Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

detected Trojan.Agent.ED, help


  • This topic is locked This topic is locked
32 replies to this topic

#1 johnbird

johnbird

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 21 October 2014 - 05:35 AM

Hi,

 

A few days ago, my Malwarebytes detected a Trojan.Agent.ED, and the threat was quarantine,

 

Today when I when to log in onto my computer I have a pop up window from Malwarebytes telling me that the process had stopped and that this might be because of Rootkit activity on the computer, then crash and restarted itself again. Before I could manage to log in again Malwarebytes started to run a scan on the computer but nothing was found after the scan.

 

I don't know what this issue might be but I kindly appreciate some help.    

 

Thanks  


Edited by johnbird, 21 October 2014 - 07:21 AM.


BC AdBot (Login to Remove)

 


#2 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 21 October 2014 - 07:49 AM

Hello johnbird,
 

I'm Stan and I will be helping you for this problem.

 

First of all I want to clear some things about the malware removal process:

  • Do not run any tools on your own. This may affect the process of removal and may cause both slowdown and additional problems.
  • Read carefully the steps that I suggest you to do. Any mismatch will prolong this case.
  • Copy any scripts carefully so they stay exactly the same with the original. Otherwise the script may not work and we will need to rerun/recreate it.
  • Feel free to copy all the steps in offline environment. They may be easier to read and follow in this way.
  • Feel free to ask any questions about the malware removal process. I'm here to help you so nothing must be hidden or misunderstood.
  • Share with me any problems/changes you experience while working with the current system.
  • Please, do not use any quotes or code boxes when you post logs.

I want to inform you that I will be able to respond in the evenings - 07:00 P.M - 11:00 P.M. (UTC + 02:00) - since I'm working during most of the daytime. If I haven't posted anything for 48 hours straight, please, feel free to send me a personal message. I will bump the topic if there is no response from you for 3 days. After 5 days of inactivity, the topic will be closed.

 

I want to inform you that I'm still in my training program so my posts must be reviewed by an instructor. This may lead to a slight delay in my answers.

 

********************

 

Do you still receive the popup window when you log into the system? Are there any noticeable issues with the system - slow performance, ads showing or unusual behavior?

 

********************

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator".
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.

Please copy and paste the log in your next reply.

Note : The first time the tool is run it generates another log - Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#3 johnbird

johnbird
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 21 October 2014 - 11:01 AM

Hi Stan,

 

Thank you very much for taking the time to reply to my message. 

 

To answer to your questions, Malwarebytes hasn't pop up any windows again, the unusual behavior I would say is  at the start up of the machine. The computer network seem to take about 1 min or more in some cases to become functional and showing up at the bottom of my task bar. During that process I can use the computer because otherwise will freeze or become unresponsive. it is only when the network connects and showing in my task bar that I can use the computer, really unusual.

 

But yeap, I still experiencing some slowness on the computer and I don't know why this might be, my local disk is 465 GB and the space used is 47.3 GB, so I am of my league in this one.

 

Ok here are the Farbar logs,

 

_____________________

 

First log

_____________________

 

