Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Was told to make new post


  • This topic is locked This topic is locked
21 replies to this topic

#1 nevans07

nevans07

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 PM

Posted 02 September 2014 - 09:50 PM

Dear Bleepingcomputer Staff,

 

       Hi. thannk you for viewing my post. My wife/mother in law has a similar type problem on their computer. They know less about computers than me. Only difference is their computer never crashed. Update for Windows 7 for x64 -based Systems (KB2981580) and Update for Microsoft Office 2013 KB (KB2883036) 64- Bit Edition don't install. Unlike the .Net Framework Fix that you used that worked for my computer. The av programs recently started shutting down unexpectedly. For ex. After a while it will say Comodo Security Agent is not started. Comodo Security Agent process will be terminated. Malwarebytes Anti-Exploit Protection is not started. The Anti-Exploit process will be terminated. Then it says Press OK.

Emsisoft and Malwarebytes full scan- no malware detected.Roguekiller finds a few things. Also they tell me about 2 weeks ago their hotmail email font unexpectedly shrinks to an obscenely small font unexpectedly without prompt. Can you please help. ;) Please.

 

DDS seems to work. But disappers and doesn't produce any logs???

 

 

# AdwCleaner v3.309 - Report created 02/09/2014 at 22:08:18
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : PhyllisSharontreat - FAITHTREAT
# Running from : C:\Users\PhyllisSharontreat\Desktop\adwcleaner_3.309.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\ProgramData\SecTaskMan

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v32.0 (x86 en-US)

[ File : C:\Users\PhyllisSharontreat\AppData\Roaming\Mozilla\Firefox\Profiles\rnb9ntnq.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [818 octets] - [15/04/2014 21:49:55]
AdwCleaner[R1].txt - [1595 octets] - [22/05/2014 13:49:06]
AdwCleaner[R2].txt - [1323 octets] - [04/08/2014 15:04:44]
AdwCleaner[R3].txt - [942 octets] - [02/09/2014 22:08:18]
AdwCleaner[S0].txt - [878 octets] - [15/04/2014 21:51:29]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1060 octets] ##########

 

 

 

RogueKiller V9.2.4.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode
User : PhyllisSharontreat [Admin rights]
Mode : Scan -- Date : 08/27/2014  07:59:24

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 71.250.0.12  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 71.250.0.12  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 71.250.0.12  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1292438E-F5F6-4F89-93C1-8378C7E52A65} | DhcpNameServer : 192.168.1.1 71.250.0.12  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1292438E-F5F6-4F89-93C1-8378C7E52A65} | DhcpNameServer : 192.168.1.1 71.250.0.12  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1292438E-F5F6-4F89-93C1-8378C7E52A65} | DhcpNameServer : 192.168.1.1 71.250.0.12  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000035f]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500LT012-9WS142 ATA Device +++++
--- User ---
[MBR] 3aa157e9345ad2144492d35dd97cb73e
[BSP] e572e7a922781d0b3496edcced3a24eb : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WD My Passport 0748 USB Device +++++
--- User ---
[MBR] 78cec56937d1e8b2b9b2b715699feee5
[BSP] 58f090cd316ecb1b9ccd74bd3e4ad32f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 715371 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_08042014_164048.log

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 173 days old and could be outdated)
Ran by PhyllisSharontreat (administrator) on FAITHTREAT on 02-09-2014 22:22:01
Running from C:\Users\PhyllisSharontreat\Desktop\The Toolbox
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicatorCom.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Akamai Technologies, Inc.) C:\Users\PhyllisSharontreat\APPDATA\LOCAL\AKAMAI\NETSESSION_WIN.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Akamai Technologies, Inc.) C:\Users\PhyllisSharontreat\AppData\Local\Akamai\netsession_win.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe
(Farbar) C:\Users\PhyllisSharontreat\Desktop\The Toolbox\FRST64FarbarRecoveryTool.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2890640 2013-04-22] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1144112 2013-01-16] (Dritek System Inc.)
HKLM-x32\...\Run: [emsisoft anti-malware] - c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4857256 2014-08-13] (Emsisoft GmbH)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [1294136 2014-02-21] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Qualcomm®Atheros®))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1122080668-3535083921-293416954-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-14] (SUPERAntiSpyware)
HKU\S-1-5-21-1122080668-3535083921-293416954-1000\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [527936 2014-03-17] (BillP Studios)
HKU\S-1-5-21-1122080668-3535083921-293416954-1000\...\Run: [HP Officejet 6500 E710n-z (NET)] - C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1122080668-3535083921-293416954-1000\...\Run: [GUDelayStartup] - C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-09-01] (Glarysoft Ltd)
HKU\S-1-5-21-1122080668-3535083921-293416954-1000\...\RunOnce: [HPSoftwareUpdate] - C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe [642360 2013-06-05] (Hewlett-Packard)
Startup: C:\Users\PhyllisSharontreat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6500 E710n-z (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6500 E710n-z (Network).lnk -> C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com/?pc=ACJB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM - DefaultScope {6BAEF7EF-34A4-4B53-84B7-07F48E79B61B} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {6BAEF7EF-34A4-4B53-84B7-07F48E79B61B} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB
SearchScopes: HKLM-x32 - {6BAEF7EF-34A4-4B53-84B7-07F48E79B61B} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB
SearchScopes: HKCU - DefaultScope {6BAEF7EF-34A4-4B53-84B7-07F48E79B61B} URL =
SearchScopes: HKCU - {6BAEF7EF-34A4-4B53-84B7-07F48E79B61B} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: No Name - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -  No File
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.250.0.12
Tcpip\..\Interfaces\{1292438E-F5F6-4F89-93C1-8378C7E52A65}: [NameServer]156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{2B834307-E10E-4666-9265-95679CD37BD3}: [NameServer]156.154.70.22,156.154.71.22

