Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible malicious infection - Unable to run certain scanners


  • This topic is locked This topic is locked
21 replies to this topic

#1 CLStan

CLStan

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 08 September 2014 - 11:34 PM

Friend of mine brought me her computer to work on...complaining of various strange issues.

 

She already had MBAM installed but it fails to launch...even running the Chameleon utilities fail to launch MBAM.

 

I did try to do a fresh MBAM installation but the install craps out with External Exceptions and Runtime Errors.

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 10.67.2
Run by kat at 23:20:29 on 2014-09-08
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4010.1921 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\windows\system32\lxctcoms.exe
C:\windows\system32\spool\DRIVERS\x64\3\lxdnserv.exe
C:\windows\system32\lxdncoms.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe
C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe
C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
C:\Users\kat\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\windows\system32\hkcmd.exe
C:\windows\system32\igfxtray.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Users\kat\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe
C:\Users\kat\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\windows\system32\wuauclt.exe
C:\Users\kat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\taskhost.exe
C:\Users\kat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://samsung.msn.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: {5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Samsung BHO Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
uRun: [Google Update] "C:\Users\kat\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
uRun: [HLBackupScheduler] "C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Lexmark 5400 Series] "C:\Program Files (x86)\Lexmark 5400 Series\fm3032.exe" /s
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [FaxCenterServer] "C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe" /s
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: HideSCAHealth = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1AAD1F3C-BB58-4DF2-BEB2-4D755DA1F59E} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{1AAD1F3C-BB58-4DF2-BEB2-4D755DA1F59E}\0786275656379616 : DHCPNameServer = 8.8.8.8 4.2.2.2 208.67.222.222
TCP: Interfaces\{1AAD1F3C-BB58-4DF2-BEB2-4D755DA1F59E}\160713 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{1AAD1F3C-BB58-4DF2-BEB2-4D755DA1F59E}\54E434F42554734454544303 : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [lxctmon.exe] "C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe"
x64-Run: [lxdnmon.exe] "C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe"
x64-Run: [lxdnamon] "C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R?2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2012-10-31 4177856]
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2011-6-17 25960]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2011-6-17 13824]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-9-15 1166848]
R2 APNMCP;Ask Update Service;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2014-8-29 166296]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2014-4-2 87368]
R2 lxdn_device;lxdn_device;C:\windows\System32\lxdncoms.exe -service --> C:\windows\System32\lxdncoms.exe -service [?]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;C:\windows\System32\spool\drivers\x64\3\lxdnserv.exe [2009-4-28 29184]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-10-17 166912]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-17 2656536]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2011-9-15 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-3-8 51712]
R3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-3-8 274944]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2011-4-14 31088]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2011-6-16 186152]
R3 iBtFltCoex;iBtFltCoex;C:\windows\System32\drivers\iBtFltCoex.sys [2011-3-22 59904]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-6-17 317440]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-17 471144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2011-9-15 299008]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2013-8-20 103576]
S3 HMFD;GE Digital Video Monitor;C:\windows\System32\drivers\HMFD.sys [2013-7-18 64128]
S3 HTCAND64;HTC Device Driver;C:\windows\System32\drivers\ANDROIDUSB.sys [2014-7-12 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\windows\System32\drivers\htcnprot.sys [2013-10-17 36928]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-8-16 111616]
S3 Samsung UPD Service;Samsung UPD Service;C:\windows\System32\SUPDSvc.exe [2011-6-17 166704]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2013-8-20 204568]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-10-15 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-09-09 03:51:46 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B409A04A-D994-4BB4-B7B4-41E8796A55C2}\offreg.dll
2014-09-09 03:40:02 11319192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B409A04A-D994-4BB4-B7B4-41E8796A55C2}\mpengine.dll
2014-08-22 21:51:09 2620928 ----a-w- C:\windows\System32\wucltux.dll
2014-08-22 21:50:36 97792 ----a-w- C:\windows\System32\wudriver.dll
2014-08-22 21:50:36 92672 ----a-w- C:\windows\SysWow64\wudriver.dll
2014-08-22 21:50:10 36864 ----a-w- C:\windows\System32\wuapp.exe
2014-08-22 21:50:10 33792 ----a-w- C:\windows\SysWow64\wuapp.exe
2014-08-22 21:50:10 198600 ----a-w- C:\windows\System32\wuwebv.dll
2014-08-22 21:50:10 179656 ----a-w- C:\windows\SysWow64\wuwebv.dll
2014-08-20 22:48:24 122584 ----a-w- C:\windows\System32\drivers\48230029.sys
2014-08-19 14:40:33 -------- d-----w- C:\Users\kat\AppData\Roaming\ChemAxon
2014-08-19 14:40:29 -------- d-----w- C:\Users\kat\chemaxon
2014-08-19 14:36:44 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-19 14:22:43 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-08-19 14:21:40 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-08-19 14:21:40 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-08-19 14:21:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-19 13:45:13 99480 ----a-w- C:\windows\SysWow64\infocardapi.dll
2014-08-19 13:45:13 619672 ----a-w- C:\windows\SysWow64\icardagt.exe
2014-08-19 13:45:13 171160 ----a-w- C:\windows\System32\infocardapi.dll
2014-08-19 13:45:13 1389208 ----a-w- C:\windows\System32\icardagt.exe
2014-08-19 13:45:12 8856 ----a-w- C:\windows\SysWow64\icardres.dll
2014-08-19 13:45:12 8856 ----a-w- C:\windows\System32\icardres.dll
2014-08-19 13:44:52 35480 ----a-w- C:\windows\SysWow64\TsWpfWrp.exe
2014-08-19 13:44:52 35480 ----a-w- C:\windows\System32\TsWpfWrp.exe
2014-08-18 22:28:14 -------- d-----w- C:\Program Files (x86)\GUM7E85.tmp
2014-08-16 18:25:53 529920 ----a-w- C:\windows\System32\aepdu.dll
2014-08-16 18:25:53 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-08-16 18:20:43 504320 ----a-w- C:\windows\System32\msihnd.dll
2014-08-16 18:20:43 337408 ----a-w- C:\windows\SysWow64\msihnd.dll
2014-08-16 18:20:43 3241984 ----a-w- C:\windows\System32\msi.dll
2014-08-16 18:20:43 2363392 ----a-w- C:\windows\SysWow64\msi.dll
2014-08-16 18:20:43 1941504 ----a-w- C:\windows\System32\authui.dll
2014-08-16 18:20:43 1805824 ----a-w- C:\windows\SysWow64\authui.dll
2014-08-16 18:20:43 112064 ----a-w- C:\windows\System32\consent.exe
2014-08-16 18:20:39 985536 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2014-08-16 18:15:31 664064 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2014-08-16 18:15:31 1216000 ----a-w- C:\windows\System32\rpcrt4.dll
2014-08-16 18:08:22 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-08-16 18:08:22 2048 ----a-w- C:\windows\System32\tzres.dll
.
==================== Find3M  ====================
.
2014-08-25 11:53:42 270496 ------w- C:\windows\System32\MpSigStub.exe
2014-07-25 14:02:12 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\windows\SysWow64\wininet.dll
2014-07-12 18:47:11 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-12 18:47:11 699056 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-06-26 09:24:34 602112 ----a-w- C:\windows\SysWow64\xvid.dll
2014-06-18 02:18:30 692736 ----a-w- C:\windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\windows\System32\win32k.sys
.
============= FINISH: 23:21:29.01 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 CLStan

CLStan
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 08 September 2014 - 11:39 PM

Additional info:  When I downloaded the latest version of MBAM to see if it was possibly just a bad/corrupt install on her PC...I looked through the download history to see if there was an app or something she may have downloaded that looked suspicious.  Back in March, there were numerous entries for keyloggers.  I don't know if she did this herself or if someone else got ahold of her laptop...so we might want to check for that too while we are at it.

CLS



#3 CLStan

CLStan
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 08 September 2014 - 11:52 PM

Ok...lets restart.  When I shutdown the laptop, windows decided it wanted to do an update.  Here is a NEW DDS...let me know if you want the new Attach.zip too.....

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 10.67.2
Run by kat at 23:47:00 on 2014-09-08
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4010.2578 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\windows\system32\lxctcoms.exe
C:\windows\system32\spool\DRIVERS\x64\3\lxdnserv.exe
C:\windows\system32\lxdncoms.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\windows\system32\taskeng.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe
C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe
C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\windows\system32\hkcmd.exe
C:\windows\system32\igfxtray.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Samsung\Samsung Control Center\EasySpeedUpManager.exe
C:\Users\kat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Users\kat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\kat\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://samsung.msn.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: {5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Samsung BHO Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
uRun: [Google Update] "C:\Users\kat\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
uRun: [HLBackupScheduler] "C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Lexmark 5400 Series] "C:\Program Files (x86)\Lexmark 5400 Series\fm3032.exe" /s
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [FaxCenterServer] "C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe" /s
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: HideSCAHealth = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1AAD1F3C-BB58-4DF2-BEB2-4D755DA1F59E} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{1AAD1F3C-BB58-4DF2-BEB2-4D755DA1F59E}\0786275656379616 : DHCPNameServer = 8.8.8.8 4.2.2.2 208.67.222.222
TCP: Interfaces\{1AAD1F3C-BB58-4DF2-BEB2-4D755DA1F59E}\160713 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{1AAD1F3C-BB58-4DF2-BEB2-4D755DA1F59E}\54E434F42554734454544303 : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [lxctmon.exe] "C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe"
x64-Run: [lxdnmon.exe] "C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe"
x64-Run: [lxdnamon] "C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R?2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2012-10-31 4177856]
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2011-6-17 25960]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2011-6-17 13824]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-9-15 1166848]
R2 APNMCP;Ask Update Service;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2014-8-29 166296]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2014-4-2 87368]
R2 lxdn_device;lxdn_device;C:\windows\System32\lxdncoms.exe -service --> C:\windows\System32\lxdncoms.exe -service [?]
R2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;C:\windows\System32\spool\drivers\x64\3\lxdnserv.exe [2009-4-28 29184]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-10-17 166912]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2011-9-15 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-3-8 51712]
R3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-3-8 274944]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2011-4-14 31088]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2011-6-16 186152]
R3 iBtFltCoex;iBtFltCoex;C:\windows\System32\drivers\iBtFltCoex.sys [2011-3-22 59904]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-6-17 317440]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-17 471144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-17 2656536]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2011-9-15 299008]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2013-8-20 103576]
S3 HMFD;GE Digital Video Monitor;C:\windows\System32\drivers\HMFD.sys [2013-7-18 64128]
S3 HTCAND64;HTC Device Driver;C:\windows\System32\drivers\ANDROIDUSB.sys [2014-7-12 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\windows\System32\drivers\htcnprot.sys [2013-10-17 36928]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-8-16 111616]
S3 Samsung UPD Service;Samsung UPD Service;C:\windows\System32\SUPDSvc.exe [2011-6-17 166704]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2013-8-20 204568]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-10-15 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-09-09 03:51:46 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B409A04A-D994-4BB4-B7B4-41E8796A55C2}\offreg.dll
2014-09-09 03:40:02 11319192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B409A04A-D994-4BB4-B7B4-41E8796A55C2}\mpengine.dll
2014-09-09 03:39:45 404480 ----a-w- C:\windows\System32\gdi32.dll
2014-09-09 03:39:45 3163648 ----a-w- C:\windows\System32\win32k.sys
2014-09-09 03:39:45 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
2014-08-22 21:51:09 2620928 ----a-w- C:\windows\System32\wucltux.dll
2014-08-22 21:50:36 97792 ----a-w- C:\windows\System32\wudriver.dll
2014-08-22 21:50:36 92672 ----a-w- C:\windows\SysWow64\wudriver.dll
2014-08-22 21:50:10 36864 ----a-w- C:\windows\System32\wuapp.exe
2014-08-22 21:50:10 33792 ----a-w- C:\windows\SysWow64\wuapp.exe
2014-08-22 21:50:10 198600 ----a-w- C:\windows\System32\wuwebv.dll
2014-08-22 21:50:10 179656 ----a-w- C:\windows\SysWow64\wuwebv.dll
2014-08-20 22:48:24 122584 ----a-w- C:\windows\System32\drivers\48230029.sys
2014-08-19 14:40:33 -------- d-----w- C:\Users\kat\AppData\Roaming\ChemAxon
2014-08-19 14:40:29 -------- d-----w- C:\Users\kat\chemaxon
2014-08-19 14:36:44 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-19 14:22:43 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-08-19 14:21:40 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-08-19 14:21:40 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-08-19 14:21:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-19 13:45:13 99480 ----a-w- C:\windows\SysWow64\infocardapi.dll
2014-08-19 13:45:13 619672 ----a-w- C:\windows\SysWow64\icardagt.exe
2014-08-19 13:45:13 171160 ----a-w- C:\windows\System32\infocardapi.dll
2014-08-19 13:45:13 1389208 ----a-w- C:\windows\System32\icardagt.exe
2014-08-19 13:45:12 8856 ----a-w- C:\windows\SysWow64\icardres.dll
2014-08-19 13:45:12 8856 ----a-w- C:\windows\System32\icardres.dll
2014-08-19 13:44:52 35480 ----a-w- C:\windows\SysWow64\TsWpfWrp.exe
2014-08-19 13:44:52 35480 ----a-w- C:\windows\System32\TsWpfWrp.exe
2014-08-18 22:28:14 -------- d-----w- C:\Program Files (x86)\GUM7E85.tmp
2014-08-16 18:25:53 529920 ----a-w- C:\windows\System32\aepdu.dll
2014-08-16 18:25:53 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-08-16 18:20:43 504320 ----a-w- C:\windows\System32\msihnd.dll
2014-08-16 18:20:43 337408 ----a-w- C:\windows\SysWow64\msihnd.dll
2014-08-16 18:20:43 3241984 ----a-w- C:\windows\System32\msi.dll
2014-08-16 18:20:43 2363392 ----a-w- C:\windows\SysWow64\msi.dll
2014-08-16 18:20:43 1941504 ----a-w- C:\windows\System32\authui.dll
2014-08-16 18:20:43 1805824 ----a-w- C:\windows\SysWow64\authui.dll
2014-08-16 18:20:43 112064 ----a-w- C:\windows\System32\consent.exe
2014-08-16 18:20:39 985536 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2014-08-16 18:15:31 664064 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2014-08-16 18:15:31 1216000 ----a-w- C:\windows\System32\rpcrt4.dll
2014-08-16 18:08:22 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-08-16 18:08:22 2048 ----a-w- C:\windows\System32\tzres.dll
.
==================== Find3M  ====================
.
2014-08-25 11:53:42 270496 ------w- C:\windows\System32\MpSigStub.exe
2014-07-25 14:02:12 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\windows\SysWow64\wininet.dll
2014-07-12 18:47:11 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-12 18:47:11 699056 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-06-26 09:24:34 602112 ----a-w- C:\windows\SysWow64\xvid.dll
2014-06-18 02:18:30 692736 ----a-w- C:\windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\windows\SysWow64\osk.exe
.
============= FINISH: 23:49:42.35 ===============