 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2014

Ran by Arkly (administrator) on ARKLY-PC on 21-10-2014 16:54:37
Running from C:\Users\Arkly\Desktop
Loaded Profile: Arkly (Available profiles: Arkly & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Filipe Lourenço) C:\Program Files (x86)\BatteryCare\BatteryCare.exe
(Akamai Technologies, Inc.) C:\Users\Arkly\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Akamai Technologies, Inc.) C:\Users\Arkly\AppData\Local\Akamai\netsession_win.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6560360 2010-12-08] (Realtek Semiconductor)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2010-11-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [642040 2014-08-05] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4283612145-3875195018-3230280069-1000\...\Run: [BatteryCare] => C:\Program Files (x86)\BatteryCare\BatteryCare.exe [740864 2012-12-03] (Filipe Lourenço)
HKU\S-1-5-21-4283612145-3875195018-3230280069-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Arkly\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4283612145-3875195018-3230280069-1000\...\Policies\Explorer: [HideSCAPower] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 89.101.160.4 89.101.160.5
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Arkly\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-10-12]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-15]
CHR Extension: (Google Docs) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-15]
CHR Extension: (Google Drive) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-15]
CHR Extension: (WOT) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-10-15]
CHR Extension: (YouTube) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-15]
CHR Extension: (Adblock Plus) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-15]
CHR Extension: (Google Search) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-15]
CHR Extension: (Google Sheets) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-15]
CHR Extension: (Google Wallet) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-15]
CHR Extension: (Gmail) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [236016 2010-10-29] (CyberLink)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-09-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2014-08-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-07-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-07-18] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TuneUp.Defrag; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe [607040 2014-10-14] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [1403200 2011-05-31] (TuneUp Software)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-07-18] (McAfee, Inc.)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-07-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313800 2014-07-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526352 2014-07-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-07-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-07-18] (McAfee, Inc.)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-18] (NVIDIA Corporation)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)
S3 Spyder3; C:\Windows\System32\DRIVERS\Spyder3.sys [15360 2010-03-30] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [11856 2009-10-14] (TuneUp Software)
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-21 16:54 - 2014-10-21 16:55 - 00015222 _____ () C:\Users\Arkly\Desktop\FRST.txt
2014-10-21 16:54 - 2014-10-21 16:54 - 00000000 ____D () C:\FRST
2014-10-21 16:28 - 2014-10-21 16:28 - 02110976 _____ (Farbar) C:\Users\Arkly\Desktop\FRST64.exe
2014-10-20 17:47 - 2014-10-20 17:47 - 00000000 ____D () C:\ProgramData\Unity
2014-10-20 12:33 - 2014-10-20 17:47 - 00000000 ____D () C:\Users\Arkly\AppData\Local\Unity
2014-10-20 12:30 - 2014-10-20 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity
2014-10-20 12:30 - 2014-10-20 12:30 - 00001124 _____ () C:\Users\Public\Desktop\Unity.lnk
2014-10-20 12:30 - 2014-10-20 12:30 - 00000000 ____D () C:\Users\Public\Documents\Unity Projects
2014-10-20 12:14 - 2014-10-20 12:33 - 00000000 ____D () C:\Program Files (x86)\Unity
2014-10-20 10:59 - 2014-10-20 10:59 - 00512319 _____ () C:\Users\Arkly\Desktop\bookmarks.html
2014-10-20 10:21 - 2014-10-20 11:50 - 00001298 _____ () C:\Windows\PFRO.log
2014-10-20 09:51 - 2014-10-20 09:51 - 00071416 _____ () C:\Users\Arkly\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-20 09:49 - 2014-10-21 16:09 - 00000964 _____ () C:\Windows\setupact.log
2014-10-20 09:49 - 2014-10-20 09:49 - 04930392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-20 09:49 - 2014-10-20 09:49 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-20 01:27 - 2014-10-20 11:54 - 00001318 _____ () C:\DelFix.txt
2014-10-19 22:00 - 2014-01-31 01:39 - 1967808512 _____ () C:\Users\Arkly\Desktop\12.Years.a.Slave.2013.DVDScr.XVID.AC3.HQ.Hive-CM8.avi
2014-10-19 20:24 - 2014-10-19 20:24 - 04095448 _____ (BrightFort LLC ) C:\Users\Arkly\Downloads\spywareblastersetup50.exe
2014-10-19 18:33 - 2014-10-19 18:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-18 21:01 - 2014-10-18 21:01 - 02001408 _____ () C:\Users\Arkly\Downloads\102 - The building blocks of story.ppt
2014-10-18 20:41 - 2014-10-18 20:41 - 00024417 _____ () C:\Users\Arkly\Desktop\relevance - Dictionary Definition   Vocabulary.com.htm
2014-10-18 20:41 - 2014-10-18 20:41 - 00000000 ____D () C:\Users\Arkly\Desktop\relevance - Dictionary Definition   Vocabulary.com_files
2014-10-17 22:04 - 2014-10-17 22:05 - 00000000 ____D () C:\Users\Arkly\Desktop\BRANDING_BUSINESS
2014-10-17 15:15 - 2014-10-17 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-10-17 15:15 - 2014-10-17 15:15 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-10-17 00:35 - 2014-10-17 00:35 - 00000000 ____D () C:\ProgramData\Autodesk
2014-10-17 00:34 - 2014-10-17 00:35 - 00000000 ____D () C:\Users\Arkly\AppData\Local\Akamai
2014-10-17 00:23 - 2014-10-17 00:24 - 11463040 _____ () C:\Users\Arkly\Downloads\Autodesk_Maya_2014_wi_en-US_Setup.exe
2014-10-15 23:16 - 2014-10-15 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-15 23:15 - 2014-10-21 16:10 - 00003904 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-15 23:15 - 2014-10-21 16:10 - 00003652 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-15 23:15 - 2014-10-21 16:10 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-15 23:15 - 2014-10-21 16:10 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-15 23:15 - 2014-10-15 23:15 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-15 23:14 - 2014-10-15 23:14 - 00880272 _____ (Google Inc.) C:\Users\Arkly\Downloads\ChromeSetup.exe
2014-10-15 02:44 - 2014-10-15 02:44 - 00000000 ____D () C:\Users\Arkly\Documents\kh
2014-10-15 00:05 - 2014-10-15 00:15 - 1310170560 _____ (Unity Technologies ApS) C:\Users\Arkly\Downloads\UnitySetup-4.5.5.exe
2014-10-14 13:16 - 2014-10-14 13:17 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-10-14 13:16 - 2014-10-14 13:16 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-10-14 13:16 - 2014-10-14 13:16 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-10-14 13:14 - 2014-10-14 13:16 - 00000000 ____D () C:\Program Files\My Dell
2014-10-14 12:54 - 2014-10-14 12:54 - 00003838 _____ () C:\Windows\System32\Tasks\Mantenimiento automático
2014-10-14 12:37 - 2011-05-31 19:52 - 00036160 _____ (TuneUp Software) C:\Windows\system32\uxtuneup.dll
2014-10-14 12:37 - 2011-05-31 19:52 - 00025920 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll
2014-10-14 12:37 - 2011-05-31 19:52 - 00021312 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll
2014-10-14 12:37 - 2011-05-31 19:51 - 00030016 _____ (TuneUp Software) C:\Windows\SysWOW64\uxtuneup.dll
2014-10-12 21:47 - 2014-10-14 12:37 - 00002193 _____ () C:\Users\Arkly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities.lnk
2014-10-12 21:47 - 2014-10-12 21:47 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities
2014-10-12 21:46 - 2014-10-14 12:37 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2010
2014-10-12 21:46 - 2014-10-12 21:46 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-10-12 21:41 - 2014-10-21 16:51 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-12 21:41 - 2014-10-17 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-12 21:41 - 2014-10-17 21:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-12 21:41 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-12 21:41 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-12 21:39 - 2014-10-12 21:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-10-12 21:39 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-12 19:09 - 2014-10-12 19:09 - 00000000 ____D () C:\Users\Arkly\AppData\Local\Macromedia
2014-10-12 19:08 - 2014-10-14 23:38 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-12 19:08 - 2014-10-14 23:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-12 17:50 - 2014-10-12 17:50 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\Mozilla
2014-10-12 17:24 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-10-12 17:16 - 2014-10-12 17:16 - 00244136 _____ () C:\Users\Arkly\Downloads\Firefox Setup Stub 32.0.3.exe
2014-10-12 17:16 - 2014-10-12 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-10-12 15:49 - 2014-10-12 17:16 - 00001844 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-10-12 15:48 - 2014-10-12 15:49 - 00000000 ____D () C:\Program Files\McAfee
2014-10-12 15:48 - 2014-10-12 15:48 - 00000000 ____D () C:\Program Files\McAfee.com
2014-10-12 15:48 - 2014-10-12 15:48 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-10-12 15:42 - 2014-10-12 17:23 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-10-12 15:42 - 2014-07-18 09:01 - 00189912 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2014-10-12 13:16 - 2014-10-21 16:13 - 00522901 _____ () C:\Windows\WindowsUpdate.log
2014-10-11 19:51 - 2014-10-12 21:48 - 00003304 _____ () C:\Windows\System32\Tasks\ToolwizCareFree
2014-10-11 19:40 - 2014-10-11 19:51 - 00001082 _____ () C:\Users\UpdatusUser\Desktop\Toolwiz Care.lnk
2014-10-11 19:40 - 2014-10-11 19:40 - 00000000 ___HD () C:\Users\Arkly\Desktop\TOOLWIZ
2014-10-11 00:45 - 2014-10-11 00:45 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-10-11 00:45 - 2014-10-11 00:45 - 00000000 ____D () C:\Windows\system32\NV
2014-10-11 00:36 - 2014-10-11 00:44 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-11 00:36 - 2014-10-11 00:36 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2014-10-11 00:36 - 2014-04-20 21:04 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Macromedia
2014-10-11 00:36 - 2013-10-23 09:20 - 06669600 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-10-11 00:36 - 2013-10-23 09:20 - 03489568 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-10-11 00:36 - 2013-10-23 09:20 - 03426956 _____ () C:\Windows\system32\nvcoproc.bin
2014-10-11 00:36 - 2013-10-23 09:20 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-10-11 00:36 - 2013-10-23 09:20 - 01064224 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2014-10-11 00:36 - 2013-10-23 09:20 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-10-11 00:36 - 2013-10-23 09:20 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-10-11 00:36 - 2013-10-23 09:20 - 00067072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2014-10-11 00:36 - 2013-10-23 09:20 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-10-11 00:36 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-11 00:36 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-11 00:35 - 2014-10-11 00:46 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-10-11 00:35 - 2014-10-11 00:43 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-10-11 00:35 - 2014-10-11 00:43 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-10-11 00:35 - 2013-12-18 14:42 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-10-11 00:35 - 2013-12-18 14:42 - 00023287 _____ () C:\Windows\system32\nvinfo.pb
2014-10-11 00:35 - 2011-11-04 05:19 - 01543488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco64.dll
2014-10-11 00:35 - 2011-11-04 05:19 - 01454912 _____ (NVIDIA Corporation) C:\Windows\system32\nvgenco64.dll
2014-10-11 00:35 - 2011-11-04 05:19 - 00371520 _____ (NVIDIA Corporation) C:\Windows\system32\nvoptimusmft.dll
2014-10-11 00:35 - 2011-11-04 05:19 - 00364352 _____ (NVIDIA Corporation) C:\Windows\system32\nvdecodemft.dll
2014-10-11 00:35 - 2011-11-04 05:19 - 00330560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoptimusmft.dll
2014-10-11 00:35 - 2011-11-04 05:19 - 00301888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
2014-10-11 00:35 - 2011-11-04 05:19 - 00068928 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-10-11 00:35 - 2011-11-04 05:19 - 00061248 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-10-10 23:34 - 2011-05-31 19:57 - 00034624 _____ (TuneUp Software) C:\Windows\system32\TURegOpt.exe
2014-10-10 21:24 - 2014-10-10 21:25 - 00000000 ____D () C:\Users\Arkly\Desktop\computer games development
2014-10-09 11:05 - 2014-10-11 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2014-10-07 18:45 - 2014-08-19 19:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-07 18:45 - 2014-08-19 18:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-07 18:45 - 2014-08-19 00:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-07 18:45 - 2014-08-18 23:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-07 18:45 - 2014-08-18 23:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-07 18:45 - 2014-08-18 23:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-07 18:45 - 2014-08-18 23:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-07 18:45 - 2014-08-18 23:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-07 18:45 - 2014-08-18 23:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-07 18:45 - 2014-08-18 23:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-07 18:45 - 2014-08-18 23:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-07 18:45 - 2014-08-18 23:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-07 18:45 - 2014-08-18 23:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-07 18:45 - 2014-08-18 23:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-07 18:45 - 2014-08-18 23:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-07 18:45 - 2014-08-18 23:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-07 18:45 - 2014-08-18 23:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-07 18:45 - 2014-08-18 23:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-07 18:45 - 2014-08-18 23:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-07 18:45 - 2014-08-18 22:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-07 18:45 - 2014-08-18 22:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-07 18:45 - 2014-08-18 22:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-07 18:45 - 2014-08-18 22:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-07 18:45 - 2014-08-18 22:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-07 18:45 - 2014-08-18 22:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-07 18:45 - 2014-08-18 22:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-07 18:45 - 2014-08-18 22:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-07 18:45 - 2014-08-18 22:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-07 18:45 - 2014-08-18 22:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-07 18:45 - 2014-08-18 22:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-07 18:45 - 2014-08-18 22:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-07 18:45 - 2014-08-18 22:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-07 18:45 - 2014-08-18 22:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-07 18:45 - 2014-08-18 22:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-07 18:45 - 2014-08-18 22:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-07 18:45 - 2014-08-18 22:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-07 18:45 - 2014-08-18 22:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-07 18:45 - 2014-08-18 22:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-07 18:45 - 2014-08-18 22:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-07 18:45 - 2014-08-18 22:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-07 18:45 - 2014-08-18 22:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-07 18:45 - 2014-08-18 22:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-07 18:45 - 2014-08-18 22:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-07 18:45 - 2014-08-18 22:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-07 18:45 - 2014-08-18 22:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-07 18:45 - 2014-08-18 22:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-07 18:45 - 2014-08-18 22:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-07 18:45 - 2014-08-18 22:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-07 18:45 - 2014-08-18 22:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-07 18:45 - 2014-08-18 22:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-07 18:45 - 2014-08-18 22:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-07 18:45 - 2014-08-18 21:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-07 18:45 - 2014-08-18 21:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-07 18:45 - 2014-08-18 21:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-07 18:45 - 2014-08-18 21:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-07 18:45 - 2014-08-18 21:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-04 20:20 - 2014-10-04 20:20 - 00000000 ____D () C:\ProgramData\Citrix
2014-10-04 20:13 - 2014-10-04 20:13 - 00000000 ____D () C:\Users\Arkly\AppData\Local\Citrix
2014-10-04 20:13 - 2014-10-04 20:13 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-10-04 19:51 - 2014-10-12 21:43 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-04 18:05 - 2014-10-06 00:15 - 00000000 ____D () C:\Users\Arkly\AppData\Temp
2014-10-04 17:57 - 2014-10-04 17:57 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2014-10-04 17:57 - 2014-10-04 17:57 - 00000385 _____ () C:\Users\Arkly\AppData\Roaminguser_gensett.xml
2014-10-04 17:56 - 2014-10-04 17:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-10-04 17:56 - 2014-10-04 17:56 - 00000000 ____D () C:\ProgramData\BDLogging
2014-10-04 17:56 - 2013-11-04 15:47 - 00074512 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll
2014-10-04 17:56 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2014-10-04 16:54 - 2014-10-04 16:54 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\ESET
2014-10-04 16:54 - 2014-10-04 16:54 - 00000000 ____D () C:\Users\Arkly\AppData\Local\ESET
2014-10-04 16:50 - 2014-10-04 16:50 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\QuickScan
2014-10-04 16:50 - 2014-10-04 16:50 - 00000000 _____ () C:\Windows\system32\BDSandBoxUISkin32.dll
2014-10-04 16:50 - 2013-11-04 15:47 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUISkin.dll
2014-10-04 16:50 - 2013-11-04 15:46 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUH.dll
2014-10-04 16:16 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-10-04 16:16 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-10-04 16:15 - 2014-09-09 23:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-04 16:15 - 2014-09-09 22:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-10-04 16:14 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-04 16:14 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-04 16:14 - 2014-09-05 03:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-04 16:14 - 2014-09-05 03:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-04 16:14 - 2014-08-01 12:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-10-04 16:14 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-10-04 16:14 - 2014-07-07 03:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-10-04 16:14 - 2014-07-07 03:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-10-04 16:14 - 2014-07-07 02:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-10-04 16:14 - 2014-07-07 02:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-10-04 16:14 - 2014-07-07 02:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-10-04 16:14 - 2014-06-24 04:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-10-04 16:14 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-27 15:54 - 2014-09-27 15:54 - 00319326 _____ () C:\Users\Arkly\Downloads\crimson.zip
2014-09-22 19:41 - 2014-09-23 12:29 - 00000000 ____D () C:\Users\Arkly\AppData\Local\NVIDIA Corporation
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-21 16:17 - 2009-07-14 05:45 - 00028528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-21 16:17 - 2009-07-14 05:45 - 00028528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-21 16:13 - 2009-07-14 06:13 - 00782596 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-21 16:09 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-21 13:36 - 2014-04-03 15:01 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\SoftGrid Client
2014-10-21 10:49 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-20 11:40 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-20 11:34 - 2014-04-24 15:18 - 00000000 ____D () C:\Windows\erdnt
2014-10-20 11:17 - 2014-08-03 14:42 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-20 02:01 - 2014-04-24 16:41 - 00000000 ____D () C:\Users\Arkly\AppData\Local\CrashDumps
2014-10-20 01:23 - 2014-04-03 16:43 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\vlc
2014-10-19 19:05 - 2014-04-03 15:33 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\Skype
2014-10-19 13:48 - 2014-04-03 15:20 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\BatteryCare
2014-10-18 19:33 - 2014-04-21 14:28 - 00001456 _____ () C:\Users\Arkly\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-10-17 22:03 - 2014-06-11 16:47 - 00000000 ____D () C:\Users\Arkly\Desktop\images
2014-10-17 00:35 - 2014-04-21 13:25 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\Autodesk
2014-10-17 00:34 - 2014-04-21 13:22 - 00000000 ____D () C:\Autodesk
2014-10-16 21:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-15 23:16 - 2014-04-02 21:52 - 00000000 ____D () C:\Users\Arkly\AppData\Local\Google
2014-10-14 23:38 - 2014-04-06 11:04 - 00000000 ____D () C:\Users\Arkly\AppData\Local\Adobe
2014-10-14 15:37 - 2014-04-07 17:13 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance
2014-10-14 13:43 - 2014-04-02 21:52 - 00000000 ____D () C:\Users\Arkly\AppData\Local\Deployment
2014-10-14 13:20 - 2014-04-04 23:21 - 00000000 ____D () C:\temp
2014-10-14 13:16 - 2014-08-06 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-10-14 13:10 - 2014-04-02 21:52 - 00000000 ____D () C:\Users\Arkly\AppData\Local\Apps\2.0
2014-10-12 21:41 - 2014-04-03 15:12 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\Malwarebytes
2014-10-12 17:12 - 2014-08-13 00:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-10-12 15:49 - 2014-04-02 21:27 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-10-12 14:44 - 2014-08-10 17:55 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\Notepad++
2014-10-12 14:43 - 2014-04-03 15:31 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\Foxit Reader
2014-10-11 00:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2014-10-11 00:05 - 2014-04-25 09:20 - 00000000 ____D () C:\Windows\Minidump
2014-10-10 22:49 - 2014-07-18 22:44 - 00000000 ____D () C:\Windows\pss
2014-10-10 22:49 - 2014-07-17 22:41 - 00000000 ___RD () C:\Users\Arkly\Dropbox
2014-10-10 22:48 - 2014-07-17 22:39 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\Dropbox
2014-10-09 11:06 - 2014-04-05 20:31 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-07 19:01 - 2014-04-03 00:45 - 00766566 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-10-06 16:32 - 2014-05-07 18:42 - 00000132 _____ () C:\Users\Arkly\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-10-04 18:07 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-10-04 16:22 - 2014-04-02 22:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-04 16:17 - 2014-04-02 22:37 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-04 16:16 - 2014-04-25 17:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-27 14:14 - 2014-06-15 14:51 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\Foxit Software
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-16 21:05
 