FireFox:
========
FF ProfilePath: C:\Users\PhyllisSharontreat\AppData\Roaming\Mozilla\Firefox\Profiles\rnb9ntnq.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-14] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4754256 2014-08-13] (Emsisoft GmbH)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows ® Win 7 DDK provider)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-09-02] (SurfRight B.V.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-04-01] (Hewlett-Packard Company)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-08] (Intel Corporation)
S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [319288 2014-02-21] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-16] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-04-16] (COMODO)
S1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20672 2014-09-02] (Glarysoft Ltd)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-04-16] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30312 2014-08-27] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-09-02 22:21 - 2014-09-02 22:22 - 00000000 ____D () C:\FRST
2014-09-02 22:18 - 2014-09-02 22:18 - 00001140 _____ () C:\Users\PhyllisSharontreat\Desktop\AdwCleaner[R3].txt
2014-09-02 22:04 - 2014-09-02 22:05 - 01370483 _____ () C:\Users\PhyllisSharontreat\Desktop\adwcleaner_3.309.exe
2014-09-02 20:54 - 2014-09-02 20:54 - 00020672 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-09-02 20:54 - 2014-09-02 20:54 - 00003002 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2014-09-02 20:54 - 2014-09-02 20:54 - 00002684 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-09-02 20:54 - 2014-09-02 20:54 - 00001084 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-09-02 20:54 - 2014-09-02 20:54 - 00000358 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-09-02 20:54 - 2014-09-02 20:54 - 00000000 ____D () C:\Users\PhyllisSharontreat\AppData\Roaming\GlarySoft
2014-09-02 20:54 - 2014-09-02 20:54 - 00000000 ____D () C:\Users\PhyllisSharontreat\AppData\Roaming\DiskDefrag
2014-09-02 20:53 - 2014-09-02 20:56 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-09-02 20:53 - 2014-09-02 20:53 - 00001869 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2014-09-02 20:53 - 2014-09-02 20:53 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-08-27 11:53 - 2014-08-27 11:53 - 00000000 ____D () C:\Users\PhyllisSharontreat\AppData\Local\BMExplorer
2014-08-27 11:51 - 2014-08-27 11:53 - 00000000 ____D () C:\Users\PhyllisSharontreat\Documents\Bluetooth Folder
2014-08-27 08:36 - 2014-08-27 08:36 - 00001182 _____ () C:\Users\PhyllisSharontreat\Desktop\quarantine.txt
2014-08-27 08:02 - 2014-08-27 08:02 - 00002783 _____ () C:\Users\PhyllisSharontreat\Desktop\RKreport_SCN_08272014_075924.log
2014-08-27 06:12 - 2014-08-27 06:12 - 01836633 _____ () C:\Users\PhyllisSharontreat\Desktop\FixDotNet20140827101206886.cab
2014-08-25 02:40 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-25 02:40 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-25 02:40 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-25 02:40 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-25 02:40 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-25 02:40 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-25 02:39 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-25 02:39 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-25 00:29 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-25 00:29 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-25 00:29 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-25 00:29 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-25 00:29 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-25 00:29 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-25 00:29 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-25 00:28 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-25 00:28 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-25 00:28 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-25 00:27 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-25 00:27 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-25 00:27 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-25 00:27 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-25 00:27 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-25 00:27 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-25 00:27 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-25 00:27 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-25 00:27 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-25 00:27 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-25 00:27 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-25 00:27 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-25 00:27 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-25 00:27 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-25 00:27 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-25 00:27 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-25 00:27 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-25 00:27 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-25 00:27 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-25 00:27 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-25 00:27 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-25 00:27 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-25 00:27 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-25 00:27 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-25 00:27 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-25 00:27 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-25 00:27 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-25 00:27 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-25 00:27 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-25 00:27 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-25 00:27 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-25 00:27 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-25 00:27 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-25 00:27 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-25 00:27 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-25 00:27 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-25 00:27 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-25 00:27 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-25 00:27 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-25 00:27 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-25 00:27 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-25 00:27 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-25 00:27 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-25 00:27 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-25 00:27 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-25 00:27 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-25 00:27 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-25 00:27 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-25 00:27 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-25 00:27 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-25 00:27 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-25 00:27 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-25 00:27 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-25 00:27 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-25 00:27 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-25 00:27 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-25 00:25 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-25 00:25 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-25 00:25 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-25 00:25 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 17:43 - 2014-08-14 17:43 - 00000000 ____D () C:\Users\PhyllisSharontreat\AppData\Local\Adobe
2014-08-14 17:06 - 2014-08-14 17:07 - 01058200 _____ (Adobe) C:\Users\PhyllisSharontreat\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe
2014-08-06 13:49 - 2014-08-14 17:24 - 00000000 ____D () C:\Users\PhyllisSharontreat\Desktop\Limitless
2014-08-04 16:40 - 2014-08-04 16:40 - 00270848 _____ (Secure By Design Inc.) C:\Users\PhyllisSharontreat\Desktop\Ninite Firefox Glary ImgBurn Reader Revo InstallerLatest!!!.exe
2014-08-04 16:27 - 2014-08-27 07:55 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-04 16:27 - 2014-08-04 16:27 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-04 14:40 - 2014-08-04 14:45 - 00985600 _____ () C:\Users\PhyllisSharontreat\Downloads\MicrosoftFixit50123.msi
2014-08-04 14:11 - 2014-08-04 14:11 - 00548774 _____ () C:\Users\PhyllisSharontreat\Desktop\winupdatefix_1.3Latest!!!.exe
2014-08-04 13:08 - 2014-08-04 13:08 - 05379160 _____ () C:\Users\PhyllisSharontreat\Desktop\RogueKillerX64Latest!!!.exe
2014-08-04 12:26 - 2014-08-04 16:13 - 00000000 ____D () C:\Users\PhyllisSharontreat\Desktop\Culinary Genius