#4 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:02:35 PM

Posted 13 September 2014 - 07:01 PM

Hello and :welcome: on bleeping computer
My name is Sandra and I will help you with your problem.

  • Please follow my instructions in the order they are given
  • Read the instructions carefully before you start. If you get in trouble or do not understand what is to do then stop with the execution and describe the problem as good as you can
  • Do only run Scans which I advise to you
  • Do not do crossposting (Posting in different forums)
  • Do not de- or install software during removal, expect I advisted that to you
  • Please post all logfiles as a reply instead of attaching them unless I asked you for do so. If the files are too big then use more posts, thanks
  • Please keep in mind that we are all doing this here in our freetime, if I do not reply within 48 hours, feel free to send me a PM

 

 

Step 1

Scan with FRST
Please download Farbar Recovery Scan Tool  and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,

 

Sandra


#5 CLStan

CLStan
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 15 September 2014 - 12:51 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by kat (administrator) on KAT-PC on 15-09-2014 00:42:05
Running from C:\Users\kat\Desktop\BLEEPING
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
( ) C:\Windows\System32\lxctcoms.exe
(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxdnserv.exe
( ) C:\Windows\System32\lxdncoms.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe
(Lexmark International Inc.) C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe
() C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
(Google Inc.) C:\Users\kat\AppData\Local\Google\Update\GoogleUpdate.exe
() C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\Lexmark 2600 Series\lxdnmsdmon.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\EasySpeedUpManager.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(APN LLC.) C:\Users\kat\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe
(APN LLC.) C:\Users\kat\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-18] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2721576 2011-06-16] (ELAN Microelectronics Corp.)
HKLM\...\Run: [lxctmon.exe] => C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe [291760 2006-11-22] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe [82864 2006-11-22] (Lexmark International Inc.)
HKLM\...\Run: [lxdnmon.exe] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe [660136 2010-02-03] ()
HKLM\...\Run: [lxdnamon] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe [16040 2010-02-03] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [Lexmark 5400 Series] => C:\Program Files (x86)\Lexmark 5400 Series\fm3032.exe [304048 2006-11-22] ()
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [3056576 2012-10-31] (Symantec Corporation)
HKLM-x32\...\Run: [FaxCenterServer] => C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe [320168 2010-02-03] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ROC_ROC_JULY_P1] => "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296096 2012-10-06] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1942424 2014-08-29] (APN)
HKLM-x32\...\Run: [VMM Mode Selection] => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [83448 2013-05-02] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2122792035-2367386194-851990126-1001\...\Run: [Google Update] => C:\Users\kat\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-09] (Google Inc.)
HKU\S-1-5-21-2122792035-2367386194-851990126-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6276408 2011-08-22] (Yahoo! Inc.)
HKU\S-1-5-21-2122792035-2367386194-851990126-1001\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
HKU\S-1-5-21-2122792035-2367386194-851990126-1001\...\Run: [HLBackupScheduler] => C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe [19747648 2014-06-26] ()
HKU\S-1-5-21-2122792035-2367386194-851990126-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2122792035-2367386194-851990126-1001\...\MountPoints2: F - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2122792035-2367386194-851990126-1001\...\MountPoints2: {8ee8371b-9cb9-11e2-b89c-dca9710779c4} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2122792035-2367386194-851990126-1001\...\MountPoints2: {b5822fa0-ff2f-11e3-b802-dca9710779c4} - F:\TL-Bootstrap.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs:  C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [226920 2011-03-06] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [192616 2011-03-06] (NVIDIA Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2463} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=103&systemid=463&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2463} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=103&systemid=463&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2463} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=103&systemid=463&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2463} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=103&systemid=463&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={E0D59252-0B5D-4B1D-8249-F202603416DA}&mid=0c0ccffb155247d1a7940de037e39037-d689797598faae266451eb94667940731809ba67&lang=en&ds=AVG&pr=fr&d=2012-04-07 17:16:17&v=12.2.5.32&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2463} URL = http://isearch.fantastigames.com/web?src=ieb&gct=ds&appid=103&systemid=463&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Lexmark Toolbar -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: No Name -> {5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\kat\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\kat\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-10-06]
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/", "hxxp://www.outfox.tv/?referid=150"
CHR DefaultSearchKeyword: Default -> 4F1FD03E0C7B77D6F45CB85AB2E901419118D9F49307DF909807A758014025FF
CHR DefaultSearchURL: Default -> D1C1FB885BB4F3DE56F373904BB105929E0B720D79FB8D6EF7E0F3B32B159512
CHR Profile: C:\Users\kat\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\kat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31]
CHR Extension: (YouTube) - C:\Users\kat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Google Search) - C:\Users\kat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (Google Wallet) - C:\Users\kat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16]
CHR Extension: (Gmail) - C:\Users\kat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKLM\...\Chrome\Extension: [pljcgbedjplidkdjahbaalanadmjfgop] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7C\CRX\ToolbarCR.crx [2014-09-11]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-10-06]
CHR HKLM-x32\...\Chrome\Extension: [pljcgbedjplidkdjahbaalanadmjfgop] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7C\CRX\ToolbarCR.crx [2014-09-11]
CHR StartMenuInternet: Google Chrome - C:\Users\kat\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-08-29] (APN LLC.)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-04-02] (Nero AG)
R2 lxct_device; C:\windows\system32\lxctcoms.exe [566192 2006-11-22] ( )
R2 lxct_device; C:\windows\SysWOW64\lxctcoms.exe [537520 2006-11-22] ( )
R2 lxdnCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe [29184 2009-04-28] (Lexmark International, Inc.)
R2 lxdn_device; C:\windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )
R2 lxdn_device; C:\windows\SysWOW64\lxdncoms.exe [589824 2007-11-28] ( )
U2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4177856 2012-10-31] (Symantec Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 HMFD; C:\Windows\System32\Drivers\HMFD.SYS [64128 2012-04-13] ()
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-06-27] (Windows ® 2003 DDK 3790 provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-15 00:44 - 2014-09-15 00:44 - 17328816 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-15 00:41 - 2014-09-15 00:42 - 00000000 ____D () C:\FRST
2014-09-08 23:22 - 2014-09-15 00:42 - 00000000 ____D () C:\Users\kat\Desktop\BLEEPING
2014-09-08 22:59 - 2014-09-08 23:16 - 00000000 ____D () C:\Users\kat\Desktop\OTHER STUFF
2014-09-08 22:54 - 2014-09-08 22:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\kat\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-08 22:39 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-09-08 22:39 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-09-08 22:39 - 2014-08-22 19:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-26 19:44 - 2014-08-26 19:44 - 00114768 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-26 19:43 - 2014-08-26 19:43 - 00000000 ____D () C:\Users\Guest\Documents\HTC
2014-08-26 19:43 - 2014-08-26 19:43 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-08-26 19:43 - 2014-08-26 19:43 - 00000000 ____D () C:\Users\Guest\AppData\Local\HTC MediaHub
2014-08-26 19:43 - 2014-08-26 19:43 - 00000000 ____D () C:\Users\Guest\AppData\Local\Apple Computer
2014-08-26 19:43 - 2014-08-26 19:43 - 00000000 ____D () C:\Users\Guest\.android
2014-08-23 14:57 - 2014-08-23 14:57 - 00062868 _____ () C:\Users\kat\Downloads\affordabledrivewaygates-com.3dcartstores.com.htm
2014-08-23 14:57 - 2014-08-23 14:57 - 00000000 ____D () C:\Users\kat\Downloads\affordabledrivewaygates-com.3dcartstores.com_files
2014-08-22 18:52 - 2014-08-22 18:52 - 00059290 _____ () C:\Users\kat\Downloads\Welcome to Gulf Coast Gate and Fence -.htm
2014-08-22 18:52 - 2014-08-22 18:52 - 00000000 ____D () C:\Users\kat\Downloads\Welcome to Gulf Coast Gate and Fence -_files
2014-08-22 16:51 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-22 16:51 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-22 16:51 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-22 16:51 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-22 16:50 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-22 16:50 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-22 16:50 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-22 16:50 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-22 16:50 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-22 16:50 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-22 16:50 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-22 16:50 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-22 16:50 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-22 16:50 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-08-20 17:48 - 2014-08-20 17:48 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\48230029.sys
2014-08-19 09:40 - 2014-08-19 09:40 - 00000000 ____D () C:\Users\kat\chemaxon
2014-08-19 09:40 - 2014-08-19 09:40 - 00000000 ____D () C:\Users\kat\AppData\Roaming\ChemAxon
2014-08-19 09:36 - 2014-08-19 09:36 - 00004489 _____ () C:\windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-19 09:36 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-19 09:36 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-08-19 09:36 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-08-19 09:36 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-08-19 09:22 - 2014-08-25 12:24 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-19 09:21 - 2014-09-08 23:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-19 09:21 - 2014-09-08 22:57 - 00001062 _____ () C:\Users\kat\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-19 09:21 - 2014-09-08 22:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-19 09:21 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-08-19 09:21 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-08-19 08:45 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-19 08:45 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-19 08:45 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-19 08:45 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-19 08:45 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-19 08:45 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-19 08:44 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-19 08:44 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-18 17:28 - 2014-08-18 17:28 - 00000000 ____D () C:\Program Files (x86)\GUM7E85.tmp
2014-08-16 13:27 - 2014-07-31 18:41 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-16 13:27 - 2014-07-31 18:16 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-16 13:27 - 2014-07-25 09:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-16 13:27 - 2014-07-25 09:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-16 13:27 - 2014-07-25 09:01 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-16 13:27 - 2014-07-25 08:51 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-16 13:27 - 2014-07-25 08:30 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-16 13:27 - 2014-07-25 08:28 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-16 13:27 - 2014-07-25 08:28 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-16 13:27 - 2014-07-25 08:25 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-16 13:27 - 2014-07-25 08:25 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-16 13:27 - 2014-07-25 08:11 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-16 13:27 - 2014-07-25 08:10 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-16 13:27 - 2014-07-25 08:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-16 13:27 - 2014-07-25 08:03 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-16 13:27 - 2014-07-25 08:00 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-16 13:27 - 2014-07-25 08:00 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-16 13:27 - 2014-07-25 07:59 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-16 13:27 - 2014-07-25 07:47 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-16 13:27 - 2014-07-25 07:40 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-16 13:27 - 2014-07-25 07:34 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-16 13:27 - 2014-07-25 07:34 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-16 13:27 - 2014-07-25 07:33 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-16 13:27 - 2014-07-25 07:30 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-16 13:27 - 2014-07-25 07:28 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-16 13:27 - 2014-07-25 07:28 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-16 13:27 - 2014-07-25 07:21 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-16 13:27 - 2014-07-25 07:19 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-16 13:27 - 2014-07-25 07:18 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-16 13:27 - 2014-07-25 07:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-16 13:27 - 2014-07-25 07:17 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-16 13:27 - 2014-07-25 07:12 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-16 13:27 - 2014-07-25 07:10 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-16 13:27 - 2014-07-25 07:10 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-16 13:27 - 2014-07-25 07:08 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-16 13:27 - 2014-07-25 07:06 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-16 13:27 - 2014-07-25 06:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-16 13:27 - 2014-07-25 06:47 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-16 13:27 - 2014-07-25 06:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-16 13:27 - 2014-07-25 06:42 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-16 13:27 - 2014-07-25 06:39 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-16 13:27 - 2014-07-25 06:39 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-16 13:27 - 2014-07-25 06:36 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-16 13:27 - 2014-07-25 06:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-16 13:27 - 2014-07-25 06:29 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-16 13:27 - 2014-07-25 06:23 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-16 13:27 - 2014-07-25 06:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-16 13:27 - 2014-07-25 06:07 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-16 13:27 - 2014-07-25 06:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-16 13:27 - 2014-07-25 06:03 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-16 13:27 - 2014-07-25 05:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-16 13:27 - 2014-07-25 05:26 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-16 13:27 - 2014-07-25 05:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-16 13:27 - 2014-07-25 05:09 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-16 13:27 - 2014-07-25 05:05 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-16 13:27 - 2014-07-25 05:00 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-16 13:25 - 2014-08-06 21:06 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-16 13:25 - 2014-08-06 21:01 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-16 13:20 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-16 13:20 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-16 13:20 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-16 13:20 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-16 13:20 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-16 13:20 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-16 13:20 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-16 13:20 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-16 13:20 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-16 13:20 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-16 13:15 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-16 13:15 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-16 13:08 - 2014-07-15 22:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-16 13:08 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-15 00:44 - 2014-09-15 00:44 - 17328816 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-15 00:44 - 2013-02-25 19:07 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-15 00:44 - 2013-02-25 19:07 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-15 00:44 - 2012-11-08 19:07 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-15 00:44 - 2011-10-21 10:59 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-15 00:42 - 2014-09-15 00:41 - 00000000 ____D () C:\FRST
2014-09-15 00:42 - 2014-09-08 23:22 - 00000000 ____D () C:\Users\kat\Desktop\BLEEPING
2014-09-15 00:42 - 2014-07-12 14:01 - 00000000 ____D () C:\Users\kat\AppData\Local\Backup Assistant Plus
2014-09-15 00:41 - 2011-06-17 20:49 - 01436420 _____ () C:\windows\WindowsUpdate.log
2014-09-15 00:35 - 2009-07-13 23:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 00:35 - 2009-07-13 23:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 00:32 - 2014-07-12 14:05 - 00000000 ____D () C:\Users\kat\AppData\Local\HTC MediaHub
2014-09-15 00:32 - 2012-05-17 21:13 - 00000410 _____ () C:\windows\Tasks\PC Optimizer Pro64 startups.job
2014-09-15 00:25 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-15 00:25 - 2009-07-13 23:51 - 00083376 _____ () C:\windows\setupact.log
2014-09-09 09:46 - 2011-10-09 17:00 - 00000900 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2122792035-2367386194-851990126-1001UA.job
2014-09-08 23:43 - 2009-07-13 23:45 - 00419712 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-08 23:42 - 2010-11-20 22:47 - 00470812 _____ () C:\windows\PFRO.log
2014-09-08 23:32 - 2014-08-19 09:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-08 23:22 - 2011-10-21 08:02 - 00000000 ____D () C:\Users\kat\AppData\Local\CrashDumps
2014-09-08 23:16 - 2014-09-08 22:59 - 00000000 ____D () C:\Users\kat\Desktop\OTHER STUFF
2014-09-08 22:57 - 2014-08-19 09:21 - 00001062 _____ () C:\Users\kat\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-08 22:57 - 2014-08-19 09:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-08 22:54 - 2014-09-08 22:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\kat\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-08 22:41 - 2014-03-24 19:29 - 00002352 _____ () C:\Users\kat\Desktop\Google Chrome.lnk
2014-09-08 22:36 - 2011-06-17 05:02 - 00000000 ____D () C:\Program Files\Samsung
2014-09-08 22:36 - 2011-06-17 04:52 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-08 22:34 - 2012-02-01 12:20 - 00000000 ____D () C:\Program Files (x86)\System
2014-09-08 22:33 - 2011-10-21 10:58 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-09-08 22:33 - 2011-10-21 10:56 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-09-08 22:28 - 2011-10-09 17:00 - 00000848 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2122792035-2367386194-851990126-1001Core.job
2014-08-26 19:44 - 2014-08-26 19:44 - 00114768 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-26 19:43 - 2014-08-26 19:43 - 00000000 ____D () C:\Users\Guest\Documents\HTC
2014-08-26 19:43 - 2014-08-26 19:43 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-08-26 19:43 - 2014-08-26 19:43 - 00000000 ____D () C:\Users\Guest\AppData\Local\HTC MediaHub
2014-08-26 19:43 - 2014-08-26 19:43 - 00000000 ____D () C:\Users\Guest\AppData\Local\Apple Computer
2014-08-26 19:43 - 2014-08-26 19:43 - 00000000 ____D () C:\Users\Guest\.android
2014-08-26 19:43 - 2012-12-03 20:06 - 00001413 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-26 19:43 - 2012-12-03 20:06 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer
2014-08-26 19:43 - 2012-12-03 20:05 - 00000000 ____D () C:\Users\Guest
2014-08-25 16:38 - 2012-11-19 16:56 - 00003332 _____ () C:\windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2122792035-2367386194-851990126-1001
2014-08-25 16:38 - 2012-11-19 16:56 - 00003194 _____ () C:\windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2122792035-2367386194-851990126-1001
2014-08-25 12:24 - 2014-08-19 09:22 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-25 06:53 - 2010-11-20 22:27 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-08-24 13:04 - 2014-07-12 14:01 - 00001736 _____ () C:\Users\kat\Desktop\Verizon Cloud.lnk
2014-08-23 14:57 - 2014-08-23 14:57 - 00062868 _____ () C:\Users\kat\Downloads\affordabledrivewaygates-com.3dcartstores.com.htm
2014-08-23 14:57 - 2014-08-23 14:57 - 00000000 ____D () C:\Users\kat\Downloads\affordabledrivewaygates-com.3dcartstores.com_files
2014-08-22 21:07 - 2014-09-08 22:39 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-22 20:45 - 2014-09-08 22:39 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-22 19:59 - 2014-09-08 22:39 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-22 18:52 - 2014-08-22 18:52 - 00059290 _____ () C:\Users\kat\Downloads\Welcome to Gulf Coast Gate and Fence -.htm
2014-08-22 18:52 - 2014-08-22 18:52 - 00000000 ____D () C:\Users\kat\Downloads\Welcome to Gulf Coast Gate and Fence -_files
2014-08-20 17:48 - 2014-08-20 17:48 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\48230029.sys
2014-08-19 09:40 - 2014-08-19 09:40 - 00000000 ____D () C:\Users\kat\chemaxon
2014-08-19 09:40 - 2014-08-19 09:40 - 00000000 ____D () C:\Users\kat\AppData\Roaming\ChemAxon
2014-08-19 09:40 - 2011-10-09 12:04 - 00000000 ____D () C:\Users\kat
2014-08-19 09:37 - 2014-01-01 19:20 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-19 09:36 - 2014-08-19 09:36 - 00004489 _____ () C:\windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-19 09:36 - 2012-01-23 11:57 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-19 09:22 - 2012-03-20 10:41 - 00000000 ____D () C:\Users\kat\AppData\Roaming\Malwarebytes
2014-08-19 09:21 - 2012-03-20 10:41 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-19 09:21 - 2012-03-20 10:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-19 09:12 - 2011-10-13 21:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-19 09:12 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-19 08:44 - 2014-05-09 11:57 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-18 17:28 - 2014-08-18 17:28 - 00000000 ____D () C:\Program Files (x86)\GUM7E85.tmp
 
Some content of TEMP:
====================
C:\Users\kat\AppData\Local\Temp\APNSetup.exe
C:\Users\kat\AppData\Local\Temp\avguidx.dll
C:\Users\kat\AppData\Local\Temp\CommonInstaller.exe
C:\Users\kat\AppData\Local\Temp\contentDATs.exe
C:\Users\kat\AppData\Local\Temp\fljjqlwglbiro.exe
C:\Users\kat\AppData\Local\Temp\GUR5D3E.exe
C:\Users\kat\AppData\Local\Temp\GURD307.exe
C:\Users\kat\AppData\Local\Temp\iGearedHelper.dll
C:\Users\kat\AppData\Local\Temp\installhelper.dll
C:\Users\kat\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\kat\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\kat\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\kat\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\kat\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\kat\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\kat\AppData\Local\Temp\lowproc.exe
C:\Users\kat\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\kat\AppData\Local\Temp\propsys.dll
C:\Users\kat\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\kat\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\kat\AppData\Local\Temp\stubhelper.dll
C:\Users\kat\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\kat\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\kat\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\kat\AppData\Local\Temp\wget.exe
C:\Users\kat\AppData\Local\Temp\{920A97D2-0D03-457F-9EE0-BC82EF958C8A}-23.0.1271.95_23.0.1271.91_chrome_updater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-08 22:28
 
