Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

First malware infection driving me crazy!


  • This topic is locked This topic is locked
14 replies to this topic

#1 amlowery

amlowery

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 14 September 2014 - 01:21 PM

Please HELP! I've been infected by malware and have spent the last week trying desperately using everything I know to take my computer back without success. I am not exactly certain what has taken over.... I have seen redirects controlled by superfish.com, I get pop-up ads from "pctrustalot" and "mycomputerupdate.be" - mostly for Flash Pro install prompts. I think I was able to get rid of Goobzo. Whatever it is has been blocking me from attachments to email and some downloads. A message will pop up ftrom "Windows Denfender" and not allow me to download or install some malware detection programs. I have installed Malwarebytes, HitmanPro, Junkware Removal Tool, Rogue Killer, & Kaspersky TDSSKiller - all on advice of other forums. I run Kaspersky Internet Security as my regular security and Firefox as my everyday browser - both which I keep updated.

 

Not even sure when I got infected. I've been having problems with slow loads and Flash and Shockwave crashes for about a month. Last weekend, I was setting up a new Asus wireless router when I got bombarded with the Goobzo ads and my browser was hijacked. Since then, I have discovered PUM.proxy issues that I can't seem to get rid of and noticed Superfish flashing by as I watch my Google, Yahoo and other common web sites take forever to load while a bunch of redirecting appears to be going on. I have added blocks to numerous tracking cookies in Firefox, but it seems to ignore that  -particularly voluum-track-utl-v3 from arrakis.landsraad.cc

 

The pop-ups began with a very loud and annoying video driven "customer service poll" with a clanging bell. Then the FlashPro pop-ups and constant ads. I deleted Firefox and reinstalled but it's right back at it.

 

I've attempted to run the various anti-malware detection programs in SafeMode although I can't seem to get this to load with network enabled so I can't use ESET scanner (get an error) or EMSISOFT. I followed step-by-step a very detailed set of instructions from Malware Tips but I can't complete the steps and I know I am now way in over my head. I need help. I know there are things buried in the Windows registry.... I just don't know what to do about them.

 

I am not an IT person but probably more tech savvy than the average user. PLEASE tell me what I need to do!!!  and THANK YOU!!!



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 14 September 2014 - 01:33 PM

Hi there,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 amlowery

amlowery
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 14 September 2014 - 01:43 PM

