check mark in Addition.txt and post the results
===================================================

ESET Scan Log

--------------------
  • Using Windows Explorer please navigate to the following location

C:\Program Files (x86)\ESET\ESET Online Scanner

  • Locate and open the most recent log.txt
  • Copy and paste the information in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Attached System Summary File
  • Fixlog
  • FRST reports (2) run in Normal Mode
  • ESET log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 wpfast

wpfast
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 05 September 2014 - 05:02 PM

ever since I switched from BitDefender to ESET anti virus free trial downloads have been a problem, even in Safe mode

 

I end up maybe getting a download and then running it...and after messing around for a while I may even get it to the desktop but only in Safe mode

 

Attached File  Summary.zip   46.05KB   1 downloads  



#9 wpfast

wpfast
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 05 September 2014 - 05:10 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2014 02
Ran by Wells at 2014-09-05 17:06:15 Run:2
Running from C:\Users\Wells\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
S4 LMIRfsClientNP; No ImagePath
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [X]
U4 SBRE; No ImagePath
127.0.0.1       localhost
*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
"HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found.
"HKCR\PROTOCOLS\Filter\text/xml" => Key deleted successfully.
"HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945}" => Key not found.
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
LMIRfsClientNP => Service deleted successfully.
LMIInfo => Service deleted successfully.
SBRE => Service deleted successfully.
127.0.0.1       localhost => Error: No automatic fix found for this entry.

