Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AdWare.Win32.iBryte, MSIL.RockeTab, & Trojan.Win32.Truebadur.a


  • This topic is locked This topic is locked
31 replies to this topic

#1 jjones312

jjones312

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:50 AM

Posted 12 October 2014 - 05:00 PM

Background:  Was working with rooting / flashing my Andriod with a custom mod.  During that process was asked to download "Odin 3.09" at this **LINK DELETED**  I selected the version 3.09.
 
During that install I noticed it was trying to install "SearchProtect" which I've know to cause adware type issues with others and immediately started my moment of concern.  
 
I have Kaspersky Pure 3.0 installed and that's when alerts started popping.  The topic indicates what Kaspersky has found and either quarantined or deleted.  From there I noticed some issues with browsing in Windows Explorer and permissions (e.g. unable to copy files as admin to folders) and chrome and IE unable to pull up webpages.  Now that laptop has no internet and unable to find any wifi in range.
 
Although Kaspersky located the items I know little pieces and possibly other nasties could and probably are lurking around.
 
Below is the output from my dss.txt and attach.txt files to get going.  
 
 
DSS.TXT LOG
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537
Run by Amanda at 14:45:58 on 2014-10-12
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.5959.3066 [GMT -7:00]
.
AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files (x86)\Acer\Device Control\DeviceCtrlSvc64.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\RfBtnSvc64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
C:\ProgramData\WOOxeKVYQwY\TryIYnZh.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Acer\WTTouchApplicationSuite\AcerRing\AcerRing.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\Amanda\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Windows\System32\RuntimeBroker.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
C:\Dolby PCEE4\pcee4.exe
C:\Program Files (x86)\Acer\Device Control\ADevCtrl64.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Acer\Device Control\AdWmiSvc64.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer13.msn.com
uDefault_Page_URL = hxxp://acer13.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [Google Update] "C:\Users\Amanda\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
mRun: [LManager] <no file>
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
dRunOnce: [Application Restart #1] C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe /Crashed
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ACERBA~1.LNK - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: DisableCAD = dword:1
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
TCP: Interfaces\{F21D7A39-C343-4CCB-B518-1F1796998ABD}\33D4451433D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.33.1
TCP: Interfaces\{F21D7A39-C343-4CCB-B518-1F1796998ABD}\44251474F4E4354595C454D213 : DHCPNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
x64-Run: [BtPreLoad] "C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\Drivers\CSCrySec.sys [2014-10-7 98064]
R0 excsd;ExpressCache Storage Filter Driver;C:\Windows\System32\Drivers\excsd.sys [2012-10-28 95024]
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-10-28 645952]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys [2014-10-7 67344]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\Drivers\ctxusbm.sys [2012-12-5 98888]
R1 excfs;ExpressCache File System Filter Driver;C:\Windows\System32\Drivers\excfs.sys [2012-10-28 23344]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\Drivers\klim6.sys [2013-11-11 30304]
R1 klwfp;klwfp;C:\Windows\System32\Drivers\klwfp.sys [2013-11-11 50448]
R1 kneps;kneps;C:\Windows\System32\Drivers\kneps.sys [2013-11-11 178448]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\Drivers\mwlPSDFilter.sys [2012-9-13 22648]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\Drivers\mwlPSDNserv.sys [2012-9-13 20520]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\Drivers\mwlPSDVDisk.sys [2012-9-13 62776]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-8-31 216192]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2013-11-11 356128]
R2 CCDMonitorService;CCDMonitorService;C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2012-8-23 2435728]
R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2013-9-25 818888]
R2 DsiDeviceControlService;Dritek Device Control Service;C:\Program Files (x86)\Acer\Device Control\DeviceCtrlSvc64.exe [2012-9-13 68688]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-9-13 348784]
R2 ExpressCache;ExpressCache;C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2012-3-30 79664]
R2 FFSOpzSvc;Sleep memory optimizer;C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe [2012-3-12 161384]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-10-28 7168]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-10-28 2451456]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-10-28 128896]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-10-28 165760]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-8-22 259136]
R2 RfButtonDriverService;Dritek RF Button Command Service;C:\Windows\RfBtnSvc64.exe [2012-10-28 93296]
R2 TryIYnZh;TryIYnZh;C:\ProgramData\WOOxeKVYQwY\TryIYnZh.exe [2014-10-12 2318208]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-10-28 364416]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [2012-10-28 81536]
R3 AcerKBVDMini;Acer HID-compliant Device;C:\Windows\System32\Drivers\AcerKBVD.sys [2012-6-5 15632]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2012-10-28 33944]
R3 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2012-8-22 658576]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-9-18 342528]
R3 irstrtdv;Intel® Rapid Start Technology Driver;C:\Windows\System32\Drivers\irstrtdv.sys [2012-10-28 43800]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\Drivers\k57nd60a.sys [2012-6-2 425472]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\Drivers\klkbdflt.sys [2013-11-11 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\Drivers\klmouflt.sys [2013-11-11 29280]
R3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;C:\Windows\System32\Drivers\aPs2Kb2Hid.sys [2012-10-28 26736]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\Drivers\RtsPStor.sys [2012-10-28 339600]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-9-13 43832]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S0 klelam;klelam;C:\Windows\System32\Drivers\klelam.sys [2013-11-11 29792]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2012-10-28 88728]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2012-10-28 344216]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2012-10-28 114840]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2012-10-28 178840]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2012-10-28 76952]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2012-10-28 135832]
S3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2012-10-28 575128]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
S3 DeviceFastLaneService;Device Fast-lane Service;C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [2012-8-22 468624]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2014-1-22 108800]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2012-7-11 174160]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 irstrtsv;Intel® Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2012-10-28 193576]
S3 QRDCIO;Quanta Generic IO Access;C:\Windows\System32\Drivers\QRDCIO.sys [2012-10-28 9728]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2014-1-22 206080]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 USecuAppSvc;Acer Theft Shield Service;C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [2012-9-16 345744]
.
=============== Created Last 30 ================
.
2014-10-12 21:16:32 -------- d-----w- C:\Users\Amanda\AppData\Local\Disasteroids
2014-10-12 21:12:12 -------- d-----w- C:\Program Files (x86)\Search Extensions
2014-10-12 21:11:19 -------- d-----w- C:\ProgramData\WOOxeKVYQwY
2014-10-12 21:11:14 -------- d-----w- C:\ProgramData\Disasteroids
2014-10-12 21:06:07 -------- d-----w- C:\Program Files (x86)\SearchProtect
2014-10-09 06:14:39 -------- d-----w- C:\ProgramData\Package Cache
2014-10-09 06:09:37 -------- d-----w- C:\Users\Amanda\cminstaller
2014-10-08 07:12:55 -------- d-----w- C:\Users\Amanda\.android
2014-10-08 06:56:08 -------- d-----w- C:\Program Files (x86)\MarkAny
2014-10-08 06:54:26 -------- d-----w- C:\Users\Amanda\AppData\Local\Samsung
2014-10-08 06:54:24 -------- d-----w- C:\Users\Amanda\AppData\Roaming\Samsung
2014-10-08 06:52:56 708168 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll
2014-10-08 06:52:56 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2014-10-08 06:52:08 -------- d-----w- C:\Program Files (x86)\MyFree Codec
2014-10-08 06:51:25 144664 ----a-w- C:\Windows\SysWow64\secman.dll
2014-10-08 06:51:22 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2014-10-08 06:50:18 -------- d-----w- C:\ProgramData\Samsung
2014-10-08 06:50:18 -------- d-----w- C:\Program Files (x86)\Samsung
2014-10-08 06:48:16 -------- d-----w- C:\Users\Amanda\AppData\Local\Downloaded Installations
2014-10-08 05:44:11 64856 ----a-w- C:\Windows\System32\klfphc.dll
2014-10-08 05:43:53 98064 ----a-w- C:\Windows\System32\drivers\CSCrySec.sys
2014-10-08 05:43:53 67344 ----a-w- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys
2014-10-08 05:43:26 -------- d-----w- C:\Program Files (x86)\Common Files\InfoWatch
2014-10-08 05:43:24 -------- d-----w- C:\ProgramData\Kaspersky Lab
2014-10-08 05:43:24 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2014-10-08 05:43:06 92768 ----a-w- C:\Windows\System32\drivers\klflt.sys
2014-10-08 02:54:13 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{912818A7-B6E4-4E9F-A1EB-0E020DBB543E}\mpengine.dll
2014-10-08 02:53:58 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-26 13:28:21 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-26 13:27:59 1508864 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-26 13:27:58 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-26 13:27:57 2239488 ----a-w- C:\Windows\System32\wininet.dll
2014-09-26 13:27:26 144896 ----a-w- C:\Windows\System32\tssdisai.dll
2014-09-26 13:27:25 148480 ----a-w- C:\Windows\System32\poqexec.exe
2014-09-26 13:27:19 26218496 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-09-26 13:27:13 25479168 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
.
==================== Find3M  ====================
.
2014-10-08 06:34:29 30304 ----a-w- C:\Windows\System32\drivers\klim6.sys
2014-10-08 06:34:28 458336 ----a-w- C:\Windows\System32\drivers\kl1.sys
2014-09-02 19:32:27 705480 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-02 19:32:27 104904 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-28 06:05:35 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-28 06:05:17 86528 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-08-28 06:05:17 128000 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-08-28 06:02:15 40448 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-28 06:01:45 253440 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
2014-08-28 06:01:45 144384 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-28 06:01:45 100352 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-28 06:01:44 17920 ----a-w- C:\Windows\System32\wuaext.dll
2014-08-28 06:01:44 1623552 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-28 06:01:15 176640 ----a-w- C:\Windows\System32\storewuauth.dll
2014-08-23 06:47:23 4036096 ----a-w- C:\Windows\System32\win32k.sys
2014-08-20 23:40:10 732880 ----a-w- C:\Windows\System32\NotificationUI.exe
2014-08-20 17:05:47 694784 ----a-w- C:\Windows\System32\WSShared.dll
2014-08-20 17:05:47 198656 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.dll
2014-08-20 17:05:47 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-20 17:02:46 567808 ----a-w- C:\Windows\SysWow64\WSShared.dll
2014-08-20 17:02:46 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-16 09:34:10 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2014-08-16 09:32:57 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-16 07:36:19 2861568 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-16 07:35:44 1440768 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-31 23:40:32 1287680 ----a-w- C:\Windows\System32\schedsvc.dll
2014-07-24 03:33:25 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-24 03:33:01 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-15 23:03:48 1300992 ----a-w- C:\Windows\System32\gdi32.dll
2014-07-15 22:51:05 71168 ----a-w- C:\Windows\System32\drivers\hdaudbus.sys
.
============= FINISH: 14:47:07.73 ===============
 