==================== One Month Modified Files and Folders =======

2021-10-21 09:36 - 2014-01-05 03:11 - 00000852 _____ () C:\Windows\system32\Drivers\RTKHDRC.dat
2021-10-04 03:34 - 2014-01-05 03:11 - 00000712 _____ () C:\Windows\system32\Drivers\RTMICEQ0.dat
2014-09-02 22:22 - 2014-09-02 22:21 - 00000000 ____D () C:\FRST
2014-09-02 22:22 - 2014-04-10 12:46 - 00000000 ____D () C:\Users\PhyllisSharontreat\Desktop\The Toolbox
2014-09-02 22:21 - 2014-04-10 18:48 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-09-02 22:18 - 2014-09-02 22:18 - 00001140 _____ () C:\Users\PhyllisSharontreat\Desktop\AdwCleaner[R3].txt
2014-09-02 22:09 - 2014-04-10 21:55 - 00000000 ____D () C:\AdwCleaner
2014-09-02 22:07 - 2014-04-10 21:03 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-02 22:05 - 2014-09-02 22:04 - 01370483 _____ () C:\Users\PhyllisSharontreat\Desktop\adwcleaner_3.309.exe
2014-09-02 21:39 - 2014-01-05 02:47 - 01313664 _____ () C:\Windows\WindowsUpdate.log
2014-09-02 21:31 - 2013-12-05 02:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-02 20:56 - 2014-09-02 20:53 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-09-02 20:54 - 2014-09-02 20:54 - 00020672 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-09-02 20:54 - 2014-09-02 20:54 - 00003002 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2014-09-02 20:54 - 2014-09-02 20:54 - 00002684 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-09-02 20:54 - 2014-09-02 20:54 - 00001084 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-09-02 20:54 - 2014-09-02 20:54 - 00000358 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-09-02 20:54 - 2014-09-02 20:54 - 00000000 ____D () C:\Users\PhyllisSharontreat\AppData\Roaming\GlarySoft
2014-09-02 20:54 - 2014-09-02 20:54 - 00000000 ____D () C:\Users\PhyllisSharontreat\AppData\Roaming\DiskDefrag
2014-09-02 20:53 - 2014-09-02 20:53 - 00001869 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2014-09-02 20:53 - 2014-09-02 20:53 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-09-02 20:53 - 2014-04-10 21:24 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-02 20:53 - 2014-04-10 21:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-02 20:52 - 2014-04-10 21:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-02 20:45 - 2014-04-18 08:42 - 00000000 ____D () C:\Users\PhyllisSharontreat\AppData\Roaming\HpUpdate
2014-09-02 20:20 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-02 20:20 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-02 20:12 - 2014-04-10 23:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-02 20:11 - 2009-07-14 01:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-02 20:03 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-02 20:03 - 2009-07-14 00:51 - 00055795 _____ () C:\Windows\setupact.log
2014-08-27 11:53 - 2014-08-27 11:53 - 00000000 ____D () C:\Users\PhyllisSharontreat\AppData\Local\BMExplorer
2014-08-27 11:53 - 2014-08-27 11:51 - 00000000 ____D () C:\Users\PhyllisSharontreat\Documents\Bluetooth Folder
2014-08-27 11:51 - 2014-01-05 03:18 - 00000000 ____D () C:\ProgramData\Atheros
2014-08-27 08:36 - 2014-08-27 08:36 - 00001182 _____ () C:\Users\PhyllisSharontreat\Desktop\quarantine.txt
2014-08-27 08:02 - 2014-08-27 08:02 - 00002783 _____ () C:\Users\PhyllisSharontreat\Desktop\RKreport_SCN_08272014_075924.log
2014-08-27 07:55 - 2014-08-04 16:27 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-27 07:54 - 2014-04-10 21:59 - 00000000 ____D () C:\Users\PhyllisSharontreat\Desktop\RK_Quarantine
2014-08-27 06:33 - 2014-05-12 20:31 - 00000000 ____D () C:\Users\PhyllisSharontreat\AppData\Roaming\Skype
2014-08-27 06:33 - 2014-01-05 03:18 - 00000000 ____D () C:\ProgramData\Skype
2014-08-27 06:12 - 2014-08-27 06:12 - 01836633 _____ () C:\Users\PhyllisSharontreat\Desktop\FixDotNet20140827101206886.cab
2014-08-27 02:56 - 2014-04-10 11:01 - 00000000 ___RD () C:\Users\PhyllisSharontreat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-08-27 02:56 - 2014-04-10 11:01 - 00000000 ___RD () C:\Users\PhyllisSharontreat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-08-27 02:48 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-25 03:16 - 2014-05-17 13:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-25 03:01 - 2014-04-10 11:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-25 02:59 - 2014-04-10 11:34 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-25 02:39 - 2014-04-30 19:44 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 17:43 - 2014-08-14 17:43 - 00000000 ____D () C:\Users\PhyllisSharontreat\AppData\Local\Adobe
2014-08-14 17:25 - 2014-06-20 20:23 - 00000000 ____D () C:\Users\PhyllisSharontreat\Desktop\YoutubeSubsidiaries
2014-08-14 17:24 - 2014-08-06 13:49 - 00000000 ____D () C:\Users\PhyllisSharontreat\Desktop\Limitless
2014-08-14 17:12 - 2013-12-05 02:07 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-14 17:12 - 2013-12-05 02:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-14 17:07 - 2014-08-14 17:06 - 01058200 _____ (Adobe) C:\Users\PhyllisSharontreat\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe
2014-08-06 22:06 - 2014-08-25 00:25 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-25 00:25 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-04 17:58 - 2014-04-10 22:12 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-08-04 17:57 - 2014-04-10 22:11 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2014-08-04 16:40 - 2014-08-04 16:40 - 00270848 _____ (Secure By Design Inc.) C:\Users\PhyllisSharontreat\Desktop\Ninite Firefox Glary ImgBurn Reader Revo InstallerLatest!!!.exe
2014-08-04 16:27 - 2014-08-04 16:27 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-04 16:13 - 2014-08-04 12:26 - 00000000 ____D () C:\Users\PhyllisSharontreat\Desktop\Culinary Genius
2014-08-04 16:10 - 2014-05-22 11:57 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-04 16:10 - 2014-04-10 21:57 - 00000000 ____D () C:\Users\PhyllisSharontreat\Desktop\mbar
2014-08-04 15:02 - 2014-04-10 21:57 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-04 15:00 - 2014-04-10 21:04 - 00000536 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f2373317-6e8f-40bc-af7f-92c423712aa3.job
2014-08-04 14:45 - 2014-08-04 14:40 - 00985600 _____ () C:\Users\PhyllisSharontreat\Downloads\MicrosoftFixit50123.msi
2014-08-04 14:11 - 2014-08-04 14:11 - 00548774 _____ () C:\Users\PhyllisSharontreat\Desktop\winupdatefix_1.3Latest!!!.exe
2014-08-04 13:08 - 2014-08-04 13:08 - 05379160 _____ () C:\Users\PhyllisSharontreat\Desktop\RogueKillerX64Latest!!!.exe

Some content of TEMP:
====================
C:\Users\PhyllisSharontreat\AppData\Local\Temp\en_ww_Package.exe
C:\Users\PhyllisSharontreat\AppData\Local\Temp\install_flashplayer14x32au_gtba_chrd_dn_aaa_aih.exe
C:\Users\PhyllisSharontreat\AppData\Local\Temp\ntdll_dump.dll
C:\Users\PhyllisSharontreat\AppData\Local\Temp\OfficeSetup.exe
C:\Users\PhyllisSharontreat\AppData\Local\Temp\ose00000.exe
C:\Users\PhyllisSharontreat\AppData\Local\Temp\ose00001.exe
C:\Users\PhyllisSharontreat\AppData\Local\Temp\ose00003.exe
C:\Users\PhyllisSharontreat\AppData\Local\Temp\SAS6_Update.exe
C:\Users\PhyllisSharontreat\AppData\Local\Temp\SetupVisioProRetail.x86.en-US_VisioProRetail_MT7YN-TMV9C-7DDX9-64W77-B7R4D_act_1_.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-16 15:02] - [2014-03-04 05:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-08-27 04:43

==================== End Of Log ============================

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nevans07

nevans07
  • Topic Starter

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 PM

Posted 02 September 2014 - 10:18 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014
Ran by PhyllisSharontreat (administrator) on FAITHTREAT on 02-09-2014 23:11:36
Running from C:\Users\PhyllisSharontreat\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicatorCom.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Akamai Technologies, Inc.) C:\Users\PhyllisSharontreat\AppData\Local\Akamai\netsession_win.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Akamai Technologies, Inc.) C:\Users\PhyllisSharontreat\AppData\Local\Akamai\netsession_win.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\PhyllisSharontreat\Desktop\FRST.exeLatest!!!.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890640 2013-04-22] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1144112 2013-01-16] (Dritek System Inc.)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4857256 2014-08-13] (Emsisoft GmbH)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [1294136 2014-02-21] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Qualcomm®Atheros®))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1122080668-3535083921-293416954-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-14] (SUPERAntiSpyware)
HKU\S-1-5-21-1122080668-3535083921-293416954-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [527936 2014-03-17] (BillP Studios)
HKU\S-1-5-21-1122080668-3535083921-293416954-1000\...\Run: [HP Officejet 6500 E710n-z (NET)] => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1122080668-3535083921-293416954-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-09-01] (Glarysoft Ltd)
HKU\S-1-5-21-1122080668-3535083921-293416954-1000\...\RunOnce: [HPSoftwareUpdate] => C:\Program Files (x86)\Hp\HP Software Update\HPWUCli.exe [642360 2013-06-05] (Hewlett-Packard)
Startup: C:\Users\PhyllisSharontreat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6500 E710n-z (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6500 E710n-z (Network).lnk -> C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk *  

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com/?pc=ACJB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB
SearchScopes: HKLM - DefaultScope {6BAEF7EF-34A4-4B53-84B7-07F48E79B61B} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {6BAEF7EF-34A4-4B53-84B7-07F48E79B61B} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {6BAEF7EF-34A4-4B53-84B7-07F48E79B61B} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB
SearchScopes: HKCU - DefaultScope {6BAEF7EF-34A4-4B53-84B7-07F48E79B61B} URL =
SearchScopes: HKCU - {6BAEF7EF-34A4-4B53-84B7-07F48E79B61B} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ->  No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.250.0.12
Tcpip\..\Interfaces\{1292438E-F5F6-4F89-93C1-8378C7E52A65}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{2B834307-E10E-4666-9265-95679CD37BD3}: [NameServer] 156.154.70.22,156.154.71.22

