Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Surrogate Rundll32 trojan - help please


  • This topic is locked This topic is locked
13 replies to this topic

#1 D_Jones1985

D_Jones1985

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 16 September 2014 - 05:38 PM

I am currently trying to fix my system that has a virus that creates multiple surrogate rundll32 processes.  I have tried scanning with MBAM, MBAR, NSS, Kaspersky, AVG, TDSS Killer, Housecall, and ran the norton bootable recovery scan on the drive.  All scans are saying the system is clean, but there is definitely malware present on the system.  Please help!! :)



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 AM

Posted 17 September 2014 - 05:51 AM

Hi there,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 D_Jones1985

D_Jones1985
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 17 September 2014 - 04:20 PM

Sorry for the delay in my response.  here are the requested logs.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Karri (administrator) on KARRI-PC on 17-09-2014 13:50:23
Running from C:\Users\Karri\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2771832 2012-12-23] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2678784 2011-10-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\.DEFAULT\...\Run: [Bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
HKU\.DEFAULT\...\RunOnce: [Application Restart #0] => C:\Windows\System32\ctfmon.exe ctfmon.exe
HKU\S-1-5-21-2735316861-1939849972-2201488609-1000\...\MountPoints2: {0d959afe-32ac-11e2-bf26-806e6f6e6963} - D:\autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Karri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Karri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x881B01D60BD2CF01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1082
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Karri\AppData\Roaming\Mozilla\Firefox\Profiles\y36r8o09.default
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Karri\AppData\Roaming\Mozilla\Firefox\Profiles\y36r8o09.default\user.js
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-07-31]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-09-15]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-09-15]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-09-15]