==================== End Of Log ============================
 
 
_________________________
 
 Second log 
_________________________
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-10-2014
Ran by Arkly at 2014-10-21 16:56:22
Running from C:\Users\Arkly\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Autodesk SketchBook Pro 6.0.1 (HKLM-x32\...\{783C27F9-EF0B-4B81-8464-8592AE8CB5B8}) (Version: 6.01.0000 - Autodesk)
BatteryCare 0.9.12.1 (HKLM-x32\...\{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1) (Version: 0.9.12.1 - Filipe Lourenço)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
CleanMem (HKLM-x32\...\CleanMem) (Version: v2.4.3 - PcWinTech.com)
CyberLink PowerDVD 9.6 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.6.1.3522 - CyberLink Corp.)
CyberLink PowerDVD 9.6 (x32 Version: 9.6.1.3522 - CyberLink Corp.) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.4.1128 - Foxit Corporation)
Free Internet Window Washer (HKLM-x32\...\Free Internet Window Washer) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.64.1 - JMicron Technology Corp.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1248 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 - English (HKLM-x32\...\{90140011-0061-0409-0000-0000000FF1CE}) (Version: 14.0.7128.5001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.15.2 (Version: 1.15.2 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.22 - Dell Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.34.1130.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6263 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spyder3Elite (HKLM-x32\...\Spyder3Elite) (Version:  - )
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
TuneUp Utilities (HKLM-x32\...\TuneUp Utilities) (Version: 9.0.6000.21 - TuneUp Software)
TuneUp Utilities (x32 Version: 9.0.6000.21 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (es-ES) (x32 Version: 9.0.6000.21 - TuneUp Software) Hidden
Unity (HKLM-x32\...\Unity) (Version: 4.5.5f1 - Unity Technologies ApS)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.1.7-3 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4283612145-3875195018-3230280069-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Arkly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4283612145-3875195018-3230280069-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arkly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4283612145-3875195018-3230280069-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arkly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4283612145-3875195018-3230280069-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arkly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4283612145-3875195018-3230280069-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arkly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4283612145-3875195018-3230280069-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arkly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4283612145-3875195018-3230280069-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arkly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4283612145-3875195018-3230280069-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arkly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4283612145-3875195018-3230280069-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arkly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
20-10-2014 10:53:25 End of disinfection
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2014-10-20 11:22 - 00000000 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {541DCD6A-740A-4587-A359-6EA77D66E126} - System32\Tasks\ToolwizCareFree => C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe
Task: {66E5F2E0-CB9D-483F-9A0C-95A15150C56E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-15] (Google Inc.)
Task: {6B2E8983-0BBC-4D35-AED2-A0A9D63AEB18} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-15] (Google Inc.)
Task: {7742416D-F75D-4B53-A347-60A4EFF817BF} - System32\Tasks\Mantenimiento automático => C:\Program Files (x86)\TuneUp Utilities 2010\OneClickStarter.exe [2011-05-31] (TuneUp Software)
Task: {81B2FB64-FF07-40C3-A03C-7AF062AEA246} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {86970AF3-C8B3-412E-BDA6-F4B38EED735A} - System32\Tasks\Clean System Memory => C:\Windows\syswow64\CleanMem.exe [2012-09-20] (PcWinTech.com)
Task: {9AB24CA7-3138-439C-9F61-7F74716D8B70} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe [2011-05-31] (TuneUp Software)
Task: {AC042521-C955-40F9-AE4C-B6AAA97A1E03} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-12-21] (Adobe Systems Incorporated)
Task: {CD70337F-E4C8-4589-B990-6225204F2092} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {F82234BF-7B6B-4EC1-98A8-E182D768D72A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-05-26 18:20 - 2011-06-06 14:23 - 01183096 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-04-02 20:27 - 2010-12-17 10:25 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2014-04-03 15:19 - 2012-07-26 08:27 - 00252928 _____ () C:\Program Files (x86)\BatteryCare\OpenHardwareMonitorLib.dll
2014-10-15 23:16 - 2014-10-10 03:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll
2014-10-15 23:16 - 2014-10-10 03:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
2014-10-07 21:39 - 2014-10-07 21:39 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\41a544b3d834e3b57bc39d446c7666bc\IsdiInterop.ni.dll
2014-04-02 20:23 - 2011-01-12 17:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-10-16 11:17 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-10-16 11:17 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Arkly\AppData\Local\Temporary Internet Files:LGtbJmDK1pUB4reJLfINRR
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\startupfolder: C:^Users^Arkly^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: NVHotkey => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-4283612145-3875195018-3230280069-500 - Administrator - Disabled)
Arkly (S-1-5-21-4283612145-3875195018-3230280069-1000 - Administrator - Enabled) => C:\Users\Arkly
Guest (S-1-5-21-4283612145-3875195018-3230280069-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4283612145-3875195018-3230280069-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-4283612145-3875195018-3230280069-1006 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/21/2014 04:09:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/21/2014 04:06:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/21/2014 00:49:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/21/2014 11:25:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/21/2014 10:53:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/21/2014 10:50:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/21/2014 09:18:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/20/2014 10:19:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/20/2014 05:41:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/20/2014 05:38:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (10/21/2014 04:10:25 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (10/21/2014 04:10:24 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (10/21/2014 04:10:24 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (10/21/2014 04:10:23 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (10/21/2014 04:10:23 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (10/21/2014 11:24:47 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:23:44 on ‎21/‎10/‎2014 was unexpected.
 
Error: (10/20/2014 05:41:05 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 17:39:51 on ‎20/‎10/‎2014 was unexpected.
 
Error: (10/20/2014 02:08:34 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR4.
 
Error: (10/20/2014 02:08:33 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR4.
 
Error: (10/20/2014 02:08:33 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR4.
 
 
Microsoft Office Sessions:
=========================
Error: (10/21/2014 04:09:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/21/2014 04:06:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/21/2014 00:49:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/21/2014 11:25:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/21/2014 10:53:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/21/2014 10:50:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/21/2014 09:18:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/20/2014 10:19:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/20/2014 05:41:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/20/2014 05:38:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-05 23:35:22.674
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-05 23:35:22.658
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-05 10:18:33.408
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-05 10:18:33.405
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-05 10:18:10.453
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2860QM CPU @ 2.50GHz
Percentage of memory in use: 25%
Total physical RAM: 8086.17 MB
Available physical RAM: 6044.68 MB
Total Pagefile: 16170.52 MB
Available Pagefile: 13360.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:418.23 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:465.76 GB) (Free:465.62 GB) NTFS
Drive h: () (Fixed) (Total:465.76 GB) (Free:239.23 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B95073E6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 57DB00A3)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: EE49AE1C)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

Edited by johnbird, 21 October 2014 - 11:07 AM.


#4 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 23 October 2014 - 12:09 PM

Hello johnbird,

Thank you for the given logs and sorry for the little delay.

First, I want to note something important. I can see that you have posted a topic in another forum for the same issue. While I can see that you have not replied there, I want to make clear that cross-writing in the two places is unadvisable. Working simultaneously on the both places will cause problems for both your helpers.

If you want to continue fixing your system, please, notify me in your next post.

*********************

After reviewing your logs, I can see that you have multiple optimization program installed on the system.
 

CleanMem
Free Internet Window Washer
TuneUp Utilities
Toolwiz

 

That kind of software, while sounding good, may cause more damage to your system than fixing things for you. Most of these programs include options like RAM optimization, Network optimization, CPU optimization and Registry cleanup. All of these, in fact, are useless because of the mechanics of modern operating systems.

The slowness that you are experiencing on your system may be a result from the presence of this type of software.

If you decide to remove them from the system, please, follow the steps bellow:

  • Press Windows key + R simultaneously. A new window should appear.
  • Please, type control and press Enter.
    • If you use Category mode, click Uninstall a program.
    • If you use Icons mode, click Program and Features.
  • Right-click on the desired entry and choose Remove or Change/Remove to uninstall the program

Note: If the system ask for a restart, please, do so.

Repeat the steps for every item mentioned above.

Note: The Toolwiz entry may not be present in the Programs installed list. If so, don't worry, we will remove the related entries.

********************
 
If you are not using Netscape, you can safely remove the following entry in the Program installed list by following the steps above:
 

WebTablet Netscape Plugin

 
********************
 
I have found signs that there were couple of specialized tools ran on your system. Did you run this on your own or you were getting help from an another helper? Did you use them because of the detection from MBAM?

********************

I will want to see the last detection from Malwarebytes' Anti-Malware. Please, follow the steps bellow:

  • Press Windows key + R simultaniously. A new windows should appear:
  • Please, enter the following string and press Enter:
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
  • A new window should popup.
  • Please, locate the latest scanlog from Malwarebytes than includes the Trojan.Agent.ED detection.

Note: The scanlogs are named using the following structure - mbam-log-yyyy-mm-dd. If you are not sure on what date the detection was made, you can simply open the latest scanlogs by double-clicking them to see if the detection is present.

When you find it, please, post the content of the file in your next reply.

*********************

In your next post, I will be waiting for:

  • Answers to my questions above.
  • Information, if you have decided to uninstall the optimization software found on your system.
  • Scanlog from Malwarebytes' Anti-Malware.

Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#5 johnbird

johnbird
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 23 October 2014 - 02:26 PM

Hi Stan,

 

Thanks,

 

To answer your question on your last post,

 

1_Optimization program installed on my system:

I have removed them from my system, but as you mention in your post the Toolwiz entry is not present so I will wait for further instructions.

 

 

2_Specialized tools ran on your system:

Did you run this on your own : Yes, I from time to time I run them to keep the computer clean and clear of junk and other stuff that might be there and I am not aware. I usually don’t have any problems running these programs.  