Thank you!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Anne (administrator) on HPLAPTOP on 14-09-2014 14:39:28
Running from C:\Users\Anne\Desktop
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
() C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
() C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
HKU\S-1-5-21-323092722-1982785668-2295030068-1002\...\MountPoints2: {33067bbc-c9e7-11e2-be76-28924a46798f} - "F:\setup.exe" -a
HKU\S-1-5-21-323092722-1982785668-2295030068-1002\...\MountPoints2: {3c67df51-19a2-11e4-bea0-28924a46798f} - "G:\MotorolaDeviceManagerSetup.exe" -a
HKU\S-1-5-21-323092722-1982785668-2295030068-1002\...\MountPoints2: {776e4ea7-9fdd-11e3-be91-28924a46798f} - "F:\MotoCastSetup.exe" -a
HKU\S-1-5-21-323092722-1982785668-2295030068-1002\...\MountPoints2: {776e4ecd-9fdd-11e3-be91-28924a46798f} - "F:\MotorolaDeviceManagerSetup.exe" -a
HKU\S-1-5-21-323092722-1982785668-2295030068-1002\...\MountPoints2: {c11d2eec-1195-11e4-bea0-28924a46798f} - "F:\MotoCastSetup.exe" -a
HKU\S-1-5-21-323092722-1982785668-2295030068-1002\...\MountPoints2: {decd3bad-7d2a-11e3-be8d-28924a46798f} - "F:\TL_Bootstrap.exe"
HKU\S-1-5-21-323092722-1982785668-2295030068-1005\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-323092722-1982785668-2295030068-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: 127.0.0.1:5050
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.hp13.us.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x345753004BD0CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM - {6D1FE892-6A0D-4AE7-81A6-C42556957F85} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E6CB787B-A214-4F81-B22C-6D89CCC3DCAC}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\lbt6zqs0.default-1410251513185
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\lbt6zqs0.default-1410251513185\user.js
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-08-13]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-13]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址過濾 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-08-13]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-08-13]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-08-13]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 Diagnostics; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [57344 2014-09-05] () [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-09-13] (SurfRight B.V.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 Proxy; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [57344 2014-09-05] () [File not signed]
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-21] (IDT, Inc.) [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-18] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3860480 2013-08-23] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-18] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [141376 2014-07-26] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [769600 2014-07-26] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-09-14] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 14:39 - 2014-09-14 14:39 - 00020294 _____ () C:\Users\Anne\Desktop\FRST.txt
2014-09-14 14:39 - 2014-09-14 14:39 - 00000000 ____D () C:\FRST
2014-09-14 14:38 - 2014-09-14 14:38 - 02105856 _____ (Farbar) C:\Users\Anne\Desktop\FRST64.exe
2014-09-14 13:48 - 2014-09-14 13:48 - 00032512 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2014-09-14 12:41 - 2014-09-14 12:41 - 00000933 _____ () C:\Users\Anne\Desktop\JRT.txt
2014-09-14 12:29 - 2014-09-14 12:29 - 00000000 ____D () C:\Users\Anne\AppData\Local\CrashDumps
2014-09-14 12:23 - 2014-09-14 13:21 - 00033512 _____ () C:\WINDOWS\SysWOW64\Drivers\TrueSight.sys
2014-09-14 12:23 - 2014-09-14 12:23 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-14 12:22 - 2014-09-14 12:55 - 05027368 _____ () C:\Users\Anne\Desktop\Rkill.txt
2014-09-14 12:22 - 2014-09-14 12:22 - 00000000 ____D () C:\Users\Anne\Desktop\rkill
2014-09-14 12:20 - 2014-09-14 12:21 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Anne\Downloads\tdsskiller.exe
2014-09-14 12:17 - 2014-09-14 12:17 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-14 12:16 - 2014-09-14 12:17 - 02347384 _____ (ESET) C:\Users\Anne\Downloads\esetsmartinstaller_enu.exe
2014-09-14 12:16 - 2014-09-14 12:16 - 04859480 _____ () C:\Users\Anne\Downloads\RogueKiller.exe
2014-09-14 12:16 - 2014-09-14 12:16 - 01016261 _____ (Thisisu) C:\Users\Anne\Downloads\JRT(1).exe
2014-09-14 12:15 - 2014-09-14 12:15 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Anne\Downloads\rkill.com
2014-09-14 11:44 - 2014-09-14 11:44 - 00000000 ____D () C:\WINDOWS\SysWOW64\%Report%
2014-09-14 11:20 - 2014-09-14 11:21 - 56577160 _____ () C:\Users\Anne\Downloads\msert.exe
2014-09-14 10:51 - 2014-09-14 10:51 - 01131648 _____ (Telerik) C:\Users\Anne\Downloads\fiddler4setup.exe
2014-09-14 08:26 - 2014-09-14 08:26 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\33435FEB.sys
2014-09-14 06:13 - 2014-09-14 06:13 - 00001119 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-14 06:13 - 2014-09-14 06:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-13 21:42 - 2014-09-13 21:42 - 00067606 _____ () C:\Users\Anne\Desktop\bookmarks-2014-09-13.json
2014-09-13 21:42 - 2014-09-13 21:42 - 00053536 _____ () C:\Users\Anne\Desktop\bookmarks.html
2014-09-13 18:55 - 2014-09-13 19:20 - 00000336 _____ () C:\WINDOWS\system32\.crusader
2014-09-13 18:32 - 2014-09-13 18:32 - 00001905 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-09-13 18:32 - 2014-09-13 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-09-13 18:32 - 2014-09-13 18:32 - 00000000 ____D () C:\Program Files\HitmanPro
2014-09-13 18:31 - 2014-09-13 18:55 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-13 18:28 - 2014-09-13 18:31 - 11194928 _____ (SurfRight B.V.) C:\Users\Anne\Downloads\HitmanPro_x64.exe
2014-09-13 18:23 - 2014-09-13 18:23 - 01373475 _____ () C:\Users\Anne\Downloads\AdwCleaner(2).exe
2014-09-13 18:13 - 2014-09-14 13:41 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{26AD85E4-1C77-41E9-A99F-CC0F6D4D1466}
2014-09-13 17:40 - 2014-09-13 17:40 - 00000000 ____D () C:\WINDOWS\pss
2014-09-13 16:07 - 2014-09-13 16:07 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-09-13 08:06 - 2014-08-15 22:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-13 08:06 - 2014-08-15 21:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-09-13 08:06 - 2014-08-15 21:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-09-13 08:06 - 2014-08-15 21:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-09-13 08:06 - 2014-08-15 21:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-13 08:06 - 2014-08-15 21:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-09-13 08:06 - 2014-08-15 21:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-09-13 08:06 - 2014-08-15 21:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-09-13 08:06 - 2014-08-15 21:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-13 08:06 - 2014-08-15 21:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-13 08:06 - 2014-08-15 21:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-09-13 08:06 - 2014-08-15 21:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-13 08:06 - 2014-08-15 21:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-13 08:06 - 2014-08-15 21:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-13 08:06 - 2014-08-15 21:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-09-13 08:06 - 2014-08-15 20:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-13 08:06 - 2014-08-15 20:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-09-13 08:06 - 2014-08-15 20:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-09-13 08:06 - 2014-08-15 20:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-09-13 08:06 - 2014-08-15 20:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-09-13 08:06 - 2014-08-15 20:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-09-13 08:06 - 2014-08-15 20:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-09-13 08:06 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-13 08:06 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-13 08:06 - 2014-02-06 07:30 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-13 08:06 - 2014-02-06 07:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-09-13 08:06 - 2014-02-06 07:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-13 08:06 - 2014-02-06 07:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-09-13 08:06 - 2014-02-06 06:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-13 08:06 - 2014-02-06 06:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-09-13 08:06 - 2014-02-06 06:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-09-13 08:06 - 2014-02-06 06:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-13 08:06 - 2014-02-06 06:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-13 08:06 - 2014-02-06 06:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-09-13 08:06 - 2014-02-06 05:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-13 08:06 - 2014-02-06 05:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-13 08:06 - 2014-02-06 05:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-09-13 08:06 - 2014-02-06 05:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-13 08:05 - 2014-08-15 22:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-09-13 08:05 - 2014-08-15 22:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-13 08:05 - 2014-08-15 22:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-13 08:05 - 2014-08-15 21:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-09-13 08:05 - 2014-08-15 21:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-09-13 08:05 - 2014-08-15 21:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-13 08:05 - 2014-08-15 20:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-13 08:05 - 2014-08-15 20:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-13 08:05 - 2014-08-15 20:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-09-13 08:05 - 2014-08-15 20:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-09-13 08:05 - 2014-08-15 20:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-13 08:05 - 2014-08-15 20:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-09-13 08:05 - 2014-08-15 20:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-09-13 07:28 - 2014-09-04 22:36 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-09-13 07:28 - 2014-09-04 22:31 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-09-13 07:28 - 2014-09-04 20:48 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-09-13 07:28 - 2014-08-01 20:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-09-13 07:27 - 2014-07-23 23:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-13 07:27 - 2014-07-23 23:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2014-09-09 17:47 - 2014-09-09 17:47 - 00000000 _____ () C:\Recovery.txt
2014-09-09 14:29 - 2014-09-14 11:36 - 00000372 _____ () C:\WINDOWS\Tasks\PCHB_Anne_PCHealthBoost_RS_DailyTask.job
2014-09-09 08:28 - 2014-09-09 08:28 - 06312160 _____ (MyTurboPC.com) C:\Users\Anne\Downloads\myturbopc.exe
2014-09-09 07:52 - 2014-09-09 07:52 - 01370467 _____ () C:\Users\Anne\Downloads\AdwCleaner(1).exe
2014-09-09 07:48 - 2014-09-09 07:48 - 05227019 _____ () C:\Users\Anne\Downloads\namebench-1.3.1-Windows.exe
2014-09-09 05:20 - 2014-09-09 05:20 - 00001074 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-09 05:20 - 2014-09-09 05:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-09 05:20 - 2014-09-09 05:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-09 05:20 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-09-09 05:20 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-09-09 05:19 - 2014-09-09 05:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Anne\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-09-08 17:41 - 2014-09-08 17:41 - 00000000 ____D () C:\Users\Anne\AppData\Roaming\Oracle
2014-09-08 17:03 - 2014-09-08 17:04 - 00003924 _____ () C:\WINDOWS\System32\Tasks\PCHB_Anne_PCHealthBoost_RS_WeeklyTask
2014-09-08 17:03 - 2014-09-08 17:03 - 00004030 _____ () C:\WINDOWS\System32\Tasks\PCHB_Anne_PCHealthBoost_RS_DailyTask
2014-09-08 17:03 - 2014-09-08 17:03 - 00003776 _____ () C:\WINDOWS\System32\Tasks\PCHB_Anne_PCHealthBoost_LG_DailyTask
2014-09-08 17:03 - 2014-09-08 17:03 - 00001046 _____ () C:\Users\Public\Desktop\PC HealthBoost.lnk
2014-09-08 17:03 - 2014-09-08 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC HealthBoost
2014-09-08 17:03 - 2014-09-08 17:03 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-09-08 16:59 - 2014-09-08 16:59 - 02061468 _____ (BoostSoftware Inc. ) C:\Users\Anne\Downloads\PCHealthBoost-Setup(1).exe
2014-09-08 08:17 - 2014-09-08 08:17 - 00000000 ____D () C:\Users\Anne\Documents\StellariPodRecoveryMac.dmg
2014-09-08 07:51 - 2014-09-08 07:52 - 03079104 _____ (BoostSoftware Inc. ) C:\Users\Anne\Downloads\PCHealthBoost-Setup.exe
2014-09-07 17:45 - 2014-09-07 17:45 - 00032768 _____ () C:\WINDOWS\system32\persistent_q.db-shm
2014-09-07 17:45 - 2014-09-07 17:45 - 00003176 _____ () C:\WINDOWS\system32\persistent_q.db-wal
2014-09-07 17:45 - 2014-09-07 17:45 - 00001024 _____ () C:\WINDOWS\system32\persistent_q.db
2014-09-07 07:20 - 2014-09-14 13:38 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-07 07:20 - 2014-09-09 05:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-07 07:20 - 2014-09-07 07:55 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-07 07:19 - 2014-09-07 07:55 - 00000000 ____D () C:\Users\Anne\Desktop\mbar
2014-09-07 07:19 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-07 07:18 - 2014-09-07 07:19 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Anne\Downloads\mbar-1.07.0.1012.exe
2014-09-07 07:03 - 2014-09-07 07:03 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-07 07:02 - 2014-09-07 07:02 - 01016261 _____ (Thisisu) C:\Users\Anne\Downloads\JRT.exe
2014-09-07 06:56 - 2014-09-07 06:56 - 02953520 _____ (AVAST Software) C:\Users\Anne\Downloads\avast-browser-cleanup.exe
2014-09-07 06:15 - 2014-09-14 12:00 - 01515557 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-07 05:47 - 2014-09-07 05:47 - 01045700 _____ (Malwarebytes Corporation ) C:\Users\Anne\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-06 21:26 - 2014-09-13 22:12 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-323092722-1982785668-2295030068-1002
2014-09-06 21:20 - 2014-09-14 13:30 - 00002968 _____ () C:\WINDOWS\PFRO.log
2014-09-06 21:15 - 2014-09-14 13:29 - 00000000 ____D () C:\AdwCleaner
2014-09-06 21:15 - 2014-09-14 10:25 - 00001024 _____ () C:\.rnd
2014-09-06 21:15 - 2014-09-06 21:15 - 01370467 _____ () C:\Users\Anne\Downloads\AdwCleaner.exe
2014-09-06 20:05 - 2014-09-06 20:05 - 00000187 _____ () C:\WINDOWS\wininit.ini
2014-09-06 20:04 - 2014-09-06 20:04 - 00000000 ____D () C:\Users\Anne\AppData\Local\CrashRpt
2014-09-06 20:04 - 2014-09-06 20:04 - 00000000 ____D () C:\Program Files\Common Files\boobzo
2014-08-28 08:08 - 2014-08-28 08:08 - 00002012 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-08-28 08:07 - 2014-08-28 08:07 - 06052529 _____ (Tim Kosse) C:\Users\Anne\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-27 16:12 - 2014-08-22 20:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-27 15:58 - 2014-08-27 15:58 - 00067856 _____ () C:\Users\Anne\Downloads\ShowSmartBill
2014-08-23 09:55 - 2014-08-23 09:55 - 00169247 _____ () C:\Users\Anne\Downloads\LoadLetter