==== End of Fixlog ====

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by Wells (administrator) on WELLS-PC on 05-09-2014 17:08:32
Running from C:\Users\Wells\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Webroot Software, Inc.) C:\Program Files\Webroot\Washer\WasherSvc.exe
(TunnelBear) C:\Program Files (x86)\TunnelBear\TBear.Client.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_176_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(The OpenVPN Project) C:\Program Files (x86)\TunnelBear\V2\OpenSSL\vpn.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1860496 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [404712 2013-01-04] (BillP Studios)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5581888 2014-02-24] (ESET)
HKLM-x32\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [404712 2013-01-04] (BillP Studios)
HKLM-x32\...\Run: [WsmUpdater] => C:\Program Files (x86)\Web Solution Mart\Windows 8 Codecs Pack\Updater.exe [292208 2012-05-18] (Web Solution Mart)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [1294136 2014-02-21] (Malwarebytes Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKU\S-1-5-21-2524746469-604534309-456938349-1000\...\Run: [Advanced SystemCare 7] => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2281248 2014-08-22] (IObit)
HKU\S-1-5-21-2524746469-604534309-456938349-1000\...\Policies\Explorer: [NoRecentDocsHistory] 1
Lsa: [Notification Packages] msv1_0 scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://duckduckgo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - {606F3F31-9930-42FF-9D35-8C35F6252D53} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=114576&p={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Wells\AppData\Roaming\Mozilla\Firefox\Profiles\y57ymsby.default-1357964766865
FF SelectedSearchEngine: Google
FF Homepage: duckduckgo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Wells\AppData\Roaming\Mozilla\Firefox\Profiles\y57ymsby.default-1357964766865\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Wells\AppData\Roaming\Mozilla\Firefox\Profiles\y57ymsby.default-1357964766865\searchplugins\yahoo_ff.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Wells\AppData\Roaming\Mozilla\Firefox\Profiles\y57ymsby.default-1357964766865\Extensions\ascsurfingprotection@iobit.com [2014-09-01]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Wells\AppData\Roaming\Mozilla\Firefox\Profiles\y57ymsby.default-1357964766865\Extensions\adblockpopups@jessehakanen.net.xpi [2014-08-30]
FF Extension: Remove Google Tracking - C:\Users\Wells\AppData\Roaming\Mozilla\Firefox\Profiles\y57ymsby.default-1357964766865\Extensions\jid0-DpogclPgnN9OvqNntEBbPZxBinY@jetpack.xpi [2014-08-30]
FF Extension: Adblock Plus - C:\Users\Wells\AppData\Roaming\Mozilla\Firefox\Profiles\y57ymsby.default-1357964766865\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-30]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-08-22]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR HomePage: Default -> 35A89F13282333E2187E2A337D81C9027A6E50933E1112B4F9B6C4EA2C859288
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Profile: C:\Users\Wells\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Wells\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (Google Wallet) - C:\Users\Wells\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1343408 2014-02-24] (ESET)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [335168 2013-04-25] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [375728 2012-12-22] (LogMeIn, Inc.)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [319288 2014-02-21] (Malwarebytes Corporation)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R3 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [26048 2014-07-05] ()
R2 wwEngineSvc; C:\Program Files\Webroot\Washer\WasherSvc.exe [618896 2011-04-20] (Webroot Software, Inc.)
S2 vToolbarUpdater15.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-06] (AVAST Software)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62168 2014-02-21] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
R3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [39168 2014-06-17] (The OpenVPN Project)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-04 23:21 - 2014-09-04 23:21 - 00000704 _____ () C:\Windows\PFRO.log
2014-09-04 23:21 - 2014-09-04 23:21 - 00000056 _____ () C:\Windows\setupact.log
2014-09-04 23:21 - 2014-09-04 23:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-04 22:53 - 2014-09-04 22:53 - 00047278 _____ () C:\Users\Wells\Desktop\Summary (2).zip
2014-09-04 22:52 - 2014-09-04 22:52 - 00047158 _____ () C:\Users\Wells\Desktop\Summary.zip
2014-09-04 22:42 - 2014-09-04 22:42 - 00991176 _____ () C:\Users\Wells\Desktop\Summary.nfo
2014-09-04 22:37 - 2014-09-04 22:37 - 00988310 _____ () C:\Users\Wells\Desktop\ms32filesummary.nfo
2014-09-04 22:29 - 2014-09-05 17:08 - 00016910 _____ () C:\Users\Wells\Desktop\FRST.txt
2014-09-04 22:28 - 2014-09-04 22:28 - 02104832 _____ (Farbar) C:\Users\Wells\Desktop\FRST64.exe
2014-09-04 22:26 - 2014-09-04 22:27 - 02104832 _____ (Farbar) C:\Users\Wells\Downloads\FRST64.exe
2014-09-01 03:07 - 2014-09-01 03:07 - 00003094 _____ () C:\Windows\System32\Tasks\ASC7_PerformanceMonitor
2014-09-01 03:06 - 2014-09-01 03:07 - 00002177 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-09-01 03:06 - 2014-09-01 03:06 - 00002886 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-09-01 03:06 - 2014-09-01 03:06 - 00002854 _____ () C:\Windows\System32\Tasks\ASC7_SkipUac_Wells
2014-09-01 03:06 - 2014-09-01 03:06 - 00001206 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-09-01 03:06 - 2014-09-01 03:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-09-01 03:04 - 2014-09-01 03:04 - 38662680 _____ (IObit ) C:\Users\Wells\Downloads\advanced-systemcare-setup.exe
2014-09-01 03:00 - 2014-09-01 03:00 - 00000000 ____D () C:\Users\Wells\Downloads\iobit_toolbox(2)
2014-09-01 02:59 - 2014-09-01 02:59 - 22508192 _____ () C:\Users\Wells\Downloads\iobit_toolbox(2).zip
2014-08-27 12:24 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 12:24 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 12:24 - 2014-08-22 19:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-24 14:39 - 2014-08-24 14:39 - 00000000 _____ () C:\Users\Wells\Downloads\SecurityCheck_exe (1).a64h0pz.partial
2014-08-24 14:33 - 2014-08-24 14:34 - 00854417 _____ () C:\Users\Wells\Downloads\SecurityCheck_exe
2014-08-23 01:34 - 2014-05-08 04:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-08-23 01:34 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-08-22 23:56 - 2014-08-22 23:56 - 00000000 ____D () C:\Users\Wells\AppData\Roaming\ESET
2014-08-22 23:56 - 2014-08-22 23:56 - 00000000 ____D () C:\Users\Wells\AppData\Local\ESET
2014-08-22 23:55 - 2014-08-22 23:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-08-22 23:55 - 2014-08-22 23:55 - 00000000 ____D () C:\ProgramData\ESET
2014-08-22 23:55 - 2014-08-22 23:55 - 00000000 ____D () C:\Program Files\ESET