==================== End Of Log ============================
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by kat at 2014-09-15 00:45:33
Running from C:\Users\kat\Desktop\BLEEPING
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-4300-76A7-A758B70C1002}) (Version: 12.16.2.57 - APN, LLC) <==== ATTENTION
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2227 - CyberLink Corp.) Hidden
CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink Media+ Player10 (x32 Version: 10.0.1110.00 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 5.0.1130a - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3802 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.3306 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4013 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.4013 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
Easy Content Share (HKLM-x32\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Easy Phone Tunes (HKLM-x32\...\{03ED925F-9E5E-4532-998D-7F8840FE5A74}) (Version: 137 - Easy Phone Tunes)
EasyFileShare (HKLM-x32\...\{16880765-677F-440B-B16A-BFD9B9C00012}) (Version: 1.0.12 - Samsung)
ETDWare PS/2-X64 10.0.7.2_WHQL (HKLM\...\Elantech) (Version: 10.0.7.2 - ELAN Microelectronic Corp.)
FaxRedist (HKLM-x32\...\{2C8CC208-965C-48A1-90A8-DFB484358F1C}) (Version: 1.0.0 -  )
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GE Digital Video Monitor 1.0.1.0 (HKLM-x32\...\{446235B3-F201-4AC6-B242-11AD5805A6EA}_is1) (Version:  - *)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.11.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.13.0 - HTC)
Index.dat Analyzer v2.5 (HKLM-x32\...\Index.dat Analyzer_is1) (Version: 2.5 - Systenance Software)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Interactive Guide (HKLM-x32\...\{CB383BE9-7518-4ABD-826E-8FC4695F7D52}) (Version: 1.0 - )
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java™ 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Lexmark 2600 Series (HKLM\...\Lexmark 2600 Series) (Version:  - Lexmark International, Inc.)
Lexmark 5400 Series (HKLM\...\Lexmark 5400 Series) (Version:  - Lexmark International, Inc.)
Lexmark Fax Solutions (HKLM\...\Lexmark Fax Solutions) (Version:  - )
Lexmark Toolbar (HKLM-x32\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version: 4.0.53.0 - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.6.0.86 - Symantec Corporation)
NVIDIA Display Control Panel (Version: 6.14.12.6754 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 267.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.54 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.265.39.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.0.21 (Version: 1.0.21 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.0.21 - NVIDIA Corporation) Hidden
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6378 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 2.0.67.1 - Samsung Electronics Co., Ltd.)
Samsung Control Center (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version:  - Samsung Electronics Co., Ltd.)
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.3 - Samsung)
Samsung Support Center (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.26 - Samsung)
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.02.05.00:27 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.5.0 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Verizon Cloud (HKLM-x32\...\Verizon Cloud) (Version:  - Verizon Wireless)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Windows Driver Package - RDI Technology (Shenzhen) Co., Ltd. (HMFD) Image  (04/20/2012 3.00.0002.21) (HKLM\...\C2CEAF17F695A583AC1C123B0A8B15E6784A3A49) (Version: 04/20/2012 3.00.0002.21 - RDI Technology (Shenzhen) Co., Ltd.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live fotoattēlu galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Foto-galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Pošta (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 메일 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 사진 갤러리 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 필수 패키지 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WModem Driver Installer (HKLM-x32\...\HTC_WModemDriver) (Version: 3.0.9.0 - HTC)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2122792035-2367386194-851990126-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\kat\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2122792035-2367386194-851990126-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\kat\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2122792035-2367386194-851990126-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\kat\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2122792035-2367386194-851990126-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\kat\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
24-07-2014 05:41:28 Windows Update
01-08-2014 13:28:29 Windows Update
05-08-2014 16:15:23 Windows Update
08-08-2014 21:20:59 Windows Update
15-08-2014 12:42:16 Windows Update
19-08-2014 13:42:19 Windows Update
19-08-2014 14:34:42 Installed Java 7 Update 67
22-08-2014 21:48:53 Windows Update
22-08-2014 21:59:29 Windows Update
27-08-2014 02:47:32 Windows Update
09-09-2014 03:34:44 Removed Multimedia POP
09-09-2014 03:39:44 Windows Update
09-09-2014 04:40:13 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0C42A97F-D4C8-4F5D-B4FB-7C3E33792012} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2122792035-2367386194-851990126-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {0EEBCABE-0A56-42C6-B592-98C1835BC6CB} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe [2011-06-15] (Samsung Electronics Co., Ltd.)
Task: {13236F5C-C626-43EC-BBBF-F9ED70DC5DA1} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Samsung Control Center\SCCSpeedBoot.exe [2011-05-17] (Samsung Electronics Co., Ltd.)
Task: {202D21AD-3412-4D3A-A504-D9CF6EB0F81A} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe
Task: {44094604-E71B-436C-90BD-57D6FE5FBA88} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2122792035-2367386194-851990126-1001UA => C:\Users\kat\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-09] (Google Inc.)
Task: {4F69685E-0440-4364-9D99-5E45DD8296DE} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-03-28] (SEC)
Task: {7063A1A8-3FA6-41D7-96C8-3E17DF6812F3} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-04-14] (CyberLink)
Task: {76DEABE7-9AD3-4655-982E-19E9F1C21438} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe [2011-06-15] (Samsung Electronics Co., Ltd.)
Task: {83815618-B990-44B4-822B-F890DEF3361A} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Samsung Control Center\EBM\EasyBatteryMgr4.exe [2011-05-09] (SAMSUNG Electronics co., LTD.)
Task: {8A83A24E-6F77-4AF1-B461-25413C9DC6DF} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe [2011-06-04] (Samsung Electronics Co., Ltd.)
Task: {96B437CC-D3B7-4141-8734-EE49F1D0FC3C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2122792035-2367386194-851990126-1001Core => C:\Users\kat\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-09] (Google Inc.)
Task: {9AC32444-ECCC-4F66-B8D0-2E7E961A18A6} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {B15E1F3B-88C1-4153-9CE8-02C3AD65656C} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-26] (Samsung Electronics)
Task: {C31732D7-CE6C-49E5-BF1E-D3523A97FA2D} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-15] (Adobe Systems Incorporated)
Task: {C5912CDD-2464-4E85-A006-25F2986E7294} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C911AF6C-92D7-4C4B-8871-C5170AB44FBE} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe [2011-02-16] (Samsung Electronics Co., Ltd.)
Task: {CEC6069B-8E05-435C-B856-3D09CA7B0B4C} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2122792035-2367386194-851990126-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {FA1EB127-AC4B-4987-A3BA-695551349F8D} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-04-17] (SAMSUNG Electronics)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2122792035-2367386194-851990126-1001Core.job => C:\Users\kat\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2122792035-2367386194-851990126-1001UA.job => C:\Users\kat\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2011-10-21 07:56 - 2006-10-18 07:24 - 00045056 _____ () C:\windows\System32\lxctpmon.dll
2011-10-21 07:56 - 2006-10-18 05:32 - 00081408 _____ () C:\Program Files (x86)\Lexmark 5400 Series\ipcmt64.dll
2012-01-11 16:43 - 2009-04-21 01:33 - 00045568 _____ () C:\windows\System32\LXF3PMON.DLL
2012-01-11 16:43 - 2007-08-27 00:44 - 00053248 _____ () C:\windows\System32\LXF3OEM.DLL
2012-01-11 16:43 - 2009-04-21 01:31 - 00081408 _____ () C:\Program Files (x86)\Lexmark Fax Solutions\ipcmt64.dll
2012-01-11 16:43 - 2009-04-21 01:33 - 00003584 _____ () C:\windows\System32\LXF3PMRC.DLL
2011-06-17 20:21 - 2008-06-04 18:53 - 00027648 _____ () C:\windows\System32\spd__l.dll
2012-01-11 16:45 - 2009-08-13 03:06 - 00177152 _____ () C:\windows\system32\spool\PRTPROCS\x64\lxdndrpp.dll
2011-10-21 07:57 - 2006-11-13 04:40 - 00146432 _____ () C:\windows\system32\spool\PRTPROCS\x64\lxctdrpp.dll
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2011-06-17 05:09 - 2009-12-01 02:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2011-06-17 20:21 - 2010-10-21 13:22 - 00709632 _____ () C:\windows\system32\SnMinDrv.dll
2011-10-21 07:56 - 2006-11-22 10:11 - 00291760 _____ () C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe
2012-01-11 16:41 - 2010-02-03 23:05 - 00660136 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
2014-06-26 04:24 - 2014-06-26 04:24 - 19747648 _____ () C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe
2014-06-26 04:23 - 2014-06-26 04:23 - 00160256 _____ () C:\Program Files\Verizon Cloud\libexpat.dll
2014-06-26 04:23 - 2014-06-26 04:23 - 15655424 _____ () C:\Program Files\Verizon Cloud\avcodec-54.dll
2014-06-26 04:23 - 2014-06-26 04:23 - 00217600 _____ () C:\Program Files\Verizon Cloud\avutil-51.dll
2014-06-26 04:23 - 2014-06-26 04:23 - 03004928 _____ () C:\Program Files\Verizon Cloud\avformat-54.dll
2014-06-26 04:23 - 2014-06-26 04:23 - 00347648 _____ () C:\Program Files\Verizon Cloud\swscale-2.dll
2014-05-27 12:33 - 2014-05-27 12:33 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2012-01-11 16:41 - 2010-02-03 23:05 - 00025256 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe
2014-05-27 12:32 - 2014-05-27 12:32 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-05-27 12:32 - 2014-05-27 12:32 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-05-27 12:33 - 2014-05-27 12:33 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-05-27 12:32 - 2014-05-27 12:32 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-05-27 12:33 - 2014-05-27 12:33 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-05-27 12:34 - 2014-05-27 12:34 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-05-27 12:35 - 2014-05-27 12:35 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2011-10-21 07:56 - 2006-08-08 15:54 - 00278528 _____ () C:\Program Files (x86)\Lexmark 5400 Series\lxctscw.dll
2011-10-21 07:56 - 2006-06-09 02:39 - 00143360 _____ () C:\Program Files (x86)\Lexmark 5400 Series\lxctdrec.dll
2011-10-21 07:56 - 2006-05-25 16:20 - 00241664 _____ () C:\Program Files (x86)\Lexmark 5400 Series\iptk.dll
2012-01-11 16:41 - 2009-07-23 10:48 - 00380928 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdnscw.dll
2012-01-11 16:40 - 2007-05-28 22:39 - 00589824 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdndatr.dll
2012-01-11 16:40 - 2007-03-25 22:39 - 00073728 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdncats.dll
2012-01-11 16:41 - 2009-07-23 10:49 - 00782336 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdnDRS.dll
2012-01-11 16:41 - 2009-05-14 04:46 - 00081920 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdncaps.dll
2012-01-11 16:41 - 2007-10-02 05:51 - 00069632 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdncnv4.dll
2011-06-17 05:21 - 2011-02-16 11:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Samsung Control Center\WinCRT.dll
2012-01-11 16:41 - 2010-02-03 00:21 - 00028672 _____ () C:\Program Files (x86)\Lexmark 2600 Series\App4R.Monitor.Common.dll
2012-01-11 16:41 - 2010-02-03 00:21 - 00036864 _____ () C:\Program Files (x86)\Lexmark 2600 Series\App4R.Monitor.Core.dll
2012-01-11 16:41 - 2010-02-03 00:20 - 00065536 _____ () C:\Program Files (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.dll
2012-01-11 16:41 - 2009-06-26 04:17 - 00012288 _____ () C:\Program Files (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
2011-10-21 10:58 - 2011-08-22 01:18 - 00925696 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2011-06-17 05:21 - 2006-08-11 22:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Samsung Control Center\HookDllPS2.dll
2009-11-02 00:20 - 2009-11-02 00:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 00:23 - 2009-11-02 00:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2011-06-17 05:22 - 2010-05-07 09:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2014-09-08 22:39 - 2014-08-29 21:49 - 01098056 _____ () C:\Users\kat\AppData\Local\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
2014-09-08 22:39 - 2014-08-29 21:49 - 00174408 _____ () C:\Users\kat\AppData\Local\Google\Chrome\Application\37.0.2062.103\libegl.dll
2014-09-08 22:39 - 2014-08-29 21:49 - 08577864 _____ () C:\Users\kat\AppData\Local\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-08 22:39 - 2014-08-29 21:49 - 00331592 _____ () C:\Users\kat\AppData\Local\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-08 22:39 - 2014-08-29 21:49 - 01660232 _____ () C:\Users\kat\AppData\Local\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/15/2014 00:32:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/15/2014 00:27:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/09/2014 07:58:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/09/2014 01:32:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/09/2014 00:35:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/08/2014 11:45:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/08/2014 11:44:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/08/2014 11:22:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TBNotifier.exe, version: 31.10.1.0, time stamp: 0x53f53368
Faulting module name: TBNotifier.exe, version: 31.10.1.0, time stamp: 0x53f53368
Exception code: 0x40000015
Fault offset: 0x0011486c
Faulting process id: 0x108c
Faulting application start time: 0xTBNotifier.exe0
Faulting application path: TBNotifier.exe1
Faulting module path: TBNotifier.exe2
Report Id: TBNotifier.exe3
 
Error: (09/08/2014 10:57:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xec4
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (09/08/2014 10:49:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xdc4
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
 
System errors:
=============
Error: (09/15/2014 00:30:33 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Norton Online Backup service hung on starting.
 
Error: (09/15/2014 00:25:46 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:33:48 AM on ‎9/‎9/‎2014 was unexpected.
 
Error: (09/09/2014 08:01:17 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Norton Online Backup service hung on starting.
 
Error: (09/09/2014 07:56:34 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:11:33 AM on ‎9/‎9/‎2014 was unexpected.
 
Error: (09/09/2014 01:35:41 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Norton Online Backup service hung on starting.
 
Error: (09/09/2014 01:30:35 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:13:27 AM on ‎9/‎9/‎2014 was unexpected.
 
Error: (09/09/2014 00:38:23 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Norton Online Backup service hung on starting.
 
