Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange Problems


  • This topic is locked This topic is locked
12 replies to this topic

#1 CaribbeanBlues

CaribbeanBlues

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 10 November 2014 - 07:43 PM

Experiencing a wide range of problems, most obvious is repeated script errors (I think that's what they are) using IE 11.  I've run every scan I can think of, I've uninstalled and reinstalled IE, I tried other profiles, I manually modified registry, this computer continues to misbehave.  Before I make it look like a Frisbee going out my 12th story window, thought I'd give Bleeping Computer a try.  This is my "Hijack This" log:
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 4:31:47 PM, on 11/10/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWow64\svchost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Support\Setup\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:49182;https=127.0.0.1:49182
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ConsideredFaith.org
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ConsideredFaith.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ConsideredFaith.org
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company, L.P. - c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA WMI Provider (NVWMI) - Unknown owner - C:\windows\system32\nvwmi64.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13128 bytes

Edited by Queen-Evie, 10 November 2014 - 09:11 PM.
moved from Windows 7 to Malware Removal Logs. HJT logs are allowed only in Malware Removal Logs forum.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:09 AM

Posted 15 November 2014 - 07:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/555627 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:09 AM

Posted 17 November 2014 - 08:47 PM

Hello CaribbeanBlues,

Welcome to Bleeping Computer! :welcome:

My name is Cody and I'll be helping you clean up your computer. :)

I will reply to your posts as soon as possible -- typically within 24 hours. In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. 
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================

Farbar Recovery Scan Tool (FRST)

  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop.
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should.
  • Double click the icon.
  • Click Yes to the disclaimer.
  • Make sure the Addition.txt box is checked.
  • Click Scan and allow the program to run.
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen.
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply

==========================================================================

 

Lastly, if you will please elaborate on the following things:

  • "Experiencing a wide range of problems" - What are they?
  • "repeated script errors (I think that's what they are) using IE 11" - What are you doing when these appear? Can you get a screenshot of it?
  • "I've run every scan I can think of" - What scans did you run?
  • "I manually modified registry" - What registry modifications did you make?

==========================================================================

 

What I'd like to see in your next post:  :thumbup2:

  • FRST.txt
  • Addition.txt
  • Elaborations on your previous statements.

Edited by TheShooter93, 17 November 2014 - 09:01 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#4 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:09 AM

Posted 20 November 2014 - 03:16 PM

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#5 CaribbeanBlues

CaribbeanBlues
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 20 November 2014 - 07:08 PM

 

Farbar Recovery Scan Tool Results and Comments

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-11-2014
Ran by michael (administrator) on HP8570W on 20-11-2014 15:44:37
Running from C:\Support\Malware Tools\1-Fabar Recover Scan Tool
Loaded Profile: michael (Available profiles: michael & Administrater)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Brandon Staggs) C:\Program Files (x86)\SwordSearcher 4\SwordSearcher4.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Photoshop CS5 (64 Bit)\Photoshop.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2927928 2012-05-18] (Synaptics Incorporated)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-15] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2722080 2013-09-05] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-29] (Intel Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684024 2012-03-06] (PDF Complete Inc)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [322432 2012-04-25] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-03-28] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2013-05-31] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UnlockerAssistant] => C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe [15872 2010-03-08] ()
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2020704 2014-08-05] (Wondershare)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-11-03] (LogMeIn Inc.)
HKU\S-1-5-21-1541233202-508910958-1139562469-1136\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-05-17] (Google Inc.)
HKU\S-1-5-21-1541233202-508910958-1139562469-1136\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2014-11-08] (SlySoft, Inc.)
HKU\S-1-5-21-1541233202-508910958-1139562469-1136\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-1541233202-508910958-1139562469-1136\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1541233202-508910958-1139562469-1136] => http=127.0.0.1:49182;https=127.0.0.1:49182
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1541233202-508910958-1139562469-1136\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1541233202-508910958-1139562469-1136\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dsites06_14_20_ie&cd=2XzuyEtN2Y1L1QzutByEyByBtDtA0C0Dzz0ByBzytDtC0CzytN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtCtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyB0CtCyB0CyEtD0AtGyDtA0DtCtGyC0FtDtBtGyEyD0FyEtGyBtByEzz0AyEyCtD0B0EyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FyEtAtD0BzzzztGzy0DtD0AtGyEyEyBtDtGtB0B0ByEtGtD0AzzyE0B0Czz0E0F0Czzzy2Q&cr=1451373068&ir=
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dnldstr_14_21_ie&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzyyB0AtA0DtB0DtDtC0CzytN0D0Tzu0SzzyByCtN1L2XzutBtFtBtDtFtCyDtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEtCyC0EyEzyyCyEtGtAtDyE0EtGyBzztAtAtG0A0Dzz0CtGyDyBtAyCyC0B0EtByByDzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyD0B0FyEtAtB0DtGtBzyzy0FtGtA0E0A0DtGtC0BtDtBtGtCyB0AyEzz0Fzy0ByD0AyEyC2Q&cr=1544867919&ir=
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKU\S-1-5-21-1541233202-508910958-1139562469-1136 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1541233202-508910958-1139562469-1136 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-1541233202-508910958-1139562469-1136 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =
SearchScopes: HKU\S-1-5-21-1541233202-508910958-1139562469-1136 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKU\S-1-5-21-1541233202-508910958-1139562469-1136 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.4