FireFox:
========
FF ProfilePath: C:\Users\PhyllisSharontreat\AppData\Roaming\Mozilla\Firefox\Profiles\rnb9ntnq.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-14] (SUPERAntiSpyware.com)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4754256 2014-08-13] (Emsisoft GmbH)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows ® Win 7 DDK provider)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-09-02] (SurfRight B.V.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-04-01] (Hewlett-Packard Company)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-08] (Intel Corporation)
S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [319288 2014-02-21] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-16] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-04-16] (COMODO)
S1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20672 2014-09-02] (Glarysoft Ltd)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-04-16] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30312 2014-08-27] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-02 23:11 - 2014-09-02 23:11 - 00018582 _____ () C:\Users\PhyllisSharontreat\Desktop\FRST.txt
2014-09-02 22:56 - 2014-09-02 22:56 - 02104832 _____ (Farbar) C:\Users\PhyllisSharontreat\Desktop\FRST.exeLatest!!!.exe
2014-09-02 22:21 - 2014-09-02 23:11 - 00000000 ____D () C:\FRST
2014-09-02 22:18 - 2014-09-02 22:18 - 00001140 _____ () C:\Users\PhyllisSharontreat\Desktop\AdwCleaner[R3].txt
2014-09-02 22:04 - 2014-09-02 22:05 - 01370483 _____ () C:\Users\PhyllisSharontreat\Desktop\adwcleaner_3.309.exe
2014-09-02 20:54 - 2014-09-02 20:54 - 00020672 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-09-02 20:54 - 2014-09-02 20:54 - 00003002 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2014-09-02 20:54 - 2014-09-02 20:54 - 00002684 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-09-02 20:54 - 2014-09-02 20:54 - 00001096 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-09-02 20:54 - 2014-09-02 20:54 - 00001084 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-09-02 20:54 - 2014-09-02 20:54 - 00000358 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-09-02 20:54 - 2014-09-02 20:54 - 00000000 ____D () C:\Users\PhyllisSharontreat\AppData\Roaming\GlarySoft
2014-09-02 20:54 - 2014-09-02 20:54 - 00000000 ____D () C:\Users\PhyllisSharontreat\AppData\Roaming\DiskDefrag
2014-09-02 20:54 - 2014-09-02 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-09-02 20:53 - 2014-09-02 20:56 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-09-02 20:53 - 2014-09-02 20:53 - 00001881 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2014-09-02 20:53 - 2014-09-02 20:53 - 00001869 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2014-09-02 20:53 - 2014-09-02 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2014-09-02 20:53 - 2014-09-02 20:53 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-08-27 11:53 - 2014-08-27 11:53 - 00000000 ____D () C:\Users\PhyllisSharontreat\AppData\Local\BMExplorer
2014-08-27 11:51 - 2014-08-27 11:53 - 00000000 ____D () C:\Users\PhyllisSharontreat\Documents\Bluetooth Folder
2014-08-27 08:36 - 2014-08-27 08:36 - 00001182 _____ () C:\Users\PhyllisSharontreat\Desktop\quarantine.txt
2014-08-27 08:02 - 2014-08-27 08:02 - 00002783 _____ () C:\Users\PhyllisSharontreat\Desktop\RKreport_SCN_08272014_075924.log
2014-08-27 06:12 - 2014-08-27 06:12 - 01836633 _____ () C:\Users\PhyllisSharontreat\Desktop\FixDotNet20140827101206886.cab
2014-08-25 02:40 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-25 02:40 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-25 02:40 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-25 02:40 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-25 02:40 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-25 02:40 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-25 02:39 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-25 02:39 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-25 00:29 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-25 00:29 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-25 00:29 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-25 00:29 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-25 00:29 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-25 00:29 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-25 00:29 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-25 00:28 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-25 00:28 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-25 00:28 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-25 00:27 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-25 00:27 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-25 00:27 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-25 00:27 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-25 00:27 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-25 00:27 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-25 00:27 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-25 00:27 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-25 00:27 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-25 00:27 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-25 00:27 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-25 00:27 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-25 00:27 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-25 00:27 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-25 00:27 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-25 00:27 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-25 00:27 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-25 00:27 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-25 00:27 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-25 00:27 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-25 00:27 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-25 00:27 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-25 00:27 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-25 00:27 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-25 00:27 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-25 00:27 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-25 00:27 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-25 00:27 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-25 00:27 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-25 00:27 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-25 00:27 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-25 00:27 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-25 00:27 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-25 00:27 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-25 00:27 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-25 00:27 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-25 00:27 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-25 00:27 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-25 00:27 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-25 00:27 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-25 00:27 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-25 00:27 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-25 00:27 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-25 00:27 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-25 00:27 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-25 00:27 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-25 00:27 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-25 00:27 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-25 00:27 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-25 00:27 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-25 00:27 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-25 00:27 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-25 00:27 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-25 00:27 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-25 00:27 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-25 00:27 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-25 00:25 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-25 00:25 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-25 00:25 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-25 00:25 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 17:43 - 2014-08-14 17:43 - 00000000 ____D () C:\Users\PhyllisSharontreat\AppData\Local\Adobe
2014-08-14 17:06 - 2014-08-14 17:07 - 01058200 _____ (Adobe) C:\Users\PhyllisSharontreat\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe
2014-08-06 13:49 - 2014-08-14 17:24 - 00000000 ____D () C:\Users\PhyllisSharontreat\Desktop\Limitless
2014-08-04 16:40 - 2014-08-04 16:40 - 00270848 _____ (Secure By Design Inc.) C:\Users\PhyllisSharontreat\Desktop\Ninite Firefox Glary ImgBurn Reader Revo InstallerLatest!!!.exe
2014-08-04 16:27 - 2014-08-27 07:55 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-04 16:27 - 2014-08-04 16:27 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-04 14:40 - 2014-08-04 14:45 - 00985600 _____ () C:\Users\PhyllisSharontreat\Downloads\MicrosoftFixit50123.msi
2014-08-04 14:11 - 2014-08-04 14:11 - 00548774 _____ () C:\Users\PhyllisSharontreat\Desktop\winupdatefix_1.3Latest!!!.exe
2014-08-04 13:08 - 2014-08-04 13:08 - 05379160 _____ () C:\Users\PhyllisSharontreat\Desktop\RogueKillerX64Latest!!!.exe
2014-08-04 12:26 - 2014-08-04 16:13 - 00000000 ____D () C:\Users\PhyllisSharontreat\Desktop\Culinary Genius