Error: (09/08/2014 11:48:23 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Norton Online Backup service hung on starting.
 
Error: (09/05/2014 11:47:59 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Norton Online Backup service hung on starting.
 
Error: (09/05/2014 11:43:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (09/15/2014 00:32:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
 
Error: (09/15/2014 00:27:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/09/2014 07:58:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/09/2014 01:32:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/09/2014 00:35:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/08/2014 11:45:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
 
Error: (09/08/2014 11:44:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/08/2014 11:22:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TBNotifier.exe31.10.1.053f53368TBNotifier.exe31.10.1.053f53368400000150011486c108c01cfcbde89441ca7C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exeC:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exedb2296ff-37d8-11e4-852f-dca9710779c4
 
Error: (09/08/2014 10:57:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdec401cfcbe2268196dcC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll65743e42-37d5-11e4-852f-dca9710779c4
 
Error: (09/08/2014 10:49:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fddc401cfcbe10bdd1ed4C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll4afb7737-37d4-11e4-852f-dca9710779c4
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 57%
Total physical RAM: 4009.55 MB
Available physical RAM: 1720.83 MB
Total Pagefile: 8017.27 MB
Available Pagefile: 5663.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:178 GB) (Free:52.46 GB) NTFS
Drive d: () (Fixed) (Total:265.72 GB) (Free:265.57 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C31D97AE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=178 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=265.7 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=21.9 GB) - (Type=27)
 
==================== End Of Log ============================


#6 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:02:35 PM

Posted 16 September 2014 - 06:54 AM

Hello,

is there no antivirus installed? You said, that you have found keyloggers in the downloadhistory, can you show me an example (perhaps a screenshot) of the finds

Please make also a screenshot of the errormessage given from Malwarebytes and post it here in your thread

Please perform now the following steps


Step 1
We need to run a fix with FRST:
 

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

 

Step 2
Please download Malwarebytes Anti Malware Cleanup Tool and use it for uninstalling Malwarebytes after that is done try to install Malwarebytes again and tell me if that worked

Step 3
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
    Double click on AdwCleaner.exe to run the tool again.
    [LIST]
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer
  • After the scan has finished please click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Step 4
Please restart FRST.

  • Check also addition.txt   and press   Scan.
  • When the scan is finished, two new logfiles  FRST.txt and additon.txt  will be created and saved on your desktop.
  • Please post the content of the logfiles here in your thread.

Attached Files


regards,

 

Sandra


#7 CLStan

CLStan
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 16 September 2014 - 11:23 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by kat at 2014-09-16 23:21:41 Run:1
Running from C:\Users\kat\Desktop\BLEEPING
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
cmd: dir "C:\Program Files (x86)\GUM7E85.tmp" /s
*****************
 
 
=========  dir "C:\Program Files (x86)\GUM7E85.tmp" /s =========
 
 Volume in drive C has no label.
 Volume Serial Number is DCEF-4D5B
 
 Directory of C:\Program Files (x86)\GUM7E85.tmp
 
08/18/2014  05:28 PM    <DIR>          .
08/18/2014  05:28 PM    <DIR>          ..
               0 File(s)              0 bytes
 
     Total Files Listed:
               0 File(s)              0 bytes
               2 Dir(s)  55,656,734,720 bytes free
 
========= End of CMD: =========
 
 
==== End of Fixlog ====


#8 CLStan

CLStan
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 16 September 2014 - 11:59 PM

MBAM successfully reinstalled and updated.  I have not ran a scan with it yet.


MBAM successfully reinstalled and updated.  I have not ran a scan with it yet.


# AdwCleaner v3.310 - Report created 16/09/2014 at 23:50:45
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : kat - KAT-PC
# Running from : C:\Users\kat\Desktop\BLEEPING\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : APNMCP
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
[#] Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\Users\Guest\AppData\Local\Temp\apn
Folder Deleted : C:\Users\kat\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\kat\AppData\Local\Temp\apn
File Deleted : C:\END
File Deleted : C:\Users\kat\AppData\Local\Temp\Uninstall.exe
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pljcgbedjplidkdjahbaalanadmjfgop
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pljcgbedjplidkdjahbaalanadmjfgop
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_index-dat-analyzer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_index-dat-analyzer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_lemmis_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_lemmis_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2463}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2463}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2463}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\SocialBit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : [x64] HKLM\SOFTWARE\pc optimizer pro
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Google Chrome v
 
[ File : C:\Users\kat\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://movies.netflix.com/WiSearch?oq=5ive+girls&ac_posn=-1&ac_rec=false&ac_count=-1&ac_match=false&v1={searchTerms}&search_submit=
Deleted [Search Provider] : hxxps://isearch.avg.com/search?cid={E0D59252-0B5D-4B1D-8249-F202603416DA}&mid=0c0ccffb155247d1a7940de037e39037-d689797598faae266451eb94667940731809ba67&lang=en&ds=AVG&pr=fr&d=2012-04-07 17:16:17&v=12.2.5.32&sap=dsp&q={searchTerms}
Deleted [Search Provider] : hxxp://isearch.fantastigames.com/web?src=crb&gct=ds&appid=103&systemid=463&q={searchTerms}
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.search.ask.com/web?p2=%5EBBJ%5EOSJ000%5EYY%5EUS&gct=&o=APN11411&tpid=ORJ-V7C&itbv=12.7.0.15&doi=2014-01-02&apn_uid=D5ECE241-B4FC-46C4-94CA-5BB204B90AE2&apn_ptnrs=BBJ&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=cr_31.0.1650.63&psv=&trgb=CR&q={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP47D5EA41-8378-41F6-A3F4-0BA8AEBF2CC2&q={searchTerms}&SSPV=
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : igjjkeeamkpihpncmmbgdkhdnjpcfmfb
Deleted [Extension] : jmfkcklnlgedgbglfkkgedjfmejoahla
Deleted [Extension] : mffdcionknddopdmdnloanoafafkmckb
Deleted [Extension] : pljcgbedjplidkdjahbaalanadmjfgop
 
*************************
 
AdwCleaner[R0].txt - [4885 octets] - [16/09/2014 23:46:31]
AdwCleaner[S0].txt - [5785 octets] - [16/09/2014 23:50:45]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5845 octets] ##########