Chrome:
=======
CHR HomePage: Default ->
CHR RestoreOnStartup: Default -> "hxxp://start.sweetpacks.com/?barid={781FD646-E10D-11E2-B9B7-D43D7E35BD86}&src=10&crg=3.5000006.10042&st=23", "hxxp://search.conduit.com/?ctid=CT3289663&SearchSource=48&CUI=UN25678633797177271&UM=2"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Karri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.22.5.510_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\Karri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.22.5.510_0\plugins/np-cwmp.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Karri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.22.5.510_0\search/plugins/npConduitNewTabPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Profile: C:\Users\Karri\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Karri\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-09]
CHR Extension: (Google Search) - C:\Users\Karri\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-09]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Karri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-10-25]
CHR Extension: (Gmail) - C:\Users\Karri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-09]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho []
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [249856 2011-11-15] (Brother Industries, Ltd.) [File not signed]
S4 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2012-12-23] (Intuit) [File not signed]
S4 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-08-18] (Intuit Inc.) [File not signed]
S4 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-08-18] (Intuit Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [270616 2014-07-02] (AVG Technologies CZ, s.r.o.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-15] (Symantec Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2014-08-18] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [820232 2014-08-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [74424 2014-08-13] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2014-09-10] (Malwarebytes Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [175528 2013-09-02] (Trend Micro Inc.)
S3 ALSysIO; \??\C:\Users\Karri\AppData\Local\Temp\ALSysIO64.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-17 13:50 - 2014-09-17 13:52 - 00020298 _____ () C:\Users\Karri\Downloads\FRST.txt
2014-09-17 13:50 - 2014-09-17 13:50 - 00000000 ____D () C:\FRST
2014-09-17 13:49 - 2014-09-17 13:49 - 02105856 _____ (Farbar) C:\Users\Karri\Downloads\FRST64.exe
2014-09-16 15:10 - 2014-09-16 15:11 - 02476596 _____ (Trend Micro Inc.) C:\Users\Karri\Downloads\HousecallLauncher64.exe
2014-09-16 14:57 - 2014-09-16 14:57 - 00262144 _____ () C:\Windows\system32\config\elam
2014-09-15 18:58 - 2014-09-17 12:14 - 00000452 ____H () C:\Windows\Tasks\Norton Security Scan for Karri.job
2014-09-15 18:58 - 2014-09-15 18:58 - 00003610 _____ () C:\Windows\System32\Tasks\Norton Security Scan for Karri
2014-09-15 18:58 - 2014-09-15 18:58 - 00001459 _____ () C:\Users\Public\Desktop\Norton Security Scan.LNK
2014-09-15 18:57 - 2014-09-15 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2014-09-15 18:57 - 2014-09-15 18:57 - 00000000 ____D () C:\Windows\system32\Drivers\NSSx64
2014-09-15 18:57 - 2014-09-15 18:57 - 00000000 ____D () C:\Program Files (x86)\Norton Security Scan
2014-09-15 18:55 - 2014-09-15 18:55 - 00779704 _____ (Symantec) C:\Users\Karri\Downloads\Setup.exe
2014-09-15 17:48 - 2014-09-15 17:48 - 00002336 _____ () C:\Users\Karri\Desktop\Safe Money.lnk
2014-09-15 17:47 - 2014-09-15 17:47 - 00002134 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-09-15 17:47 - 2014-09-15 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-09-15 17:47 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2014-09-15 17:46 - 2014-09-17 12:16 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-15 17:46 - 2014-09-15 17:46 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-09-15 17:46 - 2014-09-15 17:46 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-09-15 17:45 - 2014-08-20 18:04 - 00820232 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-09-15 17:45 - 2014-08-18 14:43 - 00150536 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-09-15 17:45 - 2014-08-12 18:33 - 00246456 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2014-09-15 17:41 - 2014-09-15 17:42 - 202839360 _____ (Kaspersky Lab) C:\Users\Karri\Downloads\kis15.0.1.415EN_6710.exe
2014-09-15 12:25 - 2014-09-15 12:25 - 00000000 ____D () C:\NBRT
2014-09-15 11:13 - 2014-09-15 11:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-15 11:08 - 2014-09-15 11:08 - 00000000 ____D () C:\Windows\system32\Drivers\NBRTWizardx64
2014-09-15 11:08 - 2014-09-15 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
2014-09-15 11:08 - 2014-09-15 11:08 - 00000000 ____D () C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2014-09-15 11:08 - 2012-07-25 22:32 - 00125872 _____ (GEAR Software Inc.) C:\Windows\system32\GEARAspi64.dll
2014-09-15 11:08 - 2012-07-25 22:32 - 00106928 _____ (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2014-09-15 11:08 - 2012-07-25 22:32 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-09-15 11:04 - 2014-09-15 11:09 - 00000000 ____D () C:\Users\Karri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-09-15 11:04 - 2014-09-15 11:04 - 00001342 _____ () C:\Users\Karri\Desktop\Norton Installation Files.lnk
2014-09-15 11:03 - 2014-09-15 11:03 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-09-15 11:02 - 2014-09-15 11:03 - 01022080 _____ (Symantec Corporation) C:\Users\Karri\Downloads\NBRT-Retail-Downloader.exe
2014-09-12 10:17 - 2014-09-12 10:17 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Karri\Downloads\tdsskiller.exe
2014-09-12 10:05 - 2014-09-12 10:05 - 00004608 _____ () C:\Users\Karri\Downloads\remdelf.exe
2014-09-12 09:10 - 2014-09-12 09:10 - 00000000 ____D () C:\NPE
2014-09-12 08:51 - 2014-09-12 10:04 - 00000000 ____D () C:\Users\Karri\AppData\Local\NPE
2014-09-12 08:50 - 2014-09-12 08:51 - 03060320 ____N (Symantec Corporation) C:\Users\Karri\Downloads\NPE.exe
2014-09-12 08:13 - 2014-09-12 08:13 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-09-12 08:13 - 2014-09-12 08:13 - 00000000 ____D () C:\Users\Karri\AppData\Roaming\AVG2015
2014-09-12 08:13 - 2014-09-12 08:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-12 08:13 - 2014-09-12 08:13 - 00000000 ____D () C:\ProgramData\AVG2015
2014-09-12 08:13 - 2014-09-12 08:13 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-09-12 08:11 - 2014-09-12 08:20 - 00000000 ____D () C:\Users\Karri\AppData\Local\Avg2015
2014-09-12 08:11 - 2014-09-12 08:11 - 04579176 _____ (AVG Technologies) C:\Users\Karri\Downloads\avg_free_stb_all_2015_5315_cnet.exe