 
ATTACH.TXT LOG
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 12/21/2012 10:05:41 PM
System Uptime: 10/12/2014 2:41:33 PM (0 hours ago)
.
Motherboard: Acer |  | MA40_HX
Processor: Intel® Core™ i5-3317U CPU @ 1.70GHz | U3E1 | 782/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 448 GiB total, 296.351 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: Bluetooth USB Module
Device ID: USB\VID_0489&PID_E04E\6&3772A4E6&0&3
Manufacturer: Qualcomm Atheros Communications
Name: Bluetooth USB Module
PNP Device ID: USB\VID_0489&PID_E04E\6&3772A4E6&0&3
Service: BTHUSB
.
==== System Restore Points ===================
.
RP49: 10/7/2014 11:09:36 PM - Scheduled Checkpoint
RP50: 10/8/2014 11:14:05 PM - Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
RP51: 10/12/2014 12:55:46 PM - Windows Update
.
==== Installed Programs ======================
.
 clear.fi SDK- Movie 2
 clear.fi SDK - Video 2
Acer Backup Manager
Acer Device Control Lite
Acer Device Fast-lane
Acer Instant Update Service
Acer PicEvermore
Acer Power Management
Acer Recovery Management
Acer Theft Shield
Acer USB Charge Manager
AcerCloud
AcerCloud Docs
Adobe Flash Player 15 Plugin
Agatha Christie - Death on the Nile
Aloha TriPeaks
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Backup Manager v4
Bejeweled 3
Bonjour
BrowserSafeguard with RocketTab
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver Updater
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
clear.fi Media
clear.fi Photo
Cradle Of Egypt Collector's Edition
CyberLink MediaEspresso 6.5
D3DX10
Delicious: Emily's True Love Premium Edition
Disasteroids
Dolby Home Theater v4
Dora's World Adventure
eBay Worldwide
ExpressCache
Google Chrome
Google Talk Plugin
Google Update Helper
HID Monitor
iCloud
Identity Card
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Start Technology
Intel® Rapid Storage Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
IntelÆ Trusted Connect Service Client
iTunes
Jewel Match 3
Kaspersky PURE 3.0
Launch Manager
LeapFrog Connect
LeapFrog My Pals Plugin
Live Updater
Microsoft Application Error Reporting
Microsoft Office
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual Studio 2005 Tools for Office Runtime
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
Mystery P.I. - Curious Case of Counterfeit Cove
MyWinLocker
MyWinLocker 4
MyWinLocker Suite
NTI Media Maker 9
Office Addin
Online Plug-in
Peggle Nights
Penguins!
Photo Common
Photo Gallery
Plants vs. Zombies - Game of the Year
Polar Bowler
Polar Golfer
Qualcomm Atheros Bluetooth Suite (64)
Qualcomm Atheros WiFi Driver Installation
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Self-service Plug-in
Shared C Run-time for x64
Shredder
Sleep Memory Optimizer
Smart Timer
Synaptics Pointing Device Driver
Tales of Lagoona
Update Installer for WildTangent Games App
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
WildTangent Games
WildTangent Games App
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WTTouchApplicationSuite
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
10/7/2014 11:35:44 PM, Error: Service Control Manager [7023]  - The Interactive Services Detection service terminated with the following error:  Incorrect function.
10/12/2014 2:41:09 PM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} as Unavailable/Unavailable. The error: "5" Happened while starting this command: C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
10/12/2014 2:41:01 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
10/12/2014 2:40:14 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {06622D85-6856-4460-8DE1-A81921B41C4B}. The error: "5" Happened while starting this command: C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
10/12/2014 2:39:31 PM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: {4545DEA0-2DFC-4906-A728-6D986BA399A9} as Unavailable/Unavailable. The error: "5" Happened while starting this command: C:\Windows\System32\ThumbnailExtractionHost.exe -Embedding
10/12/2014 2:39:16 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {3AD05575-8857-4850-9277-11B85BDB8E09}. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}
10/12/2014 2:36:35 PM, Error: Microsoft-Windows-DistributedCOM [10000]  - Unable to start a DCOM Server: {5C65F4B0-3651-4514-B207-D10CB699B14B}. The error: "5" Happened while starting this command: "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\delegate_execute.exe" -Embedding
10/12/2014 2:36:03 PM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: {581333F6-28DB-41BE-BC7A-FF201F12F3F6} as NT Authority/LocalService. The error: "5" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{478B41E6-3257-4519-BDA8-E971F9843849}
10/12/2014 2:35:49 PM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for Type with the following error:  Access is denied.
10/12/2014 2:11:50 PM, Error: Service Control Manager [7031]  - The TryIYnZh service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/12/2014 12:55:36 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Program Files (x86)\Qualcomm Atheros\AthIhvWlanExt.dll Error Code: 21
10/12/2014 1:50:55 PM, Error: Service Control Manager [7000]  - The Network Connections service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/12/2014 1:50:55 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service netman with arguments "Unavailable" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/12/2014 1:45:59 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service netman with arguments "Unavailable" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/12/2014 1:44:09 PM, Error: Service Control Manager [7046]  - The following service has repeatedly stopped responding to service control requests: Windows Audio Endpoint Builder Contact the service vendor or the system administrator about whether to disable this service until the problem is identified. You may have to restart the computer in safe mode before you can disable the service.
10/12/2014 1:43:39 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hidserv service.
10/12/2014 1:43:09 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WlanSvc service.
10/12/2014 1:41:39 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
10/12/2014 1:40:09 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
.
==== End Of File ===========================

Attached Files


Edited by Oh My!, 17 October 2014 - 08:09 PM.


BC AdBot (Login to Remove)

 


#2 jjones312

jjones312
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:50 AM

Posted 15 October 2014 - 04:18 PM

BUMPing for help

 

Did I post to the correct place?



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:50 PM

Posted 17 October 2014 - 05:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/551724 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 jjones312

jjones312
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:50 AM

Posted 17 October 2014 - 05:55 PM

Still having problems
OS: Windows 8 (v6.2 Build 9200)
Do not have Windows CD or DVD
 
Background:  Was working with rooting / flashing my Andriod with a custom mod.  During that process was asked to download "Odin 3.09" at this **LINK DELETED**  I selected the version 3.09.
 
During that install I noticed it was trying to install "SearchProtect" which I've know to cause adware type issues with others and immediately started my moment of concern.  
 
I have Kaspersky Pure 3.0 installed and that's when alerts started popping.  The topic indicates what Kaspersky has found and either quarantined or deleted.  From there I noticed some issues with browsing in Windows Explorer and permissions (e.g. unable to copy files as admin to folders) and chrome and IE unable to pull up webpages.  Now that laptop has no internet and unable to find any wifi in range.
 
Although Kaspersky located the items I know little pieces and possibly other nasties could and probably are lurking around.
 
DSS LOG:
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537
Run by Amanda at 15:39:38 on 2014-10-17
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.5959.3493 [GMT -7:00]
.
AV: Kaspersky PURE 3.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky PURE 3.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
C:\Program Files (x86)\Acer\Device Control\DeviceCtrlSvc64.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\RfBtnSvc64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
C:\ProgramData\WOOxeKVYQwY\TryIYnZh.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Acer\WTTouchApplicationSuite\AcerRing\AcerRing.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Users\Amanda\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Windows\System32\RuntimeBroker.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
C:\Dolby PCEE4\pcee4.exe
C:\Program Files (x86)\Acer\Device Control\ADevCtrl64.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Acer\Device Control\AdWmiSvc64.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
C:\Program Files\EgisTec IPS\PMMUpdate.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17074_none_6233bc1f5106b696\TiWorker.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\WUDFHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer13.msn.com
uDefault_Page_URL = hxxp://acer13.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [Google Update] "C:\Users\Amanda\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
mRun: [LManager] <no file>
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
dRunOnce: [Application Restart #1] C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe /Crashed
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ACERBA~1.LNK - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: DisableCAD = dword:1
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
TCP: Interfaces\{F21D7A39-C343-4CCB-B518-1F1796998ABD}\33D4451433D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.33.1
TCP: Interfaces\{F21D7A39-C343-4CCB-B518-1F1796998ABD}\44251474F4E4354595C454D213 : DHCPNameServer = 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
x64-Run: [BtPreLoad] "C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\Drivers\CSCrySec.sys [2014-10-7 98064]
R0 excsd;ExpressCache Storage Filter Driver;C:\Windows\System32\Drivers\excsd.sys [2012-10-28 95024]
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-10-28 645952]
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys [2014-10-7 67344]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\Drivers\ctxusbm.sys [2012-12-5 98888]
R1 excfs;ExpressCache File System Filter Driver;C:\Windows\System32\Drivers\excfs.sys [2012-10-28 23344]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\Drivers\klim6.sys [2013-11-11 30304]
R1 klwfp;klwfp;C:\Windows\System32\Drivers\klwfp.sys [2013-11-11 50448]
R1 kneps;kneps;C:\Windows\System32\Drivers\kneps.sys [2013-11-11 178448]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\Drivers\mwlPSDFilter.sys [2012-9-13 22648]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\Drivers\mwlPSDNserv.sys [2012-9-13 20520]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\Drivers\mwlPSDVDisk.sys [2012-9-13 62776]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-8-31 216192]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [2013-11-11 356128]
R2 CCDMonitorService;CCDMonitorService;C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2012-8-23 2435728]
R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2013-9-25 818888]
R2 DsiDeviceControlService;Dritek Device Control Service;C:\Program Files (x86)\Acer\Device Control\DeviceCtrlSvc64.exe [2012-9-13 68688]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-9-13 348784]
R2 ExpressCache;ExpressCache;C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2012-3-30 79664]
R2 FFSOpzSvc;Sleep memory optimizer;C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe [2012-3-12 161384]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-10-28 7168]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-10-28 2451456]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-10-28 128896]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-10-28 165760]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-8-22 259136]
R2 RfButtonDriverService;Dritek RF Button Command Service;C:\Windows\RfBtnSvc64.exe [2012-10-28 93296]
R2 TryIYnZh;TryIYnZh;C:\ProgramData\WOOxeKVYQwY\TryIYnZh.exe [2014-10-12 2318208]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-10-28 364416]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [2012-10-28 81536]
R3 AcerKBVDMini;Acer HID-compliant Device;C:\Windows\System32\Drivers\AcerKBVD.sys [2012-6-5 15632]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2012-10-28 33944]
R3 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2012-8-22 658576]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-9-18 342528]
R3 irstrtdv;Intel® Rapid Start Technology Driver;C:\Windows\System32\Drivers\irstrtdv.sys [2012-10-28 43800]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\Drivers\k57nd60a.sys [2012-6-2 425472]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\Drivers\klkbdflt.sys [2013-11-11 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\Drivers\klmouflt.sys [2013-11-11 29280]
R3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;C:\Windows\System32\Drivers\aPs2Kb2Hid.sys [2012-10-28 26736]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-9-13 43832]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S0 klelam;klelam;C:\Windows\System32\Drivers\klelam.sys [2013-11-11 29792]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2012-10-28 88728]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2012-10-28 344216]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2012-10-28 114840]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2012-10-28 178840]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2012-10-28 76952]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2012-10-28 135832]
S3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2012-10-28 575128]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
S3 DeviceFastLaneService;Device Fast-lane Service;C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [2012-8-22 468624]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2014-1-22 108800]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2012-7-11 174160]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 irstrtsv;Intel® Rapid Start Technology Service;C:\Windows\SysWOW64\irstrtsv.exe [2012-10-28 193576]
S3 QRDCIO;Quanta Generic IO Access;C:\Windows\System32\Drivers\QRDCIO.sys [2012-10-28 9728]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\Drivers\RtsPStor.sys [2012-10-28 339600]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2014-1-22 206080]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 USecuAppSvc;Acer Theft Shield Service;C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [2012-9-16 345744]
.
=============== Created Last 30 ================
.
2014-10-12 21:16:32 -------- d-----w- C:\Users\Amanda\AppData\Local\Disasteroids
2014-10-12 21:12:12 -------- d-----w- C:\Program Files (x86)\Search Extensions
2014-10-12 21:11:19 -------- d-----w- C:\ProgramData\WOOxeKVYQwY
2014-10-12 21:11:14 -------- d-----w- C:\ProgramData\Disasteroids
2014-10-12 21:06:07 -------- d-----w- C:\Program Files (x86)\SearchProtect
2014-10-09 06:14:39 -------- d-----w- C:\ProgramData\Package Cache
2014-10-09 06:09:37 -------- d-----w- C:\Users\Amanda\cminstaller
2014-10-08 07:12:55 -------- d-----w- C:\Users\Amanda\.android
2014-10-08 06:56:08 -------- d-----w- C:\Program Files (x86)\MarkAny
2014-10-08 06:54:26 -------- d-----w- C:\Users\Amanda\AppData\Local\Samsung
2014-10-08 06:54:24 -------- d-----w- C:\Users\Amanda\AppData\Roaming\Samsung
2014-10-08 06:52:56 708168 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll
2014-10-08 06:52:56 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2014-10-08 06:52:08 -------- d-----w- C:\Program Files (x86)\MyFree Codec
2014-10-08 06:51:25 144664 ----a-w- C:\Windows\SysWow64\secman.dll
2014-10-08 06:51:22 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2014-10-08 06:50:18 -------- d-----w- C:\ProgramData\Samsung
2014-10-08 06:50:18 -------- d-----w- C:\Program Files (x86)\Samsung
2014-10-08 06:48:16 -------- d-----w- C:\Users\Amanda\AppData\Local\Downloaded Installations
2014-10-08 05:44:11 64856 ----a-w- C:\Windows\System32\klfphc.dll
2014-10-08 05:43:53 98064 ----a-w- C:\Windows\System32\drivers\CSCrySec.sys
2014-10-08 05:43:53 67344 ----a-w- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys
2014-10-08 05:43:26 -------- d-----w- C:\Program Files (x86)\Common Files\InfoWatch
2014-10-08 05:43:24 -------- d-----w- C:\ProgramData\Kaspersky Lab
2014-10-08 05:43:24 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2014-10-08 05:43:06 92768 ----a-w- C:\Windows\System32\drivers\klflt.sys
2014-10-08 02:54:13 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{912818A7-B6E4-4E9F-A1EB-0E020DBB543E}\mpengine.dll
2014-10-08 02:53:58 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-26 13:28:21 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-26 13:27:59 1508864 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-26 13:27:58 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-26 13:27:57 2239488 ----a-w- C:\Windows\System32\wininet.dll
2014-09-26 13:27:26 144896 ----a-w- C:\Windows\System32\tssdisai.dll
2014-09-26 13:27:25 148480 ----a-w- C:\Windows\System32\poqexec.exe
2014-09-26 13:27:19 26218496 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-09-26 13:27:13 25479168 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
.
==================== Find3M  ====================
.
2014-10-08 06:34:29 30304 ----a-w- C:\Windows\System32\drivers\klim6.sys
2014-10-08 06:34:28 458336 ----a-w- C:\Windows\System32\drivers\kl1.sys
2014-09-02 19:32:27 705480 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-02 19:32:27 104904 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-28 06:05:35 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-28 06:05:17 86528 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-08-28 06:05:17 128000 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-08-28 06:02:15 40448 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-28 06:01:45 253440 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
2014-08-28 06:01:45 144384 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-28 06:01:45 100352 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-28 06:01:44 17920 ----a-w- C:\Windows\System32\wuaext.dll
2014-08-28 06:01:44 1623552 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-28 06:01:15 176640 ----a-w- C:\Windows\System32\storewuauth.dll
2014-08-23 06:47:23 4036096 ----a-w- C:\Windows\System32\win32k.sys
2014-08-20 23:40:10 732880 ----a-w- C:\Windows\System32\NotificationUI.exe
2014-08-20 17:05:47 694784 ----a-w- C:\Windows\System32\WSShared.dll
2014-08-20 17:05:47 198656 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.dll
2014-08-20 17:05:47 163840 ----a-w- C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-20 17:02:46 567808 ----a-w- C:\Windows\SysWow64\WSShared.dll
2014-08-20 17:02:46 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-16 09:34:10 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2014-08-16 09:32:57 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-16 07:36:19 2861568 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-16 07:35:44 1440768 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-31 23:40:32 1287680 ----a-w- C:\Windows\System32\schedsvc.dll
2014-07-24 03:33:25 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-24 03:33:01 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
.
============= FINISH: 15:40:19.32 ===============