#9 CLStan

CLStan
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 17 September 2014 - 12:09 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by kat (administrator) on KAT-PC on 17-09-2014 00:00:35
Running from C:\Users\kat\Desktop\BLEEPING
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
( ) C:\Windows\System32\lxctcoms.exe
(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxdnserv.exe
( ) C:\Windows\System32\lxdncoms.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe
(Lexmark International Inc.) C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe
() C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Program Files (x86)\Lexmark 2600 Series\lxdnmsdmon.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe
() C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Control Center\EasySpeedUpManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Google Inc.) C:\Users\kat\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kat\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\kat\AppData\Local\Google\Chrome\Application\chrome.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-18] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2721576 2011-06-16] (ELAN Microelectronics Corp.)
HKLM\...\Run: [lxctmon.exe] => C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe [291760 2006-11-22] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe [82864 2006-11-22] (Lexmark International Inc.)
HKLM\...\Run: [lxdnmon.exe] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe [660136 2010-02-03] ()
HKLM\...\Run: [lxdnamon] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe [16040 2010-02-03] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [Lexmark 5400 Series] => C:\Program Files (x86)\Lexmark 5400 Series\fm3032.exe [304048 2006-11-22] ()
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [3056576 2012-10-31] (Symantec Corporation)
HKLM-x32\...\Run: [FaxCenterServer] => C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe [320168 2010-02-03] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ROC_ROC_JULY_P1] => "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296096 2012-10-06] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [VMM Mode Selection] => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [83448 2013-05-02] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2122792035-2367386194-851990126-1001\...\Run: [Google Update] => C:\Users\kat\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-09] (Google Inc.)
HKU\S-1-5-21-2122792035-2367386194-851990126-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6276408 2011-08-22] (Yahoo! Inc.)
HKU\S-1-5-21-2122792035-2367386194-851990126-1001\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
HKU\S-1-5-21-2122792035-2367386194-851990126-1001\...\Run: [HLBackupScheduler] => C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe [19747648 2014-06-26] ()
HKU\S-1-5-21-2122792035-2367386194-851990126-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2122792035-2367386194-851990126-1001\...\MountPoints2: F - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2122792035-2367386194-851990126-1001\...\MountPoints2: {8ee8371b-9cb9-11e2-b89c-dca9710779c4} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2122792035-2367386194-851990126-1001\...\MountPoints2: {b5822fa0-ff2f-11e3-b802-dca9710779c4} - F:\TL-Bootstrap.exe
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [226920 2011-03-06] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [192616 2011-03-06] (NVIDIA Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Lexmark Toolbar -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: No Name -> {5BDE3F24-D7B3-40D9-BD31-D1CFF12C47B4} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\kat\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\kat\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-10-06]
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/", "hxxp://www.outfox.tv/?referid=150"
CHR DefaultSearchKeyword: Default -> 4F1FD03E0C7B77D6F45CB85AB2E901419118D9F49307DF909807A758014025FF
CHR DefaultSearchURL: Default -> D1C1FB885BB4F3DE56F373904BB105929E0B720D79FB8D6EF7E0F3B32B159512
CHR Profile: C:\Users\kat\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\kat\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31]
CHR Extension: (YouTube) - C:\Users\kat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Google Search) - C:\Users\kat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (Google Wallet) - C:\Users\kat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16]
CHR Extension: (Gmail) - C:\Users\kat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-10-06]
CHR StartMenuInternet: Google Chrome - C:\Users\kat\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-04-02] (Nero AG)
R2 lxct_device; C:\windows\system32\lxctcoms.exe [566192 2006-11-22] ( )
R2 lxct_device; C:\windows\SysWOW64\lxctcoms.exe [537520 2006-11-22] ( )
R2 lxdnCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe [29184 2009-04-28] (Lexmark International, Inc.)
R2 lxdn_device; C:\windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )
R2 lxdn_device; C:\windows\SysWOW64\lxdncoms.exe [589824 2007-11-28] ( )
U2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4177856 2012-10-31] (Symantec Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 HMFD; C:\Windows\System32\Drivers\HMFD.SYS [64128 2012-04-13] ()
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-06-27] (Windows ® 2003 DDK 3790 provider)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-16 23:47 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-09-16 23:46 - 2014-09-16 23:51 - 00000000 ____D () C:\AdwCleaner
2014-09-16 23:34 - 2014-09-16 23:39 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-16 23:34 - 2014-09-16 23:34 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-16 23:34 - 2014-09-16 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-16 23:34 - 2014-09-16 23:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-16 23:34 - 2014-09-16 23:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-16 23:34 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-16 23:34 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-16 23:34 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-16 23:21 - 2014-09-16 23:54 - 00003332 _____ () C:\windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2122792035-2367386194-851990126-1001
2014-09-16 23:21 - 2014-09-16 23:54 - 00003194 _____ () C:\windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2122792035-2367386194-851990126-1001
2014-09-16 23:18 - 2014-09-16 23:18 - 00261135 _____ () C:\Users\kat\Downloads\2BAB.tmp
2014-09-16 23:16 - 2014-09-16 23:54 - 00000366 _____ () C:\windows\Tasks\ReclaimerResumeInstallLogin_kat.job
2014-09-16 23:16 - 2014-09-16 23:19 - 00002650 _____ () C:\windows\System32\Tasks\ReclaimerResumeInstallLogin_kat
2014-09-16 23:16 - 2014-09-16 23:19 - 00000366 _____ () C:\windows\Tasks\ReclaimerResumeInstall_kat.job
2014-09-16 23:16 - 2014-09-16 23:16 - 00002952 _____ () C:\windows\System32\Tasks\ReclaimerResumeInstall_kat
2014-09-15 03:05 - 2014-08-19 13:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-15 03:05 - 2014-08-19 12:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-15 03:05 - 2014-08-18 18:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-15 03:05 - 2014-08-18 17:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-15 03:05 - 2014-08-18 17:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-15 03:05 - 2014-08-18 17:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-15 03:05 - 2014-08-18 17:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-15 03:05 - 2014-08-18 17:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-15 03:05 - 2014-08-18 17:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-15 03:05 - 2014-08-18 17:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-15 03:05 - 2014-08-18 17:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-15 03:05 - 2014-08-18 17:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-15 03:05 - 2014-08-18 17:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-15 03:05 - 2014-08-18 17:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-15 03:05 - 2014-08-18 17:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-15 03:05 - 2014-08-18 17:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-15 03:05 - 2014-08-18 17:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-15 03:05 - 2014-08-18 17:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-15 03:05 - 2014-08-18 17:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-15 03:05 - 2014-08-18 16:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-15 03:05 - 2014-08-18 16:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-15 03:05 - 2014-08-18 16:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-15 03:05 - 2014-08-18 16:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-09-15 03:05 - 2014-08-18 16:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-15 03:05 - 2014-08-18 16:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-15 03:05 - 2014-08-18 16:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-09-15 03:05 - 2014-08-18 16:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-09-15 03:05 - 2014-08-18 16:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-15 03:05 - 2014-08-18 16:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-15 03:05 - 2014-08-18 16:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-15 03:05 - 2014-08-18 16:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-15 03:05 - 2014-08-18 16:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-15 03:05 - 2014-08-18 16:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-15 03:05 - 2014-08-18 16:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-09-15 03:05 - 2014-08-18 16:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-09-15 03:05 - 2014-08-18 16:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-09-15 03:05 - 2014-08-18 16:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-15 03:05 - 2014-08-18 16:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-15 03:05 - 2014-08-18 16:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-15 03:05 - 2014-08-18 16:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-15 03:05 - 2014-08-18 16:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-15 03:05 - 2014-08-18 16:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-15 03:05 - 2014-08-18 16:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-15 03:05 - 2014-08-18 16:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-15 03:05 - 2014-08-18 16:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-15 03:05 - 2014-08-18 16:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-15 03:05 - 2014-08-18 16:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-15 03:05 - 2014-08-18 16:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-15 03:05 - 2014-08-18 16:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-15 03:05 - 2014-08-18 16:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-15 03:05 - 2014-08-18 16:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-09-15 03:05 - 2014-08-18 15:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-15 03:05 - 2014-08-18 15:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-15 03:05 - 2014-08-18 15:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-15 03:05 - 2014-08-18 15:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-15 03:05 - 2014-08-18 15:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-09-15 03:01 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-09-15 03:01 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-09-15 00:58 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-09-15 00:58 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-09-15 00:55 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-09-15 00:55 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-09-15 00:53 - 2014-07-06 21:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-15 00:53 - 2014-07-06 21:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-09-15 00:53 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-09-15 00:53 - 2014-07-06 20:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-09-15 00:53 - 2014-07-06 20:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-09-15 00:50 - 2014-09-04 21:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-15 00:50 - 2014-09-04 21:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-15 00:41 - 2014-09-17 00:00 - 00000000 ____D () C:\FRST
2014-09-08 23:22 - 2014-09-17 00:00 - 00000000 ____D () C:\Users\kat\Desktop\BLEEPING
2014-09-08 22:59 - 2014-09-08 23:16 - 00000000 ____D () C:\Users\kat\Desktop\OTHER STUFF
2014-09-08 22:39 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-09-08 22:39 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-09-08 22:39 - 2014-08-22 19:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-26 19:44 - 2014-08-26 19:44 - 00114768 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-26 19:43 - 2014-08-26 19:43 - 00000000 ____D () C:\Users\Guest\Documents\HTC
2014-08-26 19:43 - 2014-08-26 19:43 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-08-26 19:43 - 2014-08-26 19:43 - 00000000 ____D () C:\Users\Guest\AppData\Local\HTC MediaHub
2014-08-26 19:43 - 2014-08-26 19:43 - 00000000 ____D () C:\Users\Guest\AppData\Local\Apple Computer
2014-08-26 19:43 - 2014-08-26 19:43 - 00000000 ____D () C:\Users\Guest\.android
2014-08-23 14:57 - 2014-08-23 14:57 - 00062868 _____ () C:\Users\kat\Downloads\affordabledrivewaygates-com.3dcartstores.com.htm
2014-08-23 14:57 - 2014-08-23 14:57 - 00000000 ____D () C:\Users\kat\Downloads\affordabledrivewaygates-com.3dcartstores.com_files
2014-08-22 18:52 - 2014-08-22 18:52 - 00059290 _____ () C:\Users\kat\Downloads\Welcome to Gulf Coast Gate and Fence -.htm