2014-09-12 04:19 - 2014-08-19 11:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 04:19 - 2014-08-19 10:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 04:19 - 2014-08-18 16:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 04:19 - 2014-08-18 15:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 04:19 - 2014-08-18 15:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 04:19 - 2014-08-18 15:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 04:19 - 2014-08-18 15:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 04:19 - 2014-08-18 15:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 04:19 - 2014-08-18 15:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 04:19 - 2014-08-18 15:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 04:19 - 2014-08-18 15:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 04:19 - 2014-08-18 15:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 04:19 - 2014-08-18 15:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 04:19 - 2014-08-18 15:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 04:19 - 2014-08-18 15:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 04:19 - 2014-08-18 15:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 04:19 - 2014-08-18 15:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 04:19 - 2014-08-18 15:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 04:19 - 2014-08-18 15:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 04:19 - 2014-08-18 14:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 04:19 - 2014-08-18 14:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 04:19 - 2014-08-18 14:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 04:19 - 2014-08-18 14:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 04:19 - 2014-08-18 14:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 04:19 - 2014-08-18 14:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 04:19 - 2014-08-18 14:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 04:19 - 2014-08-18 14:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 04:19 - 2014-08-18 14:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 04:19 - 2014-08-18 14:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 04:19 - 2014-08-18 14:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 04:19 - 2014-08-18 14:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 04:19 - 2014-08-18 14:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 04:19 - 2014-08-18 14:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 04:19 - 2014-08-18 14:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 04:19 - 2014-08-18 14:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 04:19 - 2014-08-18 14:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 04:19 - 2014-08-18 14:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 04:19 - 2014-08-18 14:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 04:19 - 2014-08-18 14:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 04:19 - 2014-08-18 14:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 04:19 - 2014-08-18 14:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 04:19 - 2014-08-18 14:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 04:19 - 2014-08-18 14:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 04:19 - 2014-08-18 14:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 04:19 - 2014-08-18 14:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 04:19 - 2014-08-18 14:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 04:19 - 2014-08-18 14:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 04:19 - 2014-08-18 14:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 04:19 - 2014-08-18 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 04:19 - 2014-08-18 14:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 04:19 - 2014-08-18 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 04:19 - 2014-08-18 13:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 04:19 - 2014-08-18 13:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 04:19 - 2014-08-18 13:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 04:19 - 2014-08-18 13:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 04:19 - 2014-08-18 13:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-12 03:02 - 2014-06-26 19:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 03:02 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 21:48 - 2014-08-01 04:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 21:48 - 2014-08-01 04:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 21:46 - 2014-06-23 20:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 21:46 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-11 21:41 - 2014-07-06 19:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 21:41 - 2014-07-06 19:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 21:41 - 2014-07-06 18:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 21:40 - 2014-07-06 18:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 21:40 - 2014-07-06 18:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 21:34 - 2014-09-04 19:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 21:34 - 2014-09-04 19:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 09:23 - 2014-09-11 09:23 - 02347384 _____ (ESET) C:\Users\Karri\Downloads\esetsmartinstaller_enu.exe
2014-09-11 09:23 - 2014-09-11 09:23 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-11 09:20 - 2014-09-11 09:21 - 05576769 _____ (Swearware) C:\Users\Karri\Downloads\ComboFix.exe
2014-09-11 00:00 - 2014-09-11 00:00 - 00000010 _____ () C:\Users\Karri\AppData\Local\sponge.last.runtime.cache
2014-09-10 22:21 - 2014-09-16 15:49 - 00145144 _____ () C:\Users\Karri\AppData\Local\ars.cache
2014-09-10 22:21 - 2014-09-16 15:49 - 00093821 _____ () C:\Users\Karri\AppData\Local\census.cache
2014-09-10 19:53 - 2014-09-10 19:53 - 00007605 _____ () C:\Users\Karri\AppData\Local\Resmon.ResmonCfg
2014-09-10 19:34 - 2014-09-10 19:34 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Karri\Downloads\mbar-1.07.0.1012.exe
2014-09-10 19:24 - 2014-09-10 19:24 - 00000036 _____ () C:\Users\Karri\AppData\Local\housecall.guid.cache
2014-09-10 19:24 - 2013-09-02 00:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-09-10 19:23 - 2014-09-10 19:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-09-08 08:39 - 2014-09-08 09:02 - 00000000 ____D () C:\Users\Karri\AppData\Local\LogMeIn Client
2014-09-07 16:10 - 2014-09-07 16:10 - 00244251 _____ () C:\ProgramData\1410131031.bdinstall.bin
2014-09-04 10:04 - 2014-09-04 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-04 10:04 - 2014-09-04 10:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-04 10:04 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-28 03:03 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 03:03 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 03:03 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 16:14 - 2014-08-21 16:14 - 00014574 _____ () C:\Users\Karri\Downloads\SS4Patsys2014 (2)
2014-08-20 21:45 - 2014-08-20 21:45 - 00243480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-08-20 09:55 - 2014-08-20 09:55 - 00002146 _____ () C:\Users\Public\Desktop\Brother Creative Center.lnk
2014-08-20 09:55 - 2014-08-20 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2014-08-20 09:55 - 2014-08-20 09:55 - 00000000 ____D () C:\Program Files (x86)\Browny02
2014-08-20 09:55 - 2014-08-20 09:55 - 00000000 ____D () C:\Program Files (x86)\Brother
2014-08-20 09:55 - 2014-08-20 09:55 - 00000000 ____D () C:\Brother
2014-08-20 09:55 - 2012-04-24 09:04 - 00221184 _____ (Brother Industries, Ltd.) C:\Windows\system32\BRCOMB1A.DLL
2014-08-20 09:55 - 2010-11-17 01:28 - 00107888 _____ (Brother Industries Ltd) C:\Windows\SysWOW64\BRRBTOOL.EXE
2014-08-20 09:55 - 2010-04-01 22:33 - 00025299 _____ (Brother Industries, Ltd) C:\Windows\SysWOW64\BRLM03A.DLL
2014-08-20 09:55 - 2010-02-04 19:42 - 00180224 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL
2014-08-20 09:55 - 2005-01-17 00:10 - 00045056 _____ () C:\Windows\SysWOW64\BRTCPCON.DLL
2014-08-20 09:55 - 2004-08-09 00:00 - 00000114 _____ () C:\Windows\SysWOW64\BRLMW03A.INI
2014-08-20 09:55 - 2004-08-08 23:42 - 00077824 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BRLMW03A.DLL
2014-08-20 09:55 - 1999-10-26 09:00 - 00000050 _____ () C:\Windows\system32\BRADM11A.DAT
2014-08-20 09:54 - 2014-08-20 09:55 - 00000000 ____D () C:\ProgramData\Brother
2014-08-20 09:54 - 2014-08-20 09:54 - 00000000 ____D () C:\Users\Karri\Downloads\install
2014-08-20 09:54 - 2014-08-20 09:54 - 00000000 ____D () C:\Users\Karri\AppData\Roaming\InstallShield
2014-08-20 09:53 - 2014-08-20 09:54 - 34296016 _____ (A.I.SOFT,INC.) C:\Users\Karri\Downloads\HL-5470DW-inst-B1-euus.EXE
2014-08-19 18:45 - 2014-08-19 18:45 - 00014574 _____ () C:\Users\Karri\Downloads\SS4Patsys2014 (1)