 

Malwarebytes' Anti-Malware log:

 

<?xml version="1.0" encoding="UTF-8" ?>

<logs>

   <record severity="debug" scantype="threat" LoggingEventType="6" starttime="2014-10-19T02:25:34+01:00" datetime="2014-10-19T02:38:36.070154+01:00" source="Manual" type="Scan" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="7d7ad592-5c8a-41e3-a8fe-d70da9296a88" duration="781" malwaredetections="0" nonmalwaredetections="0" scanresult="completed"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T13:15:59.800473+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="a151f78f-8704-47f6-98e7-353302cf5263" result="Starting" subtype="Malware Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T13:15:59.816073+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="12152053-623a-4499-95e1-71147ed11f6b" result="Started" subtype="Malware Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T13:15:59.816073+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="421ec61e-feb1-43c1-9a1e-647ad3ecb540" result="Starting" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T13:16:18.785707+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="ab997f56-6311-4a4b-8d27-797c142a7f64" result="Started" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="1" datetime="2014-10-19T13:29:59.395141+01:00" source="Manual" type="Update" username="SYSTEM" systemname="ARKLY-PC" fromVersion="2014.10.18.7" last_modified_tag="692c33f1-ed2b-4107-a028-e5614b6807eb" name="Malware Database" toVersion="2014.10.19.5"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T13:29:59.426341+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="cd9f9428-e7bc-4b24-b44b-c56a6ad8d263" result="Starting" subtype="Refresh"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T13:29:59.426341+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="ee2cea27-6928-48d9-98bd-bf43222f6267" result="Stopping" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T13:29:59.457541+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="eed7c589-381a-42a4-adca-4d1348f1ba13" result="Stopped" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T13:30:03.756349+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="68986a08-4869-41df-8f48-961e28b855f0" result="Success" subtype="Refresh"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T13:30:03.787549+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="e42ee676-2996-4048-bfdb-1895ca3b2cc5" result="Starting" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T13:30:03.990349+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="c34d4699-e731-4476-9402-da764b47e807" result="Started" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T13:48:03.714917+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="9e2ee4ee-d292-4e13-8c6d-06dbff3aefd4" result="Starting" subtype="Malware Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T13:48:03.761717+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="e9f5a14c-034d-4415-aac6-9875160c6174" result="Started" subtype="Malware Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T13:48:03.777317+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="bbb40998-9d0b-4d0c-9d87-2ffddaafc597" result="Starting" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T13:48:10.968930+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="b400e375-ad0f-4b34-8ac4-6d2f2e05b036" result="Started" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T14:19:29.599306+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="34ed46bf-b639-4e6f-8fb0-2fb11a9bbd55" result="Starting" subtype="Malware Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T14:19:30.332507+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="989d2287-a4b6-4a16-b786-f41fbcabef60" result="Started" subtype="Malware Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T14:19:30.363707+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="d5f4b90e-b9fb-4f95-8506-531f3c2a23bc" result="Starting" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T14:20:43.309435+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="17765695-84f6-4cf8-bafd-3def6bf641b6" result="Started" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T14:26:37.912101+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="2516ee4e-681a-4bd8-84bb-fb081a5340bf" result="Starting" subtype="Malware Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T14:26:38.598502+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="01bde00a-e9af-4e7b-95c0-ed40c9d398e9" result="Started" subtype="Malware Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T14:26:38.645302+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="897bbb66-bbb3-4958-925c-f60b6c290569" result="Starting" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T14:27:49.134626+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="52ddd9be-6206-4884-803a-ba5a0ab2c8a7" result="Started" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T14:48:17.792900+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="7a053e5e-67b2-4d6b-9d53-00af78dfad5c" result="Starting" subtype="Malware Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T14:48:17.808500+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="d921da8a-ee2e-4cf6-a51a-4a44578ce786" result="Started" subtype="Malware Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T14:48:17.839700+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="5e2a5a84-aae1-4855-9f9c-e18b95e50395" result="Starting" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T14:48:39.133738+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="d6b6ffe4-bb83-47b2-bab9-7dfa302c68ee" result="Started" subtype="Malicious Website Protection"></record>

   <record severity="debug" vendor="Trojan.Agent.ED" LoggingEventType="0" datetime="2014-10-19T14:50:24.854725+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="c3f4b794-9422-44a5-83dd-8f2afdcac276" subtype="Malware Protection" action="Quarantine" filename="C:\Users\Arkly\AppData\Local\Temp\nsvBDE3.tmp\nsExec.dll" hash="137e160093e9dc5af554b61de120a25e" malwaretype="File" message=""></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T14:59:37.530058+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="eaeea67c-ec5a-40fc-b2d3-75e50113cdd6" result="Starting" subtype="Malware Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T14:59:37.592458+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="cb6f410f-6a44-4732-86aa-3e6c78f709ab" result="Started" subtype="Malware Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T14:59:37.608058+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="4c2c61ec-25aa-4dd5-b706-a7dc34846d41" result="Starting" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T14:59:59.260896+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="e3f1ffb7-c6aa-4a27-9db0-aadfb666947e" result="Started" subtype="Malicious Website Protection"></record>

   <record severity="debug" vendor="Trojan.Agent.ED" LoggingEventType="0" datetime="2014-10-19T15:06:05.484142+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="bc8dd808-735b-4f78-bf11-0cb6ffbbd9b1" subtype="Malware Protection" action="Quarantine" filename="C:\Users\Arkly\AppData\Local\Temp\nss5BB8.tmp\nsExec.dll" hash="0f8256c025573600fe4b0cc748b901ff" malwaretype="File" message=""></record>

   <record severity="debug" vendor="Trojan.Agent.ED" LoggingEventType="0" datetime="2014-10-19T15:48:31.725361+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="028a686c-ea84-42f0-87af-afa440643a6d" subtype="Malware Protection" action="Quarantine" filename="C:\Users\Arkly\AppData\Local\Temp\nsi2D2A.tmp\nsExec.dll" hash="4f42a6702d4fd165183132a145bcd729" malwaretype="File" message=""></record>

   <record severity="debug" LoggingEventType="1" datetime="2014-10-19T16:00:00.947982+01:00" source="Scheduler" type="Update" username="SYSTEM" systemname="ARKLY-PC" fromVersion="2014.10.19.5" last_modified_tag="c2e32cf0-d07b-4c20-a69a-166dab6b1819" name="Malware Database" toVersion="2014.10.19.6"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T16:00:00.967983+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="4db88f80-f3b4-4b1c-adf2-19e5dd7a72a9" result="Starting" subtype="Refresh"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T16:00:00.974984+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="5820a825-b6ae-4a4b-8aa4-5c220d364cac" result="Stopping" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T16:00:00.992985+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="13181614-e69e-4527-b40d-7af19f690c6f" result="Stopped" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T16:00:05.353234+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="79319548-2e3a-4cdc-8895-9efba73b5deb" result="Success" subtype="Refresh"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T16:00:05.376235+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="64298a5c-b4cc-4cff-aa8b-8170a4d1d009" result="Starting" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T16:00:05.579247+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="dbc682a1-823e-4ee7-b831-86759b9da5c7" result="Started" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T16:47:09.413247+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="87a8fac7-6797-4e42-a3f0-c16079911979" result="Starting" subtype="Malware Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T16:47:09.428847+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="508b7d6e-2b60-4832-ac1f-eba8c950515c" result="Started" subtype="Malware Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T16:47:09.460047+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="8f18512e-7c91-4563-be7f-78d7343d7533" result="Starting" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T16:47:47.950115+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="80f95ce1-efd2-4f6d-81c1-d4dc322040d0" result="Started" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="6" datetime="2014-10-19T17:00:03.776788+01:00" source="Manual" type="Scan" username="SYSTEM" systemname="ARKLY-PC" duration="700" last_modified_tag="f16a155a-8172-4a1a-afbe-c3bc763dc2c8" malwaredetections="0" nonmalwaredetections="0" scanresult="completed" scantype="threat" starttime="2014-10-19T16:48:22+01:00"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T18:24:49.823654+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="9fc12d2a-1d74-490c-9e14-ffb25a8c00ce" result="Starting" subtype="Malware Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T18:24:49.854854+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="411fad90-6878-48c0-9bec-05a8d34084f5" result="Started" subtype="Malware Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T18:24:49.870454+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="6d974660-be0d-4dec-adf8-c7926240b612" result="Starting" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T18:25:24.759315+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="959e0cde-43ad-4c9a-a00e-ca2f2df65fb2" result="Started" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="1" datetime="2014-10-19T18:51:25.072399+01:00" source="Scheduler" type="Update" username="SYSTEM" systemname="ARKLY-PC" fromVersion="2014.10.19.6" last_modified_tag="0c1342a9-b229-40df-acb3-0b2812a54bb3" name="Malware Database" toVersion="2014.10.19.7"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T18:51:25.092399+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="2c540f02-441c-494c-9759-bce430ce113c" result="Starting" subtype="Refresh"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T18:51:25.092399+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="1ff3301c-89b1-4ac0-8203-5e4074bcf377" result="Stopping" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T18:51:25.122399+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="6dde1bf9-da07-47c8-af1c-cdaed7d43ff0" result="Stopped" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T18:51:29.130405+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="3a849f76-bd17-426b-9d5f-ce8da93873dd" result="Success" subtype="Refresh"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T18:51:29.150405+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="5fc57425-c958-412e-8b29-088229d163d4" result="Starting" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T18:51:29.350406+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="83140fb3-4393-45f4-bd29-f644ed4fa30b" result="Started" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T19:08:07.756043+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="1755f9a7-a8d1-4045-bcd5-9d3e0abf2aff" result="Starting" subtype="Malware Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T19:08:07.865243+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="7ae216a5-e355-4e9a-88c0-cbda2e35f076" result="Started" subtype="Malware Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T19:08:07.880843+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="9c058d17-5ab5-4af5-a9e5-e91b2903b72c" result="Starting" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T19:08:50.653318+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="1cd36ce8-c961-4e4a-b564-dd84ee74c238" result="Started" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T19:19:32.927656+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="92dc5de6-c804-4955-b476-fcf57bf7fb3d" result="Starting" subtype="Malware Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T19:19:32.958856+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="a1bf07c1-ac3c-4ab6-856d-7fa6d22cc68b" result="Started" subtype="Malware Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T19:19:33.005656+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="c5017444-e2ee-46d8-a653-8f925b859c77" result="Starting" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T19:20:08.448118+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="e2726718-c1f7-4473-8e9d-c39044861882" result="Started" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="6" datetime="2014-10-19T21:25:05.832504+01:00" source="Manual" type="Scan" username="SYSTEM" systemname="ARKLY-PC" duration="4263" last_modified_tag="39214273-e896-42f9-b895-7d4ce1d33791" malwaredetections="0" nonmalwaredetections="0" scanresult="completed" scantype="custom" starttime="2014-10-19T20:14:02+01:00"></record>

   <record severity="debug" name="Malware Database" LoggingEventType="1" toVersion="2014.10.19.8" datetime="2014-10-19T21:52:04.346376+01:00" source="Scheduler" type="Update" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="446a9c41-eb09-47b3-83bc-c1a1841e767f" fromVersion="2014.10.19.7"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T21:52:04.417381+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="b4d53e7f-f5c2-4835-96ae-d10622c30b32" result="Starting" subtype="Refresh"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T21:52:04.423381+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="e3e06706-bc14-438e-9f8f-c0b8cc751ba0" result="Stopping" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T21:52:04.930410+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="1b7ba35a-aace-477e-891d-4a1d7e80a0cb" result="Stopped" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T21:52:23.596478+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="31d86ec9-2be4-4a82-8c9c-ca1b3e96bb6b" result="Success" subtype="Refresh"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T21:52:23.642480+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="784bc267-b31f-4ca4-b0e2-595b138903c6" result="Starting" subtype="Malicious Website Protection"></record>

   <record severity="debug" LoggingEventType="2" datetime="2014-10-19T21:52:23.907495+01:00" source="Protection" type="Protection" username="SYSTEM" systemname="ARKLY-PC" last_modified_tag="8a6da779-060b-4271-8135-e44eaa61e7bc" result="Started" subtype="Malicious Website Protection"></record>

</logs>



#6 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 24 October 2014 - 02:03 AM

Hello johnbird,

I'm glad to head that you have removed the optimization software from your system. We will take care for the rest of entries later in this post.
 

Yes, I from time to time I run them to keep the computer clean and clear of junk and other stuff that might be there and I am not aware. I usually don’t have any problems running these programs.

 

While using an automated tools like Malwarebytes' Anti-Malware, ESET Online Scanner, AdwCleaner and etc. is not forbidden, ComboFix shouldn't be used when not under the guidiance of trusted helper. ComboFix is pretty powerful tool. While it has helped thousands of people, there are always chances that something may go wrong.

Thank you for the provided MAM log. While it was not exactly what I wanted to see, it still does the job. I can see where the detection was found.

********************

 

This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

  • Please download the attached fixlist.txt file and save it to the same location as FRST - Attached File  fixlist.txt   572bytes   6 downloads

Note: It's important that both files, FRST.exe and fixlist.txt are in the same location or the fix will not work. In your case, this should be the Desktop.

  • Run FRST.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
  • When finished, FRST will generate a log - Fixlog.txt - in the same location the tool was run.

Please, post the content of the log file in your next reply.