2014-08-22 18:52 - 2014-08-22 18:52 - 00000000 ____D () C:\Users\kat\Downloads\Welcome to Gulf Coast Gate and Fence -_files
2014-08-22 16:51 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-22 16:51 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-22 16:51 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-22 16:51 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-22 16:50 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-22 16:50 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-22 16:50 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-22 16:50 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-22 16:50 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-22 16:50 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-22 16:50 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-22 16:50 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-22 16:50 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-22 16:50 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-08-20 17:48 - 2014-08-20 17:48 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\48230029.sys
2014-08-19 09:40 - 2014-08-19 09:40 - 00000000 ____D () C:\Users\kat\chemaxon
2014-08-19 09:40 - 2014-08-19 09:40 - 00000000 ____D () C:\Users\kat\AppData\Roaming\ChemAxon
2014-08-19 09:36 - 2014-08-19 09:36 - 00004489 _____ () C:\windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-19 09:36 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-19 09:36 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-08-19 09:36 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-08-19 09:36 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-08-19 09:21 - 2014-09-08 22:57 - 00001062 _____ () C:\Users\kat\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-19 08:45 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-19 08:45 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-19 08:45 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-19 08:45 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-19 08:45 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-19 08:45 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-19 08:44 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-19 08:44 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-18 17:28 - 2014-08-18 17:28 - 00000000 ____D () C:\Program Files (x86)\GUM7E85.tmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-17 00:05 - 2011-06-17 20:49 - 01666434 _____ () C:\windows\WindowsUpdate.log
2014-09-17 00:05 - 2009-07-13 23:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-17 00:05 - 2009-07-13 23:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-17 00:00 - 2014-09-15 00:41 - 00000000 ____D () C:\FRST
2014-09-17 00:00 - 2014-09-08 23:22 - 00000000 ____D () C:\Users\kat\Desktop\BLEEPING
2014-09-17 00:00 - 2014-07-12 14:01 - 00000000 ____D () C:\Users\kat\AppData\Local\Backup Assistant Plus
2014-09-16 23:54 - 2014-09-16 23:21 - 00003332 _____ () C:\windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2122792035-2367386194-851990126-1001
2014-09-16 23:54 - 2014-09-16 23:21 - 00003194 _____ () C:\windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2122792035-2367386194-851990126-1001
2014-09-16 23:54 - 2014-09-16 23:16 - 00000366 _____ () C:\windows\Tasks\ReclaimerResumeInstallLogin_kat.job
2014-09-16 23:54 - 2014-07-12 14:05 - 00000000 ____D () C:\Users\kat\AppData\Local\HTC MediaHub
2014-09-16 23:53 - 2012-05-17 21:13 - 00000410 _____ () C:\windows\Tasks\PC Optimizer Pro64 startups.job
2014-09-16 23:53 - 2010-11-20 22:47 - 00486132 _____ () C:\windows\PFRO.log
2014-09-16 23:53 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-16 23:53 - 2009-07-13 23:51 - 00084104 _____ () C:\windows\setupact.log
2014-09-16 23:51 - 2014-09-16 23:46 - 00000000 ____D () C:\AdwCleaner
2014-09-16 23:46 - 2011-10-09 17:00 - 00000900 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2122792035-2367386194-851990126-1001UA.job
2014-09-16 23:44 - 2013-02-25 19:07 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-16 23:39 - 2014-09-16 23:34 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-16 23:34 - 2014-09-16 23:34 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-16 23:34 - 2014-09-16 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-16 23:34 - 2014-09-16 23:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-16 23:34 - 2014-09-16 23:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-16 23:33 - 2012-02-22 14:28 - 00001772 _____ () C:\Users\kat\Downloads\2.1 Paper 1 Daisy Miller - Shortcut.lnk
2014-09-16 23:33 - 2012-02-22 14:28 - 00001772 _____ () C:\Users\kat\Downloads\2.1 Paper 1 Daisy Miller - Shortcut (2).lnk
2014-09-16 23:19 - 2014-09-16 23:16 - 00002650 _____ () C:\windows\System32\Tasks\ReclaimerResumeInstallLogin_kat
2014-09-16 23:19 - 2014-09-16 23:16 - 00000366 _____ () C:\windows\Tasks\ReclaimerResumeInstall_kat.job
2014-09-16 23:18 - 2014-09-16 23:18 - 00261135 _____ () C:\Users\kat\Downloads\2BAB.tmp
2014-09-16 23:16 - 2014-09-16 23:16 - 00002952 _____ () C:\windows\System32\Tasks\ReclaimerResumeInstall_kat
2014-09-16 17:46 - 2011-10-09 17:00 - 00000848 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2122792035-2367386194-851990126-1001Core.job
2014-09-15 15:03 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-09-15 03:04 - 2011-10-13 21:29 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-15 03:01 - 2014-05-09 11:57 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-15 01:47 - 2013-02-25 19:07 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-15 01:47 - 2012-11-08 19:07 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-15 01:47 - 2011-10-21 10:59 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-15 01:02 - 2014-03-24 19:29 - 00002352 _____ () C:\Users\kat\Desktop\Google Chrome.lnk
2014-09-08 23:43 - 2009-07-13 23:45 - 00419712 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-08 23:22 - 2011-10-21 08:02 - 00000000 ____D () C:\Users\kat\AppData\Local\CrashDumps
2014-09-08 23:16 - 2014-09-08 22:59 - 00000000 ____D () C:\Users\kat\Desktop\OTHER STUFF
2014-09-08 22:57 - 2014-08-19 09:21 - 00001062 _____ () C:\Users\kat\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-08 22:36 - 2011-06-17 05:02 - 00000000 ____D () C:\Program Files\Samsung
2014-09-08 22:36 - 2011-06-17 04:52 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-08 22:34 - 2012-02-01 12:20 - 00000000 ____D () C:\Program Files (x86)\System
2014-09-08 22:33 - 2011-10-21 10:58 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-09-08 22:33 - 2011-10-21 10:56 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-09-04 21:10 - 2014-09-15 00:50 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-04 21:05 - 2014-09-15 00:50 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-26 19:44 - 2014-08-26 19:44 - 00114768 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-26 19:43 - 2014-08-26 19:43 - 00000000 ____D () C:\Users\Guest\Documents\HTC
2014-08-26 19:43 - 2014-08-26 19:43 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-08-26 19:43 - 2014-08-26 19:43 - 00000000 ____D () C:\Users\Guest\AppData\Local\HTC MediaHub
2014-08-26 19:43 - 2014-08-26 19:43 - 00000000 ____D () C:\Users\Guest\AppData\Local\Apple Computer
2014-08-26 19:43 - 2014-08-26 19:43 - 00000000 ____D () C:\Users\Guest\.android
2014-08-26 19:43 - 2012-12-03 20:06 - 00001413 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-26 19:43 - 2012-12-03 20:06 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer
2014-08-26 19:43 - 2012-12-03 20:05 - 00000000 ____D () C:\Users\Guest
2014-08-25 06:53 - 2010-11-20 22:27 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-08-24 13:04 - 2014-07-12 14:01 - 00001736 _____ () C:\Users\kat\Desktop\Verizon Cloud.lnk
2014-08-23 14:57 - 2014-08-23 14:57 - 00062868 _____ () C:\Users\kat\Downloads\affordabledrivewaygates-com.3dcartstores.com.htm
2014-08-23 14:57 - 2014-08-23 14:57 - 00000000 ____D () C:\Users\kat\Downloads\affordabledrivewaygates-com.3dcartstores.com_files
2014-08-22 21:07 - 2014-09-08 22:39 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-22 20:45 - 2014-09-08 22:39 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-22 19:59 - 2014-09-08 22:39 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-22 18:52 - 2014-08-22 18:52 - 00059290 _____ () C:\Users\kat\Downloads\Welcome to Gulf Coast Gate and Fence -.htm
2014-08-22 18:52 - 2014-08-22 18:52 - 00000000 ____D () C:\Users\kat\Downloads\Welcome to Gulf Coast Gate and Fence -_files
2014-08-20 17:48 - 2014-08-20 17:48 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\48230029.sys
2014-08-19 13:05 - 2014-09-15 03:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-19 12:39 - 2014-09-15 03:05 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-19 09:40 - 2014-08-19 09:40 - 00000000 ____D () C:\Users\kat\chemaxon
2014-08-19 09:40 - 2014-08-19 09:40 - 00000000 ____D () C:\Users\kat\AppData\Roaming\ChemAxon
2014-08-19 09:40 - 2011-10-09 12:04 - 00000000 ____D () C:\Users\kat
2014-08-19 09:37 - 2014-01-01 19:20 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-19 09:36 - 2014-08-19 09:36 - 00004489 _____ () C:\windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-19 09:36 - 2012-01-23 11:57 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-19 09:12 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-18 18:01 - 2014-09-15 03:05 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-18 17:29 - 2014-09-15 03:05 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-18 17:29 - 2014-09-15 03:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-18 17:28 - 2014-08-18 17:28 - 00000000 ____D () C:\Program Files (x86)\GUM7E85.tmp
2014-08-18 17:26 - 2014-09-15 03:05 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-18 17:20 - 2014-09-15 03:05 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-18 17:19 - 2014-09-15 03:05 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-18 17:15 - 2014-09-15 03:05 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-18 17:15 - 2014-09-15 03:05 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-18 17:14 - 2014-09-15 03:05 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-18 17:14 - 2014-09-15 03:05 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-18 17:08 - 2014-09-15 03:05 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-18 17:08 - 2014-09-15 03:05 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-18 17:08 - 2014-09-15 03:05 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-18 17:05 - 2014-09-15 03:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-18 17:03 - 2014-09-15 03:05 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-18 17:03 - 2014-09-15 03:05 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-18 17:03 - 2014-09-15 03:05 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-18 16:57 - 2014-09-15 03:05 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-18 16:56 - 2014-09-15 03:05 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 16:51 - 2014-09-15 03:05 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-18 16:46 - 2014-09-15 03:05 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-18 16:45 - 2014-09-15 03:05 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 16:45 - 2014-09-15 03:05 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-18 16:44 - 2014-09-15 03:05 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-18 16:44 - 2014-09-15 03:05 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-18 16:42 - 2014-09-15 03:05 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-18 16:40 - 2014-09-15 03:05 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-18 16:39 - 2014-09-15 03:05 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-18 16:39 - 2014-09-15 03:05 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-18 16:39 - 2014-09-15 03:05 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-18 16:38 - 2014-09-15 03:05 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-18 16:37 - 2014-09-15 03:05 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-18 16:36 - 2014-09-15 03:05 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-18 16:35 - 2014-09-15 03:05 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-18 16:27 - 2014-09-15 03:05 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-18 16:25 - 2014-09-15 03:05 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-18 16:25 - 2014-09-15 03:05 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-18 16:23 - 2014-09-15 03:05 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-18 16:23 - 2014-09-15 03:05 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-18 16:22 - 2014-09-15 03:05 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 16:19 - 2014-09-15 03:05 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-18 16:17 - 2014-09-15 03:05 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-18 16:17 - 2014-09-15 03:05 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-18 16:16 - 2014-09-15 03:05 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-18 16:15 - 2014-09-15 03:05 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-18 16:15 - 2014-09-15 03:05 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-18 16:09 - 2014-09-15 03:05 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-18 16:08 - 2014-09-15 03:05 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-18 16:07 - 2014-09-15 03:05 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-18 15:55 - 2014-09-15 03:05 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-18 15:46 - 2014-09-15 03:05 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-18 15:38 - 2014-09-15 03:05 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-18 15:38 - 2014-09-15 03:05 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-18 15:36 - 2014-09-15 03:05 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
 