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 14:39 - 2014-09-14 14:39 - 00020294 _____ () C:\Users\Anne\Desktop\FRST.txt
2014-09-14 14:39 - 2014-09-14 14:39 - 00000000 ____D () C:\FRST
2014-09-14 14:38 - 2014-09-14 14:38 - 02105856 _____ (Farbar) C:\Users\Anne\Desktop\FRST64.exe
2014-09-14 14:02 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-14 13:51 - 2013-06-07 17:19 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-14 13:48 - 2014-09-14 13:48 - 00032512 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2014-09-14 13:41 - 2014-09-13 18:13 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{26AD85E4-1C77-41E9-A99F-CC0F6D4D1466}
2014-09-14 13:38 - 2014-09-07 07:20 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 13:38 - 2013-10-18 21:28 - 00000000 ___DO () C:\Users\Anne\SkyDrive
2014-09-14 13:38 - 2013-06-02 17:56 - 00000000 ____D () C:\Temp
2014-09-14 13:35 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-14 13:30 - 2014-09-06 21:20 - 00002968 _____ () C:\WINDOWS\PFRO.log
2014-09-14 13:29 - 2014-09-06 21:15 - 00000000 ____D () C:\AdwCleaner
2014-09-14 13:21 - 2014-09-14 12:23 - 00033512 _____ () C:\WINDOWS\SysWOW64\Drivers\TrueSight.sys
2014-09-14 12:55 - 2014-09-14 12:22 - 05027368 _____ () C:\Users\Anne\Desktop\Rkill.txt
2014-09-14 12:41 - 2014-09-14 12:41 - 00000933 _____ () C:\Users\Anne\Desktop\JRT.txt
2014-09-14 12:29 - 2014-09-14 12:29 - 00000000 ____D () C:\Users\Anne\AppData\Local\CrashDumps
2014-09-14 12:23 - 2014-09-14 12:23 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-14 12:22 - 2014-09-14 12:22 - 00000000 ____D () C:\Users\Anne\Desktop\rkill
2014-09-14 12:21 - 2014-09-14 12:20 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Anne\Downloads\tdsskiller.exe
2014-09-14 12:17 - 2014-09-14 12:17 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-14 12:17 - 2014-09-14 12:16 - 02347384 _____ (ESET) C:\Users\Anne\Downloads\esetsmartinstaller_enu.exe
2014-09-14 12:16 - 2014-09-14 12:16 - 04859480 _____ () C:\Users\Anne\Downloads\RogueKiller.exe
2014-09-14 12:16 - 2014-09-14 12:16 - 01016261 _____ (Thisisu) C:\Users\Anne\Downloads\JRT(1).exe
2014-09-14 12:15 - 2014-09-14 12:15 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Anne\Downloads\rkill.com
2014-09-14 12:00 - 2014-09-07 06:15 - 01515557 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-14 11:44 - 2014-09-14 11:44 - 00000000 ____D () C:\WINDOWS\SysWOW64\%Report%
2014-09-14 11:42 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-14 11:36 - 2014-09-09 14:29 - 00000372 _____ () C:\WINDOWS\Tasks\PCHB_Anne_PCHealthBoost_RS_DailyTask.job
2014-09-14 11:21 - 2014-09-14 11:20 - 56577160 _____ () C:\Users\Anne\Downloads\msert.exe
2014-09-14 10:51 - 2014-09-14 10:51 - 01131648 _____ (Telerik) C:\Users\Anne\Downloads\fiddler4setup.exe
2014-09-14 10:25 - 2014-09-06 21:15 - 00001024 _____ () C:\.rnd
2014-09-14 08:26 - 2014-09-14 08:26 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\33435FEB.sys
2014-09-14 06:13 - 2014-09-14 06:13 - 00001119 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-14 06:13 - 2014-09-14 06:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-14 06:13 - 2014-07-23 06:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-14 04:49 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-13 22:12 - 2014-09-06 21:26 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-323092722-1982785668-2295030068-1002
2014-09-13 21:42 - 2014-09-13 21:42 - 00067606 _____ () C:\Users\Anne\Desktop\bookmarks-2014-09-13.json
2014-09-13 21:42 - 2014-09-13 21:42 - 00053536 _____ () C:\Users\Anne\Desktop\bookmarks.html
2014-09-13 20:27 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-13 19:20 - 2014-09-13 18:55 - 00000336 _____ () C:\WINDOWS\system32\.crusader
2014-09-13 19:07 - 2014-08-14 06:13 - 00000000 ____D () C:\Users\Anne\AppData\Local\Adobe
2014-09-13 18:55 - 2014-09-13 18:31 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-13 18:32 - 2014-09-13 18:32 - 00001905 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-09-13 18:32 - 2014-09-13 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-09-13 18:32 - 2014-09-13 18:32 - 00000000 ____D () C:\Program Files\HitmanPro
2014-09-13 18:31 - 2014-09-13 18:28 - 11194928 _____ (SurfRight B.V.) C:\Users\Anne\Downloads\HitmanPro_x64.exe
2014-09-13 18:23 - 2014-09-13 18:23 - 01373475 _____ () C:\Users\Anne\Downloads\AdwCleaner(2).exe
2014-09-13 17:40 - 2014-09-13 17:40 - 00000000 ____D () C:\WINDOWS\pss
2014-09-13 16:41 - 2013-07-27 16:59 - 00003158 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForAnne
2014-09-13 16:41 - 2013-07-27 16:59 - 00000346 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForAnne.job
2014-09-13 16:07 - 2014-09-13 16:07 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-09-13 16:06 - 2013-06-01 16:28 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-09-13 12:19 - 2014-07-09 06:03 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-09-13 08:10 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-13 08:08 - 2013-05-30 13:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-13 08:05 - 2013-07-27 10:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-13 08:01 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-09-13 08:00 - 2013-05-31 05:32 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-09 17:47 - 2014-09-09 17:47 - 00000000 _____ () C:\Recovery.txt
2014-09-09 08:28 - 2014-09-09 08:28 - 06312160 _____ (MyTurboPC.com) C:\Users\Anne\Downloads\myturbopc.exe
2014-09-09 08:23 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Resources
2014-09-09 07:52 - 2014-09-09 07:52 - 01370467 _____ () C:\Users\Anne\Downloads\AdwCleaner(1).exe
2014-09-09 07:48 - 2014-09-09 07:48 - 05227019 _____ () C:\Users\Anne\Downloads\namebench-1.3.1-Windows.exe
2014-09-09 05:20 - 2014-09-09 05:20 - 00001074 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-09 05:20 - 2014-09-09 05:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-09 05:20 - 2014-09-09 05:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-09 05:20 - 2014-09-07 07:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-09 05:19 - 2014-09-09 05:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Anne\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-09-08 17:41 - 2014-09-08 17:41 - 00000000 ____D () C:\Users\Anne\AppData\Roaming\Oracle
2014-09-08 17:04 - 2014-09-08 17:03 - 00003924 _____ () C:\WINDOWS\System32\Tasks\PCHB_Anne_PCHealthBoost_RS_WeeklyTask
2014-09-08 17:03 - 2014-09-08 17:03 - 00004030 _____ () C:\WINDOWS\System32\Tasks\PCHB_Anne_PCHealthBoost_RS_DailyTask
2014-09-08 17:03 - 2014-09-08 17:03 - 00003776 _____ () C:\WINDOWS\System32\Tasks\PCHB_Anne_PCHealthBoost_LG_DailyTask
2014-09-08 17:03 - 2014-09-08 17:03 - 00001046 _____ () C:\Users\Public\Desktop\PC HealthBoost.lnk
2014-09-08 17:03 - 2014-09-08 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC HealthBoost
2014-09-08 17:03 - 2014-09-08 17:03 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-09-08 16:59 - 2014-09-08 16:59 - 02061468 _____ (BoostSoftware Inc. ) C:\Users\Anne\Downloads\PCHealthBoost-Setup(1).exe
2014-09-08 08:17 - 2014-09-08 08:17 - 00000000 ____D () C:\Users\Anne\Documents\StellariPodRecoveryMac.dmg
2014-09-08 07:52 - 2014-09-08 07:51 - 03079104 _____ (BoostSoftware Inc. ) C:\Users\Anne\Downloads\PCHealthBoost-Setup.exe
2014-09-07 17:45 - 2014-09-07 17:45 - 00032768 _____ () C:\WINDOWS\system32\persistent_q.db-shm
2014-09-07 17:45 - 2014-09-07 17:45 - 00003176 _____ () C:\WINDOWS\system32\persistent_q.db-wal
2014-09-07 17:45 - 2014-09-07 17:45 - 00001024 _____ () C:\WINDOWS\system32\persistent_q.db
2014-09-07 07:55 - 2014-09-07 07:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-07 07:55 - 2014-09-07 07:19 - 00000000 ____D () C:\Users\Anne\Desktop\mbar
2014-09-07 07:25 - 2011-04-02 15:23 - 00000000 ____D () C:\Users\Anne\Desktop\legal
2014-09-07 07:19 - 2014-09-07 07:18 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Anne\Downloads\mbar-1.07.0.1012.exe
2014-09-07 07:03 - 2014-09-07 07:03 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-07 07:02 - 2014-09-07 07:02 - 01016261 _____ (Thisisu) C:\Users\Anne\Downloads\JRT.exe
2014-09-07 06:56 - 2014-09-07 06:56 - 02953520 _____ (AVAST Software) C:\Users\Anne\Downloads\avast-browser-cleanup.exe
2014-09-07 05:47 - 2014-09-07 05:47 - 01045700 _____ (Malwarebytes Corporation ) C:\Users\Anne\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-06 21:19 - 2013-10-18 21:24 - 00000999 _____ () C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-06 21:15 - 2014-09-06 21:15 - 01370467 _____ () C:\Users\Anne\Downloads\AdwCleaner.exe
2014-09-06 20:55 - 2012-08-17 00:15 - 00000000 ____D () C:\Program Files (x86)\HP Games
2014-09-06 20:54 - 2012-08-17 00:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-06 20:53 - 2012-08-17 00:13 - 00000000 ____D () C:\ProgramData\WildTangent
2014-09-06 20:30 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\registration
2014-09-06 20:05 - 2014-09-06 20:05 - 00000187 _____ () C:\WINDOWS\wininit.ini
2014-09-06 20:04 - 2014-09-06 20:04 - 00000000 ____D () C:\Users\Anne\AppData\Local\CrashRpt
2014-09-06 20:04 - 2014-09-06 20:04 - 00000000 ____D () C:\Program Files\Common Files\boobzo
2014-09-04 22:36 - 2014-09-13 07:28 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-09-04 22:31 - 2014-09-13 07:28 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-09-04 20:48 - 2014-09-13 07:28 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-09-02 16:06 - 2013-08-22 11:38 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-02 16:06 - 2013-08-22 11:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-31 21:03 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-08-31 21:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\tracing
2014-08-30 20:34 - 2014-03-20 15:52 - 00000000 ____D () C:\Users\Anne\AppData\Roaming\FileZilla
2014-08-30 18:39 - 2014-07-08 18:42 - 00001165 _____ () C:\Users\Anne\Desktop\Amazon Music.lnk
2014-08-30 17:14 - 2013-08-22 10:44 - 00491112 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-28 22:34 - 2013-08-22 11:36 - 00000000 ___HD () C:\Program Files\WindowsApps.tmp
2014-08-28 08:08 - 2014-08-28 08:08 - 00002012 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-08-28 08:08 - 2014-03-20 15:52 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-08-28 08:07 - 2014-08-28 08:07 - 06052529 _____ (Tim Kosse) C:\Users\Anne\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-28 08:07 - 2014-03-20 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-08-27 15:58 - 2014-08-27 15:58 - 00067856 _____ () C:\Users\Anne\Downloads\ShowSmartBill
2014-08-25 19:28 - 2010-02-21 11:29 - 00000000 ____D () C:\Users\Anne\Desktop\Originals
2014-08-23 09:55 - 2014-08-23 09:55 - 00169247 _____ () C:\Users\Anne\Downloads\LoadLetter
2014-08-22 20:42 - 2014-08-27 16:12 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-17 14:37 - 2013-05-30 13:23 - 00000000 ____D () C:\Users\Anne\AppData\Local\Microsoft Help
2014-08-16 06:05 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-16 06:05 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-08-16 06:05 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-08-16 06:05 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-08-16 06:05 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-08-15 22:40 - 2014-09-13 08:06 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-15 22:04 - 2014-09-13 08:05 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-15 22:00 - 2014-09-13 08:05 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-15 22:00 - 2014-09-13 08:05 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-15 21:56 - 2014-09-13 08:06 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-08-15 21:54 - 2014-09-13 08:06 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-08-15 21:45 - 2014-09-13 08:05 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-15 21:43 - 2014-09-13 08:06 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-15 21:32 - 2014-09-13 08:06 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-15 21:25 - 2014-09-13 08:06 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-15 21:22 - 2014-09-13 08:06 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-15 21:20 - 2014-09-13 08:06 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-15 21:19 - 2014-09-13 08:06 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-15 21:18 - 2014-09-13 08:06 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-15 21:18 - 2014-09-13 08:05 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-15 21:11 - 2014-09-13 08:06 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-15 21:06 - 2014-09-13 08:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-15 21:05 - 2014-09-13 08:06 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-15 21:05 - 2014-09-13 08:06 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-15 21:03 - 2014-09-13 08:06 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-15 21:03 - 2014-09-13 08:05 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-15 20:58 - 2014-09-13 08:06 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 20:56 - 2014-09-13 08:05 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-15 20:53 - 2014-09-13 08:06 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-15 20:53 - 2014-09-13 08:06 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-15 20:53 - 2014-09-13 08:05 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-15 20:51 - 2014-09-13 08:05 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-15 20:45 - 2014-09-13 08:06 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-15 20:44 - 2014-09-13 08:06 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-15 20:44 - 2014-09-13 08:05 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-15 20:34 - 2014-09-13 08:05 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-15 20:20 - 2014-09-13 08:05 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-15 20:18 - 2014-09-13 08:06 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-15 20:14 - 2014-09-13 08:05 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-15 20:12 - 2014-09-13 08:06 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-08-15 17:52 - 2014-08-10 18:57 - 00000000 ____D () C:\Users\Anne\AppData\Local\Windows Live