 

********************

 

Please, start FRST again. When you start the tool, please, check the checkbox in front of Addition.txt in the Optional Scan section. Then run a new scan with it as explained in post number 2.

 

********************

 

In your next post, I will be waiting for:

  • Fixlog.txt
  • FRST.txt
  • Addition.txt
  • How is your system running now? Do you experience any performance improvement?

Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#7 johnbird

johnbird
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 25 October 2014 - 12:06 PM

Hi Stan,

 

Thank you 

 

Sorry to provided you with the wrong thing, 

 

The computer is running smooth now, which is good:)

 

Ok, here are the logs:

 

 

Fixlog

_____________________

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-10-2014
Ran by Arkly at 2014-10-25 17:53:12 Run:1
Running from C:\Users\Arkly\Desktop
Loaded Profile: Arkly (Available profiles: Arkly & UpdatusUser)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
2014-10-11 19:40 - 2014-10-11 19:51 - 00001082 _____ () C:\Users\UpdatusUser\Desktop\Toolwiz Care.lnk
2014-10-11 19:40 - 2014-10-11 19:40 - 00000000 ___HD () C:\Users\Arkly\Desktop\TOOLWIZ
Task: {541DCD6A-740A-4587-A359-6EA77D66E126} - System32\Tasks\ToolwizCareFree => C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe
AlternateDataStreams: C:\Users\Arkly\AppData\Local\Temporary Internet Files:LGtbJmDK1pUB4reJLfINRR
Folder: C:\Program Files (x86)\ToolwizCareFree
 
 
 
*****************
 
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled" => Could not move.
C:\Users\UpdatusUser\Desktop\Toolwiz Care.lnk => Moved successfully.
C:\Users\Arkly\Desktop\TOOLWIZ => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{541DCD6A-740A-4587-A359-6EA77D66E126}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{541DCD6A-740A-4587-A359-6EA77D66E126}" => Key deleted successfully.
C:\Windows\System32\Tasks\ToolwizCareFree => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ToolwizCareFree" => Key deleted successfully.
"C:\Users\Arkly\AppData\Local\Temporary Internet Files" => ":LGtbJmDK1pUB4reJLfINRR" ADS not found.
 
========================= Folder: C:\Program Files (x86)\ToolwizCareFree ========================
 