2014-08-22 23:48 - 2014-08-22 23:48 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-08-22 23:48 - 2014-08-22 23:48 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-08-22 23:48 - 2014-08-22 23:48 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-08-22 23:48 - 2014-08-22 23:48 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-08-22 23:48 - 2014-08-22 23:48 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-08-22 23:48 - 2014-08-22 23:48 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-08-22 23:48 - 2014-08-22 23:48 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-08-22 23:48 - 2014-08-22 23:48 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-22 23:42 - 2014-08-22 23:42 - 00201263 _____ () C:\ProgramData\1408768737.bdinstall.bin
2014-08-22 23:42 - 2014-08-22 23:42 - 00000000 ____D () C:\Program Files\Bitdefender
2014-08-22 23:36 - 2014-08-22 23:36 - 01415824 _____ (ESET) C:\Users\Wells\Downloads\eset_smart_security_live_installer.exe
2014-08-16 03:01 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 03:01 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 03:01 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 03:01 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 03:01 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 03:01 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 03:00 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 03:00 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 03:09 - 2014-07-15 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 03:09 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 03:09 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 03:09 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 03:09 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 03:09 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 03:09 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 03:09 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 03:09 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 03:09 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 03:08 - 2014-07-31 18:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 03:08 - 2014-07-31 18:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 03:08 - 2014-07-25 09:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 03:08 - 2014-07-25 09:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 03:08 - 2014-07-25 09:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 03:08 - 2014-07-25 08:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 03:08 - 2014-07-25 08:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 03:08 - 2014-07-25 08:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 03:08 - 2014-07-25 08:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 03:08 - 2014-07-25 08:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 03:08 - 2014-07-25 08:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 03:08 - 2014-07-25 08:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 03:08 - 2014-07-25 08:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 03:08 - 2014-07-25 08:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 03:08 - 2014-07-25 08:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 03:08 - 2014-07-25 08:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 03:08 - 2014-07-25 08:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 03:08 - 2014-07-25 07:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 03:08 - 2014-07-25 07:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 03:08 - 2014-07-25 07:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 03:08 - 2014-07-25 07:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 03:08 - 2014-07-25 07:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 03:08 - 2014-07-25 07:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 03:08 - 2014-07-25 07:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 03:08 - 2014-07-25 07:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 03:08 - 2014-07-25 07:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 03:08 - 2014-07-25 07:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 03:08 - 2014-07-25 07:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 03:08 - 2014-07-25 07:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 03:08 - 2014-07-25 07:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 03:08 - 2014-07-25 07:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 03:08 - 2014-07-25 07:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 03:08 - 2014-07-25 07:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 03:08 - 2014-07-25 07:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 03:08 - 2014-07-25 07:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 03:08 - 2014-07-25 07:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 03:08 - 2014-07-25 06:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 03:08 - 2014-07-25 06:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 03:08 - 2014-07-25 06:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 03:08 - 2014-07-25 06:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 03:08 - 2014-07-25 06:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 03:08 - 2014-07-25 06:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 03:08 - 2014-07-25 06:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 03:08 - 2014-07-25 06:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 03:08 - 2014-07-25 06:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 03:08 - 2014-07-25 06:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 03:08 - 2014-07-25 06:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 03:08 - 2014-07-25 06:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 03:08 - 2014-07-25 06:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 03:08 - 2014-07-25 06:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 03:08 - 2014-07-25 05:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 03:08 - 2014-07-25 05:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 03:08 - 2014-07-25 05:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 03:08 - 2014-07-25 05:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 03:08 - 2014-07-25 05:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 03:08 - 2014-07-25 05:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 03:08 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 03:08 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 03:07 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 03:07 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-15 03:03 - 2014-08-06 21:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 03:03 - 2014-08-06 21:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-10 11:10 - 2014-08-10 11:10 - 00000000 ____D () C:\Users\Wells\AppData\Local\Adobe
2014-08-06 03:00 - 2010-02-23 03:16 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-05 17:08 - 2014-09-04 22:29 - 00016910 _____ () C:\Users\Wells\Desktop\FRST.txt