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-17 13:52 - 2014-09-17 13:50 - 00020298 _____ () C:\Users\Karri\Downloads\FRST.txt
2014-09-17 13:51 - 2012-11-19 03:10 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-09-17 13:50 - 2014-09-17 13:50 - 00000000 ____D () C:\FRST
2014-09-17 13:49 - 2014-09-17 13:49 - 02105856 _____ (Farbar) C:\Users\Karri\Downloads\FRST64.exe
2014-09-17 13:25 - 2012-12-02 19:18 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-17 13:13 - 2012-11-19 03:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-17 12:25 - 2012-12-02 19:18 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-17 12:16 - 2014-09-15 17:46 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-17 12:14 - 2014-09-15 18:58 - 00000452 ____H () C:\Windows\Tasks\Norton Security Scan for Karri.job
2014-09-17 09:04 - 2012-11-19 17:54 - 01776363 _____ () C:\Windows\WindowsUpdate.log
2014-09-16 15:49 - 2014-09-10 22:21 - 00145144 _____ () C:\Users\Karri\AppData\Local\ars.cache
2014-09-16 15:49 - 2014-09-10 22:21 - 00093821 _____ () C:\Users\Karri\AppData\Local\census.cache
2014-09-16 15:14 - 2013-08-30 12:40 - 00000000 ____D () C:\RASplus
2014-09-16 15:13 - 2013-08-30 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RASplus
2014-09-16 15:11 - 2014-09-16 15:10 - 02476596 _____ (Trend Micro Inc.) C:\Users\Karri\Downloads\HousecallLauncher64.exe
2014-09-16 15:03 - 2012-11-21 14:55 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-16 15:01 - 2012-11-19 02:52 - 01710118 _____ () C:\Windows\PFRO.log
2014-09-16 15:01 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-16 15:01 - 2009-07-13 21:51 - 00006680 _____ () C:\Windows\setupact.log
2014-09-16 14:57 - 2014-09-16 14:57 - 00262144 _____ () C:\Windows\system32\config\elam
2014-09-15 18:58 - 2014-09-15 18:58 - 00003610 _____ () C:\Windows\System32\Tasks\Norton Security Scan for Karri
2014-09-15 18:58 - 2014-09-15 18:58 - 00001459 _____ () C:\Users\Public\Desktop\Norton Security Scan.LNK
2014-09-15 18:58 - 2014-09-15 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
2014-09-15 18:57 - 2014-09-15 18:57 - 00000000 ____D () C:\Windows\system32\Drivers\NSSx64
2014-09-15 18:57 - 2014-09-15 18:57 - 00000000 ____D () C:\Program Files (x86)\Norton Security Scan
2014-09-15 18:57 - 2012-11-19 02:28 - 00000000 ____D () C:\ProgramData\Norton
2014-09-15 18:55 - 2014-09-15 18:55 - 00779704 _____ (Symantec) C:\Users\Karri\Downloads\Setup.exe
2014-09-15 18:52 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-15 18:39 - 2014-05-01 16:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-15 18:39 - 2014-05-01 16:17 - 00000000 ____D () C:\Users\Karri\Desktop\mbar
2014-09-15 18:21 - 2014-05-01 16:18 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 18:00 - 2014-07-08 18:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-15 17:59 - 2009-07-13 21:45 - 00023312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 17:59 - 2009-07-13 21:45 - 00023312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 17:48 - 2014-09-15 17:48 - 00002336 _____ () C:\Users\Karri\Desktop\Safe Money.lnk
2014-09-15 17:47 - 2014-09-15 17:47 - 00002134 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-09-15 17:47 - 2014-09-15 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-09-15 17:46 - 2014-09-15 17:46 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-09-15 17:46 - 2014-09-15 17:46 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-09-15 17:42 - 2014-09-15 17:41 - 202839360 _____ (Kaspersky Lab) C:\Users\Karri\Downloads\kis15.0.1.415EN_6710.exe
2014-09-15 17:42 - 2012-11-19 07:59 - 00000000 ____D () C:\Users\Karri\AppData\Local\CrashDumps
2014-09-15 12:25 - 2014-09-15 12:25 - 00000000 ____D () C:\NBRT
2014-09-15 11:14 - 2014-09-15 11:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-15 11:13 - 2009-07-13 22:13 - 00786558 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-15 11:09 - 2014-09-15 11:04 - 00000000 ____D () C:\Users\Karri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-09-15 11:08 - 2014-09-15 11:08 - 00000000 ____D () C:\Windows\system32\Drivers\NBRTWizardx64
2014-09-15 11:08 - 2014-09-15 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Bootable Recovery Tool Wizard
2014-09-15 11:08 - 2014-09-15 11:08 - 00000000 ____D () C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2014-09-15 11:04 - 2014-09-15 11:04 - 00001342 _____ () C:\Users\Karri\Desktop\Norton Installation Files.lnk
2014-09-15 11:03 - 2014-09-15 11:03 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-09-15 11:03 - 2014-09-15 11:02 - 01022080 _____ (Symantec Corporation) C:\Users\Karri\Downloads\NBRT-Retail-Downloader.exe
2014-09-12 10:17 - 2014-09-12 10:17 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Karri\Downloads\tdsskiller.exe
2014-09-12 10:05 - 2014-09-12 10:05 - 00004608 _____ () C:\Users\Karri\Downloads\remdelf.exe
2014-09-12 10:04 - 2014-09-12 08:51 - 00000000 ____D () C:\Users\Karri\AppData\Local\NPE
2014-09-12 09:10 - 2014-09-12 09:10 - 00000000 ____D () C:\NPE
2014-09-12 08:51 - 2014-09-12 08:50 - 03060320 ____N (Symantec Corporation) C:\Users\Karri\Downloads\NPE.exe
2014-09-12 08:20 - 2014-09-12 08:11 - 00000000 ____D () C:\Users\Karri\AppData\Local\Avg2015
2014-09-12 08:13 - 2014-09-12 08:13 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-09-12 08:13 - 2014-09-12 08:13 - 00000000 ____D () C:\Users\Karri\AppData\Roaming\AVG2015
2014-09-12 08:13 - 2014-09-12 08:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-12 08:13 - 2014-09-12 08:13 - 00000000 ____D () C:\ProgramData\AVG2015
2014-09-12 08:13 - 2014-09-12 08:13 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-09-12 08:13 - 2012-11-21 14:56 - 00000000 ___HD () C:\$AVG
2014-09-12 08:11 - 2014-09-12 08:11 - 04579176 _____ (AVG Technologies) C:\Users\Karri\Downloads\avg_free_stb_all_2015_5315_cnet.exe
2014-09-12 05:42 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-09-12 04:13 - 2012-11-19 02:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-12 04:05 - 2012-11-19 03:20 - 00778680 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 03:58 - 2013-08-14 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 03:03 - 2012-11-19 04:30 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-12 03:02 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 09:23 - 2014-09-11 09:23 - 02347384 _____ (ESET) C:\Users\Karri\Downloads\esetsmartinstaller_enu.exe
2014-09-11 09:23 - 2014-09-11 09:23 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-11 09:21 - 2014-09-11 09:20 - 05576769 _____ (Swearware) C:\Users\Karri\Downloads\ComboFix.exe
2014-09-11 00:00 - 2014-09-11 00:00 - 00000010 _____ () C:\Users\Karri\AppData\Local\sponge.last.runtime.cache
2014-09-10 19:53 - 2014-09-10 19:53 - 00007605 _____ () C:\Users\Karri\AppData\Local\Resmon.ResmonCfg
2014-09-10 19:36 - 2014-05-01 16:17 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-10 19:34 - 2014-09-10 19:34 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Karri\Downloads\mbar-1.07.0.1012.exe
2014-09-10 19:24 - 2014-09-10 19:24 - 00000036 _____ () C:\Users\Karri\AppData\Local\housecall.guid.cache
2014-09-10 19:23 - 2014-09-10 19:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-09-08 09:02 - 2014-09-08 08:39 - 00000000 ____D () C:\Users\Karri\AppData\Local\LogMeIn Client
2014-09-07 16:11 - 2013-07-02 21:52 - 00000000 ____D () C:\Program Files\Bitdefender
2014-09-07 16:10 - 2014-09-07 16:10 - 00244251 _____ () C:\ProgramData\1410131031.bdinstall.bin
2014-09-07 16:10 - 2013-07-02 21:49 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-09-04 19:10 - 2014-09-11 21:34 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 19:05 - 2014-09-11 21:34 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-04 10:13 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Cursors