Some content of TEMP:
====================
C:\Users\Anne\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-13 22:12

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Anne at 2014-09-14 14:40:31
Running from C:\Users\Anne\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.2.0.591 - Amazon Services LLC)
AMD Accelerated Video Transcoding (Version: 12.5.100.20808 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.5.6902 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.4.2928 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.1.3119 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.1.1926 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.4.5527 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Family Tree Maker 2011 (HKLM-x32\...\Family Tree Maker 2011) (Version: 20.0.368 - Ancestry.com)
Family Tree Maker 2011 (x32 Version: 20.0.368 - Ancestry.com) Hidden
FileZilla Client 3.9.0.3 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.3 - Tim Kosse)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)
HP 3D DriveGuard (HKLM\...\{F244D07D-1876-4CDD-914D-214E15A8D327}) (Version: 4.2.5.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{0D3A6808-82B8-4BB1-BE5A-AED75B3F6C02}) (Version: 2.20.11 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{18DE31AE-70D0-43A7-9E3C-2ED7283ECE8A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Postscript Converter (Version: 3.1.3554 - Hewlett-Packard) Hidden
HP Quick Launch (HKLM-x32\...\{4ED7050C-9332-4FB2-AB07-E94F25A53D39}) (Version: 3.0.3 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 7.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Lowrance GlobalMap 5200C Demo (HKLM-x32\...\{81FB4BF5-E243-4F6F-AF4D-6877E1564ECA}) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MapSend BlueNav North America (HKLM-x32\...\{56D13CA8-3312-11D7-A118-00E0290FE35A}) (Version:  - )
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MotoHelper 2.1.32 Driver 5.4.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.32 - Motorola)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0 - Motorola Inc.) Hidden
Mozilla Firefox 32.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 en-US)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
PC HealthBoost 3.0.5 (HKLM-x32\...\PCHealthBoost_is1) (Version: 3.0.5 - Boost Software Inc.)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.STANDARD_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.STANDARD_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.STANDARD_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

09-09-2014 11:24:13 Configured LabelPrint
13-09-2014 11:57:42 Windows Update
14-09-2014 01:54:08 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {013D4267-1D36-4016-BC18-A2C353C0B0CE} - System32\Tasks\PCHB_Anne_PCHealthBoost_RS_DailyTask => C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe
Task: {022195F4-7428-4530-BD7A-3742F156A139} - System32\Tasks\HPCeeScheduleForAnne => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {02EF959C-507E-43A2-82F6-528B5CC9749B} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {12BD8AF0-0101-407C-A406-9D0C9C792E90} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {1C8D37E8-4C3C-4055-B84B-8693C11B2430} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {1E6FA39F-3761-432E-AF11-8CA10B349413} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-08-19] (Hewlett-Packard Development Company, L.P.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3EB2DF7D-C95E-45BE-A944-52BBC86F0C43} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {4559A74E-1A48-4D6A-9FD1-38AF3445BB39} - System32\Tasks\PCHB_Anne_PCHealthBoost_LG_DailyTask => C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe
Task: {4650BCE8-FB40-4612-BA81-E21D6E9A7E7E} - \SMW_UpdateTask_Time_313331323333393538392d23787845322a5b3434322d57 No Task File <==== ATTENTION
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4CD1D3F7-AB25-47BB-BAE8-5F384B19C029} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {533709C2-8354-4805-9CDC-582DBDC6CEF5} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {5ACCC2EA-D326-470E-8CDB-A72AD95E0F07} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {5C10ADCB-A52A-4C87-8733-E88FFBA80ECB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-09-13] (Microsoft Corporation)
Task: {5DA1A79C-E66B-4C79-ABCB-1CA40D8EEE8A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-08-04] (Hewlett-Packard)
Task: {5F111C21-251A-46F5-81A6-B6D4EE0D9910} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6AD8FB7D-2B29-4D22-ABED-81B36CE9C914} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6F7874F2-CEE1-4BE6-9B60-AF00AEFE92AF} - System32\Tasks\SDMsgUpdate (Local) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {70C17DFF-5F39-4352-9B72-E9A6D9C77208} - System32\Tasks\SDMsgUpdate (TE) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {762FA18E-D84C-47ED-A830-FD415C7726E7} - System32\Tasks\PCHB_Anne_PCHealthBoost_RS_WeeklyTask => C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe
Task: {76357D39-3279-4E73-90BD-57755397BBB7} - System32\Tasks\MsgUpdateCheck (4e8e012a-0fc6-4d0a-af3d-a6fd9253ccd4) => C:\SmartDraw CI\MarkedUp\tray\TrayNotifierNET35.exe [2014-06-20] (MarkedUp Inc)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {C15FDACD-7959-4003-B7EE-8C2BE77FBC9A} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {C446981E-3299-4C7C-8E76-0A97269EC671} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {C6FF346F-4AB7-4A85-96EA-7F71D3650254} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-08-04] (Hewlett-Packard)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DDA66610-DB02-47BD-83D0-222628A48302} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E7A1A6E3-87BF-44E6-A00B-E0C9B8C10CA6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {E8C73A47-5756-4542-A79F-E22BE900AD0A} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {F2E8C59B-E1B1-44F7-B0AC-5CBAF3932B94} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {F6C80419-9E0B-4A4C-9AB4-F31487800058} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {FEAF7C44-64E3-46D3-886A-F1FEB8400D63} - \Installer_ytd No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\HPCeeScheduleForAnne.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\PCHB_Anne_PCHealthBoost_RS_DailyTask.job => C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2012-08-08 13:36 - 2012-08-08 13:36 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-09-05 22:01 - 2014-09-05 22:01 - 00057344 _____ () C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
2011-12-06 17:00 - 2011-12-06 17:00 - 00214896 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2014-05-01 15:29 - 2014-05-01 15:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-12-06 17:00 - 2011-12-06 17:00 - 00784240 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
2012-08-08 13:36 - 2012-08-08 13:36 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2014-09-05 22:01 - 2014-09-05 22:01 - 00032768 _____ () C:\Program Files (x86)\Common Files\Diagnostics\node\sys.node
2012-10-13 05:19 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-09-14 06:13 - 2014-09-11 22:42 - 03716720 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-04-20 01:42 - 2014-04-20 01:42 - 00699072 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2014-04-20 01:42 - 2014-04-20 01:42 - 00468672 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-04-20 01:42 - 2014-04-20 01:42 - 00347328 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com\nponlinebanking.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Anne\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Adobe ARM"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/14/2014 01:39:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (09/14/2014 01:39:28 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.