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2014-05-20]

Chrome:
=======
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-02]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-02]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-02]
CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-02]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-02]
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [368512 2012-04-25] (Hewlett-Packard Company)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation)
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-10-21] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [1290016 2013-09-05] (NVIDIA Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-03-06] (PDF Complete Inc)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2012-04-05] (ArcSoft, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2012-02-03] (ArcSoft, Inc.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-01] (Broadcom Corporation.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-02-01] (Broadcom Corporation.)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2012-07-16] (JMicron Technology Corp.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 SmbDrvAMDASF; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [25912 2012-05-18] (Synaptics Incorporated)
R3 SmbDrvIntel; C:\Windows\system32\drivers\Smb_driver_Intel.sys [26936 2012-05-18] (Synaptics Incorporated)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 qknfd; system32\drivers\qknfd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-20 15:44 - 2014-11-20 15:46 - 00000000 ____D () C:\FRST
2014-11-18 12:21 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-18 12:21 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-18 12:21 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-18 12:21 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-17 18:08 - 2014-11-05 09:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-17 18:08 - 2014-11-05 09:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-17 18:08 - 2014-11-05 09:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-17 18:08 - 2014-10-13 18:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-17 18:08 - 2014-10-13 18:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-17 18:08 - 2014-10-13 18:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-17 18:08 - 2014-10-13 18:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-17 18:08 - 2014-10-13 18:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-17 18:08 - 2014-10-13 17:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-17 18:08 - 2014-10-13 17:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-17 18:08 - 2014-10-13 17:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-17 18:08 - 2014-10-13 17:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-17 18:07 - 2014-11-07 11:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-17 18:07 - 2014-11-07 11:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-11-17 18:07 - 2014-11-05 20:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-17 18:07 - 2014-11-05 20:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-17 18:07 - 2014-11-05 20:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-11-17 18:07 - 2014-11-05 19:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-17 18:07 - 2014-11-05 19:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-17 18:07 - 2014-11-05 19:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-11-17 18:07 - 2014-11-05 19:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-11-17 18:07 - 2014-11-05 19:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-17 18:07 - 2014-11-05 19:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-17 18:07 - 2014-11-05 19:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-17 18:07 - 2014-11-05 19:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-17 18:07 - 2014-11-05 19:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-17 18:07 - 2014-11-05 19:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-11-17 18:07 - 2014-11-05 19:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-11-17 18:07 - 2014-11-05 19:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-17 18:07 - 2014-11-05 19:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-17 18:07 - 2014-11-05 19:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-11-17 18:07 - 2014-11-05 19:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-17 18:07 - 2014-11-05 19:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-17 18:07 - 2014-11-05 19:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-11-17 18:07 - 2014-11-05 19:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-11-17 18:07 - 2014-11-05 19:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-17 18:07 - 2014-11-05 19:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-11-17 18:07 - 2014-11-05 19:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-17 18:07 - 2014-11-05 19:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-17 