2014-09-05 17:08 - 2013-11-23 14:49 - 00000000 ____D () C:\FRST
2014-09-05 17:02 - 2012-04-12 00:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-05 17:01 - 2012-04-02 07:54 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-05 16:48 - 2014-07-27 08:40 - 00000000 ____D () C:\Program Files (x86)\TunnelBear
2014-09-05 02:36 - 2013-09-26 22:38 - 01333065 _____ () C:\Windows\WindowsUpdate.log
2014-09-04 23:29 - 2009-07-13 23:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-04 23:29 - 2009-07-13 23:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-04 23:22 - 2014-07-27 08:40 - 00000000 ____D () C:\Users\Wells\AppData\Local\HockeyCrashes
2014-09-04 23:22 - 2012-04-02 07:54 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-04 23:21 - 2014-09-04 23:21 - 00000704 _____ () C:\Windows\PFRO.log
2014-09-04 23:21 - 2014-09-04 23:21 - 00000056 _____ () C:\Windows\setupact.log
2014-09-04 23:21 - 2014-09-04 23:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-04 23:21 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-04 23:01 - 2014-04-17 10:51 - 00000000 ____D () C:\ProgramData\ProductData
2014-09-04 22:53 - 2014-09-04 22:53 - 00047278 _____ () C:\Users\Wells\Desktop\Summary (2).zip
2014-09-04 22:52 - 2014-09-04 22:52 - 00047158 _____ () C:\Users\Wells\Desktop\Summary.zip
2014-09-04 22:42 - 2014-09-04 22:42 - 00991176 _____ () C:\Users\Wells\Desktop\Summary.nfo
2014-09-04 22:37 - 2014-09-04 22:37 - 00988310 _____ () C:\Users\Wells\Desktop\ms32filesummary.nfo
2014-09-04 22:28 - 2014-09-04 22:28 - 02104832 _____ (Farbar) C:\Users\Wells\Desktop\FRST64.exe
2014-09-04 22:27 - 2014-09-04 22:26 - 02104832 _____ (Farbar) C:\Users\Wells\Downloads\FRST64.exe
2014-09-04 22:19 - 2011-06-11 23:13 - 00000000 ____D () C:\Users\Wells\AppData\Local\CrashDumps
2014-09-02 23:04 - 2013-04-20 19:53 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-01 03:07 - 2014-09-01 03:07 - 00003094 _____ () C:\Windows\System32\Tasks\ASC7_PerformanceMonitor
2014-09-01 03:07 - 2014-09-01 03:06 - 00002177 _____ () C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-09-01 03:06 - 2014-09-01 03:06 - 00002886 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-09-01 03:06 - 2014-09-01 03:06 - 00002854 _____ () C:\Windows\System32\Tasks\ASC7_SkipUac_Wells
2014-09-01 03:06 - 2014-09-01 03:06 - 00001206 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-09-01 03:06 - 2014-09-01 03:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-09-01 03:06 - 2011-05-10 15:15 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-09-01 03:04 - 2014-09-01 03:04 - 38662680 _____ (IObit ) C:\Users\Wells\Downloads\advanced-systemcare-setup.exe
2014-09-01 03:00 - 2014-09-01 03:00 - 00000000 ____D () C:\Users\Wells\Downloads\iobit_toolbox(2)
2014-09-01 02:59 - 2014-09-01 02:59 - 22508192 _____ () C:\Users\Wells\Downloads\iobit_toolbox(2).zip
2014-08-27 23:12 - 2014-05-16 22:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-27 22:48 - 2009-07-13 23:45 - 00453624 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-25 09:36 - 2012-08-06 22:04 - 00000000 ____D () C:\Users\Wells\AppData\Roaming\GlarySoft
2014-08-25 09:35 - 2011-04-22 17:59 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-08-24 23:16 - 2013-08-21 23:31 - 00000000 ____D () C:\AdwCleaner
2014-08-24 14:39 - 2014-08-24 14:39 - 00000000 _____ () C:\Users\Wells\Downloads\SecurityCheck_exe (1).a64h0pz.partial
2014-08-24 14:34 - 2014-08-24 14:33 - 00854417 _____ () C:\Users\Wells\Downloads\SecurityCheck_exe
2014-08-23 22:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-23 21:16 - 2011-04-20 14:54 - 00000000 ____D () C:\Users\Wells
2014-08-23 21:03 - 2013-04-25 19:38 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-23 21:03 - 2012-01-17 22:33 - 00000000 ____D () C:\Users\Guest
2014-08-23 21:03 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-08-23 02:24 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-08-23 01:27 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-23 01:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-22 23:56 - 2014-08-22 23:56 - 00000000 ____D () C:\Users\Wells\AppData\Roaming\ESET
2014-08-22 23:56 - 2014-08-22 23:56 - 00000000 ____D () C:\Users\Wells\AppData\Local\ESET
2014-08-22 23:55 - 2014-08-22 23:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-08-22 23:55 - 2014-08-22 23:55 - 00000000 ____D () C:\ProgramData\ESET
2014-08-22 23:55 - 2014-08-22 23:55 - 00000000 ____D () C:\Program Files\ESET
2014-08-22 23:48 - 2014-08-22 23:48 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-08-22 23:48 - 2014-08-22 23:48 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-08-22 23:48 - 2014-08-22 23:48 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-08-22 23:48 - 2014-08-22 23:48 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-08-22 23:48 - 2014-08-22 23:48 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-08-22 23:48 - 2014-08-22 23:48 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-08-22 23:48 - 2014-08-22 23:48 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-08-22 23:48 - 2014-08-22 23:48 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-22 23:48 - 2014-08-22 23:48 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-22 23:42 - 2014-08-22 23:42 - 00201263 _____ () C:\ProgramData\1408768737.bdinstall.bin
2014-08-22 23:42 - 2014-08-22 23:42 - 00000000 ____D () C:\Program Files\Bitdefender
2014-08-22 23:39 - 2012-07-13 20:02 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-08-22 23:36 - 2014-08-22 23:36 - 01415824 _____ (ESET) C:\Users\Wells\Downloads\eset_smart_security_live_installer.exe
2014-08-22 21:07 - 2014-08-27 12:24 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 20:45 - 2014-08-27 12:24 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 19:59 - 2014-08-27 12:24 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-17 09:03 - 2012-07-18 11:22 - 00000362 _____ () C:\Windows\system32\checkdnsid.xml
2014-08-16 03:31 - 2013-03-14 03:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-16 03:31 - 2013-03-14 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-16 03:09 - 2013-08-16 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-16 03:05 - 2011-04-20 15:08 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-16 03:04 - 2013-03-14 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-16 03:00 - 2014-05-01 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-15 03:07 - 2012-04-12 00:31 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-15 03:07 - 2012-04-12 00:31 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-15 03:07 - 2012-04-12 00:31 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-10 11:10 - 2014-08-10 11:10 - 00000000 ____D () C:\Users\Wells\AppData\Local\Adobe
2014-08-08 15:44 - 2014-06-18 22:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-06 21:06 - 2014-08-15 03:03 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 21:01 - 2014-08-15 03:03 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-27 00:33