Edited by Oh My!, 17 October 2014 - 08:10 PM.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:50 AM

Posted 17 October 2014 - 08:08 PM

Greetings jjones312 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me. Adapt as necessary to download and copy/paste programs on your infected computer.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 jjones312

jjones312
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:50 AM

Posted 17 October 2014 - 09:47 PM

FRST Log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014
Ran by Amanda (administrator) on AMANDAJ on 17-10-2014 19:33:38
Running from C:\Users\Amanda\Desktop
Loaded Profile: Amanda (Available profiles: Amanda)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(Dritek System Inc.) C:\Program Files (x86)\Acer\Device Control\DeviceCtrlSvc64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(Acute Angle Solutions) C:\ProgramData\WOOxeKVYQwY\TryIYnZh.exe
(acer) C:\Program Files (x86)\Acer\WTTouchApplicationSuite\AcerRing\AcerRing.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
() C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Users\Amanda\AppData\Local\Google\Update\GoogleUpdate.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Dritek System Inc.) C:\Program Files (x86)\Acer\Device Control\ADevCtrl64.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Dritek System Inc.) C:\Program Files (x86)\Acer\Device Control\AdWmiSvc64.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17074_none_6233bc1f5106b696\TiWorker.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212048 2012-06-07] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-31] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2912056 2012-08-10] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-16] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ADevCtrl] => C:\Program Files (x86)\Acer\Device Control\ADevCtrl64.exe [342128 2012-09-06] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [298376 2012-09-28] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe [24256 2013-11-11] (Kaspersky Lab ZAO)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2401249253-4180793241-1077887795-1001\...\Run: [Google Update] => C:\Users\Amanda\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-12-31] (Google Inc.)
HKU\S-1-5-21-2401249253-4180793241-1077887795-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2401249253-4180793241-1077887795-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
HKU\S-1-5-21-2401249253-4180793241-1077887795-1001\...\MountPoints2: {a5c562d3-5251-11e4-bea6-089e01266f25} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-2401249253-4180793241-1077887795-1001\...\MountPoints2: {c42759b3-4eb5-11e4-bea4-089e01266f25} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-21-2401249253-4180793241-1077887795-1001\...\MountPoints2: {c4275a0c-4eb5-11e4-bea4-089e01266f25} - "E:\VZW_Software_upgrade_assistant.exe" 
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [394624 2014-06-11] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll (Kaspersky Lab ZAO)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
SearchScopes: HKLM - DefaultScope {CCEC4139-DC1B-46BD-ABC9-15B9F6124734} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM - {CCEC4139-DC1B-46BD-ABC9-15B9F6124734} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope {CCEC4139-DC1B-46BD-ABC9-15B9F6124734} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {CCEC4139-DC1B-46BD-ABC9-15B9F6124734} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {CCEC4139-DC1B-46BD-ABC9-15B9F6124734} URL = 
SearchScopes: HKCU - {CCEC4139-DC1B-46BD-ABC9-15B9F6124734} URL = 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Amanda\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Amanda\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Amanda\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Amanda\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Amanda\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Amanda\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-10-07]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-07]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Gevaarlijke websiteblokkering - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-10-07]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-10-07]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-10-07]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR Profile: C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-07]
CHR Extension: (YouTube) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-21]
CHR Extension: (Google Search) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-21]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-10-07]
CHR Extension: (Google+) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2013-01-01]
CHR Extension: (TripAdvisor) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnegghdcleoigballbmdmlhklhcdjli [2013-03-09]
CHR Extension: (Google Play) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2013-01-01]
CHR Extension: (Kaspersky Protection) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2014-10-07]
CHR Extension: (Into The Mist) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgihmkgobaljfehcadcckdggpeojaadh [2012-12-21]
CHR Extension: (Google Wallet) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-06]
CHR Extension: (Gmail) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-21]
CHR Extension: (Anti-Banner) - C:\Users\Amanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-10-07]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-08-31] (Qualcomm Atheros Commnucations)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-22] (Acer Incorporated)
R2 DsiDeviceControlService; C:\Program Files (x86)\Acer\Device Control\DeviceCtrlSvc64.exe [68688 2012-04-23] (Dritek System Inc.)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 FFSOpzSvc; C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe [161384 2012-03-12] (Acer Incorporated)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-08-16] (Intel Corporation) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-29] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-22] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-10-28] (Dritek System INC.)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
R2 TryIYnZh; C:\ProgramData\WOOxeKVYQwY\TryIYnZh.exe [2318208 2014-10-12] (Acute Angle Solutions)
S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [345744 2012-09-16] (Acer Incorporated)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-27] (Atheros)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AcerKBVDMini; C:\Windows\System32\drivers\AcerKBVD.sys [15632 2012-06-05] (Acer Incorporated)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-31] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [98064 2012-12-10] (Infowatch)
R1 CSVirtualDiskDrv; C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [67344 2012-12-10] (Infowatch)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-29] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-10-07] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2013-11-11] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-10-07] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [627264 2014-10-07] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-10-07] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2013-11-11] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178448 2013-11-11] (Kaspersky Lab ZAO)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-10-28] (Dritek System Inc.)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-10] (Synaptics Incorporated)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-17 19:33 - 2014-10-17 19:34 - 00029434 _____ () C:\Users\Amanda\Desktop\FRST.txt
2014-10-17 19:33 - 2014-10-17 19:33 - 00000000 ____D () C:\FRST
2014-10-17 19:31 - 2014-10-17 19:31 - 02112000 _____ (Farbar) C:\Users\Amanda\Desktop\FRST64.exe
2014-10-12 14:47 - 2014-10-17 15:40 - 00026738 _____ () C:\Users\Amanda\Desktop\dds.txt
2014-10-12 14:47 - 2014-10-17 15:40 - 00009346 _____ () C:\Users\Amanda\Desktop\attach.txt
2014-10-12 14:38 - 2014-10-12 14:43 - 00000000 ____D () C:\Users\Amanda\Downloads\MalwareTools
2014-10-12 14:37 - 2014-10-12 14:37 - 00000000 ____D () C:\Users\Amanda\Desktop\CleanUpTools
2014-10-12 14:16 - 2014-10-12 14:16 - 00000000 ____D () C:\Users\Amanda\AppData\Local\Disasteroids
2014-10-12 14:13 - 2014-10-12 14:13 - 00003106 _____ () C:\Windows\System32\Tasks\{4B684E01-3FBD-4138-83A7-6E135C40A726}
2014-10-12 14:12 - 2014-10-12 14:28 - 00000000 ____D () C:\Program Files (x86)\Search Extensions
2014-10-12 14:12 - 2014-10-12 14:12 - 00003540 _____ () C:\Windows\System32\Tasks\RocketTab
2014-10-12 14:11 - 2014-10-12 14:16 - 00000000 ____D () C:\ProgramData\WOOxeKVYQwY
2014-10-12 14:11 - 2014-10-12 14:13 - 00000000 ____D () C:\ProgramData\Disasteroids
2014-10-12 14:06 - 2014-10-12 14:06 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-10-12 13:58 - 2014-10-12 13:59 - 19531504 _____ (SAMSUNG Electronics Co., Ltd.) C:\Users\Amanda\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
2014-10-12 13:57 - 2014-10-12 13:57 - 07471104 _____ () C:\Users\Amanda\Downloads\recovery-clockwork-6.0.4.3-i605 (1).img
2014-10-12 13:12 - 2014-10-12 13:12 - 08192062 _____ () C:\Users\Amanda\Downloads\philz_touch_6.07.9-i605.tar.md5
2014-10-08 23:16 - 2014-10-08 23:16 - 00000000 ____D () C:\Users\Amanda\Downloads\heimdall-suite-1.4.0-win32
2014-10-08 23:15 - 2014-10-08 23:15 - 07471104 _____ () C:\Users\Amanda\Downloads\recovery-clockwork-6.0.4.3-i605.img
2014-10-08 23:14 - 2014-10-08 23:14 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-08 23:13 - 2014-10-08 23:13 - 10013808 _____ () C:\Users\Amanda\Downloads\heimdall-suite-1.4.0-win32.zip
2014-10-08 23:13 - 2014-10-08 23:13 - 07186992 _____ (Microsoft Corporation) C:\Users\Amanda\Downloads\vcredist_x64.exe
2014-10-08 22:28 - 2014-10-08 22:28 - 00000000 ____D () C:\Users\Amanda\Downloads\cm-10.1.3-i605
2014-10-08 22:26 - 2014-10-08 22:27 - 02056192 _____ () C:\Users\Amanda\Downloads\CMInstaller.msi
2014-10-08 22:25 - 2014-10-08 22:28 - 177222709 _____ () C:\Users\Amanda\Downloads\cm-10.1.3-i605.zip
2014-10-08 01:23 - 2014-10-08 01:23 - 00000000 ____D () C:\Users\Amanda\Downloads\GhettoRoot
2014-10-08 01:21 - 2014-10-08 01:22 - 02749626 _____ () C:\Users\Amanda\Downloads\GhettoRoot.zip
2014-10-08 00:30 - 2014-10-08 01:31 - 00000000 ____D () C:\Users\Amanda\Downloads\ghettoroot-v0.3.2
2014-10-08 00:12 - 2014-10-08 00:13 - 00000000 ____D () C:\Users\Amanda\.android
2014-10-07 23:56 - 2014-10-07 23:56 - 00000000 ____D () C:\Users\Amanda\Downloads\omegavesko-SimpleADBBackup-0aac4aa
2014-10-07 23:56 - 2014-10-07 23:56 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-10-07 23:55 - 2014-10-07 23:55 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-10-07 23:54 - 2014-10-08 23:24 - 00000000 ____D () C:\Users\Amanda\AppData\Roaming\Samsung
2014-10-07 23:54 - 2014-10-08 23:24 - 00000000 ____D () C:\Users\Amanda\AppData\Local\Samsung
2014-10-07 23:54 - 2014-10-07 23:54 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-10-07 23:54 - 2014-10-07 23:54 - 00000000 ____D () C:\Users\Amanda\Documents\samsung