System errors:
=============
Error: (09/14/2014 01:35:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppEx Networks Accelerator LWF service failed to start due to the following error:
%%31

Error: (09/14/2014 01:35:43 PM) (Source: APXACC) (EventID: 1003) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)

Error: (09/14/2014 01:35:05 PM) (Source: DCOM) (EventID: 10005) (User: HPLAPTOP)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (09/14/2014 01:35:05 PM) (Source: DCOM) (EventID: 10005) (User: HPLAPTOP)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/14/2014 01:34:48 PM) (Source: DCOM) (EventID: 10005) (User: HPLAPTOP)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/14/2014 01:34:32 PM) (Source: DCOM) (EventID: 10005) (User: HPLAPTOP)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/14/2014 01:31:24 PM) (Source: DCOM) (EventID: 10005) (User: HPLAPTOP)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/14/2014 01:31:19 PM) (Source: DCOM) (EventID: 10005) (User: HPLAPTOP)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/14/2014 01:31:17 PM) (Source: DCOM) (EventID: 10005) (User: HPLAPTOP)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (09/14/2014 01:31:16 PM) (Source: DCOM) (EventID: 10005) (User: HPLAPTOP)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}


Microsoft Office Sessions:
=========================
Error: (09/14/2014 01:39:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Anne\Downloads\esetsmartinstaller_enu.exe

Error: (09/14/2014 01:39:28 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Anne\Downloads\esetsmartinstaller_enu.exe


CodeIntegrity Errors:
===================================
  Date: 2014-09-14 14:39:03.924
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-14 14:38:54.194
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-14 14:38:10.453
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-14 14:32:04.118
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-14 14:32:02.223
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-14 14:31:39.398
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-14 14:24:09.603
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-14 14:23:54.063
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-14 14:23:52.512
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-14 14:23:52.401
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD A8-4500M APU with Radeon™ HD Graphics
Percentage of memory in use: 36%
Total physical RAM: 5602.26 MB
Available physical RAM: 3562.87 MB
Total Pagefile: 6498.26 MB
Available Pagefile: 3844.5 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:439.34 GB) (Free:378.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.31 GB) (Free:2.97 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1EFAD293)

Partition: GPT Partition Type.

==================== End Of Log ============================



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 14 September 2014 - 02:10 PM

How is the situation after this fix and a reboot?


Please download this attached Attached File  fixlist.txt   344bytes   3 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#5 amlowery

amlowery
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 14 September 2014 - 02:24 PM

So far, not seeing the redirects or pop-ups. Keeping my fingers crossed!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Anne at 2014-09-14 15:14:44 Run:1
Running from C:\Users\Anne\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
R2 Diagnostics; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [57344 2014-09-05] () [File not signed]
R2 Proxy; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [57344 2014-09-05] () [File not signed]
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: 127.0.0.1:5050
EmptyTemp:
*****************

Processes closed successfully.
Diagnostics => Unable to stop service
Diagnostics => Service deleted successfully.
Proxy => Unable to stop service
Proxy => Service deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
EmptyTemp: => Removed 1.5 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 14 September 2014 - 02:37 PM

Ok, please continue monitoring the situation and report back if the problem is fixed on a consistent basis.
And also run FRST again:


Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#7 amlowery

amlowery
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 14 September 2014 - 02:41 PM