Directory Not Found
 
==== End of Fixlog ====
 
 
____________________________________________________
 
FRST Log
____________________________________________________
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-10-2014
Ran by Arkly (administrator) on ARKLY-PC on 25-10-2014 17:55:37
Running from C:\Users\Arkly\Desktop
Loaded Profile: Arkly (Available profiles: Arkly & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Filipe Lourenço) C:\Program Files (x86)\BatteryCare\BatteryCare.exe
(Akamai Technologies, Inc.) C:\Users\Arkly\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Akamai Technologies, Inc.) C:\Users\Arkly\AppData\Local\Akamai\netsession_win.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
() Q:\140061.enu\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6560360 2010-12-08] (Realtek Semiconductor)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2010-11-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [642040 2014-08-05] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4283612145-3875195018-3230280069-1000\...\Run: [BatteryCare] => C:\Program Files (x86)\BatteryCare\BatteryCare.exe [740864 2012-12-03] (Filipe Lourenço)
HKU\S-1-5-21-4283612145-3875195018-3230280069-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Arkly\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4283612145-3875195018-3230280069-1000\...\Policies\Explorer: [HideSCAPower] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 89.101.160.4 89.101.160.5
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Arkly\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-10-12]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-15]
CHR Extension: (Google Docs) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-15]
CHR Extension: (Google Drive) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-15]
CHR Extension: (WOT) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-10-15]
CHR Extension: (YouTube) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-15]
CHR Extension: (Adblock Plus) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-15]
CHR Extension: (Google Search) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-15]
CHR Extension: (Google Sheets) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-15]
CHR Extension: (Google Wallet) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-15]
CHR Extension: (Gmail) - C:\Users\Arkly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [236016 2010-10-29] (CyberLink)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-09-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2014-08-01] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-07-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-07-18] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-07-30] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-07-18] (McAfee, Inc.)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 HPMo4DE3; C:\Windows\System32\DRIVERS\HPMo4DE3.sys [25088 2011-03-09] (TPMX Electronics Ltd.)
S3 HPub4DE3; C:\Windows\System32\Drivers\HPub4DE3.sys [18432 2011-04-12] (TPMX Electronics Ltd.)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-07-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313800 2014-07-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526352 2014-07-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-07-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-07-18] (McAfee, Inc.)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-18] (NVIDIA Corporation)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)
S3 Spyder3; C:\Windows\System32\DRIVERS\Spyder3.sys [15360 2010-03-30] ()
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-25 17:55 - 2014-10-25 17:55 - 00014448 _____ () C:\Users\Arkly\Desktop\FRST.txt
2014-10-25 17:52 - 2014-10-25 17:55 - 00000000 ____D () C:\FRST
2014-10-25 17:44 - 2014-10-25 17:44 - 02112512 _____ (Farbar) C:\Users\Arkly\Desktop\FRST64.exe
2014-10-25 17:39 - 2014-10-25 17:39 - 00000318 _____ () C:\Windows\PFRO.log
2014-10-25 17:34 - 2014-10-25 17:39 - 00000000 ____D () C:\AdwCleaner
2014-10-25 16:55 - 2014-10-25 16:55 - 00071416 _____ () C:\Users\Arkly\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-25 16:54 - 2014-10-25 17:39 - 00000224 _____ () C:\Windows\setupact.log
2014-10-25 16:54 - 2014-10-25 16:54 - 04930392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-25 16:54 - 2014-10-25 16:54 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-24 19:56 - 2014-10-24 19:56 - 00000014 _____ () C:\Users\Arkly\Music.txt
2014-10-23 20:47 - 2014-10-24 03:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity
2014-10-23 20:42 - 2014-10-23 20:48 - 00000000 ____D () C:\Program Files (x86)\Unity
2014-10-23 19:56 - 2014-10-23 19:56 - 00000000 ____D () C:\Program Files\My Dell
2014-10-23 15:52 - 2014-10-23 15:52 - 00001292 _____ () C:\Users\Arkly\AppData\Local\recently-used.xbel
2014-10-23 15:40 - 2014-10-23 16:39 - 00000000 ____D () C:\Users\Arkly\Documents\Game controler
2014-10-23 13:32 - 2014-10-23 15:45 - 00000000 ____D () C:\Users\Arkly\AppData\Local\gtk-2.0
2014-10-23 12:10 - 2014-10-23 12:59 - 00000965 _____ () C:\Users\Arkly\Documents\the square root of a number.txt
2014-10-22 21:16 - 2014-10-23 13:22 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\MonoDevelop-Unity-4.0
2014-10-22 21:16 - 2014-10-22 21:16 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\stetic
2014-10-22 21:15 - 2014-10-22 21:16 - 00000000 ____D () C:\Users\Arkly\AppData\Local\MonoDevelop-Unity-4.0
2014-10-22 18:29 - 2014-10-23 18:31 - 00000000 ____D () C:\Users\Arkly\Desktop\Space_Shooter
2014-10-22 15:56 - 2014-10-22 15:56 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\NVIDIA
2014-10-22 13:57 - 2014-10-23 10:50 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\WinFF
2014-10-22 13:57 - 2014-10-22 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinFF
2014-10-22 13:57 - 2014-10-22 13:57 - 00000000 ____D () C:\Program Files\WinFF
2014-10-22 13:45 - 2014-10-22 13:45 - 20925427 _____ (WinFF.org ) C:\Users\Arkly\Downloads\WinFF-1.5.4-64bit-setup.exe
2014-10-21 23:13 - 2014-10-22 18:26 - 00000000 ____D () C:\Users\Arkly\Documents\Tutorial
2014-10-21 23:12 - 2014-10-23 19:34 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\Unity
2014-10-21 22:46 - 2014-10-21 22:46 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_HPub4DE3_01009.Wdf
2014-10-21 22:46 - 2014-10-21 22:46 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\Apple Computer
2014-10-21 22:46 - 2014-10-21 22:46 - 00000000 ____D () C:\Users\Arkly\AppData\Local\Apple Computer
2014-10-21 22:46 - 2011-04-12 11:45 - 00018432 _____ (TPMX Electronics Ltd.) C:\Windows\system32\Drivers\HPub4DE3.sys
2014-10-21 22:46 - 2011-03-09 10:44 - 00025088 _____ (TPMX Electronics Ltd.) C:\Windows\system32\Drivers\HPMo4DE3.sys
2014-10-20 12:33 - 2014-10-23 20:48 - 00000000 ____D () C:\Users\Arkly\AppData\Local\Unity
2014-10-20 12:30 - 2014-10-23 20:47 - 00000000 ____D () C:\Users\Public\Documents\Unity Projects
2014-10-20 10:59 - 2014-10-20 10:59 - 00512319 _____ () C:\Users\Arkly\Desktop\bookmarks.html
2014-10-20 01:27 - 2014-10-24 03:21 - 00001034 _____ () C:\DelFix.txt
2014-10-19 18:33 - 2014-10-19 18:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-18 21:01 - 2014-10-18 21:01 - 02001408 _____ () C:\Users\Arkly\Downloads\102 - The building blocks of story.ppt
2014-10-17 22:04 - 2014-10-17 22:05 - 00000000 ____D () C:\Users\Arkly\Desktop\BRANDING_BUSINESS
2014-10-17 15:15 - 2014-10-17 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-10-17 15:15 - 2014-10-17 15:15 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-10-17 00:35 - 2014-10-17 00:35 - 00000000 ____D () C:\ProgramData\Autodesk
2014-10-17 00:34 - 2014-10-17 00:35 - 00000000 ____D () C:\Users\Arkly\AppData\Local\Akamai
2014-10-17 00:23 - 2014-10-17 00:24 - 11463040 _____ () C:\Users\Arkly\Downloads\Autodesk_Maya_2014_wi_en-US_Setup.exe
2014-10-15 23:16 - 2014-10-15 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-15 23:15 - 2014-10-25 17:40 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-15 23:15 - 2014-10-25 17:21 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-15 23:15 - 2014-10-23 15:28 - 00003902 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-15 23:15 - 2014-10-23 15:28 - 00003650 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-15 23:15 - 2014-10-15 23:15 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-15 23:14 - 2014-10-15 23:14 - 00880272 _____ (Google Inc.) C:\Users\Arkly\Downloads\ChromeSetup.exe
2014-10-15 00:05 - 2014-10-15 00:15 - 1310170560 _____ (Unity Technologies ApS) C:\Users\Arkly\Downloads\UnitySetup-4.5.5.exe
2014-10-14 12:37 - 2011-05-31 19:52 - 00036160 _____ (TuneUp Software) C:\Windows\system32\uxt25A9.tmp
2014-10-12 21:46 - 2014-10-12 21:46 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-10-12 21:41 - 2014-10-25 17:51 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-12 21:41 - 2014-10-17 21:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-12 21:41 - 2014-10-17 21:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-12 21:41 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-12 21:41 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-12 21:39 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-12 19:09 - 2014-10-12 19:09 - 00000000 ____D () C:\Users\Arkly\AppData\Local\Macromedia
2014-10-12 19:08 - 2014-10-14 23:38 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-12 19:08 - 2014-10-14 23:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-12 17:50 - 2014-10-12 17:50 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\Mozilla
2014-10-12 17:24 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-10-12 17:16 - 2014-10-12 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-10-12 15:49 - 2014-10-12 17:16 - 00001844 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-10-12 15:48 - 2014-10-12 15:49 - 00000000 ____D () C:\Program Files\McAfee
2014-10-12 15:48 - 2014-10-12 15:48 - 00000000 ____D () C:\Program Files\McAfee.com
2014-10-12 15:48 - 2014-10-12 15:48 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-10-12 15:42 - 2014-10-12 17:23 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2014-10-12 15:42 - 2014-07-18 09:01 - 00189912 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2014-10-12 13:16 - 2014-10-25 17:43 - 00715710 _____ () C:\Windows\WindowsUpdate.log
2014-10-11 00:45 - 2014-10-11 00:45 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-10-11 00:45 - 2014-10-11 00:45 - 00000000 ____D () C:\Windows\system32\NV
2014-10-11 00:36 - 2014-10-11 00:44 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-11 00:36 - 2014-10-11 00:36 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2014-10-11 00:36 - 2014-04-20 21:04 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Macromedia
2014-10-11 00:36 - 2013-10-23 09:20 - 06669600 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-10-11 00:36 - 2013-10-23 09:20 - 03489568 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-10-11 00:36 - 2013-10-23 09:20 - 03426956 _____ () C:\Windows\system32\nvcoproc.bin
2014-10-11 00:36 - 2013-10-23 09:20 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-10-11 00:36 - 2013-10-23 09:20 - 01064224 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2014-10-11 00:36 - 2013-10-23 09:20 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-10-11 00:36 - 2013-10-23 09:20 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-10-11 00:36 - 2013-10-23 09:20 - 00067072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2014-10-11 00:36 - 2013-10-23 09:20 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-10-11 00:36 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-11 00:36 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-11 00:35 - 2014-10-11 00:46 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-10-11 00:35 - 2014-10-11 00:43 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-10-11 00:35 - 2014-10-11 00:43 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-10-11 00:35 - 2013-12-18 14:42 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-10-11 00:35 - 2013-12-18 14:42 - 00023287 _____ () C:\Windows\system32\nvinfo.pb
2014-10-11 00:35 - 2011-11-04 05:19 - 01543488 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco64.dll
2014-10-11 00:35 - 2011-11-04 05:19 - 01454912 _____ (NVIDIA Corporation) C:\Windows\system32\nvgenco64.dll
2014-10-11 00:35 - 2011-11-04 05:19 - 00371520 _____ (NVIDIA Corporation) C:\Windows\system32\nvoptimusmft.dll
2014-10-11 00:35 - 2011-11-04 05:19 - 00364352 _____ (NVIDIA Corporation) C:\Windows\system32\nvdecodemft.dll
2014-10-11 00:35 - 2011-11-04 05:19 - 00330560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoptimusmft.dll
2014-10-11 00:35 - 2011-11-04 05:19 - 00301888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
2014-10-11 00:35 - 2011-11-04 05:19 - 00068928 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-10-11 00:35 - 2011-11-04 05:19 - 00061248 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-10-10 21:24 - 2014-10-10 21:25 - 00000000 ____D () C:\Users\Arkly\Desktop\computer games development
2014-10-09 11:05 - 2014-10-11 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2014-10-07 18:45 - 2014-08-19 19:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-07 18:45 - 2014-08-19 18:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-07 18:45 - 2014-08-19 00:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-07 18:45 - 2014-08-18 23:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-07 18:45 - 2014-08-18 23:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-07 18:45 - 2014-08-18 23:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-07 18:45 - 2014-08-18 23:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-07 18:45 - 2014-08-18 23:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-07 18:45 - 2014-08-18 23:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-07 18:45 - 2014-08-18 23:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-07 18:45 - 2014-08-18 23:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-07 18:45 - 2014-08-18 23:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-07 18:45 - 2014-08-18 23:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-07 18:45 - 2014-08-18 23:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-07 18:45 - 2014-08-18 23:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-07 18:45 - 2014-08-18 23:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-07 18:45 - 2014-08-18 23:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-07 18:45 - 2014-08-18 23:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-07 18:45 - 2014-08-18 23:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-07 18:45 - 2014-08-18 22:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-07 18:45 - 2014-08-18 22:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-07 18:45 - 2014-08-18 22:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-07 18:45 - 2014-08-18 22:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-07 18:45 - 2014-08-18 22:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-07 18:45 - 2014-08-18 22:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-07 18:45 - 2014-08-18 22:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-07 18:45 - 2014-08-18 22:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-07 18:45 - 2014-08-18 22:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-07 18:45 - 2014-08-18 22:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-07 18:45 - 2014-08-18 22:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-07 18:45 - 2014-08-18 22:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-07 18:45 - 2014-08-18 22:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-07 18:45 - 2014-08-18 22:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-07 18:45 - 2014-08-18 22:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-07 18:45 - 2014-08-18 22:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-07 18:45 - 2014-08-18 22:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-07 18:45 - 2014-08-18 22:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-07 18:45 - 2014-08-18 22:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-07 18:45 - 2014-08-18 22:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-07 18:45 - 2014-08-18 22:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-07 18:45 - 2014-08-18 22:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-07 18:45 - 2014-08-18 22:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-07 18:45 - 2014-08-18 22:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-07 18:45 - 2014-08-18 22:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-07 18:45 - 2014-08-18 22:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-07 18:45 - 2014-08-18 22:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-07 18:45 - 2014-08-18 22:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-07 18:45 - 2014-08-18 22:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-07 18:45 - 2014-08-18 22:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-07 18:45 - 2014-08-18 22:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-07 18:45 - 2014-08-18 22:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-07 18:45 - 2014-08-18 21:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-07 18:45 - 2014-08-18 21:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-07 18:45 - 2014-08-18 21:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-07 18:45 - 2014-08-18 21:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-07 18:45 - 2014-08-18 21:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-04 20:20 - 2014-10-04 20:20 - 00000000 ____D () C:\ProgramData\Citrix
2014-10-04 20:13 - 2014-10-04 20:13 - 00000000 ____D () C:\Users\Arkly\AppData\Local\Citrix
2014-10-04 20:13 - 2014-10-04 20:13 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-10-04 19:51 - 2014-10-12 21:43 - 00000000 ____D () C:\ProgramData\McAfee
2014-10-04 18:05 - 2014-10-06 00:15 - 00000000 ____D () C:\Users\Arkly\AppData\Temp
2014-10-04 17:57 - 2014-10-04 17:57 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2014-10-04 17:57 - 2014-10-04 17:57 - 00000385 _____ () C:\Users\Arkly\AppData\Roaminguser_gensett.xml
2014-10-04 17:56 - 2014-10-04 17:56 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-10-04 17:56 - 2014-10-04 17:56 - 00000000 ____D () C:\ProgramData\BDLogging
2014-10-04 17:56 - 2013-11-04 15:47 - 00074512 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll
2014-10-04 17:56 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2014-10-04 16:54 - 2014-10-04 16:54 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\ESET
2014-10-04 16:54 - 2014-10-04 16:54 - 00000000 ____D () C:\Users\Arkly\AppData\Local\ESET
2014-10-04 16:50 - 2014-10-04 16:50 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\QuickScan
2014-10-04 16:50 - 2014-10-04 16:50 - 00000000 _____ () C:\Windows\system32\BDSandBoxUISkin32.dll
2014-10-04 16:50 - 2013-11-04 15:47 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUISkin.dll
2014-10-04 16:50 - 2013-11-04 15:46 - 00034384 _____ (BitDefender SRL) C:\Windows\system32\BDSandBoxUH.dll
2014-10-04 16:16 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-10-04 16:16 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-10-04 16:15 - 2014-09-09 23:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-04 16:15 - 2014-09-09 22:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-10-04 16:14 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-04 16:14 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-04 16:14 - 2014-09-05 03:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-04 16:14 - 2014-09-05 03:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-04 16:14 - 2014-08-01 12:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-10-04 16:14 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-10-04 16:14 - 2014-07-07 03:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-10-04 16:14 - 2014-07-07 03:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-10-04 16:14 - 2014-07-07 02:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-10-04 16:14 - 2014-07-07 02:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-10-04 16:14 - 2014-07-07 02:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-10-04 16:14 - 2014-06-24 04:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-10-04 16:14 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-27 15:54 - 2014-09-27 15:54 - 00319326 _____ () C:\Users\Arkly\Downloads\crimson.zip
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-25 17:47 - 2009-07-14 05:45 - 00028528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-25 17:47 - 2009-07-14 05:45 - 00028528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-25 17:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-25 03:34 - 2014-04-03 15:01 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\SoftGrid Client
2014-10-24 22:01 - 2014-06-11 16:47 - 00000000 ____D () C:\Users\Arkly\Desktop\images
2014-10-24 21:07 - 2009-07-14 06:13 - 00782596 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-24 19:56 - 2014-04-02 19:50 - 00000000 ____D () C:\Users\Arkly
2014-10-24 19:18 - 2014-04-21 14:28 - 00001456 _____ () C:\Users\Arkly\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-10-24 03:13 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-24 02:52 - 2014-08-03 14:42 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-23 19:57 - 2014-05-26 18:20 - 00000000 ____D () C:\Program Files (x86)\TabletPlugins
2014-10-23 19:56 - 2014-08-06 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-10-21 23:49 - 2014-04-03 15:33 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\Skype
2014-10-21 10:49 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-20 11:34 - 2014-04-24 15:18 - 00000000 ____D () C:\Windows\erdnt
2014-10-20 02:01 - 2014-04-24 16:41 - 00000000 ____D () C:\Users\Arkly\AppData\Local\CrashDumps
2014-10-20 01:23 - 2014-04-03 16:43 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\vlc
2014-10-19 13:48 - 2014-04-03 15:20 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\BatteryCare
2014-10-17 00:35 - 2014-04-21 13:25 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\Autodesk
2014-10-17 00:34 - 2014-04-21 13:22 - 00000000 ____D () C:\Autodesk
2014-10-16 21:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-15 23:16 - 2014-04-02 21:52 - 00000000 ____D () C:\Users\Arkly\AppData\Local\Google
2014-10-14 23:38 - 2014-04-06 11:04 - 00000000 ____D () C:\Users\Arkly\AppData\Local\Adobe
2014-10-14 15:37 - 2014-04-07 17:13 - 00002770 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance
2014-10-14 13:43 - 2014-04-02 21:52 - 00000000 ____D () C:\Users\Arkly\AppData\Local\Deployment
2014-10-14 13:20 - 2014-04-04 23:21 - 00000000 ____D () C:\temp
2014-10-14 13:10 - 2014-04-02 21:52 - 00000000 ____D () C:\Users\Arkly\AppData\Local\Apps\2.0
2014-10-12 21:41 - 2014-04-03 15:12 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\Malwarebytes
2014-10-12 17:12 - 2014-08-13 00:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-10-12 15:49 - 2014-04-02 21:27 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-10-12 14:44 - 2014-08-10 17:55 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\Notepad++
2014-10-12 14:43 - 2014-04-03 15:31 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\Foxit Reader
2014-10-11 00:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2014-10-11 00:05 - 2014-04-25 09:20 - 00000000 ____D () C:\Windows\Minidump
2014-10-10 22:49 - 2014-07-18 22:44 - 00000000 ____D () C:\Windows\pss
2014-10-10 22:49 - 2014-07-17 22:41 - 00000000 ___RD () C:\Users\Arkly\Dropbox
2014-10-10 22:48 - 2014-07-17 22:39 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\Dropbox
2014-10-09 11:06 - 2014-04-05 20:31 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-07 19:01 - 2014-04-03 00:45 - 00766566 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-10-06 16:32 - 2014-05-07 18:42 - 00000132 _____ () C:\Users\Arkly\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-10-04 18:07 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-10-04 16:22 - 2014-04-02 22:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-04 16:17 - 2014-04-02 22:37 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-04 16:16 - 2014-04-25 17:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-27 14:14 - 2014-06-15 14:51 - 00000000 ____D () C:\Users\Arkly\AppData\Roaming\Foxit Software
 