2014-10-07 23:52 - 2014-10-12 14:14 - 00000000 ____D () C:\Program Files (x86)\MyFree Codec
2014-10-07 23:52 - 2014-04-11 01:39 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2014-10-07 23:52 - 2014-04-11 01:39 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2014-10-07 23:51 - 2014-04-30 19:43 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2014-10-07 23:51 - 2014-04-30 19:43 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2014-10-07 23:50 - 2014-10-08 23:24 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-10-07 23:50 - 2014-10-08 23:23 - 00000000 ____D () C:\ProgramData\Samsung
2014-10-07 23:48 - 2014-10-07 23:48 - 00000000 ____D () C:\Users\Amanda\AppData\Local\Downloaded Installations
2014-10-07 22:45 - 2014-10-07 22:45 - 00002224 _____ () C:\Users\Amanda\Desktop\Safe Money.lnk
2014-10-07 22:45 - 2014-10-07 22:45 - 00001263 _____ () C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0.lnk
2014-10-07 22:44 - 2014-10-07 22:44 - 00001082 _____ () C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
2014-10-07 22:44 - 2013-11-11 22:18 - 00064856 _____ (Kaspersky Lab) C:\Windows\system32\klfphc.dll
2014-10-07 22:43 - 2014-10-12 14:44 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-07 22:43 - 2014-10-07 23:34 - 00627264 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-10-07 22:43 - 2014-10-07 23:34 - 00092768 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-10-07 22:43 - 2014-10-07 22:43 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-10-07 22:43 - 2012-12-10 15:14 - 00098064 _____ (Infowatch) C:\Windows\system32\Drivers\CSCrySec.sys
2014-10-07 22:43 - 2012-12-10 15:14 - 00067344 _____ (Infowatch) C:\Windows\system32\Drivers\CSVirtualDiskDrv.sys
2014-10-07 22:37 - 2014-10-07 22:40 - 193804024 _____ (Kaspersky Lab ZAO) C:\Users\Amanda\Downloads\pur13.0.2.558abcdEN_5352.exe
2014-10-07 22:08 - 2014-10-07 22:10 - 75714480 _____ (Samsung Electronics Co., Ltd.) C:\Users\Amanda\Downloads\KiesSetup.exe
2014-10-07 22:07 - 2014-10-07 22:07 - 03479842 _____ () C:\Users\Amanda\Downloads\ghettoroot-v0.3.2.zip
2014-10-07 22:01 - 2014-10-07 22:01 - 33407468 _____ () C:\Users\Amanda\Downloads\omegavesko-SimpleADBBackup-0aac4aa.zip
2014-10-07 21:58 - 2014-10-07 21:58 - 01541520 _____ (Kaspersky Lab) C:\Users\Amanda\Downloads\setup.exe
2014-10-07 19:53 - 2014-09-21 23:42 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-26 06:51 - 2014-09-26 06:51 - 00281624 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-26 06:31 - 2014-08-20 16:40 - 00732880 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-09-26 06:31 - 2014-08-20 10:05 - 00694784 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-09-26 06:31 - 2014-08-20 10:05 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-09-26 06:31 - 2014-08-20 10:05 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-26 06:31 - 2014-08-20 10:02 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-09-26 06:31 - 2014-08-20 10:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-26 06:31 - 2014-06-24 00:35 - 00010450 _____ () C:\Windows\system32\autoconfig.cab
2014-09-26 06:31 - 2014-06-23 23:41 - 10115584 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-09-26 06:31 - 2014-06-23 23:40 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2014-09-26 06:31 - 2014-06-23 23:39 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-26 06:31 - 2014-06-23 23:39 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-09-26 06:31 - 2014-06-23 21:08 - 08858624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-09-26 06:31 - 2014-06-23 21:06 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-26 06:31 - 2014-06-23 21:06 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-09-26 06:28 - 2014-08-16 02:34 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-26 06:28 - 2014-08-16 02:34 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-09-26 06:28 - 2014-08-16 02:34 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-26 06:28 - 2014-08-16 02:33 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-26 06:28 - 2014-08-16 02:33 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-26 06:28 - 2014-08-16 02:32 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-26 06:28 - 2014-08-16 02:32 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-26 06:28 - 2014-08-16 02:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-26 06:28 - 2014-08-16 02:32 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-26 06:28 - 2014-08-16 02:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-26 06:28 - 2014-08-16 02:32 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-26 06:28 - 2014-08-16 00:37 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-26 06:28 - 2014-08-16 00:36 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-26 06:28 - 2014-08-16 00:36 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-26 06:28 - 2014-08-16 00:36 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-26 06:28 - 2014-08-16 00:36 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-26 06:28 - 2014-08-16 00:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-26 06:28 - 2014-08-16 00:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-26 06:28 - 2014-08-16 00:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-26 06:28 - 2014-08-16 00:36 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-26 06:28 - 2014-08-16 00:35 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-26 06:28 - 2014-03-06 17:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-26 06:28 - 2013-05-15 15:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-09-26 06:28 - 2013-05-14 06:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-26 06:28 - 2013-05-14 02:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-26 06:28 - 2013-02-21 03:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-26 06:28 - 2012-11-07 21:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-26 06:28 - 2012-11-07 21:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-26 06:28 - 2012-07-25 20:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-26 06:27 - 2014-08-16 02:34 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-26 06:27 - 2014-08-16 02:33 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-26 06:27 - 2014-08-16 02:32 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-26 06:27 - 2014-08-16 02:32 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-26 06:27 - 2014-08-16 00:37 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-26 06:27 - 2014-08-16 00:36 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-26 06:27 - 2014-08-09 01:30 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-09-26 06:27 - 2014-08-09 01:29 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2014-09-26 06:27 - 2013-02-21 03:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-26 06:26 - 2014-08-16 00:36 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-20 14:39 - 2014-09-20 14:45 - 544622592 _____ () C:\Users\Amanda\Desktop\00155.MTS
2014-09-20 09:47 - 2014-09-20 09:53 - 542846976 _____ () C:\Users\Amanda\Desktop\00154.MTS
2014-09-20 08:42 - 2014-08-28 04:34 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-20 08:42 - 2014-08-27 23:05 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-20 08:42 - 2014-08-27 23:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-20 08:42 - 2014-08-27 23:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-20 08:42 - 2014-08-27 23:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-20 08:42 - 2014-08-27 23:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-20 08:42 - 2014-08-27 23:01 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-20 08:42 - 2014-08-27 23:01 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-20 08:42 - 2014-08-27 23:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-20 08:42 - 2014-08-27 23:01 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-09-20 08:42 - 2014-08-27 23:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-09-20 08:42 - 2014-08-27 23:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-20 08:42 - 2014-08-27 23:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-20 08:42 - 2014-08-27 23:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-09-20 08:42 - 2014-07-31 16:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-20 08:42 - 2014-07-23 20:33 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-20 08:42 - 2014-07-23 20:33 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-09-20 08:42 - 2014-06-04 18:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2014-09-20 08:42 - 2014-06-03 16:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-17 19:33 - 2012-12-31 18:53 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2401249253-4180793241-1077887795-1001UA.job
2014-10-17 19:33 - 2012-12-21 23:37 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-17 19:32 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\sru
2014-10-17 19:32 - 2012-07-26 00:21 - 00049018 _____ () C:\Windows\setupact.log
2014-10-17 15:48 - 2012-12-21 23:05 - 01781487 _____ () C:\Windows\WindowsUpdate.log
2014-10-17 15:40 - 2012-07-26 00:28 - 00850046 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-12 14:56 - 2012-12-21 23:12 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2401249253-4180793241-1077887795-1001
2014-10-12 14:42 - 2012-12-21 23:37 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-12 14:41 - 2012-09-13 01:31 - 00021592 _____ () C:\Windows\PFRO.log
2014-10-12 14:41 - 2012-07-26 00:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-12 14:08 - 2013-01-27 19:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-12 13:44 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-12 12:58 - 2012-07-26 00:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-08 23:23 - 2012-09-13 01:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-08 23:09 - 2012-12-21 23:05 - 00000000 ____D () C:\Users\Amanda
2014-10-07 23:34 - 2013-11-11 22:18 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-10-07 23:34 - 2013-11-11 22:18 - 00030304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2014-10-07 22:44 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-07 22:43 - 2012-07-26 01:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-10-07 22:28 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-26 07:17 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\rescache
2014-09-26 06:49 - 2012-07-26 01:12 - 00000000 ___RD () C:\Windows\ToastData
2014-09-26 06:49 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\WinStore
2014-09-26 06:46 - 2013-10-26 19:27 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-26 06:43 - 2012-12-27 07:43 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-26 06:31 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-09-26 06:28 - 2013-07-05 20:50 - 00071168 ___SH () C:\Users\Amanda\Desktop\Thumbs.db
2014-09-20 09:08 - 2013-01-27 19:57 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
 
Some content of TEMP:
====================
C:\Users\Amanda\AppData\Local\Temp\e3ft_vsx.dll
C:\Users\Amanda\AppData\Local\Temp\System.Data.SQLite.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-08 19:40
 