2014-09-04 10:12 - 2014-04-29 10:02 - 00000000 ____D () C:\Users\Karri\AppData\Local\TB
2014-09-04 10:04 - 2014-09-04 10:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-04 10:04 - 2014-09-04 10:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-04 10:04 - 2012-11-21 15:02 - 00000000 ____D () C:\Users\Karri\AppData\Roaming\Malwarebytes
2014-09-04 10:04 - 2012-11-21 15:01 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-04 10:04 - 2012-11-21 15:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-30 14:22 - 2012-11-30 09:11 - 00000000 ____D () C:\Users\Karri\AppData\Roaming\HpUpdate
2014-08-29 03:17 - 2009-07-13 21:45 - 00434688 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-25 06:53 - 2012-11-19 18:09 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-22 19:07 - 2014-08-28 03:03 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 18:45 - 2014-08-28 03:03 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 17:59 - 2014-08-28 03:03 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 21:45 - 2014-08-20 21:45 - 00243480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-08-20 18:04 - 2014-09-15 17:45 - 00820232 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-08-20 09:55 - 2014-08-20 09:55 - 00002146 _____ () C:\Users\Public\Desktop\Brother Creative Center.lnk
2014-08-20 09:55 - 2014-08-20 09:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2014-08-20 09:55 - 2014-08-20 09:55 - 00000000 ____D () C:\Program Files (x86)\Browny02
2014-08-20 09:55 - 2014-08-20 09:55 - 00000000 ____D () C:\Program Files (x86)\Brother
2014-08-20 09:55 - 2014-08-20 09:55 - 00000000 ____D () C:\Brother
2014-08-20 09:55 - 2014-08-20 09:54 - 00000000 ____D () C:\ProgramData\Brother
2014-08-20 09:55 - 2012-11-21 18:08 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-20 09:54 - 2014-08-20 09:54 - 00000000 ____D () C:\Users\Karri\Downloads\install
2014-08-20 09:54 - 2014-08-20 09:54 - 00000000 ____D () C:\Users\Karri\AppData\Roaming\InstallShield
2014-08-20 09:54 - 2014-08-20 09:53 - 34296016 _____ (A.I.SOFT,INC.) C:\Users\Karri\Downloads\HL-5470DW-inst-B1-euus.EXE
2014-08-19 18:45 - 2014-08-19 18:45 - 00014574 _____ () C:\Users\Karri\Downloads\SS4Patsys2014 (1)
2014-08-19 16:15 - 2014-08-14 14:31 - 00012076 _____ () C:\Users\Karri\Documents\All July 2014.xlsx
2014-08-19 11:05 - 2014-09-12 04:19 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 10:39 - 2014-09-12 04:19 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-18 16:01 - 2014-09-12 04:19 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-18 15:29 - 2014-09-12 04:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 15:29 - 2014-09-12 04:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-18 15:26 - 2014-09-12 04:19 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-18 15:20 - 2014-09-12 04:19 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 15:19 - 2014-09-12 04:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 15:15 - 2014-09-12 04:19 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-18 15:15 - 2014-09-12 04:19 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 15:14 - 2014-09-12 04:19 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-18 15:14 - 2014-09-12 04:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-18 15:08 - 2014-09-12 04:19 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-18 15:08 - 2014-09-12 04:19 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 15:08 - 2014-09-12 04:19 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 15:05 - 2014-09-12 04:19 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-18 15:03 - 2014-09-12 04:19 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-18 15:03 - 2014-09-12 04:19 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-18 15:03 - 2014-09-12 04:19 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 14:57 - 2014-09-12 04:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 14:56 - 2014-09-12 04:19 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 14:51 - 2014-09-12 04:19 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 14:46 - 2014-09-12 04:19 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 14:45 - 2014-09-12 04:19 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 14:45 - 2014-09-12 04:19 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 14:44 - 2014-09-12 04:19 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 14:44 - 2014-09-12 04:19 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 14:43 - 2014-09-15 17:45 - 00150536 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-08-18 14:42 - 2014-09-12 04:19 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 14:40 - 2014-09-12 04:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 14:39 - 2014-09-12 04:19 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 14:39 - 2014-09-12 04:19 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 14:39 - 2014-09-12 04:19 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 14:38 - 2014-09-12 04:19 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 14:37 - 2014-09-12 04:19 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 14:36 - 2014-09-12 04:19 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 14:35 - 2014-09-12 04:19 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 14:27 - 2014-09-12 04:19 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 14:25 - 2014-09-12 04:19 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 14:25 - 2014-09-12 04:19 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 14:23 - 2014-09-12 04:19 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 14:23 - 2014-09-12 04:19 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 14:22 - 2014-09-12 04:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 14:19 - 2014-09-12 04:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 14:17 - 2014-09-12 04:19 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 14:17 - 2014-09-12 04:19 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 14:16 - 2014-09-12 04:19 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 14:15 - 2014-09-12 04:19 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 14:15 - 2014-09-12 04:19 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 14:09 - 2014-09-12 04:19 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 14:08 - 2014-09-12 04:19 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 14:07 - 2014-09-12 04:19 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 13:55 - 2014-09-12 04:19 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 13:46 - 2014-09-12 04:19 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 13:38 - 2014-09-12 04:19 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 13:38 - 2014-09-12 04:19 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 13:36 - 2014-09-12 04:19 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Karri\AppData\Local\Temp\didqcpe.dll
C:\Users\Karri\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Karri\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Karri\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Karri\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Karri\AppData\Local\Temp\mjywekd.dll
C:\Users\Karri\AppData\Local\Temp\opgpthc.dll
C:\Users\Karri\AppData\Local\Temp\procexp64.exe
C:\Users\Karri\AppData\Local\Temp\Quarantine.exe
C:\Users\Karri\AppData\Local\Temp\RSPUpgradeInstaller.exe
C:\Users\Karri\AppData\Local\Temp\SunWin32FunctionCalls_810030.dll
C:\Users\Karri\AppData\Local\Temp\wget.exe
C:\Users\Karri\AppData\Local\Temp\xsmzqaq.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 05:52