Some content of TEMP:
====================
C:\Users\kat\AppData\Local\Temp\APNSetup.exe
C:\Users\kat\AppData\Local\Temp\avguidx.dll
C:\Users\kat\AppData\Local\Temp\CommonInstaller.exe
C:\Users\kat\AppData\Local\Temp\contentDATs.exe
C:\Users\kat\AppData\Local\Temp\fljjqlwglbiro.exe
C:\Users\kat\AppData\Local\Temp\GUR5D3E.exe
C:\Users\kat\AppData\Local\Temp\GURD307.exe
C:\Users\kat\AppData\Local\Temp\iGearedHelper.dll
C:\Users\kat\AppData\Local\Temp\installhelper.dll
C:\Users\kat\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\kat\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\kat\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\kat\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\kat\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\kat\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\kat\AppData\Local\Temp\lowproc.exe
C:\Users\kat\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\kat\AppData\Local\Temp\propsys.dll
C:\Users\kat\AppData\Local\Temp\Quarantine.exe
C:\Users\kat\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\kat\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\kat\AppData\Local\Temp\stubhelper.dll
C:\Users\kat\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\kat\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\kat\AppData\Local\Temp\wget.exe
C:\Users\kat\AppData\Local\Temp\{920A97D2-0D03-457F-9EE0-BC82EF958C8A}-23.0.1271.95_23.0.1271.91_chrome_updater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-16 09:47
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by kat at 2014-09-17 00:06:40
Running from C:\Users\kat\Desktop\BLEEPING
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-4300-76A7-A758B70C1002}) (Version: 12.16.2.57 - APN, LLC) <==== ATTENTION
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2227 - CyberLink Corp.) Hidden
CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink Media+ Player10 (x32 Version: 10.0.1110.00 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 5.0.1130a - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3802 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.3306 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4013 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.4013 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Easy Content Share (HKLM-x32\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Easy Phone Tunes (HKLM-x32\...\{03ED925F-9E5E-4532-998D-7F8840FE5A74}) (Version: 137 - Easy Phone Tunes)
EasyFileShare (HKLM-x32\...\{16880765-677F-440B-B16A-BFD9B9C00012}) (Version: 1.0.12 - Samsung)
ETDWare PS/2-X64 10.0.7.2_WHQL (HKLM\...\Elantech) (Version: 10.0.7.2 - ELAN Microelectronic Corp.)
FaxRedist (HKLM-x32\...\{2C8CC208-965C-48A1-90A8-DFB484358F1C}) (Version: 1.0.0 -  )
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GE Digital Video Monitor 1.0.1.0 (HKLM-x32\...\{446235B3-F201-4AC6-B242-11AD5805A6EA}_is1) (Version:  - *)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.11.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.13.0 - HTC)
Index.dat Analyzer v2.5 (HKLM-x32\...\Index.dat Analyzer_is1) (Version: 2.5 - Systenance Software)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{006B5C65-3938-4246-B182-994A7E415EDE}) (Version: 1.1.0.0537 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Interactive Guide (HKLM-x32\...\{CB383BE9-7518-4ABD-826E-8FC4695F7D52}) (Version: 1.0 - )
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Java™ 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Lexmark 2600 Series (HKLM\...\Lexmark 2600 Series) (Version:  - Lexmark International, Inc.)
Lexmark 5400 Series (HKLM\...\Lexmark 5400 Series) (Version:  - Lexmark International, Inc.)
Lexmark Fax Solutions (HKLM\...\Lexmark Fax Solutions) (Version:  - )
Lexmark Toolbar (HKLM-x32\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version: 4.0.53.0 - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.6.0.86 - Symantec Corporation)
NVIDIA Display Control Panel (Version: 6.14.12.6754 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 267.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.54 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.265.39.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.0.21 (Version: 1.0.21 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.0.21 - NVIDIA Corporation) Hidden
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6378 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 2.0.67.1 - Samsung Electronics Co., Ltd.)
Samsung Control Center (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version:  - Samsung Electronics Co., Ltd.)
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.3 - Samsung)
Samsung Support Center (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.26 - Samsung)
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.02.05.00:27 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.5.0 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Verizon Cloud (HKLM-x32\...\Verizon Cloud) (Version:  - Verizon Wireless)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Windows Driver Package - RDI Technology (Shenzhen) Co., Ltd. (HMFD) Image  (04/20/2012 3.00.0002.21) (HKLM\...\C2CEAF17F695A583AC1C123B0A8B15E6784A3A49) (Version: 04/20/2012 3.00.0002.21 - RDI Technology (Shenzhen) Co., Ltd.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live fotoattēlu galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Foto-galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Pošta (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 메일 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 사진 갤러리 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 필수 패키지 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WModem Driver Installer (HKLM-x32\...\HTC_WModemDriver) (Version: 3.0.9.0 - HTC)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2122792035-2367386194-851990126-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\kat\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2122792035-2367386194-851990126-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\kat\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2122792035-2367386194-851990126-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\kat\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2122792035-2367386194-851990126-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\kat\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
19-08-2014 13:42:19 Windows Update
19-08-2014 14:34:42 Installed Java 7 Update 67
22-08-2014 21:48:53 Windows Update
22-08-2014 21:59:29 Windows Update
27-08-2014 02:47:32 Windows Update
09-09-2014 03:34:44 Removed Multimedia POP
09-09-2014 03:39:44 Windows Update
09-09-2014 04:40:13 Windows Update
15-09-2014 05:47:41 Windows Update
15-09-2014 08:00:18 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0EEBCABE-0A56-42C6-B592-98C1835BC6CB} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Samsung Control Center\WifiManager.exe [2011-06-15] (Samsung Electronics Co., Ltd.)
Task: {13236F5C-C626-43EC-BBBF-F9ED70DC5DA1} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Samsung Control Center\SCCSpeedBoot.exe [2011-05-17] (Samsung Electronics Co., Ltd.)
Task: {202D21AD-3412-4D3A-A504-D9CF6EB0F81A} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe
Task: {3B434098-46B0-4782-A6BA-DE4AB0E1C833} - System32\Tasks\ReclaimerResumeInstallLogin_kat => C:\Users\kat\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-16] (RealNetworks, Inc.)
Task: {44094604-E71B-436C-90BD-57D6FE5FBA88} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2122792035-2367386194-851990126-1001UA => C:\Users\kat\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-09] (Google Inc.)
Task: {4F69685E-0440-4364-9D99-5E45DD8296DE} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-03-28] (SEC)
Task: {5F80E2BC-5822-40E8-A019-EF049743C9E5} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2122792035-2367386194-851990126-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {7063A1A8-3FA6-41D7-96C8-3E17DF6812F3} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-04-14] (CyberLink)
Task: {76DEABE7-9AD3-4655-982E-19E9F1C21438} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Samsung Control Center\dmhkcore.exe [2011-06-15] (Samsung Electronics Co., Ltd.)
Task: {83815618-B990-44B4-822B-F890DEF3361A} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Samsung Control Center\EBM\EasyBatteryMgr4.exe [2011-05-09] (SAMSUNG Electronics co., LTD.)
Task: {8A83A24E-6F77-4AF1-B461-25413C9DC6DF} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Samsung Control Center\SmartSetting.exe [2011-06-04] (Samsung Electronics Co., Ltd.)
Task: {8EC6B415-C883-4CA4-9A00-FECF2BE048A9} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2122792035-2367386194-851990126-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {96B437CC-D3B7-4141-8734-EE49F1D0FC3C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2122792035-2367386194-851990126-1001Core => C:\Users\kat\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-09] (Google Inc.)
Task: {9AC32444-ECCC-4F66-B8D0-2E7E961A18A6} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {AA1DF45C-40C4-4C18-A76F-64E3B21B9367} - System32\Tasks\ReclaimerResumeInstall_kat => C:\Users\kat\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-16] (RealNetworks, Inc.)
Task: {B15E1F3B-88C1-4153-9CE8-02C3AD65656C} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-26] (Samsung Electronics)
Task: {C31732D7-CE6C-49E5-BF1E-D3523A97FA2D} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-15] (Adobe Systems Incorporated)
Task: {C5912CDD-2464-4E85-A006-25F2986E7294} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C911AF6C-92D7-4C4B-8871-C5170AB44FBE} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Samsung Control Center\MovieColorEnhancer.exe [2011-02-16] (Samsung Electronics Co., Ltd.)
Task: {FA1EB127-AC4B-4987-A3BA-695551349F8D} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-04-17] (SAMSUNG Electronics)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2122792035-2367386194-851990126-1001Core.job => C:\Users\kat\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2122792035-2367386194-851990126-1001UA.job => C:\Users\kat\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\windows\Tasks\ReclaimerResumeInstallLogin_kat.job => C:\Users\kat\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\windows\Tasks\ReclaimerResumeInstall_kat.job => C:\Users\kat\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-10-21 07:56 - 2006-10-18 07:24 - 00045056 _____ () C:\windows\System32\lxctpmon.dll
2011-10-21 07:56 - 2006-10-18 05:32 - 00081408 _____ () C:\Program Files (x86)\Lexmark 5400 Series\ipcmt64.dll
2012-01-11 16:43 - 2009-04-21 01:33 - 00045568 _____ () C:\windows\System32\LXF3PMON.DLL
2012-01-11 16:43 - 2007-08-27 00:44 - 00053248 _____ () C:\windows\System32\LXF3OEM.DLL
2012-01-11 16:43 - 2009-04-21 01:31 - 00081408 _____ () C:\Program Files (x86)\Lexmark Fax Solutions\ipcmt64.dll
2012-01-11 16:43 - 2009-04-21 01:33 - 00003584 _____ () C:\windows\System32\LXF3PMRC.DLL
2011-06-17 20:21 - 2008-06-04 18:53 - 00027648 _____ () C:\windows\System32\spd__l.dll
2012-01-11 16:45 - 2009-08-13 03:06 - 00177152 _____ () C:\windows\system32\spool\PRTPROCS\x64\lxdndrpp.dll
2011-10-21 07:57 - 2006-11-13 04:40 - 00146432 _____ () C:\windows\system32\spool\PRTPROCS\x64\lxctdrpp.dll
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2011-06-17 05:09 - 2009-12-01 02:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-05-27 12:33 - 2014-05-27 12:33 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2011-10-21 07:56 - 2006-11-22 10:11 - 00291760 _____ () C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe
2012-01-11 16:41 - 2010-02-03 23:05 - 00660136 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
2012-01-11 16:41 - 2010-02-03 23:05 - 00025256 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe
2014-06-26 04:24 - 2014-06-26 04:24 - 19747648 _____ () C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe
2014-06-26 04:23 - 2014-06-26 04:23 - 00160256 _____ () C:\Program Files\Verizon Cloud\libexpat.dll
2014-06-26 04:23 - 2014-06-26 04:23 - 15655424 _____ () C:\Program Files\Verizon Cloud\avcodec-54.dll
2014-06-26 04:23 - 2014-06-26 04:23 - 00217600 _____ () C:\Program Files\Verizon Cloud\avutil-51.dll
2014-06-26 04:23 - 2014-06-26 04:23 - 03004928 _____ () C:\Program Files\Verizon Cloud\avformat-54.dll
2014-06-26 04:23 - 2014-06-26 04:23 - 00347648 _____ () C:\Program Files\Verizon Cloud\swscale-2.dll
2011-06-17 20:21 - 2010-10-21 13:22 - 00709632 _____ () C:\windows\system32\SnMinDrv.dll
2014-05-27 12:32 - 2014-05-27 12:32 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-05-27 12:32 - 2014-05-27 12:32 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-05-27 12:33 - 2014-05-27 12:33 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-05-27 12:32 - 2014-05-27 12:32 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-05-27 12:33 - 2014-05-27 12:33 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-05-27 12:34 - 2014-05-27 12:34 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-05-27 12:35 - 2014-05-27 12:35 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2011-10-21 07:56 - 2006-08-08 15:54 - 00278528 _____ () C:\Program Files (x86)\Lexmark 5400 Series\lxctscw.dll
2011-10-21 07:56 - 2006-06-09 02:39 - 00143360 _____ () C:\Program Files (x86)\Lexmark 5400 Series\lxctdrec.dll
2011-06-17 05:21 - 2011-02-16 11:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Samsung Control Center\WinCRT.dll
2011-10-21 07:56 - 2006-05-25 16:20 - 00241664 _____ () C:\Program Files (x86)\Lexmark 5400 Series\iptk.dll
2012-01-11 16:41 - 2009-07-23 10:48 - 00380928 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdnscw.dll
2012-01-11 16:40 - 2007-05-28 22:39 - 00589824 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdndatr.dll
2012-01-11 16:40 - 2007-03-25 22:39 - 00073728 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdncats.dll
2012-01-11 16:41 - 2009-07-23 10:49 - 00782336 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdnDRS.dll
2012-01-11 16:41 - 2009-05-14 04:46 - 00081920 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdncaps.dll
2012-01-11 16:41 - 2007-10-02 05:51 - 00069632 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdncnv4.dll
2012-01-11 16:41 - 2010-02-03 00:21 - 00028672 _____ () C:\Program Files (x86)\Lexmark 2600 Series\App4R.Monitor.Common.dll
2012-01-11 16:41 - 2010-02-03 00:21 - 00036864 _____ () C:\Program Files (x86)\Lexmark 2600 Series\App4R.Monitor.Core.dll
2012-01-11 16:41 - 2010-02-03 00:20 - 00065536 _____ () C:\Program Files (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.dll
2012-01-11 16:41 - 2009-06-26 04:17 - 00012288 _____ () C:\Program Files (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
2011-06-17 05:21 - 2006-08-11 22:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Samsung Control Center\HookDllPS2.dll
2011-10-21 10:58 - 2011-08-22 01:18 - 00925696 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2009-11-02 00:20 - 2009-11-02 00:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 00:23 - 2009-11-02 00:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2011-06-17 05:22 - 2010-05-07 09:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2014-09-15 01:02 - 2014-09-03 22:01 - 01098056 _____ () C:\Users\kat\AppData\Local\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-15 01:02 - 2014-09-03 22:01 - 00174408 _____ () C:\Users\kat\AppData\Local\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-15 01:02 - 2014-09-03 22:01 - 08577864 _____ () C:\Users\kat\AppData\Local\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-15 01:02 - 2014-09-03 22:01 - 00331592 _____ () C:\Users\kat\AppData\Local\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-15 01:02 - 2014-09-03 22:01 - 01660232 _____ () C:\Users\kat\AppData\Local\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/16/2014 11:55:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/16/2014 11:54:48 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/16/2014 11:28:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/16/2014 11:26:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/16/2014 11:20:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/16/2014 11:20:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/16/2014 11:15:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/16/2014 11:15:33 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/16/2014 10:06:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/16/2014 09:19:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (09/16/2014 11:58:21 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Norton Online Backup service hung on starting.
 