==================== End Of Log ============================
 
Addition.txt Log
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2014
Ran by Amanda at 2014-10-17 19:35:23
Running from C:\Users\Amanda\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky PURE 3.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky PURE 3.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 clear.fi SDK - Video 2 (x32 Version: 2.1.1925 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.1.2008 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0059 - NTI Corporation)
Acer Device Control Lite (HKLM-x32\...\ADevCtrl) (Version: 1.10.2004.120905 - Acer Inc.)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer PicEvermore (HKLM-x32\...\InstallShield_{25F6C1CB-C8F0-4BAE-996B-9C16F97B82F3}) (Version: 1.0.0.0035 - NTI Corporation)
Acer PicEvermore (x32 Version: 1.0.0.0035 - NTI Corporation) Hidden
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
Acer Theft Shield (HKLM\...\{8ADB0CD2-4E5A-452F-BB3B-3A2984CAC749}) (Version: 1.01.3003 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3001 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3201 - Acer Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Backup Manager v4 (x32 Version: 4.0.0.0059 - NTI Corporation) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BrowserSafeguard with RocketTab (HKLM-x32\...\RocketTab) (Version:  - BrowserSafeguard with RocketTab) <==== ATTENTION
Citrix Authentication Manager (x32 Version: 4.0.0.53726 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HDX Flash Redirection) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.4.0.25 - Citrix Systems, Inc.)
Citrix Receiver Inside (x32 Version: 3.4.0.29585 - Citrix Systems, Inc.) Hidden
Citrix Receiver Updater (x32 Version: 3.4.0.29577 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver(DV) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Citrix Receiver(USB) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3108 - Acer Incorporated)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Disasteroids (HKLM-x32\...\Disasteroids) (Version: 2.7.44 - Acute Angle Solutions)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HID Monitor (HKLM-x32\...\{1C8D89D8-6B60-4034-9934-3AE90101CB22}) (Version: 1.1.3 - Acer Incorporated)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.)
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 4.2.9.15649 - LeapFrog)
LeapFrog Connect (x32 Version: 4.2.9.15649 - LeapFrog) Hidden
LeapFrog My Pals Plugin (x32 Version: 4.2.9.15649 - LeapFrog) Hidden
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Acer Incorporated)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.208 - Qualcomm Atheros Communications)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.11 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
Self-service Plug-in (x32 Version: 3.4.0.33684 - Citrix Systems, Inc.) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Sleep Memory Optimizer (HKLM\...\{BF63C2C3-9A5B-4366-AA5F-015292B919F0}) (Version: 1.01.3000 - Acer Incorporated)
Smart Timer (HKLM-x32\...\{89DB52FC-EA72-468F-A0C7-150AF8B7AB74}) (Version: 1.00.3007 - Acer Incorporated)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.9.6 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin) (HKLM-x32\...\MyPalsPlugin) (Version:  - LeapFrog)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WTTouchApplicationSuite (HKLM-x32\...\{D6D6EB59-35DB-4056-A0D3-01ABF7904E84}) (Version: 2.00.3004 - Acer Incorporated.)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2401249253-4180793241-1077887795-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Amanda\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2401249253-4180793241-1077887795-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Amanda\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2401249253-4180793241-1077887795-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Amanda\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
 
==================== Restore Points  =========================
 
08-10-2014 06:09:36 Scheduled Checkpoint
09-10-2014 06:14:05 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
12-10-2014 19:55:46 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {092E64DB-684A-4FE5-9065-3BC208FDEAD7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-09-26] (Microsoft Corporation)
Task: {0F39E082-829C-4BE0-8CFE-EE55688B72F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-21] (Google Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1E5C5B81-8521-421F-BE85-6B24FB82CE19} - System32\Tasks\AcerRingSchedule => C:\Program Files\Acer\WTTouchApplicationSuite\AcerRing\AcerRing.exe
Task: {1F6C0E04-248E-45D4-87DC-6CBB6FD6AA7C} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {34FA79A5-E816-41A7-A75D-FA8B77BC5EA1} - System32\Tasks\HIDMonitor => C:\Program Files\Acer Incorporated\HID Monitor\HIDMonitor.exe
Task: {44A3DCF8-89A3-4C3A-9C06-18370283AF73} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
Task: {49803C6E-088F-45B9-803C-3BA1DEE3DAE3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2401249253-4180793241-1077887795-1001UA => C:\Users\Amanda\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-31] (Google Inc.)
Task: {4A6F31EE-56D9-4094-8694-8C250F357276} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {4BEBC914-C55B-4816-8F3E-D07675E6CEDF} - System32\Tasks\Smart Timer Task Scheduler => C:\Program Files\Smart Timer\Smart_Timer.exe [2012-06-22] (Acer Incorporated)
Task: {546C39BD-3703-4E52-989E-A433E983C7B4} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install => C:\Windows\system32\NotificationUI.exe [2014-08-20] (Microsoft Corporation)
Task: {6B15E26C-21D0-4880-B922-12A0DF4CCAD5} - System32\Tasks\Theft Shield\AcerTheftShieldTask => C:\Program Files\Acer\Acer Theft Shield\USecuAppLauncher.exe [2012-09-16] (Acer Incorporated)
Task: {7398655F-78CD-4AC9-B2CA-E2B1611D2D1E} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {74E0A12E-8D93-4140-BA94-DDF76E026D8F} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2012-07-31] (Acer Incorporated)
Task: {79B00955-D172-4F51-A61D-E2EC8F4FC9D0} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-11] (Egis Technology Inc.)
Task: {8B41D776-D05F-44C9-B707-DC3B78320AA4} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-22] ()
Task: {8C8CC847-BB3A-467B-B608-460ED61C1559} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {97444074-3D08-4575-BB51-2E1C1D523660} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-11] (Egis Technology Inc.)
Task: {A22B3FE0-709E-425D-BADD-862980B7E01C} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-29] ()
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AF76538E-F6BB-49D7-9A6F-A8D4FAFAAA5A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-20] (Adobe Systems Incorporated)
Task: {B8AD667A-EBC5-4828-884F-E0FD1C746A5D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2401249253-4180793241-1077887795-1001Core => C:\Users\Amanda\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-31] (Google Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CEB746E2-5825-42E8-9ADD-BBD03486D7DC} - System32\Tasks\RocketTab => C:\Windows\system32\cmd.exe [2012-07-25] (Microsoft Corporation) <==== ATTENTION
Task: {EBBC54DF-E1E3-4CC1-BF97-6BD56383D428} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-22] ()
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F437E803-985A-47C4-82F7-CCCBCB31023B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-21] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2401249253-4180793241-1077887795-1001Core.job => C:\Users\Amanda\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2401249253-4180793241-1077887795-1001UA.job => C:\Users\Amanda\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-08-23 14:02 - 2012-08-23 14:02 - 00030640 _____ () C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
2012-12-22 10:49 - 2012-12-22 10:49 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-09-18 23:24 - 2012-08-29 11:06 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-13 02:28 - 2012-03-14 02:55 - 00097872 _____ () C:\Program Files (x86)\Acer\Device Control\WlanMonitor64.dll
2012-08-31 16:44 - 2012-08-31 16:44 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-08-22 15:04 - 2012-08-22 15:04 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2012-08-22 15:04 - 2012-08-22 15:04 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 00479752 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 01310728 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll
2012-08-22 23:26 - 2012-08-22 23:26 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-08-22 23:25 - 2012-08-22 23:25 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-08-22 23:26 - 2012-08-22 23:26 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-08-22 23:25 - 2012-08-22 23:25 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-08-22 23:25 - 2012-08-22 23:25 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-08-22 23:25 - 2012-08-22 23:25 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-08-22 23:26 - 2012-08-22 23:26 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2012-08-23 14:02 - 2012-08-23 14:02 - 00034736 _____ () C:\Program Files (x86)\Acer Incorporated\HID Monitor\ElanTPAPI.dll
2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-09-26 07:28 - 2014-09-26 07:28 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\0bfee455e1830581b26b9e587a9dfb85\PSIClient.ni.dll
2012-10-28 14:30 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2401249253-4180793241-1077887795-500 - Administrator - Disabled)
Amanda (S-1-5-21-2401249253-4180793241-1077887795-1001 - Administrator - Enabled) => C:\Users\Amanda
Guest (S-1-5-21-2401249253-4180793241-1077887795-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2401249253-4180793241-1077887795-1003 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth USB Module
Description: Bluetooth USB Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/12/2014 02:34:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1109
 
Error: (10/12/2014 02:34:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1109
 
Error: (10/12/2014 02:34:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/12/2014 01:49:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 176922
 
Error: (10/12/2014 01:49:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 176922
 
Error: (10/12/2014 01:49:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/12/2014 01:49:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 175641
 
Error: (10/12/2014 01:49:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 175641
 
Error: (10/12/2014 01:49:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/12/2014 01:49:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 174328
 
 
System errors:
=============
Error: (10/12/2014 02:41:09 PM) (Source: DCOM) (EventID: 10001) (User: AmandaJ)
Description: C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding5{9BA05972-F6A8-11CF-A442-00A0C90A8F39}UnavailableUnavailable
 
Error: (10/12/2014 02:41:01 PM) (Source: DCOM) (EventID: 10000) (User: AmandaJ)
Description: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}5{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (10/12/2014 02:41:01 PM) (Source: DCOM) (EventID: 10000) (User: AmandaJ)
Description: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}5{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (10/12/2014 02:41:01 PM) (Source: DCOM) (EventID: 10000) (User: AmandaJ)
Description: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}5{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (10/12/2014 02:41:01 PM) (Source: DCOM) (EventID: 10000) (User: AmandaJ)
Description: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}5{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (10/12/2014 02:40:59 PM) (Source: DCOM) (EventID: 10000) (User: AmandaJ)
Description: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}5{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (10/12/2014 02:40:59 PM) (Source: DCOM) (EventID: 10000) (User: AmandaJ)
Description: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}5{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (10/12/2014 02:40:55 PM) (Source: DCOM) (EventID: 10000) (User: AmandaJ)
Description: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}5{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (10/12/2014 02:40:55 PM) (Source: DCOM) (EventID: 10000) (User: AmandaJ)
Description: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}5{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (10/12/2014 02:40:55 PM) (Source: DCOM) (EventID: 10000) (User: AmandaJ)
Description: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}5{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
 
Microsoft Office Sessions:
=========================
Error: (10/12/2014 02:34:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1109
 
Error: (10/12/2014 02:34:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1109
 
Error: (10/12/2014 02:34:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/12/2014 01:49:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 176922
 
Error: (10/12/2014 01:49:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 176922
 
Error: (10/12/2014 01:49:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/12/2014 01:49:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 175641
 
Error: (10/12/2014 01:49:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 175641
 
Error: (10/12/2014 01:49:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (10/12/2014 01:49:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 174328
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 47%
Total physical RAM: 5959.27 MB
Available physical RAM: 3121.5 MB
Total Pagefile: 8647.27 MB
Available Pagefile: 5403.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:448.45 GB) (Free:296.15 GB) NTFS
Drive e: () (Removable) (Total:29.82 GB) (Free:27.27 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: F6948D39)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 18.6 GB) (Disk ID: 077BA4CB)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 2 (Size: 29.8 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 

Attached Files



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:50 AM

Posted 17 October 2014 - 10:31 PM

Greetings and thank you for the information. This is how I would like to start.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM-x32\...\Run: [LManager] => [X]
SearchScopes: HKCU - DefaultScope {CCEC4139-DC1B-46BD-ABC9-15B9F6124734} URL = 
SearchScopes: HKCU - {CCEC4139-DC1B-46BD-ABC9-15B9F6124734} URL = 
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
R2 TryIYnZh; C:\ProgramData\WOOxeKVYQwY\TryIYnZh.exe [2318208 2014-10-12] (Acute Angle Solutions)
C:\ProgramData\WOOxeKVYQwY
C:\Users\Amanda\AppData\Local\Temp
CustomCLSID: HKU\S-1-5-21-2401249253-4180793241-1077887795-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Amanda\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
Task: {7398655F-78CD-4AC9-B2CA-E2B1611D2D1E} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {CEB746E2-5825-42E8-9ADD-BBD03486D7DC} - System32\Tasks\RocketTab => C:\Windows\system32\cmd.exe [2012-07-25] (Microsoft Corporation) <==== ATTENTION
2014-10-12 21:06:07 -------- d-----w- C:\Program Files (x86)\SearchProtect
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 jjones312

jjones312
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:50 AM

Posted 18 October 2014 - 09:19 AM

Computer hangs a bit during saves.  I haven't used it for anything else but what we've started here.  Once I saw the items mentioned in my original post and Kaspersky flagged issues, I took it offline.