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2021-10-21 09:36 - 2014-01-05 03:11 - 00000852 _____ () C:\Windows\system32\Drivers\RTKHDRC.dat
2021-10-04 03:34 - 2014-01-05 03:11 - 00000712 _____ () C:\Windows\system32\Drivers\RTMICEQ0.dat
2014-09-02 23:11 - 2014-09-02 23:11 - 00018582 _____ () C:\Users\PhyllisSharontreat\Desktop\FRST.txt
2014-09-02 23:11 - 2014-09-02 22:21 - 00000000 ____D () C:\FRST
2014-09-02 23:07 - 2014-04-10 21:03 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-02 23:02 - 2014-04-10 12:46 - 00000000 ____D () C:\Users\PhyllisSharontreat\Desktop\The Toolbox
2014-09-02 22:56 - 2014-09-02 22:56 - 02104832 _____ (Farbar) C:\Users\PhyllisSharontreat\Desktop\FRST.exeLatest!!!.exe
2014-09-02 22:56 - 2014-04-10 18:48 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-09-02 22:31 - 2013-12-05 02:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-02 22:18 - 2014-09-02 22:18 - 00001140 _____ () C:\Users\PhyllisSharontreat\Desktop\AdwCleaner[R3].txt
2014-09-02 22:09 - 2014-04-10 21:55 - 00000000 ____D () C:\AdwCleaner
2014-09-02 22:05 - 2014-09-02 22:04 - 01370483 _____ () C:\Users\PhyllisSharontreat\Desktop\adwcleaner_3.309.exe
2014-09-02 21:39 - 2014-01-05 02:47 - 01313664 _____ () C:\Windows\WindowsUpdate.log
2014-09-02 20:56 - 2014-09-02 20:53 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-09-02 20:54 - 2014-09-02 20:54 - 00020672 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-09-02 20:54 - 2014-09-02 20:54 - 00003002 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2014-09-02 20:54 - 2014-09-02 20:54 - 00002684 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-09-02 20:54 - 2014-09-02 20:54 - 00001096 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-09-02 20:54 - 2014-09-02 20:54 - 00001084 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-09-02 20:54 - 2014-09-02 20:54 - 00000358 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-09-02 20:54 - 2014-09-02 20:54 - 00000000 ____D () C:\Users\PhyllisSharontreat\AppData\Roaming\GlarySoft
2014-09-02 20:54 - 2014-09-02 20:54 - 00000000 ____D () C:\Users\PhyllisSharontreat\AppData\Roaming\DiskDefrag
2014-09-02 20:54 - 2014-09-02 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-09-02 20:53 - 2014-09-02 20:53 - 00001881 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2014-09-02 20:53 - 2014-09-02 20:53 - 00001869 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2014-09-02 20:53 - 2014-09-02 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2014-09-02 20:53 - 2014-09-02 20:53 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-09-02 20:53 - 2014-04-10 21:24 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-02 20:53 - 2014-04-10 21:24 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-02 20:53 - 2014-04-10 21:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-02 20:52 - 2014-04-10 21:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-02 20:46 - 2014-04-18 08:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-09-02 20:45 - 2014-04-18 08:42 - 00000000 ____D () C:\Users\PhyllisSharontreat\AppData\Roaming\HpUpdate
2014-09-02 20:20 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-02 20:20 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-02 20:12 - 2014-04-10 23:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-02 20:11 - 2009-07-14 01:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-02 20:03 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-02 20:03 - 2009-07-14 00:51 - 00055795 _____ () C:\Windows\setupact.log
2014-08-27 11:53 - 2014-08-27 11:53 - 00000000 ____D () C:\Users\PhyllisSharontreat\AppData\Local\BMExplorer
2014-08-27 11:53 - 2014-08-27 11:51 - 00000000 ____D () C:\Users\PhyllisSharontreat\Documents\Bluetooth Folder
2014-08-27 11:51 - 2014-01-05 03:18 - 00000000 ____D () C:\ProgramData\Atheros
2014-08-27 08:36 - 2014-08-27 08:36 - 00001182 _____ () C:\Users\PhyllisSharontreat\Desktop\quarantine.txt
2014-08-27 08:02 - 2014-08-27 08:02 - 00002783 _____ () C:\Users\PhyllisSharontreat\Desktop\RKreport_SCN_08272014_075924.log
2014-08-27 07:55 - 2014-08-04 16:27 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-08-27 07:54 - 2014-04-10 21:59 - 00000000 ____D () C:\Users\PhyllisSharontreat\Desktop\RK_Quarantine
2014-08-27 06:33 - 2014-05-12 20:31 - 00000000 ____D () C:\Users\PhyllisSharontreat\AppData\Roaming\Skype
2014-08-27 06:33 - 2014-01-05 03:18 - 00000000 ____D () C:\ProgramData\Skype
2014-08-27 06:12 - 2014-08-27 06:12 - 01836633 _____ () C:\Users\PhyllisSharontreat\Desktop\FixDotNet20140827101206886.cab
2014-08-27 02:48 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-25 03:16 - 2014-05-17 13:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-25 03:01 - 2014-04-10 11:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-25 02:59 - 2014-04-10 11:34 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-25 02:58 - 2014-05-17 16:43 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-25 02:39 - 2014-04-30 19:44 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 17:43 - 2014-08-14 17:43 - 00000000 ____D () C:\Users\PhyllisSharontreat\AppData\Local\Adobe
2014-08-14 17:25 - 2014-06-20 20:23 - 00000000 ____D () C:\Users\PhyllisSharontreat\Desktop\YoutubeSubsidiaries
2014-08-14 17:24 - 2014-08-06 13:49 - 00000000 ____D () C:\Users\PhyllisSharontreat\Desktop\Limitless
2014-08-14 17:12 - 2013-12-05 02:07 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-14 17:12 - 2013-12-05 02:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-14 17:07 - 2014-08-14 17:06 - 01058200 _____ (Adobe) C:\Users\PhyllisSharontreat\Downloads\install_flashplayer14x32au_mssd_aaa_aih.exe
2014-08-06 22:06 - 2014-08-25 00:25 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-25 00:25 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-04 17:58 - 2014-04-10 22:12 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-08-04 17:57 - 2014-04-10 22:11 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2014-08-04 16:40 - 2014-08-04 16:40 - 00270848 _____ (Secure By Design Inc.) C:\Users\PhyllisSharontreat\Desktop\Ninite Firefox Glary ImgBurn Reader Revo InstallerLatest!!!.exe
2014-08-04 16:27 - 2014-08-04 16:27 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-04 16:13 - 2014-08-04 12:26 - 00000000 ____D () C:\Users\PhyllisSharontreat\Desktop\Culinary Genius
2014-08-04 16:10 - 2014-05-22 11:57 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-04 16:10 - 2014-04-10 21:57 - 00000000 ____D () C:\Users\PhyllisSharontreat\Desktop\mbar
2014-08-04 15:02 - 2014-04-10 21:57 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-04 15:00 - 2014-04-10 21:04 - 00000536 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f2373317-6e8f-40bc-af7f-92c423712aa3.job
2014-08-04 14:45 - 2014-08-04 14:40 - 00985600 _____ () C:\Users\PhyllisSharontreat\Downloads\MicrosoftFixit50123.msi
2014-08-04 14:11 - 2014-08-04 14:11 - 00548774 _____ () C:\Users\PhyllisSharontreat\Desktop\winupdatefix_1.3Latest!!!.exe
2014-08-04 13:08 - 2014-08-04 13:08 - 05379160 _____ () C:\Users\PhyllisSharontreat\Desktop\RogueKillerX64Latest!!!.exe