Will do. When I reboot before the last step. Hitman Pro still showed a Proxy server error which it repaired, but no more pop-ups or other issues so far. Thank you very much!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Anne (administrator) on HPLAPTOP on 14-09-2014 15:38:04
Running from C:\Users\Anne\Desktop
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
HKU\S-1-5-21-323092722-1982785668-2295030068-1002\...\MountPoints2: {33067bbc-c9e7-11e2-be76-28924a46798f} - "F:\setup.exe" -a
HKU\S-1-5-21-323092722-1982785668-2295030068-1002\...\MountPoints2: {3c67df51-19a2-11e4-bea0-28924a46798f} - "G:\MotorolaDeviceManagerSetup.exe" -a
HKU\S-1-5-21-323092722-1982785668-2295030068-1002\...\MountPoints2: {776e4ea7-9fdd-11e3-be91-28924a46798f} - "F:\MotoCastSetup.exe" -a
HKU\S-1-5-21-323092722-1982785668-2295030068-1002\...\MountPoints2: {776e4ecd-9fdd-11e3-be91-28924a46798f} - "F:\MotorolaDeviceManagerSetup.exe" -a
HKU\S-1-5-21-323092722-1982785668-2295030068-1002\...\MountPoints2: {c11d2eec-1195-11e4-bea0-28924a46798f} - "F:\MotoCastSetup.exe" -a
HKU\S-1-5-21-323092722-1982785668-2295030068-1002\...\MountPoints2: {decd3bad-7d2a-11e3-be8d-28924a46798f} - "F:\TL_Bootstrap.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.hp13.us.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x345753004BD0CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM - {6D1FE892-6A0D-4AE7-81A6-C42556957F85} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E6CB787B-A214-4F81-B22C-6D89CCC3DCAC}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\lbt6zqs0.default-1410251513185
FF Homepage: https://my.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\lbt6zqs0.default-1410251513185\user.js
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-08-13]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-13]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址過濾 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-08-13]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-08-13]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-08-13]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-09-13] (SurfRight B.V.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-21] (IDT, Inc.) [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-18] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3860480 2013-08-23] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-18] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [141376 2014-07-26] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [769600 2014-07-26] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-09-14] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 14:40 - 2014-09-14 14:41 - 00041305 _____ () C:\Users\Anne\Desktop\Addition.txt
2014-09-14 14:39 - 2014-09-14 15:38 - 00019234 _____ () C:\Users\Anne\Desktop\FRST.txt
2014-09-14 14:39 - 2014-09-14 15:38 - 00000000 ____D () C:\FRST
2014-09-14 14:38 - 2014-09-14 14:38 - 02105856 _____ (Farbar) C:\Users\Anne\Desktop\FRST64.exe
2014-09-14 12:41 - 2014-09-14 12:41 - 00000933 _____ () C:\Users\Anne\Desktop\JRT.txt
2014-09-14 12:29 - 2014-09-14 15:15 - 00000000 ____D () C:\Users\Anne\AppData\Local\CrashDumps
2014-09-14 12:23 - 2014-09-14 13:21 - 00033512 _____ () C:\WINDOWS\SysWOW64\Drivers\TrueSight.sys
2014-09-14 12:23 - 2014-09-14 12:23 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-14 12:22 - 2014-09-14 12:55 - 05027368 _____ () C:\Users\Anne\Desktop\Rkill.txt
2014-09-14 12:22 - 2014-09-14 12:47 - 00000000 ____D () C:\Users\Anne\Desktop\rkill
2014-09-14 12:20 - 2014-09-14 12:21 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Anne\Downloads\tdsskiller.exe
2014-09-14 12:17 - 2014-09-14 12:17 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-14 12:16 - 2014-09-14 12:17 - 02347384 _____ (ESET) C:\Users\Anne\Downloads\esetsmartinstaller_enu.exe
2014-09-14 12:16 - 2014-09-14 12:16 - 04859480 _____ () C:\Users\Anne\Downloads\RogueKiller.exe
2014-09-14 12:16 - 2014-09-14 12:16 - 01016261 _____ (Thisisu) C:\Users\Anne\Downloads\JRT(1).exe
2014-09-14 12:15 - 2014-09-14 12:15 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Anne\Downloads\rkill.com
2014-09-14 11:44 - 2014-09-14 11:44 - 00000000 ____D () C:\WINDOWS\SysWOW64\%Report%
2014-09-14 11:20 - 2014-09-14 11:21 - 56577160 _____ () C:\Users\Anne\Downloads\msert.exe
2014-09-14 10:51 - 2014-09-14 10:51 - 01131648 _____ (Telerik) C:\Users\Anne\Downloads\fiddler4setup.exe
2014-09-14 08:26 - 2014-09-14 08:26 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\33435FEB.sys
2014-09-14 06:13 - 2014-09-14 06:13 - 00001119 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-14 06:13 - 2014-09-14 06:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-13 21:42 - 2014-09-13 21:42 - 00067606 _____ () C:\Users\Anne\Desktop\bookmarks-2014-09-13.json
2014-09-13 21:42 - 2014-09-13 21:42 - 00053536 _____ () C:\Users\Anne\Desktop\bookmarks.html
2014-09-13 18:55 - 2014-09-13 19:20 - 00000336 _____ () C:\WINDOWS\system32\.crusader
2014-09-13 18:32 - 2014-09-13 18:32 - 00001905 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-09-13 18:32 - 2014-09-13 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-09-13 18:32 - 2014-09-13 18:32 - 00000000 ____D () C:\Program Files\HitmanPro
2014-09-13 18:31 - 2014-09-13 18:55 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-13 18:28 - 2014-09-13 18:31 - 11194928 _____ (SurfRight B.V.) C:\Users\Anne\Downloads\HitmanPro_x64.exe
2014-09-13 18:23 - 2014-09-13 18:23 - 01373475 _____ () C:\Users\Anne\Downloads\AdwCleaner(2).exe
2014-09-13 18:13 - 2014-09-14 13:41 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{26AD85E4-1C77-41E9-A99F-CC0F6D4D1466}
2014-09-13 17:40 - 2014-09-13 17:40 - 00000000 ____D () C:\WINDOWS\pss
2014-09-13 16:07 - 2014-09-13 16:07 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-09-13 08:06 - 2014-08-15 22:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-13 08:06 - 2014-08-15 21:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-09-13 08:06 - 2014-08-15 21:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-09-13 08:06 - 2014-08-15 21:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-09-13 08:06 - 2014-08-15 21:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-13 08:06 - 2014-08-15 21:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-09-13 08:06 - 2014-08-15 21:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-09-13 08:06 - 2014-08-15 21:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-09-13 08:06 - 2014-08-15 21:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-13 08:06 - 2014-08-15 21:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-13 08:06 - 2014-08-15 21:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-09-13 08:06 - 2014-08-15 21:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-13 08:06 - 2014-08-15 21:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-13 08:06 - 2014-08-15 21:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-13 08:06 - 2014-08-15 21:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-09-13 08:06 - 2014-08-15 20:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-13 08:06 - 2014-08-15 20:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-09-13 08:06 - 2014-08-15 20:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-09-13 08:06 - 2014-08-15 20:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-09-13 08:06 - 2014-08-15 20:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-09-13 08:06 - 2014-08-15 20:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-09-13 08:06 - 2014-08-15 20:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-09-13 08:06 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-13 08:06 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-13 08:06 - 2014-02-06 07:30 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-13 08:06 - 2014-02-06 07:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-09-13 08:06 - 2014-02-06 07:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-13 08:06 - 2014-02-06 07:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-09-13 08:06 - 2014-02-06 06:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-13 08:06 - 2014-02-06 06:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-09-13 08:06 - 2014-02-06 06:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-09-13 08:06 - 2014-02-06 06:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-13 08:06 - 2014-02-06 06:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-13 08:06 - 2014-02-06 06:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-09-13 08:06 - 2014-02-06 05:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-13 08:06 - 2014-02-06 05:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-13 08:06 - 2014-02-06 05:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-09-13 08:06 - 2014-02-06 05:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-13 08:05 - 2014-08-15 22:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-09-13 08:05 - 2014-08-15 22:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-13 08:05 - 2014-08-15 22:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-13 08:05 - 2014-08-15 21:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-09-13 08:05 - 2014-08-15 21:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-09-13 08:05 - 2014-08-15 21:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-13 08:05 - 2014-08-15 20:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-13 08:05 - 2014-08-15 20:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-13 08:05 - 2014-08-15 20:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-09-13 08:05 - 2014-08-15 20:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-09-13 08:05 - 2014-08-15 20:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-13 08:05 - 2014-08-15 20:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-09-13 08:05 - 2014-08-15 20:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-09-13 07:28 - 2014-09-04 22:36 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-09-13 07:28 - 2014-09-04 22:31 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-09-13 07:28 - 2014-09-04 20:48 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-09-13 07:28 - 2014-08-01 20:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-09-13 07:27 - 2014-07-23 23:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-13 07:27 - 2014-07-23 23:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2014-09-09 17:47 - 2014-09-09 17:47 - 00000000 _____ () C:\Recovery.txt
2014-09-09 14:29 - 2014-09-14 11:36 - 00000372 _____ () C:\WINDOWS\Tasks\PCHB_Anne_PCHealthBoost_RS_DailyTask.job
2014-09-09 08:28 - 2014-09-09 08:28 - 06312160 _____ (MyTurboPC.com) C:\Users\Anne\Downloads\myturbopc.exe
2014-09-09 07:52 - 2014-09-09 07:52 - 01370467 _____ () C:\Users\Anne\Downloads\AdwCleaner(1).exe
2014-09-09 07:48 - 2014-09-09 07:48 - 05227019 _____ () C:\Users\Anne\Downloads\namebench-1.3.1-Windows.exe
2014-09-09 05:20 - 2014-09-09 05:20 - 00001074 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-09 05:20 - 2014-09-09 05:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-09 05:20 - 2014-09-09 05:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-09 05:20 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-09-09 05:20 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-09-09 05:19 - 2014-09-09 05:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Anne\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-09-08 17:41 - 2014-09-08 17:41 - 00000000 ____D () C:\Users\Anne\AppData\Roaming\Oracle
2014-09-08 17:03 - 2014-09-08 17:04 - 00003924 _____ () C:\WINDOWS\System32\Tasks\PCHB_Anne_PCHealthBoost_RS_WeeklyTask
2014-09-08 17:03 - 2014-09-08 17:03 - 00004030 _____ () C:\WINDOWS\System32\Tasks\PCHB_Anne_PCHealthBoost_RS_DailyTask
2014-09-08 17:03 - 2014-09-08 17:03 - 00003776 _____ () C:\WINDOWS\System32\Tasks\PCHB_Anne_PCHealthBoost_LG_DailyTask
2014-09-08 17:03 - 2014-09-08 17:03 - 00001046 _____ () C:\Users\Public\Desktop\PC HealthBoost.lnk
2014-09-08 17:03 - 2014-09-08 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC HealthBoost
2014-09-08 17:03 - 2014-09-08 17:03 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-09-08 16:59 - 2014-09-08 16:59 - 02061468 _____ (BoostSoftware Inc. ) C:\Users\Anne\Downloads\PCHealthBoost-Setup(1).exe
2014-09-08 08:17 - 2014-09-08 08:17 - 00000000 ____D () C:\Users\Anne\Documents\StellariPodRecoveryMac.dmg
2014-09-08 07:51 - 2014-09-08 07:52 - 03079104 _____ (BoostSoftware Inc. ) C:\Users\Anne\Downloads\PCHealthBoost-Setup.exe
2014-09-07 17:45 - 2014-09-07 17:45 - 00032768 _____ () C:\WINDOWS\system32\persistent_q.db-shm
2014-09-07 17:45 - 2014-09-07 17:45 - 00003176 _____ () C:\WINDOWS\system32\persistent_q.db-wal
2014-09-07 17:45 - 2014-09-07 17:45 - 00001024 _____ () C:\WINDOWS\system32\persistent_q.db
2014-09-07 07:20 - 2014-09-14 15:20 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-07 07:20 - 2014-09-09 05:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-07 07:20 - 2014-09-07 07:55 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-07 07:19 - 2014-09-07 07:55 - 00000000 ____D () C:\Users\Anne\Desktop\mbar
2014-09-07 07:19 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-07 07:18 - 2014-09-07 07:19 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Anne\Downloads\mbar-1.07.0.1012.exe
2014-09-07 07:03 - 2014-09-07 07:03 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-07 07:02 - 2014-09-07 07:02 - 01016261 _____ (Thisisu) C:\Users\Anne\Downloads\JRT.exe
2014-09-07 06:56 - 2014-09-07 06:56 - 02953520 _____ (AVAST Software) C:\Users\Anne\Downloads\avast-browser-cleanup.exe
2014-09-07 06:15 - 2014-09-14 12:00 - 01515557 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-07 05:47 - 2014-09-07 05:47 - 01045700 _____ (Malwarebytes Corporation ) C:\Users\Anne\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-06 21:26 - 2014-09-13 22:12 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-323092722-1982785668-2295030068-1002
2014-09-06 21:20 - 2014-09-14 13:30 - 00002968 _____ () C:\WINDOWS\PFRO.log
2014-09-06 21:15 - 2014-09-14 13:29 - 00000000 ____D () C:\AdwCleaner
2014-09-06 21:15 - 2014-09-14 10:25 - 00001024 _____ () C:\.rnd
2014-09-06 21:15 - 2014-09-06 21:15 - 01370467 _____ () C:\Users\Anne\Downloads\AdwCleaner.exe
2014-09-06 20:05 - 2014-09-06 20:05 - 00000187 _____ () C:\WINDOWS\wininit.ini
2014-09-06 20:04 - 2014-09-06 20:04 - 00000000 ____D () C:\Users\Anne\AppData\Local\CrashRpt
2014-09-06 20:04 - 2014-09-06 20:04 - 00000000 ____D () C:\Program Files\Common Files\boobzo
2014-08-28 08:08 - 2014-08-28 08:08 - 00002012 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-08-28 08:07 - 2014-08-28 08:07 - 06052529 _____ (Tim Kosse) C:\Users\Anne\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-27 16:12 - 2014-08-22 20:42 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-27 15:58 - 2014-08-27 15:58 - 00067856 _____ () C:\Users\Anne\Downloads\ShowSmartBill
2014-08-23 09:55 - 2014-08-23 09:55 - 00169247 _____ () C:\Users\Anne\Downloads\LoadLetter