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Karri at 2014-09-17 13:52:44
Running from C:\Users\Karri\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.5.502.135 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5315 - AVG Technologies)
AVG 2015 (Version: 15.0.4158 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5315 - AVG Technologies) Hidden
Core Temp 1.0 RC4 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 27.0.1453.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4209.2358 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HL-5470DW (HKLM-x32\...\{7171B206-5C5A-4B7F-B9E1-1F1827FC769F}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50701 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50706 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 en-US)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NET-i viewer (x32 Version: 1.32.10 - Samsung Techwin Co., Ltd.) Hidden
Norton Bootable Recovery Tool Wizard (HKLM-x32\...\NBRTWizard) (Version: 7.0.0.18 - Symantec Corporation)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.1.0.28 - Symantec Corporation)
PC Disk Clone X x64 version 11.5 (HKLM\...\{B6CC4EF1-4D64-4E3E-B63C-3DA0F559CE86}_is1) (Version: 11.5 - PC Disk Tools)
QuickBooks (x32 Version: 23.0.4005.2305 - Intuit Inc.) Hidden
QuickBooks Pro 2013 (HKLM-x32\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4001.2305 - Intuit Inc.)
RASplus (HKLM-x32\...\{DD0BB4D3-E53C-4EB1-9549-8EBCCD62D797}) (Version: 2.7.1 - ADT)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6738 - Realtek Semiconductor Corp.)
RemoteAgent (HKLM-x32\...\{F45B17BD-460F-4501-AE52-F286D1CB749F}) (Version: 1.0.013 - RemoteAgent)
Saba Client (HKLM-x32\...\CentraClient) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WinZip 17.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D7}) (Version: 17.0.10283 - WinZip Computing, S.L. )
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2735316861-1939849972-2201488609-1000_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-2735316861-1939849972-2201488609-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> C:\Windows\system32\thumbcache.dll (Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {000A0E92-EBDC-4DCF-AD80-8CD545F9C27B} - System32\Tasks\{45DFDAE7-4396-44A9-A2E4-30EE305758C4} => C:\Program Files (x86)\RemoteAgent\RA1648\RemoteAgent.exe [2010-03-05] (TODO: XXXX)
Task: {1410904F-FD54-45E5-825B-50475A2BE403} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02] (Google Inc.)
Task: {1656F63F-DC4B-47E3-8689-84EE2DC56C44} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {488363BB-ADCD-448E-8E90-DFA559871ECF} - System32\Tasks\Norton Security Scan for Karri => C:\Program Files (x86)\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-01-26] (Symantec Corporation)
Task: {938D9597-5A3A-408F-8E28-2A86BE31D1F8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-29] (Adobe Systems Incorporated)
Task: {A9D45F5B-466B-4DE9-8D94-00CB6BEC6E73} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-02] (Google Inc.)
Task: {A9D52E6C-7DC0-420B-A6FE-6D6EC5DF7E84} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {D8F899D5-B8C9-436E-BCDA-5A5FCA790652} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {DF42860F-21A4-4FBC-B852-723B5916794E} - System32\Tasks\4686 => Wscript.exe C:\Users\Karri\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Karri.job => C:\PROGRA~2\NORTON~3\Engine\410~1.28\Nss.exe