Some content of TEMP:
====================
C:\Users\PhyllisSharontreat\AppData\Local\Temp\en_ww_Package.exe
C:\Users\PhyllisSharontreat\AppData\Local\Temp\install_flashplayer14x32au_gtba_chrd_dn_aaa_aih.exe
C:\Users\PhyllisSharontreat\AppData\Local\Temp\ntdll_dump.dll
C:\Users\PhyllisSharontreat\AppData\Local\Temp\OfficeSetup.exe
C:\Users\PhyllisSharontreat\AppData\Local\Temp\ose00000.exe
C:\Users\PhyllisSharontreat\AppData\Local\Temp\ose00001.exe
C:\Users\PhyllisSharontreat\AppData\Local\Temp\ose00003.exe
C:\Users\PhyllisSharontreat\AppData\Local\Temp\SAS6_Update.exe
C:\Users\PhyllisSharontreat\AppData\Local\Temp\SetupVisioProRetail.x86.en-US_VisioProRetail_MT7YN-TMV9C-7DDX9-64W77-B7R4D_act_1_.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 04:43

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014
Ran by PhyllisSharontreat at 2014-09-02 23:12:21
Running from C:\Users\PhyllisSharontreat\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Out of date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
AS: Microsoft Security Essentials (Enabled - Out of date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.01.3509 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3507 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.3 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}) (Version: 16.0.2.1 - Broadcom Corporation)
COMODO Firewall (HKLM\...\{D32EF4F9-1506-434E-A813-3D4C0AA50300}) (Version: 7.0.53315.4132 - COMODO Security Solutions Inc.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2826.57 - CyberLink Corp.)
CyberLink PowerDVD 12 (x32 Version: 12.0.2826.57 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{8E17BF11-A72D-4DA8-BFAA-DD262C17C2DE}) (Version:  - Microsoft)
Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)
ETDWare PS/2-X64 11.6.23.203_WHQL (HKLM\...\Elantech) (Version: 11.6.23.203 - ELAN Microelectronic Corp.)
Evernote v. 4.5.2 (HKLM-x32\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.)
Glary Utilities 5.7 (HKLM-x32\...\Glary Utilities 5) (Version: 5.7.0.14 - Glarysoft Ltd)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.224 - SurfRight B.V.)
HP Officejet 6500 E710a-f Basic Device Software (HKLM\...\{22FCD3B0-CAA7-444A-84AC-75716545EAB9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710a-f Help (HKLM-x32\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{D79A5962-7305-41B9-A39E-A98AB598F372}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Support Solutions Framework (HKLM-x32\...\{69FD2930-C361-47F6-822E-71B021526778}) (Version: 11.50.0015 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3503 - Acer Incorporated)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 6.2.2 - Acer Inc.)
Malwarebytes Anti-Exploit version 0.10.0.1000 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 0.10.0.1000 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0 (x86 en-US)) (Version: 32.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9006 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9006 - NTI Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.07 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Security Task Manager 1.8g (HKLM-x32\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
Update for Microsoft Excel 2013 (KB2883061) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{B74255AD-6736-4648-A35E-CCB2D38D3818}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2883061) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{B74255AD-6736-4648-A35E-CCB2D38D3818}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2883061) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{B74255AD-6736-4648-A35E-CCB2D38D3818}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2883061) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{B74255AD-6736-4648-A35E-CCB2D38D3818}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881070) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{2B0BC4FE-4936-4EC6-8521-526CF31B3DC4}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881070) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{2B0BC4FE-4936-4EC6-8521-526CF31B3DC4}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881070) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{2B0BC4FE-4936-4EC6-8521-526CF31B3DC4}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{8260F0BF-F234-41FC-AB11-218A9925F77B}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{7A4AB8E1-C091-4BD3-B308-844BA6EE752A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C4AEA56A-0759-4D08-9FAB-31A92137D0B8}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D692E9FF-84BF-4F44-A0EA-D58ECE0D538E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880457) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{EC2AF602-2730-4B05-9438-06CDE43153F2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881009) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{3033838D-15E0-4199-8CBD-A7F2057AE653}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0090-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{E919ACF4-A1D7-4CAA-A103-5EB115563721}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883049) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{39D9DAC1-16A7-430A-B2F3-4D3D000454D0}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883052) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{FA74B1B8-D3F4-4B4A-88DE-41CB8CEDAC3F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883052) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{FA74B1B8-D3F4-4B4A-88DE-41CB8CEDAC3F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883052) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{FA74B1B8-D3F4-4B4A-88DE-41CB8CEDAC3F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{F9C35D99-CA8E-4D17-B785-66AC654D5664}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{18C53DCB-FA98-4A7B-BC2E-6DA30D4E4901}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUSR_{6E2862B8-C10A-4FD0-9B82-8D9761301AAA}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883062) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{4A0B4ED7-3652-42C9-9D7E-42686986F69A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883062) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{4A0B4ED7-3652-42C9-9D7E-42686986F69A}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2883051) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{E2C51083-2E10-4E61-8F36-E6308DD0FA94}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2883051) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{E2C51083-2E10-4E61-8F36-E6308DD0FA94}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0019-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2883058) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{650D4F00-56F1-4E8F-ABFD-7C842253C96A}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2883058) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{650D4F00-56F1-4E8F-ABFD-7C842253C96A}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2883058) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{650D4F00-56F1-4E8F-ABFD-7C842253C96A}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2883058) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{650D4F00-56F1-4E8F-ABFD-7C842253C96A}) (Version:  - Microsoft)
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 30.5.2014 - BillP Studios)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

03-08-2014 23:00:38 Windows Backup
04-08-2014 18:16:32 Windows Update
04-08-2014 18:46:07 Installed Microsoft Fix it 50123
06-08-2014 18:07:52 Windows Update
14-08-2014 22:15:11 Scheduled Checkpoint
25-08-2014 06:38:37 Windows Update
27-08-2014 05:43:43 Windows Update
27-08-2014 07:25:26 Windows Update
27-08-2014 07:31:47 Installed Microsoft Fix it 50123
27-08-2014 07:35:01 Windows Update
27-08-2014 07:44:51 Windows Update
27-08-2014 10:06:32 Windows Update
27-08-2014 10:15:58 Windows Update
27-08-2014 10:28:56 Windows Update
27-08-2014 10:32:11 Revo Uninstaller's restore point - Skype™ 6.14
27-08-2014 10:32:29 Removed Skype™ 6.14
27-08-2014 10:38:11 Revo Uninstaller's restore point - Skype Click to Call
27-08-2014 10:38:33 Removed Skype Click to Call
27-08-2014 18:21:39 Windows Update
03-09-2014 00:15:13 Windows Backup
03-09-2014 00:20:13 Windows Update
03-09-2014 00:44:44 Installed HP Update.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3DBD000E-F140-4215-999F-DC8988727D7D} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {48A5F183-05E2-4980-8EA5-994B7D202A9A} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated)
Task: {4CEF9974-97C4-4B2C-9BE7-1E79E393A6C6} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {600B3561-5594-483F-B455-92798F83B67E} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-09-01] (Glarysoft Ltd)
Task: {605383BD-6ECD-4E27-ABE3-E843DECD027E} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2014-09-01] (Glarysoft Ltd)
Task: {7175DC46-7EFE-4C83-9038-594D803EDC07} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {841DA3C3-5AAD-4C75-B491-4A9536DA3770} - System32\Tasks\SUPERAntiSpyware Scheduled Task 033d6c94-d782-4893-9acc-f91bccc67ff2 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {870FEF15-DC6B-4CC7-ADAD-1C5AC29EEA91} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {8F45A87E-9C3A-4185-9669-21E145EB2FE0} - \AutoKMS No Task File <==== ATTENTION
Task: {9A95FFF8-680E-48A6-AB2E-6E8F09F87823} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-14] (Adobe Systems Incorporated)
Task: {AB300888-CA35-468C-AC56-1EB3E2AD9642} - System32\Tasks\SUPERAntiSpyware Scheduled Task f2373317-6e8f-40bc-af7f-92c423712aa3 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {B40619D2-1CAD-4BFF-9790-13C731A79B7E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {CA42DF27-94E5-4E02-9106-32E0F799A141} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {CC8984C8-2514-4CEE-A48D-C7E0DFE3F843} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {D4309164-6FE2-4EA5-BD2B-6FEDA97CB415} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {E4BB7E97-671D-41EC-AF97-A8908F005E9A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E9619219-A014-4968-A092-69E09C7BADD4} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {E9C34272-701D-4B38-B248-A7309F682C1C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {FADFFF82-3D47-403A-9451-887E0A5537E2} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 033d6c94-d782-4893-9acc-f91bccc67ff2.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f2373317-6e8f-40bc-af7f-92c423712aa3.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Loaded Modules (whitelisted) =============