 

Here is the fixlog.  hope you can read it ok..

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-10-2014
Ran by Amanda at 2014-10-18 07:15:08 Run:1
Running from C:\Users\Amanda\Desktop
Loaded Profile: Amanda (Available profiles: Amanda)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
{\rtf1\ansi\ansicpg1252\cocoartf1265\cocoasubrtf210
{\fonttbl\f0\fmodern\fcharset0 Courier;}
{\colortbl;\red255\green255\blue255;\red249\green249\blue249;\red83\green85\blue2;\red82\green0\blue83;
\red11\green84\blue83;}
\margl1440\margr1440\vieww22200\viewh12520\viewkind0
\deftab720
\pard\pardeftab720\sl360
 
\f0\fs26 \cf0 \cb2 HKLM\cf3 -\cf0 x32\\.\cf3 ..\cf0 \\Run\cf3 :\cf0  \cf3 [\cf4 LManager\cf3 ]\cf0  \cf3 =>\cf0  \cf3 [\cf0 X\cf3 ]\cf0 \
\pard\pardeftab720\sl360
\cf4 SearchScopes\cf3 :\cf0  HKCU \cf3 -\cf0  \cf4 DefaultScope\cf0  \cf3 \{\cf0 CCEC4139\cf3 -\cf0 DC1B\cf3 -\cf5 46BD\cf3 -\cf0 ABC9\cf3 -\cf5 15B9F6124734\cf3 \}\cf0  URL \cf3 =\cf0  \
\cf4 SearchScopes\cf3 :\cf0  HKCU \cf3 -\cf0  \cf3 \{\cf0 CCEC4139\cf3 -\cf0 DC1B\cf3 -\cf5 46BD\cf3 -\cf0 ABC9\cf3 -\cf5 15B9F6124734\cf3 \}\cf0  URL \cf3 =\cf0  \
\cf4 Filter\cf3 :\cf0  application\cf3 /\cf0 x\cf3 -\cf0 ica \cf3 -\cf0  \cf3 \{\cf0 CFB6322E\cf3 -\cf0 CC85\cf3 -\cf5 4d1b\cf3 -\cf5 82C7\cf3 -\cf5 893888A236BC\cf3 \}\cf0  \cf3 -\cf0   \cf4 No\cf0  \cf4 File\cf0 \
\cf4 Filter\cf3 :\cf0  application\cf3 /\cf0 x\cf3 -\cf0 ica\cf3 ;\cf0  charset\cf3 =\cf0 euc\cf3 -\cf0 jp \cf3 -\cf0  \cf3 \{\cf0 CFB6322E\cf3 -\cf0 CC85\cf3 -\cf5 4d1b\cf3 -\cf5 82C7\cf3 -\cf5 893888A236BC\cf3 \}\cf0  \cf3 -\cf0   \cf4 No\cf0  \cf4 File\cf0 \
\cf4 Filter\cf3 :\cf0  application\cf3 /\cf0 x\cf3 -\cf0 ica\cf3 ;\cf0  charset\cf3 =\cf0 ISO\cf3 -\cf5 8859\cf3 -\cf5 1\cf0  \cf3 -\cf0  \cf3 \{\cf0 CFB6322E\cf3 -\cf0 CC85\cf3 -\cf5 4d1b\cf3 -\cf5 82C7\cf3 -\cf5 893888A236BC\cf3 \}\cf0  \cf3 -\cf0   \cf4 No\cf0  \cf4 File\cf0 \
\cf4 Filter\cf3 :\cf0  application\cf3 /\cf0 x\cf3 -\cf0 ica\cf3 ;\cf0  charset\cf3 =\cf0 MS936 \cf3 -\cf0  \cf3 \{\cf0 CFB6322E\cf3 -\cf0 CC85\cf3 -\cf5 4d1b\cf3 -\cf5 82C7\cf3 -\cf5 893888A236BC\cf3 \}\cf0  \cf3 -\cf0   \cf4 No\cf0  \cf4 File\cf0 \
\cf4 Filter\cf3 :\cf0  application\cf3 /\cf0 x\cf3 -\cf0 ica\cf3 ;\cf0  charset\cf3 =\cf0 MS949 \cf3 -\cf0  \cf3 \{\cf0 CFB6322E\cf3 -\cf0 CC85\cf3 -\cf5 4d1b\cf3 -\cf5 82C7\cf3 -\cf5 893888A236BC\cf3 \}\cf0  \cf3 -\cf0   \cf4 No\cf0  \cf4 File\cf0 \
\cf4 Filter\cf3 :\cf0  application\cf3 /\cf0 x\cf3 -\cf0 ica\cf3 ;\cf0  charset\cf3 =\cf0 MS950 \cf3 -\cf0  \cf3 \{\cf0 CFB6322E\cf3 -\cf0 CC85\cf3 -\cf5 4d1b\cf3 -\cf5 82C7\cf3 -\cf5 893888A236BC\cf3 \}\cf0  \cf3 -\cf0   \cf4 No\cf0  \cf4 File\cf0 \
\cf4 Filter\cf3 :\cf0  application\cf3 /\cf0 x\cf3 -\cf0 ica\cf3 ;\cf0  charset\cf3 =\cf0 UTF\cf3 -\cf5 8\cf0  \cf3 -\cf0  \cf3 \{\cf0 CFB6322E\cf3 -\cf0 CC85\cf3 -\cf5 4d1b\cf3 -\cf5 82C7\cf3 -\cf5 893888A236BC\cf3 \}\cf0  \cf3 -\cf0   \cf4 No\cf0  \cf4 File\cf0 \
\cf4 Filter\cf3 :\cf0  application\cf3 /\cf0 x\cf3 -\cf0 ica\cf3 ;\cf0  charset\cf3 =\cf0 UTF8 \cf3 -\cf0  \cf3 \{\cf0 CFB6322E\cf3 -\cf0 CC85\cf3 -\cf5 4d1b\cf3 -\cf5 82C7\cf3 -\cf5 893888A236BC\cf3 \}\cf0  \cf3 -\cf0   \cf4 No\cf0  \cf4 File\cf0 \
\cf4 Filter\cf3 :\cf0  application\cf3 /\cf0 x\cf3 -\cf0 ica\cf3 ;\cf0 charset\cf3 =\cf0 euc\cf3 -\cf0 jp \cf3 -\cf0  \cf3 \{\cf0 CFB6322E\cf3 -\cf0 CC85\cf3 -\cf5 4d1b\cf3 -\cf5 82C7\cf3 -\cf5 893888A236BC\cf3 \}\cf0  \cf3 -\cf0   \cf4 No\cf0  \cf4 File\cf0 \
\cf4 Filter\cf3 :\cf0  application\cf3 /\cf0 x\cf3 -\cf0 ica\cf3 ;\cf0 charset\cf3 =\cf0 ISO\cf3 -\cf5 8859\cf3 -\cf5 1\cf0  \cf3 -\cf0  \cf3 \{\cf0 CFB6322E\cf3 -\cf0 CC85\cf3 -\cf5 4d1b\cf3 -\cf5 82C7\cf3 -\cf5 893888A236BC\cf3 \}\cf0  \cf3 -\cf0   \cf4 No\cf0  \cf4 File\cf0 \
\cf4 Filter\cf3 :\cf0  application\cf3 /\cf0 x\cf3 -\cf0 ica\cf3 ;\cf0 charset\cf3 =\cf0 MS936 \cf3 -\cf0  \cf3 \{\cf0 CFB6322E\cf3 -\cf0 CC85\cf3 -\cf5 4d1b\cf3 -\cf5 82C7\cf3 -\cf5 893888A236BC\cf3 \}\cf0  \cf3 -\cf0   \cf4 No\cf0  \cf4 File\cf0 \
\cf4 Filter\cf3 :\cf0  application\cf3 /\cf0 x\cf3 -\cf0 ica\cf3 ;\cf0 charset\cf3 =\cf0 MS949 \cf3 -\cf0  \cf3 \{\cf0 CFB6322E\cf3 -\cf0 CC85\cf3 -\cf5 4d1b\cf3 -\cf5 82C7\cf3 -\cf5 893888A236BC\cf3 \}\cf0  \cf3 -\cf0   \cf4 No\cf0  \cf4 File\cf0 \
\cf4 Filter\cf3 :\cf0  application\cf3 /\cf0 x\cf3 -\cf0 ica\cf3 ;\cf0 charset\cf3 =\cf0 MS950 \cf3 -\cf0  \cf3 \{\cf0 CFB6322E\cf3 -\cf0 CC85\cf3 -\cf5 4d1b\cf3 -\cf5 82C7\cf3 -\cf5 893888A236BC\cf3 \}\cf0  \cf3 -\cf0   \cf4 No\cf0  \cf4 File\cf0 \
\cf4 Filter\cf3 :\cf0  application\cf3 /\cf0 x\cf3 -\cf0 ica\cf3 ;\cf0 charset\cf3 =\cf0 UTF\cf3 -\cf5 8\cf0  \cf3 -\cf0  \cf3 \{\cf0 CFB6322E\cf3 -\cf0 CC85\cf3 -\cf5 4d1b\cf3 -\cf5 82C7\cf3 -\cf5 893888A236BC\cf3 \}\cf0  \cf3 -\cf0   \cf4 No\cf0  \cf4 File\cf0 \
\cf4 Filter\cf3 :\cf0  application\cf3 /\cf0 x\cf3 -\cf0 ica\cf3 ;\cf0 charset\cf3 =\cf0 UTF8 \cf3 -\cf0  \cf3 \{\cf0 CFB6322E\cf3 -\cf0 CC85\cf3 -\cf5 4d1b\cf3 -\cf5 82C7\cf3 -\cf5 893888A236BC\cf3 \}\cf0  \cf3 -\cf0   \cf4 No\cf0  \cf4 File\cf0 \
\cf4 Filter\cf3 :\cf0  ica \cf3 -\cf0  \cf3 \{\cf0 CFB6322E\cf3 -\cf0 CC85\cf3 -\cf5 4d1b\cf3 -\cf5 82C7\cf3 -\cf5 893888A236BC\cf3 \}\cf0  \cf3 -\cf0   \cf4 No\cf0  \cf4 File\cf0 \
R2 \cf4 TryIYnZh\cf3 ;\cf0  C\cf3 :\cf0 \\ProgramData\\W\cf4 OOxeKVYQwY\cf0 \\TryIYnZh\cf3 .\cf0 exe \cf3 [\cf5 2318208\cf0  \cf5 2014\cf3 -\cf5 10\cf3 -\cf5 12\cf3 ]\cf0  \cf3 (\cf4 Acute\cf0  \cf4 Angle\cf0  \cf4 Solutions\cf3 )\cf0 \
C\cf3 :\cf0 \\ProgramData\\W\cf4 OOxeKVYQwY\cf0 \
C\cf3 :\cf0 \\Users\\Amanda\\AppData\\Local\\Temp\
\cf4 CustomCLSID\cf3 :\cf0  HKU\\S\cf3 -\cf5 1\cf3 -\cf5 5\cf3 -\cf5 21\cf3 -\cf5 2401249253\cf3 -\cf5 4180793241\cf3 -\cf5 1077887795\cf3 -\cf5 1001\cf4 _Classes\cf0 \\CLSID\\\{\cf5 355EC88A\cf3 -\cf5 02E2\cf3 -\cf5 4547\cf3 -\cf5 9DEE\cf3 -\cf0 F87426484BD1\cf3 \}\cf0 \\InprocServer32 \cf3 ->\cf0  C\cf3 :\cf0 \\Users\\Amanda\\AppData\\Local\\Google\\Update\\1\cf3 .\cf5 3.23\cf3 .\cf5 9\cf0 \\psuser_64\cf3 .\cf0 dll \cf4 No\cf0  \cf4 File\cf0 \
\cf4 Task\cf3 :\cf0  \cf3 \{\cf5 7398655F\cf3 -\cf5 78CD\cf3 -\cf5 4AC9\cf3 -\cf0 B2CA\cf3 -\cf0 E2B1611D2D1E\cf3 \}\cf0  \cf3 -\cf0  \\RocketTab \cf4 Update\cf0  \cf4 Task\cf0  \cf4 No\cf0  \cf4 Task\cf0  \cf4 File\cf0  \cf3 <====\cf0  ATTENTION\
\cf4 Task\cf3 :\cf0  \cf3 \{\cf0 CEB746E2\cf3 -\cf5 5825\cf3 -\cf5 42E8\cf3 -\cf5 9ADD\cf3 -\cf0 BBD03486D7DC\cf3 \}\cf0  \cf3 -\cf0  \cf4 System32\cf0 \\Tasks\\RocketTab \cf3 =>\cf0  C\cf3 :\cf0 \\Windows\\system32\\cmd\cf3 .\cf0 exe \cf3 [\cf5 2012\cf3 -\cf5 07\cf3 -\cf5 25\cf3 ]\cf0  \cf3 (\cf4 Microsoft\cf0  \cf4 Corporation\cf3 )\cf0  \cf3 <====\cf0  ATTENTION\
\pard\pardeftab720\sl360
\cf5 2014\cf3 -\cf5 10\cf3 -\cf5 12\cf0  \cf5 21\cf3 :\cf5 06\cf3 :\cf5 07\cf0  \cf3 --------\cf0  d\cf3 -----\cf0 w\cf3 -\cf0  C\cf3 :\cf0 \\Program \cf4 Files\cf0  \cf3 (\cf0 x86\cf3 )\cf0 \\SearchProtect\
}
*****************
 