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 15:38 - 2014-09-14 14:39 - 00019234 _____ () C:\Users\Anne\Desktop\FRST.txt
2014-09-14 15:38 - 2014-09-14 14:39 - 00000000 ____D () C:\FRST
2014-09-14 15:20 - 2014-09-07 07:20 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 15:20 - 2013-10-18 21:28 - 00000000 ___DO () C:\Users\Anne\SkyDrive
2014-09-14 15:20 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-14 15:20 - 2013-06-07 17:19 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-14 15:20 - 2013-06-02 17:56 - 00000000 ____D () C:\Temp
2014-09-14 15:15 - 2014-09-14 12:29 - 00000000 ____D () C:\Users\Anne\AppData\Local\CrashDumps
2014-09-14 15:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-14 14:41 - 2014-09-14 14:40 - 00041305 _____ () C:\Users\Anne\Desktop\Addition.txt
2014-09-14 14:38 - 2014-09-14 14:38 - 02105856 _____ (Farbar) C:\Users\Anne\Desktop\FRST64.exe
2014-09-14 13:41 - 2014-09-13 18:13 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{26AD85E4-1C77-41E9-A99F-CC0F6D4D1466}
2014-09-14 13:30 - 2014-09-06 21:20 - 00002968 _____ () C:\WINDOWS\PFRO.log
2014-09-14 13:29 - 2014-09-06 21:15 - 00000000 ____D () C:\AdwCleaner
2014-09-14 13:21 - 2014-09-14 12:23 - 00033512 _____ () C:\WINDOWS\SysWOW64\Drivers\TrueSight.sys
2014-09-14 12:55 - 2014-09-14 12:22 - 05027368 _____ () C:\Users\Anne\Desktop\Rkill.txt
2014-09-14 12:47 - 2014-09-14 12:22 - 00000000 ____D () C:\Users\Anne\Desktop\rkill
2014-09-14 12:41 - 2014-09-14 12:41 - 00000933 _____ () C:\Users\Anne\Desktop\JRT.txt
2014-09-14 12:23 - 2014-09-14 12:23 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-14 12:21 - 2014-09-14 12:20 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Anne\Downloads\tdsskiller.exe
2014-09-14 12:17 - 2014-09-14 12:17 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-14 12:17 - 2014-09-14 12:16 - 02347384 _____ (ESET) C:\Users\Anne\Downloads\esetsmartinstaller_enu.exe
2014-09-14 12:16 - 2014-09-14 12:16 - 04859480 _____ () C:\Users\Anne\Downloads\RogueKiller.exe
2014-09-14 12:16 - 2014-09-14 12:16 - 01016261 _____ (Thisisu) C:\Users\Anne\Downloads\JRT(1).exe
2014-09-14 12:15 - 2014-09-14 12:15 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Anne\Downloads\rkill.com
2014-09-14 12:00 - 2014-09-07 06:15 - 01515557 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-14 11:44 - 2014-09-14 11:44 - 00000000 ____D () C:\WINDOWS\SysWOW64\%Report%
2014-09-14 11:42 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-14 11:36 - 2014-09-09 14:29 - 00000372 _____ () C:\WINDOWS\Tasks\PCHB_Anne_PCHealthBoost_RS_DailyTask.job
2014-09-14 11:21 - 2014-09-14 11:20 - 56577160 _____ () C:\Users\Anne\Downloads\msert.exe
2014-09-14 10:51 - 2014-09-14 10:51 - 01131648 _____ (Telerik) C:\Users\Anne\Downloads\fiddler4setup.exe
2014-09-14 10:25 - 2014-09-06 21:15 - 00001024 _____ () C:\.rnd
2014-09-14 08:26 - 2014-09-14 08:26 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\33435FEB.sys
2014-09-14 06:13 - 2014-09-14 06:13 - 00001119 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-14 06:13 - 2014-09-14 06:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-14 06:13 - 2014-07-23 06:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-14 04:49 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-13 22:12 - 2014-09-06 21:26 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-323092722-1982785668-2295030068-1002
2014-09-13 21:42 - 2014-09-13 21:42 - 00067606 _____ () C:\Users\Anne\Desktop\bookmarks-2014-09-13.json
2014-09-13 21:42 - 2014-09-13 21:42 - 00053536 _____ () C:\Users\Anne\Desktop\bookmarks.html
2014-09-13 20:27 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-13 19:20 - 2014-09-13 18:55 - 00000336 _____ () C:\WINDOWS\system32\.crusader
2014-09-13 19:07 - 2014-08-14 06:13 - 00000000 ____D () C:\Users\Anne\AppData\Local\Adobe
2014-09-13 18:55 - 2014-09-13 18:31 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-13 18:32 - 2014-09-13 18:32 - 00001905 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-09-13 18:32 - 2014-09-13 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-09-13 18:32 - 2014-09-13 18:32 - 00000000 ____D () C:\Program Files\HitmanPro
2014-09-13 18:31 - 2014-09-13 18:28 - 11194928 _____ (SurfRight B.V.) C:\Users\Anne\Downloads\HitmanPro_x64.exe
2014-09-13 18:23 - 2014-09-13 18:23 - 01373475 _____ () C:\Users\Anne\Downloads\AdwCleaner(2).exe
2014-09-13 17:40 - 2014-09-13 17:40 - 00000000 ____D () C:\WINDOWS\pss
2014-09-13 16:41 - 2013-07-27 16:59 - 00003158 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForAnne
2014-09-13 16:41 - 2013-07-27 16:59 - 00000346 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForAnne.job
2014-09-13 16:07 - 2014-09-13 16:07 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-09-13 16:06 - 2013-06-01 16:28 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-09-13 12:19 - 2014-07-09 06:03 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-09-13 08:10 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-13 08:08 - 2013-05-30 13:23 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-13 08:05 - 2013-07-27 10:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-13 08:01 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-09-13 08:00 - 2013-05-31 05:32 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-09 17:47 - 2014-09-09 17:47 - 00000000 _____ () C:\Recovery.txt
2014-09-09 08:28 - 2014-09-09 08:28 - 06312160 _____ (MyTurboPC.com) C:\Users\Anne\Downloads\myturbopc.exe
2014-09-09 08:23 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Resources
2014-09-09 07:52 - 2014-09-09 07:52 - 01370467 _____ () C:\Users\Anne\Downloads\AdwCleaner(1).exe
2014-09-09 07:48 - 2014-09-09 07:48 - 05227019 _____ () C:\Users\Anne\Downloads\namebench-1.3.1-Windows.exe
2014-09-09 05:20 - 2014-09-09 05:20 - 00001074 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-09 05:20 - 2014-09-09 05:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-09 05:20 - 2014-09-09 05:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-09 05:20 - 2014-09-07 07:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-09 05:19 - 2014-09-09 05:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Anne\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-09-08 17:41 - 2014-09-08 17:41 - 00000000 ____D () C:\Users\Anne\AppData\Roaming\Oracle
2014-09-08 17:04 - 2014-09-08 17:03 - 00003924 _____ () C:\WINDOWS\System32\Tasks\PCHB_Anne_PCHealthBoost_RS_WeeklyTask
2014-09-08 17:03 - 2014-09-08 17:03 - 00004030 _____ () C:\WINDOWS\System32\Tasks\PCHB_Anne_PCHealthBoost_RS_DailyTask
2014-09-08 17:03 - 2014-09-08 17:03 - 00003776 _____ () C:\WINDOWS\System32\Tasks\PCHB_Anne_PCHealthBoost_LG_DailyTask
2014-09-08 17:03 - 2014-09-08 17:03 - 00001046 _____ () C:\Users\Public\Desktop\PC HealthBoost.lnk
2014-09-08 17:03 - 2014-09-08 17:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC HealthBoost
2014-09-08 17:03 - 2014-09-08 17:03 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-09-08 16:59 - 2014-09-08 16:59 - 02061468 _____ (BoostSoftware Inc. ) C:\Users\Anne\Downloads\PCHealthBoost-Setup(1).exe
2014-09-08 08:17 - 2014-09-08 08:17 - 00000000 ____D () C:\Users\Anne\Documents\StellariPodRecoveryMac.dmg
2014-09-08 07:52 - 2014-09-08 07:51 - 03079104 _____ (BoostSoftware Inc. ) C:\Users\Anne\Downloads\PCHealthBoost-Setup.exe
2014-09-07 17:45 - 2014-09-07 17:45 - 00032768 _____ () C:\WINDOWS\system32\persistent_q.db-shm
2014-09-07 17:45 - 2014-09-07 17:45 - 00003176 _____ () C:\WINDOWS\system32\persistent_q.db-wal
2014-09-07 17:45 - 2014-09-07 17:45 - 00001024 _____ () C:\WINDOWS\system32\persistent_q.db
2014-09-07 07:55 - 2014-09-07 07:20 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-07 07:55 - 2014-09-07 07:19 - 00000000 ____D () C:\Users\Anne\Desktop\mbar
2014-09-07 07:25 - 2011-04-02 15:23 - 00000000 ____D () C:\Users\Anne\Desktop\legal
2014-09-07 07:19 - 2014-09-07 07:18 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Anne\Downloads\mbar-1.07.0.1012.exe
2014-09-07 07:03 - 2014-09-07 07:03 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-07 07:02 - 2014-09-07 07:02 - 01016261 _____ (Thisisu) C:\Users\Anne\Downloads\JRT.exe
2014-09-07 06:56 - 2014-09-07 06:56 - 02953520 _____ (AVAST Software) C:\Users\Anne\Downloads\avast-browser-cleanup.exe
2014-09-07 05:47 - 2014-09-07 05:47 - 01045700 _____ (Malwarebytes Corporation ) C:\Users\Anne\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-06 21:19 - 2013-10-18 21:24 - 00000999 _____ () C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-06 21:15 - 2014-09-06 21:15 - 01370467 _____ () C:\Users\Anne\Downloads\AdwCleaner.exe
2014-09-06 20:55 - 2012-08-17 00:15 - 00000000 ____D () C:\Program Files (x86)\HP Games
2014-09-06 20:54 - 2012-08-17 00:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-06 20:53 - 2012-08-17 00:13 - 00000000 ____D () C:\ProgramData\WildTangent
2014-09-06 20:30 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\registration
2014-09-06 20:05 - 2014-09-06 20:05 - 00000187 _____ () C:\WINDOWS\wininit.ini
2014-09-06 20:04 - 2014-09-06 20:04 - 00000000 ____D () C:\Users\Anne\AppData\Local\CrashRpt
2014-09-06 20:04 - 2014-09-06 20:04 - 00000000 ____D () C:\Program Files\Common Files\boobzo
2014-09-04 22:36 - 2014-09-13 07:28 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-09-04 22:31 - 2014-09-13 07:28 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-09-04 20:48 - 2014-09-13 07:28 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-09-02 16:06 - 2013-08-22 11:38 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-02 16:06 - 2013-08-22 11:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-31 21:03 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-08-31 21:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\tracing
2014-08-30 20:34 - 2014-03-20 15:52 - 00000000 ____D () C:\Users\Anne\AppData\Roaming\FileZilla
2014-08-30 18:39 - 2014-07-08 18:42 - 00001165 _____ () C:\Users\Anne\Desktop\Amazon Music.lnk
2014-08-30 17:14 - 2013-08-22 10:44 - 00491112 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-08-28 22:34 - 2013-08-22 11:36 - 00000000 ___HD () C:\Program Files\WindowsApps.tmp
2014-08-28 08:08 - 2014-08-28 08:08 - 00002012 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-08-28 08:08 - 2014-03-20 15:52 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-08-28 08:07 - 2014-08-28 08:07 - 06052529 _____ (Tim Kosse) C:\Users\Anne\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-28 08:07 - 2014-03-20 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-08-27 15:58 - 2014-08-27 15:58 - 00067856 _____ () C:\Users\Anne\Downloads\ShowSmartBill
2014-08-25 19:28 - 2010-02-21 11:29 - 00000000 ____D () C:\Users\Anne\Desktop\Originals
2014-08-23 09:55 - 2014-08-23 09:55 - 00169247 _____ () C:\Users\Anne\Downloads\LoadLetter
2014-08-22 20:42 - 2014-08-27 16:12 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-08-17 14:37 - 2013-05-30 13:23 - 00000000 ____D () C:\Users\Anne\AppData\Local\Microsoft Help
2014-08-16 06:05 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-08-16 06:05 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-08-16 06:05 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-08-16 06:05 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-08-16 06:05 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-08-15 22:40 - 2014-09-13 08:06 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-08-15 22:04 - 2014-09-13 08:05 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-08-15 22:00 - 2014-09-13 08:05 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-08-15 22:00 - 2014-09-13 08:05 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-08-15 21:56 - 2014-09-13 08:06 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-08-15 21:54 - 2014-09-13 08:06 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-08-15 21:45 - 2014-09-13 08:05 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-08-15 21:43 - 2014-09-13 08:06 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-08-15 21:32 - 2014-09-13 08:06 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-08-15 21:25 - 2014-09-13 08:06 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-08-15 21:22 - 2014-09-13 08:06 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-08-15 21:20 - 2014-09-13 08:06 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-08-15 21:19 - 2014-09-13 08:06 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-08-15 21:18 - 2014-09-13 08:06 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-08-15 21:18 - 2014-09-13 08:05 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-08-15 21:11 - 2014-09-13 08:06 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-08-15 21:06 - 2014-09-13 08:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-08-15 21:05 - 2014-09-13 08:06 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-08-15 21:05 - 2014-09-13 08:06 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-08-15 21:03 - 2014-09-13 08:06 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-08-15 21:03 - 2014-09-13 08:05 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-08-15 20:58 - 2014-09-13 08:06 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 20:56 - 2014-09-13 08:05 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-08-15 20:53 - 2014-09-13 08:06 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-08-15 20:53 - 2014-09-13 08:06 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-08-15 20:53 - 2014-09-13 08:05 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-08-15 20:51 - 2014-09-13 08:05 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-08-15 20:45 - 2014-09-13 08:06 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-08-15 20:44 - 2014-09-13 08:06 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-08-15 20:44 - 2014-09-13 08:05 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-08-15 20:34 - 2014-09-13 08:05 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-08-15 20:20 - 2014-09-13 08:05 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-08-15 20:18 - 2014-09-13 08:06 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-08-15 20:14 - 2014-09-13 08:05 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-08-15 20:12 - 2014-09-13 08:06 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-08-15 17:52 - 2014-08-10 18:57 - 00000000 ____D () C:\Users\Anne\AppData\Local\Windows Live