2014-07-27 11:41 - 2014-07-27 11:41 - 08892576 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-07 05:45 - 2013-09-07 05:45 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2014-06-19 14:47 - 2014-08-24 23:53 - 00746536 _____ () C:\Program Files (x86)\Emsisoft Anti-Malware\fw32.dll
2014-04-10 21:19 - 2014-02-17 23:46 - 00643948 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2014-07-27 11:41 - 2014-07-27 11:41 - 08892576 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-01-05 03:02 - 2013-05-08 16:23 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-09-01 02:14 - 2014-09-01 02:14 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
2014-04-10 21:24 - 2014-08-26 04:14 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/02/2014 08:23:10 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2013 - Update 'Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (09/02/2014 08:13:58 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (09/02/2014 08:09:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_aepdu.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x1a74
Faulting application start time: 0xrundll32.exe_aepdu.dll0
Faulting application path: rundll32.exe_aepdu.dll1
Faulting module path: rundll32.exe_aepdu.dll2
Report Id: rundll32.exe_aepdu.dll3

Error: (09/02/2014 08:04:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2014 02:23:05 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2013 - Update 'Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (08/27/2014 11:52:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2014 08:05:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2014 07:54:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2014 06:38:43 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service Skype Click to Call PNR Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (08/27/2014 06:38:43 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service Skype Click to Call Updater since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.


System errors:
=============
Error: (09/02/2014 09:15:14 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer NATE-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1292438E-F5F6-4F89-93C1-8378C7E52A65}.
The master browser is stopping or an election is being forced.

Error: (09/02/2014 09:04:02 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer NATE-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1292438E-F5F6-4F89-93C1-8378C7E52A65}.
The master browser is stopping or an election is being forced.

Error: (09/02/2014 08:37:41 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024dffe: Windows Update Setup Handler.

Error: (09/02/2014 08:34:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2981580).

Error: (09/02/2014 08:23:15 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition.

Error: (09/02/2014 08:18:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024dffe: Windows Update Setup Handler.

Error: (09/02/2014 08:05:36 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Malwarebytes Anti-Exploit Service service hung on starting.

Error: (08/27/2014 02:25:19 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2981580).

Error: (08/27/2014 02:25:19 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2981580).

Error: (08/27/2014 02:25:19 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2981580).


Microsoft Office Sessions:
=========================
Error: (09/02/2014 08:23:10 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Plus 2013Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition1603(NULL)(NULL)(NULL)

Error: (09/02/2014 08:13:58 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (09/02/2014 08:09:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_aepdu.dll6.1.7600.163854a5bc9e0unknown0.0.0.000000000c000000500000000000000001a7401cfc70b2b90afd0C:\Windows\system32\rundll32.exeunknown8d49f1b7-32fe-11e4-9eaa-40f02fc176de

Error: (09/02/2014 08:04:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2014 02:23:05 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Plus 2013Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition1603(NULL)(NULL)(NULL)

Error: (08/27/2014 11:52:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2014 08:05:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2014 07:54:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2014 06:38:43 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Skype Click to Call PNR Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (08/27/2014 06:38:43 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Skype Click to Call Updater since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.


==================== Memory info ===========================

Processor: Intel® Celeron® 2957U @ 1.40GHz
Percentage of memory in use: 56%
Total physical RAM: 3976.28 MB
Available physical RAM: 1719.93 MB
Total Pagefile: 7950.73 MB
Available Pagefile: 5078.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:451.08 GB) (Free:384.37 GB) NTFS
Drive f: (My Passport) (Fixed) (Total:698.6 GB) (Free:523.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 15DEA2F3)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 698.6 GB) (Disk ID: 0003D8DA)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Attached Files



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:49 PM

Posted 03 September 2014 - 09:02 AM

Disable the Microsoft Security Essentials. It's out of date and may be conflicting with the operation of Emisoft.
 

AV: Microsoft Security Essentials (Enabled - Out of date) {641105E6-77ED-3F35-A304-765193BCB75F} <- here
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}

AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
AS: Microsoft Security Essentials (Enabled - Out of date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} <- here

===

Clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
HKLM-x32\...\Run: [] - [X]
SearchScopes: HKLM - DefaultScope {6BAEF7EF-34A4-4B53-84B7-07F48E79B61B} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {6BAEF7EF-34A4-4B53-84B7-07F48E79B61B} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB
SearchScopes: HKLM-x32 - {6BAEF7EF-34A4-4B53-84B7-07F48E79B61B} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB
BHO: No Name - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
Task: {8F45A87E-9C3A-4185-9669-21E145EB2FE0} - \AutoKMS No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:5C321E34

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

Edited by nasdaq, 06 September 2014 - 06:49 AM.


#4 nevans07

nevans07
  • Topic Starter

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 PM

Posted 05 September 2014 - 09:15 AM

Computerstill says Malwarebytes anti Exploit Protection is not started. The Anti Exploit process will be terminated. Windows still doesn't update. Error Code 8007043. What to do?

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2014
Ran by PhyllisSharontreat at 2014-09-05 02:56:43 Run:1
Running from C:\Users\PhyllisSharontreat\Desktop\Toolbox
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] - [X]
SearchScopes: HKLM - DefaultScope {6BAEF7EF-34A4-4B53-84B7-07F48E79B61B} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {6BAEF7EF-34A4-4B53-84B7-07F48E79B61B} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB
SearchScopes: HKLM-x32 - {6BAEF7EF-34A4-4B53-84B7-07F48E79B61B} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB
BHO: No Name - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -  No File
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
Task: {8F45A87E-9C3A-4185-9669-21E145EB2FE0} - \AutoKMS No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:5C321E34

End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HKLM-x32\...\Run: [] - [X] => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6BAEF7EF-34A4-4B53-84B7-07F48E79B61B}" => Key deleted successfully.
"HKCR\CLSID\{6BAEF7EF-34A4-4B53-84B7-07F48E79B61B}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6BAEF7EF-34A4-4B53-84B7-07F48E79B61B}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{6BAEF7EF-34A4-4B53-84B7-07F48E79B61B}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\BHO: No Name - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -  No File" => Key not found.
"HKCR\CLSID\BHO: No Name - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -  No File" => Key not found.
"HKLM\Software\MozillaPlugins\FF Plugin: @microsoft.com/GENUINE - disabled No File" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8F45A87E-9C3A-4185-9669-21E145EB2FE0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F45A87E-9C3A-4185-9669-21E145EB2FE0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => Key deleted successfully.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.