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02
Ran by Wells at 2014-09-05 17:08:56
Running from C:\Users\Wells\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX 64) (Version: 10.3.162.28 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\{15AE611F-5A40-4BD0-9291-1C6856BDB9A4}) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\{16E20D9D-E7E2-4951-A944-6FFC40870AD4}) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.4.0 - IObit)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audio Creator LE (HKLM-x32\...\AudioCreator_is1) (Version: 1.0 - Cakewalk Music Software)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.5 - Auslogics Software Pty Ltd)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.09 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2523 - CDBurnerXP)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DC-Bass Source 1.3.0 (HKLM-x32\...\DC-Bass Source) (Version:  - )
DownloadTerms (HKCU\...\DownloadTerms) (Version: 1.0 - Unlimited Downloads, LLC) <==== ATTENTION
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ESET Smart Security (HKLM\...\{5E6F6CE8-1A35-4629-A550-376D4FF74F9B}) (Version: 7.0.317.4 - ESET, spol s r. o.)
ffdshow v1.1.4399 [2012-03-22] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.4399.0 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
IE Java Block 32bit Shim (HKLM\...\{01cf069a-f8a1-4067-adc4-5ef7e922733c}.sdb) (Version:  - )
IE Java Block 64bit Shim (HKLM\...\{b6631758-86a3-42a8-a308-9fe150096f25}.sdb) (Version:  - )
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.3.9.2622 - IObit)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
K-Lite Codec Pack 7.1.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.1.0 - )
Malwarebytes Anti-Exploit version 0.10.0.1000 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 0.10.0.1000 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.1 (HKLM\...\Microsoft IntelliPoint 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0 - Microsoft) Hidden
Microsoft IntelliType Pro 8.1 (HKLM\...\Microsoft IntelliType Pro 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft IntelliType Pro 8.1 (Version: 8.15.406.0 - Microsoft) Hidden
Microsoft Office Converter Pack (HKLM-x32\...\{6EECB283-E65F-40EF-86D3-D51BF02A8D43}) (Version: 11.0.0.0 - Microsoft Corporation - Office Resource Kit Group)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
MPC-HC 1.7.0 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
Secunia PSI (3.0.0.7011) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
TunnelBear (HKLM-x32\...\{24ab069f-4a6a-43db-a29a-ab0daf2e8f2e}) (Version: 2.2.25.0 - TunnelBear)
TunnelBear (x32 Version: 2.2.25.0 - TunnelBear) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Vensim PLE (HKLM-x32\...\Vensim PLE) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Window Washer (HKLM-x32\...\Window Washer) (Version:  - Webroot Software, Inc.)
Windows 8 Codecs Pack 1.0.0 (HKLM\...\w8cpsetup_is1) (Version: 1.0.0 - Web Solution Mart)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