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-13 22:12

==================== End Of Log ============================



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 14 September 2014 - 02:47 PM

Ok, please try if ESET Onlinescanner now works:


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#9 amlowery

amlowery
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 14 September 2014 - 05:07 PM

ESETSmartInstaller@High as downloader log:
Can not extract cabC:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScanner.cabErr:The operation completed successfully.
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not extract cabC:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScanner.cabErr:Cannot create a file when that file already exists.
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c88d83e2cacf4f4c9fb36d13123b40c4
# engine=20151
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-14 09:38:18
# local_time=2014-09-14 05:38:18 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 9662265 24530992 0 0
# scanned=253854
# found=16
# cleaned=0
# scan_time=5386
sh=2DB796EDD99DDF8D4B371CC0D69494DD306A74D5 ft=1 fh=41ff57dd8d4ab51f vn="a variant of Win32/SBWatchman.A potentially unwanted application" ac=I fn="C:\Program Files\Common Files\boobzo\GBUpdate\smci32.dll"
sh=B83B3AEC10B4E343DA658A97484568C02651904E ft=1 fh=90c10d5fed81d4c0 vn="a variant of MSIL/SBWatchman.A potentially unwanted application" ac=I fn="C:\Program Files\Common Files\boobzo\GBUpdate\smci64.dll"
sh=C901A9003BBDF92843E52A57F5EBE24013586837 ft=1 fh=3882b907be66266b vn="probably a variant of Win32/SBWatchman.A potentially unwanted application" ac=I fn="C:\Program Files\Common Files\boobzo\GBUpdate\smei32.dll"
sh=2A0BA00550B115295A937A0CD91D47CE18C9FBDB ft=1 fh=a3d5fcf4d39b16f4 vn="a variant of MSIL/SBWatchman.A potentially unwanted application" ac=I fn="C:\Program Files\Common Files\boobzo\GBUpdate\smei64.dll"
sh=50E31AAC30E83A4DE5CD83239084AC6FD9EE9F9D ft=1 fh=ef8d152c41ba6b8f vn="a variant of Win32/SBWatchman.A potentially unwanted application" ac=I fn="C:\Program Files\Common Files\boobzo\GBUpdate\smfi32.dll"
sh=1661A40D3ADDECC640F3905AB5BD54246749D9A6 ft=1 fh=d43c5231d825049b vn="a variant of MSIL/SBWatchman.A potentially unwanted application" ac=I fn="C:\Program Files\Common Files\boobzo\GBUpdate\smfi64.dll"
sh=0046D289F3960CF15FD7527AD4827E4055A71E9A ft=1 fh=4167712b50d8b560 vn="a variant of Win32/SBWatchman.A potentially unwanted application" ac=I fn="C:\Program Files\Common Files\boobzo\GBUpdate\smi32.exe"
sh=AD6571BB100C7A703F2046729FF05925C7AB85F9 ft=1 fh=addf3afbdb293bc4 vn="a variant of MSIL/SBWatchman.A potentially unwanted application" ac=I fn="C:\Program Files\Common Files\boobzo\GBUpdate\smi64.exe"
sh=31AD36ED53C1AB1AD7B68F8FA9BFC484FD558C42 ft=1 fh=6988fb7da556f80a vn="a variant of MSIL/SBWatchman.A potentially unwanted application" ac=I fn="C:\Program Files\Common Files\boobzo\GBUpdate\smoi64.dll"
sh=E6E4E422927BB36E4D87291E183A43D6A34A940C ft=1 fh=fd07dbdce936f06d vn="a variant of MSIL/SBWatchman.A potentially unwanted application" ac=I fn="C:\Program Files\Common Files\boobzo\GBUpdate\smri64.dll"
sh=2D6FCC47060056D8FE9F90AD8FEF8A8275FF69BE ft=1 fh=71f6a1ab7ed22c0e vn="a variant of MSIL/SBWatchman.A potentially unwanted application" ac=I fn="C:\Program Files\Common Files\boobzo\GBUpdate\smu.exe"
sh=68BDE9CD594B8AC4C997390C8B68A971C21A2BD6 ft=1 fh=6bd5554924eb8c92 vn="Win32/Distromatic.C potentially unwanted application" ac=I fn="C:\ProgramData\BoostSoftware\PCHealthBoost\pchb305-514R.exe"
sh=68BDE9CD594B8AC4C997390C8B68A971C21A2BD6 ft=1 fh=6bd5554924eb8c92 vn="Win32/Distromatic.C potentially unwanted application" ac=I fn="C:\Users\All Users\BoostSoftware\PCHealthBoost\pchb305-514R.exe"
sh=D47084C19F405781C949A05FB145AED89230B453 ft=1 fh=107d665ffab989d7 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\Anne\Desktop\Installs\media.player.codec.pack.v4.2.4.setup.exe"
sh=0358F35651B1C859818B2453FEB8CB48556C4C0A ft=1 fh=8718e5e4ef762fc9 vn="Win32/Distromatic.C potentially unwanted application" ac=I fn="C:\Users\Anne\Downloads\PCHealthBoost-Setup.exe"
sh=2A147224A884856B5136081BECBF7E7198A42352 ft=0 fh=0000000000000000 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Windows\Installer\19bb019e.msi"
 



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 14 September 2014 - 05:22 PM

ESET hasn't found any active malware.
Are there still no more redirects or pop-ups?


Please download this attached Attached File  fixlist.txt   36bytes   2 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • i don't need the log.


#11 amlowery

amlowery
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 14 September 2014 - 05:23 PM

It seems to have rooted out the problem. No pop-ups, no redirects, increased speed.... back to normal!  Thank you so much for your help!!!!!!!!!



#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 14 September 2014 - 06:13 PM

I'm glad to hear that.

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#13 amlowery

amlowery
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 14 September 2014 - 06:30 PM

You're a life saver! lol! Thank you very much!



#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 14 September 2014 - 06:35 PM

You're welcome.
All the best.

#15 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 14 September 2014 - 06:35 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users