Some content of TEMP:
====================
C:\Users\Arkly\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Arkly\AppData\Local\Temp\Quarantine.exe
C:\Users\Arkly\AppData\Local\Temp\sqlite3.dll
C:\Users\Arkly\AppData\Local\Temp\TUUUninstallHelper.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-16 21:05
 
==================== End Of Log ============================
 
 
____________________________________________
 
Addition Log
____________________________________________
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-10-2014
Ran by Arkly at 2014-10-25 17:56:14
Running from C:\Users\Arkly\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Autodesk SketchBook Pro 6.0.1 (HKLM-x32\...\{783C27F9-EF0B-4B81-8464-8592AE8CB5B8}) (Version: 6.01.0000 - Autodesk)
BatteryCare 0.9.12.1 (HKLM-x32\...\{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1) (Version: 0.9.12.1 - Filipe Lourenço)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
CyberLink PowerDVD 9.6 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.6.1.3522 - CyberLink Corp.)
CyberLink PowerDVD 9.6 (x32 Version: 9.6.1.3522 - CyberLink Corp.) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.4.1128 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.64.1 - JMicron Technology Corp.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1248 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 - English (HKLM-x32\...\{90140011-0061-0409-0000-0000000FF1CE}) (Version: 14.0.7128.5001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.15.2 (Version: 1.15.2 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.22 - Dell Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.34.1130.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6263 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spyder3Elite (HKLM-x32\...\Spyder3Elite) (Version:  - )
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
Unity (HKLM-x32\...\Unity) (Version: 4.5.5f1 - Unity Technologies ApS)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.5f1 - Unity Technologies ApS)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.1.7-3 - Wacom Technology Corp.)
WinFF 1.5.4 64 bit (Codename EMMA) (HKLM\...\WinFF_is1) (Version:  - WinFF.org)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4283612145-3875195018-3230280069-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Arkly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4283612145-3875195018-3230280069-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arkly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4283612145-3875195018-3230280069-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arkly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4283612145-3875195018-3230280069-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arkly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4283612145-3875195018-3230280069-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arkly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4283612145-3875195018-3230280069-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arkly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4283612145-3875195018-3230280069-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arkly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4283612145-3875195018-3230280069-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arkly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4283612145-3875195018-3230280069-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Arkly\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
25-10-2014 16:49:55 Revo Uninstaller's restore point - TuneUp Utilities
25-10-2014 16:50:18 Removed TuneUp Utilities
25-10-2014 16:50:58 Quitado TuneUp Utilities Language Pack (es-ES)
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2014-10-20 11:22 - 00000000 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {66E5F2E0-CB9D-483F-9A0C-95A15150C56E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-15] (Google Inc.)
Task: {6B2E8983-0BBC-4D35-AED2-A0A9D63AEB18} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-15] (Google Inc.)
Task: {81B2FB64-FF07-40C3-A03C-7AF062AEA246} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {9AB24CA7-3138-439C-9F61-7F74716D8B70} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe
Task: {AC042521-C955-40F9-AE4C-B6AAA97A1E03} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-12-21] (Adobe Systems Incorporated)
Task: {F82234BF-7B6B-4EC1-98A8-E182D768D72A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-05-26 18:20 - 2011-06-06 14:23 - 01183096 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-04-02 20:27 - 2010-12-17 10:25 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2014-04-03 15:19 - 2012-07-26 08:27 - 00252928 _____ () C:\Program Files (x86)\BatteryCare\OpenHardwareMonitorLib.dll
2012-02-07 20:54 - 2012-02-07 20:54 - 00078624 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2014-10-07 21:39 - 2014-10-07 21:39 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\41a544b3d834e3b57bc39d446c7666bc\IsdiInterop.ni.dll
2014-04-02 20:23 - 2011-01-12 17:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Arkly\AppData\Local\Temporary Internet Files:LGtbJmDK1pUB4reJLfINRR
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\46156591.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\46156591.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\startupfolder: C:^Users^Arkly^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: NVHotkey => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-4283612145-3875195018-3230280069-500 - Administrator - Disabled)
Arkly (S-1-5-21-4283612145-3875195018-3230280069-1000 - Administrator - Enabled) => C:\Users\Arkly
Guest (S-1-5-21-4283612145-3875195018-3230280069-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4283612145-3875195018-3230280069-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-4283612145-3875195018-3230280069-1006 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/25/2014 05:40:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/25/2014 05:33:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/25/2014 05:31:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/25/2014 05:30:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/25/2014 04:56:14 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-4283612145-3875195018-3230280069-1000}/">.
 
Error: (10/25/2014 04:55:19 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (10/25/2014 04:55:19 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (10/25/2014 04:55:19 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (10/25/2014 04:55:19 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (10/25/2014 04:55:17 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (10/25/2014 05:35:28 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084McNaiAnn{C90134D2-4AE9-407A-919A-4A2EF09C6C51}
 
Error: (10/25/2014 05:35:28 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084McNaiAnn{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
 
Error: (10/25/2014 05:34:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (10/25/2014 05:34:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (10/25/2014 05:34:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (10/25/2014 05:34:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (10/25/2014 05:34:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (10/25/2014 05:34:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (10/25/2014 05:34:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (10/25/2014 05:34:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (10/25/2014 05:40:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/25/2014 05:33:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/25/2014 05:31:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/25/2014 05:30:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/25/2014 04:56:14 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-4283612145-3875195018-3230280069-1000}/
 
Error: (10/25/2014 04:55:19 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (10/25/2014 04:55:19 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (10/25/2014 04:55:19 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (10/25/2014 04:55:19 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
 
Error: (10/25/2014 04:55:17 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-05 23:35:22.674
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-05 23:35:22.658
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-05 10:18:33.408
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-05 10:18:33.405
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-05 10:18:10.453
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2860QM CPU @ 2.50GHz
Percentage of memory in use: 29%
Total physical RAM: 8086.17 MB
Available physical RAM: 5700.07 MB
Total Pagefile: 16170.52 MB
Available Pagefile: 13565.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:422.39 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:465.76 GB) (Free:465.62 GB) NTFS
Drive h: () (Fixed) (Total:465.76 GB) (Free:239.23 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B95073E6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 57DB00A3)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: EE49AE1C)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#8 johnbird

johnbird
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 25 October 2014 - 06:12 PM

Hi Stand,

 

Sorry to bother you,

 

Just to let you know, after running the script with FRST now every time I restart the machine and log in into my desktop the Windows Start Menu window pop ups. 



#9 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 26 October 2014 - 03:33 PM

Hello johnbird,

 

I just wanted to notify you that I won't be able to post until Monday's evening. I'm travelling right now and I have little to no access to my laptop. I will try to get back to you as soon as possible.

 

Just to let you know, after running the script with FRST now every time I restart the machine and log in into my desktop the Windows Start Menu window pop ups. 

 

Thank you for the provided information. We will take care of this. :)


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#10 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 29 October 2014 - 01:11 AM

Hello johnbird,

I'm sorry for the little delay.

There are couple of leftovers on the system that has to be removed. I also want to check a registry key on your system that may be related to the "strange" problem you are experiencing.

 

********************

 

This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

  • Please download the attached fixlist.txt file and save it to the same location as FRST - Attached File  fixlist.txt   448bytes   2 downloads

Note: It's important that both files, FRST.exe and fixlist.txt are in the same location or the fix will not work. In your case, this should be the Desktop.

  • Run FRST.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
  • When finished, FRST will generate a log - Fixlog.txt - in the same location the tool was run.

Please, post the content of the log file in your next reply.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#11 johnbird

johnbird
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 29 October 2014 - 04:55 AM

Hi Stan,

 

No worries I know you are busy :)

 

Here is the Fixlog.txt

________________________

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-10-2014 01
Ran by Arkly at 2014-10-29 09:50:52 Run:2
Running from C:\Users\Arkly\Desktop
Loaded Profile: Arkly (Available profiles: Arkly & UpdatusUser)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
2014-10-14 12:37 - 2011-05-31 19:52 - 00036160 _____ (TuneUp Software) C:\Windows\system32\uxt25A9.tmp
2014-10-12 21:46 - 2014-10-12 21:46 - 00000000 ____D () C:\ProgramData\TuneUp Software
Task: {9AB24CA7-3138-439C-9F61-7F74716D8B70} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe
cmd: reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
*****************
 
"C:\Windows\system32\uxt25A9.tmp" => File/Directory not found.
C:\ProgramData\TuneUp Software => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9AB24CA7-3138-439C-9F61-7F74716D8B70}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AB24CA7-3138-439C-9F61-7F74716D8B70}" => Key deleted successfully.
C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TuneUpUtilities_Task_BkGndMaintenance" => Key deleted successfully.
 
=========  reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced" =========
 
 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    Start_SearchFiles    REG_DWORD    0x2
    ServerAdminUI    REG_DWORD    0x0
    ShowCompColor    REG_DWORD    0x1
    DontPrettyPath    REG_DWORD    0x0
    ShowInfoTip    REG_DWORD    0x1
    HideIcons    REG_DWORD    0x0
    MapNetDrvBtn    REG_DWORD    0x0
    WebView    REG_DWORD    0x1
    Filter    REG_DWORD    0x0
    SeparateProcess    REG_DWORD    0x0
    AutoCheckSelect    REG_DWORD    0x0
    IconsOnly    REG_DWORD    0x0
    ShowTypeOverlay    REG_DWORD    0x1
    ListviewAlphaSelect    REG_DWORD    0x1
    ListviewShadow    REG_DWORD    0x1
    TaskbarAnimations    REG_DWORD    0x1
    StartMenuInit    REG_DWORD    0x4
    TaskbarSizeMove    REG_DWORD    0x0
    DisablePreviewDesktop    REG_DWORD    0x0
    TaskbarSmallIcons    REG_DWORD    0x1
    TaskbarGlomLevel    REG_DWORD    0x0
    hidden    REG_DWORD    0x2
    hidefileext    REG_DWORD    0x0
    showsuperhidden    REG_DWORD    0x0
    AlwaysShowMenus    REG_DWORD    0x1
    SuperHidden    REG_DWORD    0x1
    NavPaneShowAllFolders    REG_DWORD    0x0
    NavPaneExpandToCurrentFolder    REG_DWORD    0x0
    EnableBalloonTips    REG_DWORD    0x1
 
 
========= End of CMD: =========
 
 
==== End of Fixlog ====

Edited by johnbird, 29 October 2014 - 04:56 AM.


#12 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 30 October 2014 - 02:58 PM

Hello johnbird,

Awesome job! Now, lets run some additional scan so we can be sure that there is nothing left on the system. Please, follow the steps below:

 

Please, start Malwarebytes' Anti-Malware.

  • When started, please, press the Scan Now >> button.
  • You will be automatically prompted to update the software.
  • Push the Update Now button so the definitions can be downloaded.

Note: If you are prompted that there is new version of the software ready to install, please, choose OK. Install the latest version of Malwarebytes' Anti-Malware and repeat the steps above.

  • The Threat Scan should automatically start.
  • When the scanning process has completed, the results will be displayed.
  • Click on Quarantine All and then choose Apply Actions.

If any malicious entries were detected, Malwarebytes should prompt you that a system reboot is required. Please choose Yes. Otherwise, the detected objects may not be removed.
 

After the reboot:

  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Check the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom and paste the content of the file in your next reply.

Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.

 

Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

 

********************

 

Note: You can use either Internet Explorer or Mozilla Firefox for this scan. You will need to right-click on either the Internet Explorer of Mozilla Firefox icon and choose Run as Administrator.

Please, go to this link to run the scan.