24-08-2014 01:41:44 Revo Uninstaller's restore point - ESET Online Scanner v3
24-08-2014 03:33:58 Revo Uninstaller's restore point - Advanced SystemCare 7
24-08-2014 05:00:05 Windows Backup
25-08-2014 14:31:31 Revo Uninstaller's restore point - IObit Uninstaller
25-08-2014 14:33:05 Revo Uninstaller's restore point - Surfing Protection
25-08-2014 14:34:23 Revo Uninstaller's restore point - LogMeIn
25-08-2014 14:36:08 Revo Uninstaller's restore point - Glary Utilities 2.49.0.1600
25-08-2014 14:46:21 Removed RegHunter
26-08-2014 10:55:25 Windows Update
28-08-2014 03:44:23 Windows Update
31-08-2014 05:00:11 Windows Backup
02-09-2014 07:20:33 Windows Update
05-09-2014 07:35:48 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2013-09-08 23:31 - 00000279 ____A C:\Windows\system32\Drivers\etc\hosts
Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0F04521A-4227-4ACF-94F4-039DDF203E39} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-04-13] (Microsoft Corporation)
Task: {1E69A44B-7645-43E6-B70E-D580D69A0F92} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-04-13] (Microsoft Corporation)
Task: {2CA90EEA-A26D-45DE-8C14-1C08B5715B02} - System32\Tasks\ASC7_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe [2014-08-20] (IObit)
Task: {320D08E5-8583-497D-8595-CDC969B00C83} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {3C6C9A3F-1B49-4BDB-B0F6-F40360BA0744} - System32\Tasks\TunnelBear => C:\Program Files (x86)\TunnelBear\TBear.Client.exe [2014-07-05] (TunnelBear)
Task: {46B6BECF-68E1-4068-B174-8D612EE46833} - System32\Tasks\{6DD27E09-1028-4A4F-9948-F938BC20AA27} => C:\Program Files (x86)\XeroBank\xBBrowser.exe
Task: {54B3DDDD-1041-4F7E-B19E-AF5FACC46164} - System32\Tasks\ASC7_SkipUac_Wells => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-08-22] (IObit)
Task: {68C9C8E2-B9CF-4B93-A1B2-04116DC1D07E} - System32\Tasks\Auslogics\BoostSpeed\Start BoostSpeed оn Wells logon => C:\Program Files (x86)\Auslogics\BoostSpeed\BoostSpeed.exe
Task: {AD76D978-A95A-4F56-B912-95DFA32BAD5B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02] (Google Inc.)
Task: {B4F55620-4753-4293-BE76-A8A4096B496C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02] (Google Inc.)
Task: {BF4B16AE-E418-41E6-8C1B-A068E54CD4B5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-15] (Adobe Systems Incorporated)
Task: {C7B70F19-D567-4912-9A4D-0BC983FC9699} - System32\Tasks\ASC4_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
Task: {D0187A42-584E-44B8-9DEC-5249F4AEF47E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D38952DB-72AC-4B10-88A1-47C154397064} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-08-22] (IObit)
Task: {E9EE2921-822F-4ACC-B862-84E9402E4A33} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater(4204).job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-05 10:05 - 2014-07-05 10:05 - 00026048 _____ () C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
2014-09-01 03:06 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-07-31 12:45 - 2011-04-20 10:11 - 00559244 _____ () C:\Program Files\Webroot\Washer\sqlite3.dll
2013-01-12 02:55 - 2012-12-09 20:46 - 00600868 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2014-06-17 12:06 - 2014-06-17 12:06 - 00088576 _____ () C:\Program Files (x86)\TunnelBear\v2\OpenSSL\lzo2.dll
2014-06-17 12:06 - 2014-06-17 12:06 - 00063488 _____ () C:\Program Files (x86)\TunnelBear\v2\OpenSSL\libpkcs11-helper-1.dll
2009-08-05 10:45 - 2009-08-05 10:45 - 00106312 _____ () C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLCTL.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\49801609.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\55010665.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\59462446.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\71621468.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\77789312.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\93835946.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\93979785.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\98262710.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\49801609.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\55010665.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\59462446.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\71621468.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\77789312.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\93835946.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\93979785.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\98262710.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: SunJavaUpdateSched =>