Error: (09/16/2014 11:31:06 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Norton Online Backup service hung on starting.
 
Error: (09/16/2014 11:25:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Update service terminated with the following error: 
%%-2147467243
 
Error: (09/16/2014 11:24:15 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Norton Online Backup service hung on starting.
 
Error: (09/16/2014 11:19:15 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:18:05 PM on ‎9/‎16/‎2014 was unexpected.
 
Error: (09/16/2014 11:14:14 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:13:09 PM on ‎9/‎16/‎2014 was unexpected.
 
Error: (09/16/2014 10:09:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Norton Online Backup service hung on starting.
 
Error: (09/16/2014 10:05:12 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:03:38 PM on ‎9/‎16/‎2014 was unexpected.
 
Error: (09/16/2014 09:22:18 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Norton Online Backup service hung on starting.
 
Error: (09/16/2014 07:31:32 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Norton Online Backup service hung on starting.
 
 
Microsoft Office Sessions:
=========================
Error: (09/16/2014 11:55:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/16/2014 11:54:48 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
 
Error: (09/16/2014 11:28:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/16/2014 11:26:57 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
 
Error: (09/16/2014 11:20:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/16/2014 11:20:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
 
Error: (09/16/2014 11:15:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/16/2014 11:15:33 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
 
Error: (09/16/2014 10:06:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/16/2014 09:19:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 52%
Total physical RAM: 4009.55 MB
Available physical RAM: 1920.85 MB
Total Pagefile: 8017.27 MB
Available Pagefile: 5971.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:178 GB) (Free:51.93 GB) NTFS
Drive d: () (Fixed) (Total:265.72 GB) (Free:265.56 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C31D97AE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=178 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=265.7 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=21.9 GB) - (Type=27)
 
==================== End Of Log ============================


#10 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:02:35 PM

Posted 18 September 2014 - 07:55 AM

Hello,

glad to hear that Malwarebytes is installed correctly now. How is the system acting now?

Step 1

  • Open your Chrome Browser
  • Move to Settings ( that is the Symbol right beneath the adress line, it looks like three horizontal lines)
  • now go on Settings
  • Move to On Startup
  • Go on Open a specific page or set of pages
  • remove outfox.tv (if existing), delete it and choose another Startpage (normally it is google.com)

Step 2
We need to run a fix with FRST:



  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply


Step 3
Please perform now a scan with Malwarebytes


  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)

  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)

  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd


Step 4
ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.


  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Step 5
Please restart FRST.

  • Leave the settings unchanged and press Scan.
  • When the scan is finished, a new logfile (FRST.txt)  will be created and saved on your desktop.
  • Please post the content of the logfile here in your thread.

Attached Files


regards,

 

Sandra


#11 CLStan

CLStan
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 18 September 2014 - 11:26 PM

Here is the result from the first FRST (The fix)

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by kat at 2014-09-18 23:13:29 Run:2
Running from C:\Users\kat\Desktop\BLEEPING
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Task: {9AC32444-ECCC-4F66-B8D0-2E7E961A18A6} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
C:\Program Files\PC Optimizer Pro
emptytemp:
*****************
 
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9AC32444-ECCC-4F66-B8D0-2E7E961A18A6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AC32444-ECCC-4F66-B8D0-2E7E961A18A6}" => Key deleted successfully.
C:\Windows\System32\Tasks\PC Optimizer Pro64 startups => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Optimizer Pro64 startups" => Key deleted successfully.
C:\windows\Tasks\PC Optimizer Pro64 startups.job => Moved successfully.
"C:\Program Files\PC Optimizer Pro" => File/Directory not found.
EmptyTemp: => Removed 3.7 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#12 CLStan

CLStan
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 18 September 2014 - 11:57 PM

MBAM results: nothing found, no reboot requried.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/18/2014
Scan Time: 11:28:10 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.09.19.01
Rootkit Database: v2014.09.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: kat
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 393896
Time Elapsed: 19 min, 32 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#13 CLStan

CLStan
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 19 September 2014 - 07:04 AM

OK...I ran ESET and then went to bed.  (After 1 hour it was only at 35%)  When I got up this morning, it looks as if the laptop rebooted itself overnight.  So I have no report to post.  I'll just have to run it again tonight after I get home from work.

At 35% I do remember that it found 5 items of concern.



#14 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:02:35 PM

Posted 19 September 2014 - 04:16 PM

Hello,

 

Did you have a look in this folder? 

C:\Program Files\ESET\EsetOnlineScanner\log.txt.

Is there a log created by ESET?

 

 


regards,

 

Sandra


#15 CLStan

CLStan
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 20 September 2014 - 12:22 PM

I looked there last time...no ESET directory.  Checking Program Files (x64) DOES show a log...attaching...

 

I've got another issue with this laptop that I'm not sure is either a hardware or software issue.  I come home many days from my day job to find the laptop ON, although it was "shutdown" before I left for work. Powered off at night before bed to find it ON in the AM. (Random reboots too...that's why I assumed the ESET didn't finish.)

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=09dadb7de3508f41a1ec7f40c34757a3
# engine=20226
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-19 06:24:16
# local_time=2014-09-19 01:24:16 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 162651306 0 0
# scanned=219922
# found=5
# cleaned=0
# scan_time=4775
sh=87308D8C57EB38DFEC4D327733CD72AD8B8F1979 ft=1 fh=cdfad42c0d85a394 vn="a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe.vir"
sh=99305C6442241239E842917B77D14F81373A8CA8 ft=0 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Ask.B potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir"
sh=170E95D460F6646D76779B4FE097711093F9EC14 ft=1 fh=51a54013aaae74e4 vn="Win32/Bundled.Toolbar.Ask.B potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir"
sh=05FA2D465EC8548E1DEB1BA647DBDCB4D3E986A1 ft=1 fh=c40bc67bed90d964 vn="a variant of Win32/SoftPulse.F potentially unwanted application" ac=I fn="C:\Users\kat\AppData\Local\Google\Chrome\User Data\Default\File System\004\t\00\00000002"
sh=5BAFD51453714E4815F80C01DA03F9DEF0CDE8C9 ft=1 fh=5b92e1356f69874e vn="Win32/DownloadAdmin.E potentially unwanted application" ac=I fn="C:\Users\kat\Desktop\OTHER STUFF\New folder\analyzer.exe"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users