18:07 - 2014-11-05 19:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-17 18:07 - 2014-11-05 19:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-11-17 18:07 - 2014-11-05 19:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-17 18:07 - 2014-11-05 19:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-17 18:07 - 2014-11-05 19:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-17 18:07 - 2014-11-05 18:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-11-17 18:07 - 2014-11-05 18:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-11-17 18:07 - 2014-11-05 18:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-17 18:07 - 2014-11-05 18:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-17 18:07 - 2014-11-05 18:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-17 18:07 - 2014-11-05 18:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-17 18:07 - 2014-11-05 18:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-17 18:07 - 2014-11-05 18:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-11-17 18:07 - 2014-11-05 18:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-17 18:07 - 2014-11-05 18:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-11-17 18:07 - 2014-11-05 18:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-17 18:07 - 2014-11-05 18:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-17 18:07 - 2014-11-05 18:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-17 18:07 - 2014-11-05 18:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-17 18:07 - 2014-11-05 18:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-17 18:07 - 2014-11-05 18:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-17 18:07 - 2014-11-05 18:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-11-17 18:07 - 2014-11-05 18:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-17 18:07 - 2014-11-05 18:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-17 18:07 - 2014-11-05 18:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-17 18:07 - 2014-11-05 17:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-11-17 18:07 - 2014-11-05 17:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-17 18:07 - 2014-11-05 17:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-17 18:07 - 2014-11-05 17:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-11-17 18:06 - 2014-10-02 18:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-17 18:06 - 2014-10-02 18:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-17 18:06 - 2014-10-02 18:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-17 18:06 - 2014-10-02 18:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-17 18:06 - 2014-10-02 18:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-17 18:06 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-17 18:06 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-17 18:06 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-17 18:06 - 2014-09-19 01:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-17 18:06 - 2014-09-19 01:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-17 18:06 - 2014-09-19 01:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-17 18:06 - 2014-09-19 01:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-17 18:06 - 2014-09-19 01:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-17 18:06 - 2014-09-19 01:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-17 18:06 - 2014-09-19 01:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-17 18:06 - 2014-09-19 01:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-17 18:06 - 2014-09-19 01:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-17 18:06 - 2014-09-19 01:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-17 18:06 - 2014-09-19 01:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-17 18:06 - 2014-09-19 01:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-17 18:06 - 2014-08-20 22:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-17 18:06 - 2014-08-20 22:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-17 18:06 - 2014-08-20 22:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-17 18:06 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-17 18:06 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-17 18:04 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-17 18:04 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-17 18:04 - 2014-10-17 18:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-17 18:04 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-17 18:04 - 2014-10-13 18:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-17 18:04 - 2014-10-13 17:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-17 18:04 - 2014-10-09 16:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-17 12:03 - 2014-11-17 12:02 - 00000125 _____ () C:\windows\system32\Drivers\etc\hosts - Post Install
2014-11-13 21:21 - 2014-11-13 21:21 - 00000000 ____D () C:\Users\Administrater\AppData\Local\WinZip
2014-11-13 20:17 - 2014-11-13 20:17 - 00026238 _____ () C:\ComboFix.txt