==================== Loaded Modules (whitelisted) =============

2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll
2012-12-23 04:07 - 2012-12-23 04:07 - 00269280 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_regex-vc90-mt-p-1_33.dll
2012-12-23 04:08 - 2012-12-23 04:08 - 00021984 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBCompressor.dll
2012-08-18 19:54 - 2012-08-18 19:54 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\zlib1.dll
2012-12-23 04:08 - 2012-12-23 04:08 - 00140768 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBMAPILibrary.dll
2012-12-23 04:07 - 2012-12-23 04:07 - 00177120 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_serialization-vc90-mt-p-1_33.dll
2012-12-23 04:07 - 2012-12-23 04:07 - 00412128 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FtuEngine.dll
2012-12-23 04:07 - 2012-12-23 04:07 - 00527328 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\BackupLib.dll
2012-12-23 04:07 - 2012-12-23 04:07 - 00522208 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FeaturesBridge.dll
2012-12-23 04:07 - 2012-12-23 04:07 - 00042976 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\mbpopup.dll
2014-09-15 11:13 - 2014-09-15 11:14 - 03716720 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-08-30 17:12 - 2014-08-30 17:12 - 00296040 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
2014-08-30 17:12 - 2014-08-30 17:12 - 00426600 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-08-30 17:12 - 2014-08-30 17:12 - 00559208 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Karri\Downloads\HL-5470DW-inst-B1-euus.EXE:BDU
AlternateDataStreams: C:\Users\Karri\Downloads\JRT.exe:BDU
AlternateDataStreams: C:\Users\Karri\Downloads\LogMeIn Client (1).exe:BDU
AlternateDataStreams: C:\Users\Karri\Downloads\LogMeIn Client (2).exe:BDU
AlternateDataStreams: C:\Users\Karri\Downloads\LogMeIn Client (3).exe:BDU
AlternateDataStreams: C:\Users\Karri\Downloads\LogMeIn Client (4).exe:BDU
AlternateDataStreams: C:\Users\Karri\Downloads\LogMeIn Client (5).exe:BDU
AlternateDataStreams: C:\Users\Karri\Downloads\LogMeIn Client (6).exe:BDU
AlternateDataStreams: C:\Users\Karri\Downloads\LogMeIn Client (7).exe:BDU
AlternateDataStreams: C:\Users\Karri\Downloads\LogMeIn Client (8).exe:BDU
AlternateDataStreams: C:\Users\Karri\Downloads\LogMeIn Client(1).exe:BDU
AlternateDataStreams: C:\Users\Karri\Downloads\LogMeIn Client(2).exe:BDU
AlternateDataStreams: C:\Users\Karri\Downloads\LogMeIn Client(3).exe:BDU
AlternateDataStreams: C:\Users\Karri\Downloads\LogMeIn Client(4).exe:BDU
AlternateDataStreams: C:\Users\Karri\Downloads\LogMeIn Client(5).exe:BDU
AlternateDataStreams: C:\Users\Karri\Downloads\LogMeIn Client.exe:BDU
AlternateDataStreams: C:\Users\Karri\Downloads\mbar-1_07_0_1009_exe.exe:BDU
AlternateDataStreams: C:\Users\Karri\Downloads\rkill.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\90420190.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\90420190.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: BdDesktopParental => 2
MSCONFIG\Services: BrYNSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: QBCFMonitorService => 2
MSCONFIG\Services: QBFCService => 3
MSCONFIG\Services: QBVSS => 2
MSCONFIG\Services: SafeBox => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\Windows\pss\Intuit Data Protect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Karri^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupreg: Iminent => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
MSCONFIG\startupreg: IminentMessenger => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
MSCONFIG\startupreg: ROC_ROC_APR2013_AV => C:\Users\Karri\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid c4cfee22ffe24062864925061d8da6a4-4a7c88083d4a3b901adbf4952b8e27e5d0d5197a --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
MSCONFIG\startupreg: SearchProtect => C:\Users\Karri\AppData\Roaming\SearchProtect\bin\cltmng.exe
MSCONFIG\startupreg: SearchProtectAll => C:\Program Files (x86)\SearchProtect\bin\cltmng.exe
MSCONFIG\startupreg: ubylqzccb => rundll32.exe "C:\Users\Karri\AppData\Local\Temp\\108c\AppData\Local\Microsoft\ubylqzccb.dll",DllRegisterServer
MSCONFIG\startupreg: WebCake Desktop => "C:\Users\Karri\AppData\Roaming\WebCake\WebCakeDesktop.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/17/2014 00:01:31 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/17/2014 00:00:43 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (09/17/2014 00:00:01 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (09/16/2014 08:32:04 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (09/16/2014 03:04:27 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Unable to find the section for this mentu item!!!

Error: (09/16/2014 03:03:39 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (09/16/2014 03:03:39 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (09/16/2014 03:03:39 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (09/16/2014 03:02:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1c8

Start Time: 01cfd1f9be2e4b2d

Termination Time: 0

Application Path: C:\Windows\Explorer.EXE

Report Id: 1a5a778b-3ded-11e4-ab57-d43d7e35bd86

Error: (09/16/2014 03:01:18 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.


System errors:
=============
Error: (09/16/2014 03:02:00 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\thumbcache.dll -Embedding193{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (09/16/2014 03:01:15 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:00:06 PM on ‎9/‎16/‎2014 was unexpected.

Error: (09/16/2014 02:59:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Installer service failed to start due to the following error:
%%1297

Error: (09/16/2014 02:59:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Installer service failed to start due to the following error:
%%1297

Error: (09/16/2014 02:59:35 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1297MSIServer{000C101C-0000-0000-C000-000000000046}

Error: (09/15/2014 06:46:45 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (09/15/2014 06:41:56 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\thumbcache.dll -Embedding193{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (09/15/2014 06:15:24 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\thumbcache.dll -Embedding193{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (09/15/2014 06:01:14 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\thumbcache.dll -Embedding193{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (09/15/2014 05:59:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The UPnP Device Host service terminated with the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (09/17/2014 00:01:31 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/17/2014 00:00:43 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2

Error: (09/17/2014 00:00:01 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422

Error: (09/16/2014 08:32:04 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422

Error: (09/16/2014 03:04:27 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksUnable to find the section for this mentu item!!!