Note: If you are using Mozilla Firefox, you will need to download esetsmartinstaller_enu.exe when prompted. Double-click on the executable to install it.

Note: The below instructions can be used with either Internet Explorer or Mozilla Firefox.

  • When executed, select the option Yes, I accept the Terms of Use and push the Start button.
  • When prompted, allow the Add-on/Active-X control to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Click on Advanced Settings and select the following options:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Push the Start button. The virus signature database will begin to download. Please, note that this may take a while, depending on your network connection.
  • When completed, the Online Scan will start automatically.

Note: Do not use the computer during the scanning process.

  • When completed, select Uninstall application on close, if you want to, but make sure that you copy the logfile first.
  • Push the Finish button.
  • Open the logfile located in C:\Program Files\ESET\EsetOnlineScanner\log.txt via Notepad.

Please, copy and paste the content of the log file in your next reply.

 

********************

I need to take a look into a certain folder located in your Startup directory. It is related to Autoruns and I suspect it to be related to the problem with the Start menu.
 

This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

  • Please download the attached fixlist.txt file and save it to the same location as FRST - Attached File  fixlist.txt   85bytes   1 downloads

Note: It's important that both files, FRST.exe and fixlist.txt are in the same location or the fix will not work. In your case, this should be the Desktop.

  • Run FRST.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
  • When finished, FRST will generate a log - Fixlog.txt - in the same location the tool was run.

Please, post the content of the log file in your next reply.

 

********************

Please, follow the steps here to start the system in Safe Mode. See if the Start menu will popup there too. When ready, restart the system and boot it back in normal mode.

********************

In your next post, I will be waiting for:

  • Log from Malwarebytes' Anti-Malware
  • Log from ESET Online Scanner
  • Fixlog.txt
  • Answer to my question for system's condition in Safe Mode.

You are doing great job so far!.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#13 johnbird

johnbird
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 02 November 2014 - 09:19 AM

Hi Stan,

 

Thanks,

 

I followed the above instructions in relation to your inquiry about "system's condition in Safe Mode"   when I started the system in "save mode", the Start menu didn't show up, either when I tried "save mode with networking". The only place that is showing up is at the Start up, "normal mode" as I mention on my other posts.

 

it only happened after I run the first Script you sent to me, because before I didn't have this problem :)

 

Ok here are the rest of the logs you were require.

 

 

________________________

 

Malwarebytes 

________________________

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 30/10/2014
Scan Time: 23:10:21
Logfile: malwarevytes_logs.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.10.30.13
Rootkit Database: v2014.10.22.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Arkly
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 361570
Time Elapsed: 10 min, 22 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

__________________________________

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Update, 30/10/2014 01:02:31, SYSTEM, ARKLY-PC, Scheduler, Malware Database, 2014.10.29.8, 2014.10.30.1, 
Protection, 30/10/2014 01:02:31, SYSTEM, ARKLY-PC, Protection, Refresh, Starting, 
Protection, 30/10/2014 01:02:31, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 30/10/2014 01:02:31, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 30/10/2014 01:02:36, SYSTEM, ARKLY-PC, Protection, Refresh, Success, 
Protection, 30/10/2014 01:02:36, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Starting, 
Protection, 30/10/2014 01:02:36, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Started, 
Scan, 30/10/2014 01:31:04, SYSTEM, ARKLY-PC, Manual, Start:30/10/2014 01:21:08, Duration:9 min 55 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
Update, 30/10/2014 01:41:14, SYSTEM, ARKLY-PC, Scheduler, Malware Database, 2014.10.30.1, 2014.10.30.2, 
Protection, 30/10/2014 01:41:15, SYSTEM, ARKLY-PC, Protection, Refresh, Starting, 
Protection, 30/10/2014 01:41:15, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 30/10/2014 01:41:15, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 30/10/2014 01:41:19, SYSTEM, ARKLY-PC, Protection, Refresh, Success, 
Protection, 30/10/2014 01:41:19, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Starting, 
Protection, 30/10/2014 01:41:19, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Started, 
Protection, 30/10/2014 09:38:13, SYSTEM, ARKLY-PC, Protection, Malware Protection, Starting, 
Protection, 30/10/2014 09:38:13, SYSTEM, ARKLY-PC, Protection, Malware Protection, Started, 
Protection, 30/10/2014 09:38:13, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Starting, 
Protection, 30/10/2014 09:38:40, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Started, 
Update, 30/10/2014 09:51:33, SYSTEM, ARKLY-PC, Scheduler, Malware Database, 2014.10.30.2, 2014.10.30.4, 
Protection, 30/10/2014 09:51:34, SYSTEM, ARKLY-PC, Protection, Refresh, Starting, 
Protection, 30/10/2014 09:51:34, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 30/10/2014 09:51:34, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 30/10/2014 09:51:50, SYSTEM, ARKLY-PC, Protection, Refresh, Success, 
Protection, 30/10/2014 09:51:50, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Starting, 
Protection, 30/10/2014 09:51:51, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Started, 
Update, 30/10/2014 11:48:35, SYSTEM, ARKLY-PC, Scheduler, Malware Database, 2014.10.30.4, 2014.10.30.5, 
Protection, 30/10/2014 11:48:35, SYSTEM, ARKLY-PC, Protection, Refresh, Starting, 
Protection, 30/10/2014 11:48:35, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 30/10/2014 11:48:35, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 30/10/2014 11:49:02, SYSTEM, ARKLY-PC, Protection, Refresh, Success, 
Protection, 30/10/2014 11:49:02, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Starting, 
Protection, 30/10/2014 11:49:03, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Started, 
Scan, 30/10/2014 11:55:10, SYSTEM, ARKLY-PC, Manual, Start:30/10/2014 11:54:22, Duration:0 min 46 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
Update, 30/10/2014 13:36:48, SYSTEM, ARKLY-PC, Scheduler, Malware Database, 2014.10.30.5, 2014.10.30.7, 
Protection, 30/10/2014 13:36:50, SYSTEM, ARKLY-PC, Protection, Refresh, Starting, 
Protection, 30/10/2014 13:36:50, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 30/10/2014 13:36:53, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 30/10/2014 13:37:22, SYSTEM, ARKLY-PC, Protection, Refresh, Success, 
Protection, 30/10/2014 13:37:22, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Starting, 
Protection, 30/10/2014 13:37:32, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Started, 
Update, 30/10/2014 13:59:21, SYSTEM, ARKLY-PC, Scheduler, Malware Database, 2014.10.30.7, 2014.10.30.8, 
Protection, 30/10/2014 13:59:21, SYSTEM, ARKLY-PC, Protection, Refresh, Starting, 
Protection, 30/10/2014 13:59:21, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 30/10/2014 13:59:21, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 30/10/2014 13:59:27, SYSTEM, ARKLY-PC, Protection, Refresh, Success, 
Protection, 30/10/2014 13:59:27, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Starting, 
Protection, 30/10/2014 13:59:27, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Started, 
Protection, 30/10/2014 14:05:03, SYSTEM, ARKLY-PC, Protection, Malware Protection, Starting, 
Protection, 30/10/2014 14:05:03, SYSTEM, ARKLY-PC, Protection, Malware Protection, Started, 
Protection, 30/10/2014 14:05:04, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Starting, 
Protection, 30/10/2014 14:05:24, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Started, 
Protection, 30/10/2014 17:14:59, SYSTEM, ARKLY-PC, Protection, Malware Protection, Starting, 
Protection, 30/10/2014 17:14:59, SYSTEM, ARKLY-PC, Protection, Malware Protection, Started, 
Protection, 30/10/2014 17:14:59, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Starting, 
Protection, 30/10/2014 17:16:12, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Started, 
Update, 30/10/2014 17:51:21, SYSTEM, ARKLY-PC, Scheduler, Malware Database, 2014.10.30.8, 2014.10.30.11, 
Protection, 30/10/2014 17:51:21, SYSTEM, ARKLY-PC, Protection, Refresh, Starting, 
Protection, 30/10/2014 17:51:21, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 30/10/2014 17:51:21, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 30/10/2014 17:51:25, SYSTEM, ARKLY-PC, Protection, Refresh, Success, 
Protection, 30/10/2014 17:51:25, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Starting, 
Protection, 30/10/2014 17:51:25, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Started, 
Protection, 30/10/2014 20:46:55, SYSTEM, ARKLY-PC, Protection, Malware Protection, Starting, 
Protection, 30/10/2014 20:46:55, SYSTEM, ARKLY-PC, Protection, Malware Protection, Started, 
Protection, 30/10/2014 20:46:56, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Starting, 
Protection, 30/10/2014 20:47:29, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Started, 
Update, 30/10/2014 20:51:33, SYSTEM, ARKLY-PC, Scheduler, Malware Database, 2014.10.30.11, 2014.10.30.13, 
Protection, 30/10/2014 20:51:34, SYSTEM, ARKLY-PC, Protection, Refresh, Starting, 
Protection, 30/10/2014 20:51:34, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 30/10/2014 20:51:34, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 30/10/2014 20:51:49, SYSTEM, ARKLY-PC, Protection, Refresh, Success, 
Protection, 30/10/2014 20:51:50, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Starting, 
Protection, 30/10/2014 20:51:50, SYSTEM, ARKLY-PC, Protection, Malicious Website Protection, Started, 
Scan, 30/10/2014 23:20:45, SYSTEM, ARKLY-PC, Manual, Start:30/10/2014 23:10:21, Duration:10 min 22 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
 
(end)
 
____________________
 
ESE log

____________________

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=5471075cfc8b674c92a9a8252c4775a1
# engine=20885
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-11-01 09:40:22
# local_time=2014-11-01 09:40:22 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5124 16777214 88 100 306516 177684600 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 18396741 167343072 0 0
# scanned=158250
# found=0
# cleaned=0
# scan_time=7297
 
 
______________________
 
Fixlog
______________________
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-11-2014
Ran by Arkly at 2014-11-02 13:56:28 Run:3
Running from C:\Users\Arkly\Desktop
Loaded Profile: Arkly (Available profiles: Arkly & UpdatusUser)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
*****************
 
 
========================= Folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ========================
 
 
====== End of Folder: ======
 
 
==== End of Fixlog ====
 
 
Cheers
 
Jb

Edited by johnbird, 02 November 2014 - 09:19 AM.


#14 StanFF

StanFF

  • Malware Response Team
  • 1,172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 03 November 2014 - 01:23 AM

Hello johnbird,

Thank you for the provided information. An entry that was included in the first fix was not removed then and probably, it is the reason for the problems you are experiencing. It is not a malware, so don't worry. I will use another tool to deal with it.

********************
 
Please, download OTL and save it on your Desktop.

  • Right-click on the executable and choose Run as Administrator.
  • Please, copy and paste the following code in Custom Scans/Fixes box:
:Files
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled

Note: Make sure that the text is exactly the same with the one that you have copied. Do not miss any colon in front of the commands. Make sure that every command is on new line as it is shown above.

  • After pasting the code into the box, press Run Fix button.

Note: If prompted to reboot the system, please, choose OK.

  • Report should automatically open. If not, the log file can be found in the following directory:
C:\_OTL\Moved Files

Please, copy the content of the report in your next reply.


Regards,

Stan

 

"There isn't a person anywhere who isn't capable of doing more than he thinks he can." - Henry Ford

 

 

 

 

 


#15 johnbird

johnbird
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 03 November 2014 - 05:55 PM

Hi Stan,

 

Great!! thank you, here is the OTL log.

 

 

========== FILES ==========
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled folder 
 
moved successfully.
 
OTL by OldTimer - Version 3.2.69.0 log created on 11032014_225257
 
 
Cheers
Jb

Edited by johnbird, 03 November 2014 - 05:55 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users