==== End of Fixlog ====



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:49 PM

Posted 06 September 2014 - 07:01 AM


Let see if we can repair the Windows updates.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

Download this program to your desktop.
Tweaking.com - Windows Repair
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/


Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark the following options only.

03 - Reset Service permissions
05 - Repair WMI
10 - Remove Policies Set By Infections
21 - Repair MSI (Windows Installer)
26 - Restore Important Windows Services
  • Checkmark Restart System When Finished option
  • click the Start button
  • System should restart after repair
Can you update Windows now?

#6 nevans07

nevans07
  • Topic Starter

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 PM

Posted 08 September 2014 - 09:38 AM

My man!! That's what I'm talking about!!

 

My computer says-

 

The current repair has failed to start for over 30 sec.

 

The current repair has failed 9 times. Something is keeping the repair from running. 

 

The application was unable to start correctly (0xc0000412) Click OK to close the application. 

 

cmd.exe- Application Error

 

I ran as Administrator.  I disabled all my anti virus. I don't know what to do Nasdaq? 

 

Good news I created a system restore point manually for the first time ever!! Thank you :)



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:49 PM

Posted 08 September 2014 - 12:57 PM


Refer to this Microsoft article.
http://support.microsoft.com/kb/2641432/en-au

Do the Disk Check tool for Windows 7

Keep me posted.

#8 nevans07

nevans07
  • Topic Starter

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 PM

Posted 10 September 2014 - 11:12 AM

The tweaking.com chkdsk tool has been running for the past 2 full days. Is that normal?



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:49 PM

Posted 10 September 2014 - 12:38 PM

No stop the process.

Is the computer running a little better?

#10 nevans07

nevans07
  • Topic Starter

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 PM

Posted 10 September 2014 - 03:49 PM

THIS computer is a lot faster than my computer. I think it's bc it has 4gb memory few progra ms on it and never crashed. Mine has 3gb. THIS computer runs fine it's just that windows stopped updating Once computer is started shuts down MBAE and Comodo. Terminates Process. Says to Press Ok." Once computer is started. Even when I do the dotnet fix you gave me for my computer that worked. Not so on this computer for some reason. (; What to do?



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:49 PM

Posted 11 September 2014 - 07:27 AM

Run the SFC.EXE tool.

How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
http://support.microsoft.com/kb/929833

Keep me posted on the Computer status.

#12 nevans07

nevans07
  • Topic Starter

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 PM

Posted 12 September 2014 - 10:41 AM

Nasdaq I tried tweaking.com and command prompt up above.

 

Both times the computer said:

 

cmd.exe - Application Error

The appication was unable to start correctly (0x0c0000142). Click OK to close the application.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:49 PM

Posted 13 September 2014 - 08:12 AM

Please download MiniToolBox to Desktop and run it.

Check mark the following boxe:
  • List last 10 Event Viewer log
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Edited by nasdaq, 13 September 2014 - 08:13 AM.


#14 nevans07

nevans07
  • Topic Starter

  • Members
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:49 PM

Posted 13 September 2014 - 12:04 PM

MiniToolBox by Farbar  Version: 21-07-2014
Ran by PhyllisSharontreat (administrator) on 13-09-2014 at 13:00:12
Running from "C:\Users\PhyllisSharontreat\Desktop\The Toolbox\WindowsCleanUp"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/13/2014 00:55:52 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 11:44:16 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2013 - Update 'Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (09/12/2014 11:35:44 AM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (09/12/2014 11:32:08 AM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe_aepdu.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x19cc
Faulting application start time: 0xrundll32.exe_aepdu.dll0
Faulting application path: rundll32.exe_aepdu.dll1
Faulting module path: rundll32.exe_aepdu.dll2
Report Id: rundll32.exe_aepdu.dll3

Error: (09/12/2014 11:26:15 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 09:26:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2014 05:53:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2014 05:36:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2014 00:59:17 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 32.0.0.5350, time stamp: 0x53fc3d9f
Faulting module name: mozalloc.dll, version: 32.0.0.5350, time stamp: 0x53fc0a56
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0x1a4c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (09/10/2014 00:59:17 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 32.0.0.5350 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14ac

Start Time: 01cfcd166882c87a

Termination Time: 60

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: c871a36b-390b-11e4-a170-40f02fc176de


System errors:
=============
Error: (09/13/2014 00:59:28 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer NATE-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1292438E-F5F6-4F89-93C1-8378C7E52A65}.
The master browser is stopping or an election is being forced.

Error: (09/13/2014 00:56:46 PM) (Source: Service Control Manager) (User: )
Description: The Malwarebytes Anti-Exploit Service service hung on starting.

Error: (09/12/2014 11:49:15 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2981580).

Error: (09/12/2014 11:44:16 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition.

Error: (09/12/2014 11:35:27 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024dffe: Windows Update Setup Handler.

Error: (09/12/2014 11:26:55 AM) (Source: Service Control Manager) (User: )
Description: The Malwarebytes Anti-Exploit Service service hung on starting.

Error: (09/12/2014 11:25:04 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:40:24 AM on ‎9/‎12/‎2014 was unexpected.

Error: (09/12/2014 09:34:44 AM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:
%%1068

Error: (09/12/2014 09:24:33 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
a2injectiondriver
AFD
cmdGuard
cmdHlp
DfsC
discache
GUBootStartup
inspect
MpFilter
NetBIOS
NetBT
nsiproxy
Psched
rdbss
SASDIFSV
SASKUTIL
spldr
tdx
vwififlt
Wanarpv6
WfpLwf

Error: (09/12/2014 09:24:27 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (09/13/2014 00:55:52 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 11:44:16 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft Office Professional Plus 2013Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition1603(NULL)(NULL)(NULL)

Error: (09/12/2014 11:35:44 AM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073418231

Error: (09/12/2014 11:32:08 AM) (Source: Application Error)(User: )
Description: rundll32.exe_aepdu.dll6.1.7600.163854a5bc9e0unknown0.0.0.000000000c0000005000000000000000019cc01cfce9e97cabc1aC:\Windows\system32\rundll32.exeunknownf45d43a9-3a91-11e4-9cd0-40f02fc176de

Error: (09/12/2014 11:26:15 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/12/2014 09:26:05 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2014 05:53:06 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2014 05:36:39 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/10/2014 00:59:17 PM) (Source: Application Error)(User: )
Description: plugin-container.exe32.0.0.535053fc3d9fmozalloc.dll32.0.0.535053fc0a56800000030000141b1a4c01cfcd16724191aaC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllcc91b604-390b-11e4-a170-40f02fc176de

Error: (09/10/2014 00:59:17 PM) (Source: Application Hang)(User: )
Description: firefox.exe32.0.0.535014ac01cfcd166882c87a60C:\Program Files (x86)\Mozilla Firefox\firefox.exec871a36b-390b-11e4-a170-40f02fc176de


**** End of log ****
 



#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:49 PM

Posted 13 September 2014 - 01:32 PM

Refer to this Microsoft Article.

http://support.microsoft.com/kb/976982

Run the Fix suggested on the page.
===

When completed restart the computer normally.

Try to install these two Microsoft Updates.

Error: (09/12/2014 11:49:15 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2981580).

Error: (09/12/2014 11:44:16 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition.


Keep me posted.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users