==================== Faulty Device Manager Devices =============

Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/04/2014 11:59:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/04/2014 11:23:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/04/2014 11:01:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/04/2014 11:00:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/04/2014 10:39:16 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/04/2014 10:25:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/04/2014 10:23:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/04/2014 10:19:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17239, time stamp: 0x53d22946
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0x0eedfade
Fault offset: 0x0000c42d
Faulting process id: 0x970
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (09/04/2014 10:19:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17239, time stamp: 0x53d22946
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0x0eedfade
Fault offset: 0x0000c42d
Faulting process id: 0x1324
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (09/02/2014 11:58:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

System errors:
=============
Error: (09/05/2014 05:01:49 PM) (Source: DCOM) (EventID: 10016) (User: Wells-PC)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Wells-PCWellsS-1-5-21-2524746469-604534309-456938349-1000LocalHost (Using LRPC)

Error: (09/05/2014 04:56:13 PM) (Source: DCOM) (EventID: 10016) (User: Wells-PC)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Wells-PCWellsS-1-5-21-2524746469-604534309-456938349-1000LocalHost (Using LRPC)

Error: (09/05/2014 04:54:19 PM) (Source: DCOM) (EventID: 10016) (User: Wells-PC)
Description: application-specificLocalActivation{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Wells-PCWellsS-1-5-21-2524746469-604534309-456938349-1000LocalHost (Using LRPC)

Error: (09/04/2014 11:22:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswSnx

Error: (09/04/2014 11:22:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater15.3.0 service failed to start due to the following error:
%%2

Error: (09/04/2014 11:22:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LMIGuardianSvc service failed to start due to the following error:
%%1053

Error: (09/04/2014 11:22:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the LMIGuardianSvc service to connect.