{\rtf1\ansi\ansicpg1252\cocoartf1265\cocoasubrtf210 => Error: No automatic fix found for this entry.
{\fonttbl\f0\fmodern\fcharset0 Courier;} => Error: No automatic fix found for this entry.
{\colortbl;\red255\green255\blue255;\red249\green249\blue249;\red83\green85\blue2;\red82\green0\blue83; => Error: No automatic fix found for this entry.
\red11\green84\blue83;} => Error: No automatic fix found for this entry.
\margl1440\margr1440\vieww22200\viewh12520\viewkind0 => Error: No automatic fix found for this entry.
\deftab720 => Error: No automatic fix found for this entry.
\pard\pardeftab720\sl360 => Error: No automatic fix found for this entry.
\f0\fs26 \cf0 \cb2 HKLM\cf3 -\cf0 x32\\.\cf3 ..\cf0 \\Run\cf3 :\cf0  \cf3 [\cf4 LManager\cf3 ]\cf0  \cf3 =>\cf0  \cf3 [\cf0 X\cf3 ]\cf0 \ => Error: No automatic fix found for this entry.
\pard\pardeftab720\sl360 => Error: No automatic fix found for this entry.
\cf4 SearchScopes\cf3 :\cf0  HKCU \cf3 -\cf0  \cf4 DefaultScope\cf0  \cf3 \{\cf0 CCEC4139\cf3 -\cf0 DC1B\cf3 -\cf5 46BD\cf3 -\cf0 ABC9\cf3 -\cf5 15B9F6124734\cf3 \}\cf0  URL \cf3 =\cf0  \ => Error: No automatic fix found for this entry.
\cf4 SearchScopes\cf3 :\cf0  HKCU \cf3 -\cf0  \cf3 \{\cf0 CCEC4139\cf3 -\cf0 DC1B\cf3 -\cf5 46BD\cf3 -\cf0 ABC9\cf3 -\cf5 15B9F6124734\cf3 \}\cf0  URL \cf3 =\cf0  \ => Error: No automatic fix found for this entry.
\cf4 Filter\cf3 :\cf0  application\cf3 /\cf0 x\cf3 -\cf0 ica \cf3 -\cf0  \cf3 \{\cf0 CFB6322E\cf3 -\cf0 CC85\cf3 -\cf5 4d1b\cf3 -\cf5 82C7\cf3 -\cf5 893888A236BC\cf3 \}\cf0  \cf3 -\cf0   \cf4 No\cf0  \cf4 File\cf0 \ => Error: No automatic fix found for this entry.
\cf4 Filter\cf3 :\cf0  application\cf3 /\cf0 x\cf3 -\cf0 ica\cf3 ;\cf0  charset\cf3 =\cf0 euc\cf3 -\cf0 jp \cf3 -\cf0  \cf3 \{\cf0 CFB6322E\cf3 -\cf0 CC85\cf3 -\cf5 4d1b\cf3 -\cf5 82C7\cf3 -\cf5 893888A236BC\cf3 \}\cf0  \cf3 -\cf0   \cf4 No\cf0  \cf4 File\cf0 \ => Error: No automatic fix found for this entry.
\cf4 Filter\cf3 :\cf0  application\cf3 /\cf0 x\cf3 -\cf0 ica\cf3 ;\cf0  charset\cf3 =\cf0 ISO\cf3 -\cf5 8859\cf3 -\cf5 1\cf0  \cf3 -\cf0  \cf3 \{\cf0 CFB6322E\cf3 -\cf0 CC85\cf3 -\cf5 4d1b\cf3 -\cf5 82C7\cf3 -\cf5 893888A236BC\cf3 \}\cf0  \cf3 -\cf0   \cf4 No\cf0  \cf4 File\cf0 \ => Error: No automatic fix found for this entry.
\cf4 Filter\cf3 :\cf0  application\cf3 /\cf0 x\cf3 -\cf0 ica\cf3 ;\cf0  charset\cf3 =\cf0 MS936 \cf3 -\cf0  \cf3 \{\cf0 CFB6322E\cf3 -\cf0 CC85\cf3 -\cf5 4d1b\cf3 -\cf5 82C7\cf3 -\cf5 893888A236BC\cf3 \}\cf0  \cf3 -\cf0   \cf4 No\cf0  \cf4 File\cf0 \ => Error: No automatic fix found for this entry.
\cf4 Filter\cf3 :\cf0  application\cf3 /\cf0 x\cf3 -\cf0 ica\cf3 ;\cf0  charset\cf3 =\cf0 MS949 \cf3 -\cf0  \cf3 \{\cf0 CFB6322E\cf3 -\cf0 CC85\cf3 -\cf5 4d1b\cf3 -\cf5 82C7\cf3 -\cf5 893888A236BC\cf3 \}\cf0  \cf3 -\cf0   \cf4 No\cf0  \cf4 File\cf0 \ => Error: No automatic fix found for this entry.
\cf4 Filter\cf3 :\cf0  application\cf3 /\cf0 x\cf3 -\cf0 ica\cf3 ;\cf0  charset\cf3 =\cf0 MS950 \cf3 -\cf0  \cf3 \{\cf0 CFB6322E\cf3 -\cf0 CC85\cf3 -\cf5 4d1b\cf3 -\cf5 82C7\cf3 -\cf5 893888A236BC\cf3 \}\cf0  \cf3 -\cf0   \cf4 No\cf0  \cf4 File\cf0 \ => Error: No automatic fix found for this entry.
\cf4 Filter\cf3 :\cf0  application\cf3 /\cf0 x\cf3 -\cf0 ica\cf3 ;\cf0  charset\cf3 =\cf0 UTF\cf3 -\cf5 8\cf0  \cf3 -\cf0  \cf3 \{\cf0 CFB6322E\cf3 -\cf0 CC85\cf3 -\cf5 4d1b\cf3 -\cf5 82C7\cf3 -\cf5 893888A236BC\cf3 \}\cf0  \cf3 -\cf0   \cf4 No\cf0  \cf4 File\cf0 \ => Error: No automatic fix found for this entry.
\cf4 Filter\cf3 :\cf0  application\cf3 /\cf0 x\cf3 -\cf0 ica\cf3 ;\cf0  charset\cf3 =\cf0 UTF8 \cf3 -\cf0  \cf3 \{\cf0 CFB6322E\cf3 -\cf0 CC85\cf3 -\cf5 4d1b\cf3 -\cf5 82C7\cf3 -\cf5 893888A236BC\cf3 \}\cf0  \cf3 -\cf0   \cf4 No\cf0  \cf4 File\cf0 \ => Error: No automatic fix found for this entry.
\cf4 Filter\cf3 :\cf0  application\cf3 /\cf0 x\cf3 -\cf0 ica\cf3 ;\cf0 charset\cf3 =\cf0 euc\cf3 -\cf0 jp \cf3 -\cf0  \cf3 \{\cf0 CFB6322E\cf3 -\cf0 CC85\cf3 -\cf5 4d1b\cf3 -\cf5 82C7\cf3 -\cf5 893888A236BC\cf3 \}\cf0  \cf3 -\cf0   \cf4 No\cf0  \cf4 File\cf0 \ => Error: No automatic fix found for this entry.
\cf4 Filter\cf3 :\cf0  application\cf3 /\cf0 x\cf3 -\cf0 ica\cf3 ;\cf0 charset\cf3 =\cf0 ISO\cf3 -\cf5 8859\cf3 -\cf5 1\cf0  \cf3 -\cf0  \cf3 \{\cf0 CFB6322E\cf3 -\cf0 CC85\cf3 -\cf5 4d1b\cf3 -\cf5 82C7\cf3 -\cf5 893888A236BC\cf3 \}\cf0  \cf3 -\cf0   \cf4 No\cf0  \cf4 File\cf0 \ => Error: No automatic fix found for this entry.
\cf4 Filter\cf3 :\cf0  application\cf3 /\cf0 x\cf3 -\cf0 ica\cf3 ;\cf0 charset\cf3 =\cf0 MS936 \cf3 -\cf0  \cf3 \{\cf0 CFB6322E\cf3 -\cf0 CC85\cf3 -\cf5 4d1b\cf3 -\cf5 82C7\cf3 -\cf5 893888A236BC\cf3 \}\cf0  \cf3 -\cf0   \cf4 No\cf0  \cf4 File\cf0 \ => Error: No automatic fix found for this entry.
\cf4 Filter\cf3 :\cf0  application\cf3 /\cf0 x\cf3 -\cf0 ica\cf3 ;\cf0 charset\cf3 =\cf0 MS949 \cf3 -\cf0  \cf3 \{\cf0 CFB6322E\cf3 -\cf0 CC85\cf3 -\cf5 4d1b\cf3 -\cf5 82C7\cf3 -\cf5 893888A236BC\cf3 \}\cf0  \cf3 -\cf0   \cf4 No\cf0  \cf4 File\cf0 \ => Error: No automatic fix found for this entry.
\cf4 Filter\cf3 :\cf0  application\cf3 /\cf0 x\cf3 -\cf0 ica\cf3 ;\cf0 charset\cf3 =\cf0 MS950 \cf3 -\cf0  \cf3 \{\cf0 CFB6322E\cf3 -\cf0 CC85\cf3 -\cf5 4d1b\cf3 -\cf5 82C7\cf3 -\cf5 893888A236BC\cf3 \}\cf0  \cf3 -\cf0   \cf4 No\cf0  \cf4 File\cf0 \ => Error: No automatic fix found for this entry.
\cf4 Filter\cf3 :\cf0  application\cf3 /\cf0 x\cf3 -\cf0 ica\cf3 ;\cf0 charset\cf3 =\cf0 UTF\cf3 -\cf5 8\cf0  \cf3 -\cf0  \cf3 \{\cf0 CFB6322E\cf3 -\cf0 CC85\cf3 -\cf5 4d1b\cf3 -\cf5 82C7\cf3 -\cf5 893888A236BC\cf3 \}\cf0  \cf3 -\cf0   \cf4 No\cf0  \cf4 File\cf0 \ => Error: No automatic fix found for this entry.
\cf4 Filter\cf3 :\cf0  application\cf3 /\cf0 x\cf3 -\cf0 ica\cf3 ;\cf0 charset\cf3 =\cf0 UTF8 \cf3 -\cf0  \cf3 \{\cf0 CFB6322E\cf3 -\cf0 CC85\cf3 -\cf5 4d1b\cf3 -\cf5 82C7\cf3 -\cf5 893888A236BC\cf3 \}\cf0  \cf3 -\cf0   \cf4 No\cf0  \cf4 File\cf0 \ => Error: No automatic fix found for this entry.
\cf4 Filter\cf3 :\cf0  ica \cf3 -\cf0  \cf3 \{\cf0 CFB6322E\cf3 -\cf0 CC85\cf3 -\cf5 4d1b\cf3 -\cf5 82C7\cf3 -\cf5 893888A236BC\cf3 \}\cf0  \cf3 -\cf0   \cf4 No\cf0  \cf4 File\cf0 \ => Error: No automatic fix found for this entry.
\cf4 TryIYnZh\cf3  => Service not found.
C\cf3 :\cf0 \\ProgramData\\W\cf4 OOxeKVYQwY\cf0 \ => Error: No automatic fix found for this entry.
C\cf3 :\cf0 \\Users\\Amanda\\AppData\\Local\\Temp\ => Error: No automatic fix found for this entry.
\cf4 CustomCLSID\cf3 :\cf0  HKU\\S\cf3 -\cf5 1\cf3 -\cf5 5\cf3 -\cf5 21\cf3 -\cf5 2401249253\cf3 -\cf5 4180793241\cf3 -\cf5 1077887795\cf3 -\cf5 1001\cf4 _Classes\cf0 \\CLSID\\\{\cf5 355EC88A\cf3 -\cf5 02E2\cf3 -\cf5 4547\cf3 -\cf5 9DEE\cf3 -\cf0 F87426484BD1\cf3 \}\cf0 \\InprocServer32 \cf3 ->\cf0  C\cf3 :\cf0 \\Users\\Amanda\\AppData\\Local\\Google\\Update\\1\cf3 .\cf5 3.23\cf3 .\cf5 9\cf0 \\psuser_64\cf3 .\cf0 dll \cf4 No\cf0  \cf4 File\cf0 \ => Error: No automatic fix found for this entry.
\cf4 Task\cf3 :\cf0  \cf3 \{\cf5 7398655F\cf3 -\cf5 78CD\cf3 -\cf5 4AC9\cf3 -\cf0 B2CA\cf3 -\cf0 E2B1611D2D1E\cf3 \}\cf0  \cf3 -\cf0  \\RocketTab \cf4 Update\cf0  \cf4 Task\cf0  \cf4 No\cf0  \cf4 Task\cf0  \cf4 File\cf0  \cf3 <====\cf0  ATTENTION\ => Error: No automatic fix found for this entry.
\cf4 Task\cf3 :\cf0  \cf3 \{\cf0 CEB746E2\cf3 -\cf5 5825\cf3 -\cf5 42E8\cf3 -\cf5 9ADD\cf3 -\cf0 BBD03486D7DC\cf3 \}\cf0  \cf3 -\cf0  \cf4 System32\cf0 \\Tasks\\RocketTab \cf3 =>\cf0  C\cf3 :\cf0 \\Windows\\system32\\cmd\cf3 .\cf0 exe \cf3 [\cf5 2012\cf3 -\cf5 07\cf3 -\cf5 25\cf3 ]\cf0  \cf3 (\cf4 Microsoft\cf0  \cf4 Corporation\cf3 )\cf0  \cf3 <====\cf0  ATTENTION\ => Error: No automatic fix found for this entry.
\pard\pardeftab720\sl360 => Error: No automatic fix found for this entry.
\cf5 2014\cf3 -\cf5 10\cf3 -\cf5 12\cf0  \cf5 21\cf3 :\cf5 06\cf3 :\cf5 07\cf0  \cf3 --------\cf0  d\cf3 -----\cf0 w\cf3 -\cf0  C\cf3 :\cf0 \\Program \cf4 Files\cf0  \cf3 (\cf0 x86\cf3 )\cf0 \\SearchProtect\ => Error: No automatic fix found for this entry.
} => Error: No automatic fix found for this entry.
 