Error: (09/16/2014 03:03:39 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (09/16/2014 03:03:39 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (09/16/2014 03:03:39 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (09/16/2014 03:02:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.175671c801cfd1f9be2e4b2d0C:\Windows\Explorer.EXE1a5a778b-3ded-11e4-ab57-d43d7e35bd86

Error: (09/16/2014 03:01:18 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000


CodeIntegrity Errors:
===================================
  Date: 2014-09-17 00:01:38.049
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-17 00:01:38.049
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-17 00:01:38.049
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-17 00:01:38.033
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-17 00:01:38.033
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-17 00:01:38.033
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-16 05:53:27.460
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-16 05:53:27.458
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-16 05:53:27.456
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-16 05:53:27.431
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD FX™-8320 Eight-Core Processor
Percentage of memory in use: 49%
Total physical RAM: 7903.18 MB
Available physical RAM: 3991.79 MB
Total Pagefile: 15804.54 MB
Available Pagefile: 12861.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:931.51 GB) (Free:805.22 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Bitdefender) (CDROM) (Total:0.55 GB) (Free:0 GB) CDFS
Drive f: (NBRT) (Removable) (Total:7.45 GB) (Free:6.42 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6E47D8DE)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 AM

Posted 17 September 2014 - 04:37 PM

Hello,

I don't see active malware in the log so far. Can you tell me what exactly the problem is on this computer now at this point?


Please download this attached Attached File  fixlist.txt   1.17KB   2 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#5 D_Jones1985

D_Jones1985
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 17 September 2014 - 08:01 PM

I believe it is a new variant of a Trojan that embeds itself in the registry in non ascii form which executes javascript at startup to communicate through PowerShell. Basically what I have seen thus far is security scans running slowly. Permissions being changed e.g. can no longer access documents and settings. Multiple hidden desktop.ini files being created on the desktop. System slowing down and at times telling me msconfig and task manager are inaccessible. At times there are multiple rundll32.exe processes running stealing system resources.

#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 AM

Posted 18 September 2014 - 03:32 PM

Do you have the fixlog from the above fix?

#7 D_Jones1985

D_Jones1985
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 18 September 2014 - 05:57 PM

It is currently running the fixes, taking some time.  I may not be able to post tonight as I am on a time constraint, but I will try to get the fixlog posted tonight.



#8 D_Jones1985

D_Jones1985
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 18 September 2014 - 06:00 PM

I peeked at the fixlog, it appears the system is working on clearing my temp folder.  I assume this should be done before the 10 minutes in which I have to leave for the evening.



#9 D_Jones1985

D_Jones1985
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 18 September 2014 - 06:47 PM

Here is the log.  36gb of temp data lol... no wonder it took so long.  I will be out for the rest of the evening hoping to be back tomorrow to address any replies.  System seems to be running okay at the moment.  I will continue to monitor it.


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Karri at 2014-09-18 15:30:48 Run:1
Running from C:\Users\Karri\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-2735316861-1939849972-2201488609-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> C:\Windows\system32\thumbcache.dll (Microsoft Corporation)
C:\Users\Karri\AppData\Roaming\WebCake
C:\Program Files (x86)\SearchProtect
C:\Users\Karri\AppData\Roaming\SearchProtect
C:\Program Files (x86)\Iminent
CHR RestoreOnStartup: Default -> "hxxp://start.sweetpacks.com/?barid={781FD646-E10D-11E2-B9B7-D43D7E35BD86}&src=10&crg=3.5000006.10042&st=23", "hxxp://search.conduit.com/?ctid=CT3289663&SearchSource=48&CUI=UN25678633797177271&UM=2"
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Karri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.22.5.510_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Users\Karri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.22.5.510_0\plugins/np-cwmp.dll No File
CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Karri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.22.5.510_0\search/plugins/npConduitNewTabPlugin.dll No File
EmptyTemp:
*****************

Processes closed successfully.
"HKU\S-1-5-21-2735316861-1939849972-2201488609-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"C:\Users\Karri\AppData\Roaming\WebCake" => File/Directory not found.
"C:\Program Files (x86)\SearchProtect" => File/Directory not found.
"C:\Users\Karri\AppData\Roaming\SearchProtect" => File/Directory not found.
"C:\Program Files (x86)\Iminent" => File/Directory not found.
Chrome RestoreOnStartup deleted successfully.
C:\Users\Karri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.22.5.510_0\plugins/ConduitChromeApiPlugin.dll not found.
C:\Users\Karri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.22.5.510_0\plugins/np-cwmp.dll not found.
C:\Users\Karri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.22.5.510_0\search/plugins/npConduitNewTabPlugin.dll not found.
EmptyTemp: => Removed 36.5 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

It helps when I paste logs... :-\ sorry.



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 AM

Posted 19 September 2014 - 04:11 PM

I see traces of ESET Online Scanner in your log. Have you already run it? If so then please post its log file. Otherwise do this scan now:


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#11 D_Jones1985

D_Jones1985
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 19 September 2014 - 04:24 PM

I ran this scan but it was cancelled. I do not currently have access to the system, but I will tomorrow. I will run the scan then and post the log.

#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 AM

Posted 19 September 2014 - 04:26 PM

Ok. :)

#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 AM

Posted 29 September 2014 - 09:20 AM

I haven't heard from you for some time.
Do you still need help?

#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 AM

Posted 04 October 2014 - 09:28 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users