Error: (09/04/2014 11:21:51 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (09/04/2014 11:21:44 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (09/04/2014 11:21:44 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Microsoft Office Sessions:
=========================
Error: (09/04/2014 11:59:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/04/2014 11:23:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/04/2014 11:01:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/04/2014 11:00:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Wells\Desktop\esetsmartinstaller_enu.exe

Error: (09/04/2014 10:39:16 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Wells\Downloads\esetsmartinstaller_enu (1).exe

Error: (09/04/2014 10:25:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/04/2014 10:23:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Wells\Desktop\esetsmartinstaller_enu.exe

Error: (09/04/2014 10:19:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1723953d22946KERNELBASE.dll6.1.7601.1840953159a860eedfade0000c42d97001cfc8b831067a31C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\KERNELBASE.dll6f19604a-34ab-11e4-9b9e-00248c268ba6

Error: (09/04/2014 10:19:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1723953d22946KERNELBASE.dll6.1.7601.1840953159a860eedfade0000c42d132401cfc8b82ee7c031C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\KERNELBASE.dll6d2ca336-34ab-11e4-9b9e-00248c268ba6

Error: (09/02/2014 11:58:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

CodeIntegrity Errors:
===================================
  Date: 2013-01-29 22:24:29.353
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_026\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-29 22:11:35.307
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_026\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-29 21:49:54.338
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_026\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-29 21:35:55.629
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_026\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-29 21:11:16.293
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_026\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-29 17:32:29.200
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_026\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-29 16:22:30.225
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_026\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-29 16:06:55.573
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_026\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-29 15:48:32.758
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_026\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-29 15:38:40.346
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_026\avcuf64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Phenom™ II X4 940 Processor
Percentage of memory in use: 41%
Total physical RAM: 3839.11 MB
Available physical RAM: 2263.97 MB
Total Pagefile: 11337.29 MB
Available Pagefile: 9467.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:466.2 GB) (Free:410.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Backup) (Fixed) (Total:465.31 GB) (Free:57.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E4A390EA)
Partition 1: (Active) - (Size=466.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.3 GB) - (Type=OF Extended)

==================== End Of Log ============================



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,741 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:22 PM

Posted 05 September 2014 - 05:42 PM

Greetings,

Using Revo Uninstaller please delete the following programs.

ESET Online Scanner v3
ESET Smart Security
IObit
Surfing Protection


----------

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
2014-08-22 23:42 - 2014-08-22 23:42 - 00000000 ____D () C:\Program Files\Bitdefender
2014-08-22 23:39 - 2012-07-13 20:02 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Resetting Hosts File - Microsoft Fix it 50267

--------------------
  • Download Microsoft Fix it 50267 and save it to your desktop
  • Double click the icon then select Run
  • Click I Agree, then Next
  • Once complete click Close
  • Click Yes to restart your computer
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the programs uninstall correctly?
  • Fixlog
  • Did the Fix it run properly?
  • Any change in computer behavior?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 wpfast

wpfast
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 07 September 2014 - 06:43 PM

ESET Online Scanner v3 removed in Revo

Iobit Surfing Protection removed in Revo too

 

ESET Smart Security is not listed in Revo; it is listed in regular control panel program list. Is it possible to move it from that list to Revo?

 

I will wait your answer before performing notepad and FRST operations and until I have correctly removed ESET Smart Security. I can do a non REVO removal but I'll await your advice as this may leave traces of the program and be incomplete.

 

Thanks!

 

wpfast
 



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,741 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:22 PM

Posted 07 September 2014 - 06:45 PM

If it is only listed in Programs and Features use that uninstall.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 wpfast

wpfast
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 07 September 2014 - 08:40 PM

okay...but I won't have any protection...

 

It's done & I'm rebooting now!



#14 wpfast

wpfast
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:01:22 PM

Posted 07 September 2014 - 08:44 PM

ESET Smart Security is history now



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,741 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:22 PM

Posted 07 September 2014 - 09:51 PM

Yes I know there is no longer any protection. Can you download DDS to your desktop in Normal Mode now?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users