==== End of Fixlog ====


#9 jjones312

jjones312
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:50 AM

Posted 18 October 2014 - 09:22 AM

NOTE:  I'm using a MAC to review this thread and get instructions etc.. I'm transferring tools and logs via a USB drive.   I noticed the fixtxt was in rich text format.  I hope this didn't cause any issues running the fix.  If so I can redo.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:50 AM

Posted 18 October 2014 - 12:47 PM

It did cause issues and the fix did not work.....


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 jjones312

jjones312
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:50 AM

Posted 18 October 2014 - 12:53 PM

It did cause issues and the fix did not work.....

I'm running out for a moment.. When I get back I'll rerun and post..



#12 jjones312

jjones312
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:50 AM

Posted 18 October 2014 - 05:17 PM

Here is the updated fixlog.txt content.   Let me know if it ran ok...

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-10-2014
Ran by Amanda at 2014-10-18 15:01:24 Run:2
Running from C:\Users\Amanda\Desktop
Loaded Profile: Amanda (Available profiles: Amanda)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [LManager] => [X]
 
SearchScopes: HKCU - DefaultScope {CCEC4139-DC1B-46BD-ABC9-15B9F6124734} URL = 
 
SearchScopes: HKCU - {CCEC4139-DC1B-46BD-ABC9-15B9F6124734} URL = 
 
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
 
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
 
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
 
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
 
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
 
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
 
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
 
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
 
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
 
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
 
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
 
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
 
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
 
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
 
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
 
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
 
R2 TryIYnZh; C:\ProgramData\WOOxeKVYQwY\TryIYnZh.exe [2318208 2014-10-12] (Acute Angle Solutions)
 
C:\ProgramData\WOOxeKVYQwY
 
C:\Users\Amanda\AppData\Local\Temp
 
CustomCLSID: HKU\S-1-5-21-2401249253-4180793241-1077887795-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Amanda\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
 
Task: {7398655F-78CD-4AC9-B2CA-E2B1611D2D1E} - \RocketTab Update Task No Task File <==== ATTENTION
 
Task: {CEB746E2-5825-42E8-9ADD-BBD03486D7DC} - System32\Tasks\RocketTab => C:\Windows\system32\cmd.exe [2012-07-25] (Microsoft Corporation) <==== ATTENTION
 
2014-10-12 21:06:07 -------- d-----w- C:\Program Files (x86)\SearchProtect
 
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\LManager => value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCEC4139-DC1B-46BD-ABC9-15B9F6124734}" => Key deleted successfully.
"HKCR\CLSID\{CCEC4139-DC1B-46BD-ABC9-15B9F6124734}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica; charset=euc-jp" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica; charset=ISO-8859-1" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS936" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS949" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS950" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF-8" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF8" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica;charset=euc-jp" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica;charset=ISO-8859-1" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS936" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS949" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS950" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF-8" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF8" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
"HKCR\PROTOCOLS\Filter\ica" => Key deleted successfully.
"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.
TryIYnZh => Unable to stop service
TryIYnZh => Service deleted successfully.
 
"C:\ProgramData\WOOxeKVYQwY" directory move:
 
Could not move "C:\ProgramData\WOOxeKVYQwY\info.dat" => Scheduled to move on reboot.
Could not move "C:\ProgramData\WOOxeKVYQwY\TryIYnZh.dat" => Scheduled to move on reboot.
C:\ProgramData\WOOxeKVYQwY\TryIYnZh.exe => Moved successfully.
C:\ProgramData\WOOxeKVYQwY\TryIYnZh.exe.config => Moved successfully.
C:\ProgramData\WOOxeKVYQwY\dat\IqulOw.dll => Moved successfully.
C:\ProgramData\WOOxeKVYQwY\dat\kDEVCyVyLgF.exe => Moved successfully.
C:\ProgramData\WOOxeKVYQwY\dat\kDEVCyVyLgF.exe.config => Moved successfully.
C:\ProgramData\WOOxeKVYQwY\dat\nsNNhwy.dll => Moved successfully.
C:\ProgramData\WOOxeKVYQwY\dat\sbPpcn.exe => Moved successfully.
C:\ProgramData\WOOxeKVYQwY\dat\sbPpcn.exe.config => Moved successfully.
Could not move "C:\ProgramData\WOOxeKVYQwY" directory. => Scheduled to move on reboot.
 
C:\Users\Amanda\AppData\Local\Temp => Moved successfully.
"HKU\S-1-5-21-2401249253-4180793241-1077887795-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7398655F-78CD-4AC9-B2CA-E2B1611D2D1E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7398655F-78CD-4AC9-B2CA-E2B1611D2D1E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab Update Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CEB746E2-5825-42E8-9ADD-BBD03486D7DC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEB746E2-5825-42E8-9ADD-BBD03486D7DC}" => Key deleted successfully.
C:\Windows\System32\Tasks\RocketTab => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab" => Key deleted successfully.
C:\Program Files (x86)\SearchProtect => Moved successfully.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-10-18 15:15:20)<=
 
C:\ProgramData\WOOxeKVYQwY\info.dat => Is moved successfully.
C:\ProgramData\WOOxeKVYQwY\TryIYnZh.dat => Is moved successfully.
C:\ProgramData\WOOxeKVYQwY => Is moved successfully.
 
==== End of Fixlog ====


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:50 AM

Posted 18 October 2014 - 10:28 PM

Thanks, how is your computer running?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 jjones312

jjones312
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:50 AM

Posted 18 October 2014 - 11:34 PM

Seems to be running ok..  But I still have some unwanted items on the system in add/remove programs that got installed when the Odin.exe installed.   e.g. disateriods, browsersaefguard w/ rockettab etc..  These items were flagged by Kasperskey long w/ a Trojan..



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:50 AM

Posted 19 October 2014 - 08:39 AM

Have you attempted to uninstall them? If not, please try. If you run into issues let me know.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users