2014-11-13 20:02 - 2014-11-13 20:17 - 00000000 ____D () C:\ComboFix
2014-11-13 19:21 - 2014-11-13 19:21 - 00001077 _____ () C:\Users\Administrater\Desktop\Kaspersky Security Scan.lnk
2014-11-13 19:21 - 2014-11-13 19:21 - 00000000 ____D () C:\Users\Administrater\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2014-11-13 19:20 - 2014-11-13 19:20 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-11-13 19:20 - 2014-11-13 19:20 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-11-13 19:14 - 2014-11-13 19:14 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Administrater\Downloads\tdsskiller.exe
2014-11-13 19:11 - 2014-11-13 19:11 - 00364640 _____ (Kaspersky Lab) C:\Users\Administrater\Downloads\kss12.0.1.808_6398_6399.exe
2014-11-13 19:08 - 2014-11-13 19:09 - 00000000 ____D () C:\Users\Administrater\AppData\Roaming\Google
2014-11-13 19:06 - 2014-11-13 19:06 - 00000000 ____D () C:\Users\Administrater\AppData\Local\Wondershare
2014-11-13 15:14 - 2014-11-13 15:14 - 00000000 ____D () C:\Users\Michael\Documents\Bluetooth Exchange Folder
2014-11-13 15:11 - 2014-11-13 15:11 - 00002314 _____ () C:\Users\Michael\Documents\Default.rdp
2014-11-12 10:28 - 2014-11-12 10:28 - 00000000 __SHD () C:\Users\Michael\AppData\Local\EmieBrowserModeList
2014-11-12 09:33 - 2014-08-20 22:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-11 12:43 - 2014-11-13 16:02 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-11 12:43 - 2014-11-11 12:44 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-11 12:41 - 2014-11-13 16:02 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-11-11 12:41 - 2014-11-11 12:41 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\pdfforge
2014-11-11 12:40 - 2014-11-13 16:02 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-11-11 12:40 - 2014-11-11 12:40 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-11-11 12:40 - 2014-08-18 12:18 - 00037704 _____ (RealVNC Ltd) C:\windows\system32\VNCpm.dll
2014-11-11 12:39 - 2014-11-13 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealVNC
2014-11-11 12:39 - 2014-11-11 16:35 - 00000000 ____D () C:\Users\Michael\AppData\Local\RealVNC
2014-11-11 12:39 - 2014-11-11 12:39 - 00000000 ____D () C:\ProgramData\RealVNC-Service
2014-11-11 12:39 - 2014-11-11 12:39 - 00000000 ____D () C:\Program Files\RealVNC
2014-11-11 12:33 - 2014-11-11 12:33 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2014-11-11 12:32 - 2014-11-13 16:02 - 00000000 ____D () C:\Program Files\WinRAR
2014-11-11 12:32 - 2014-11-13 16:02 - 00000000 ____D () C:\Program Files\7-Zip
2014-11-11 12:32 - 2014-11-13 16:02 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-11-11 12:31 - 2014-11-11 12:31 - 00000000 ____D () C:\Program Files\Java
2014-11-11 12:29 - 2014-11-11 12:29 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-11 12:27 - 2014-11-13 16:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-11 12:27 - 2014-11-11 12:27 - 00000000 ____D () C:\ProgramData\Mozilla
2014-11-10 16:08 - 2014-11-10 16:13 - 00000000 ____D () C:\AdwCleaner
2014-11-04 08:29 - 2014-11-04 08:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-11-04 08:29 - 2014-11-04 08:29 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-11-01 17:59 - 2014-11-03 08:01 - 00000000 ____D () C:\Users\Administrater.CONSIDEREDFAITH\AppData\Roaming\foobar2000
2014-11-01 17:59 - 2014-11-01 18:09 - 00001113 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2014-11-01 17:59 - 2014-11-01 18:09 - 00001031 _____ () C:\Users\Public\Desktop\foobar2000.lnk
2014-11-01 17:59 - 2014-11-01 18:09 - 00000000 ____D () C:\Program Files (x86)\foobar2000
2014-11-01 17:58 - 2014-11-01 17:58 - 00000000 ____D () C:\Users\David\AppData\Roaming\Philipp Winterberg
2014-11-01 14:34 - 2014-11-10 16:11 - 00000000 ____D () C:\Burrrn
2014-11-01 14:29 - 2014-11-01 14:29 - 00000000 ____D () C:\Users\David\Documents\Bluetooth Exchange Folder
2014-10-31 08:32 - 2014-10-31 08:32 - 00000000 ____D () C:\Users\Administrater.CONSIDEREDFAITH\AppData\Local\Anvisoft
2014-10-31 08:31 - 2014-10-31 08:31 - 00001275 _____ () C:\Users\Public\Desktop\Anvi Browser Repair Tool.lnk
2014-10-31 08:31 - 2014-10-31 08:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-10-31 08:31 - 2014-10-31 08:31 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-10-30 18:22 - 2014-10-30 18:22 - 00000000 ____D () C:\Users\David\AppData\Local\MicroVision Applications
2014-10-30 16:47 - 2014-10-31 14:30 - 00000000 ___RD () C:\Users\David\Desktop\Michael's Briefcase
2014-10-30 16:42 - 2014-10-30 16:42 - 00000000 ____D () C:\Users\Administrater.CONSIDEREDFAITH\AppData\Local\Wondershare
2014-10-30 14:00 - 2014-10-30 14:00 - 00001026 _____ () C:\Users\Michael\Documents\Administrator name change21.reg
2014-10-30 13:59 - 2014-10-30 13:59 - 17498952 _____ () C:\Users\Michael\Documents\Administrator name change20.reg
2014-10-30 13:59 - 2014-10-30 13:59 - 00003460 _____ () C:\Users\Michael\Documents\Administrator name change19.reg
2014-10-30 13:58 - 2014-10-30 13:58 - 00003660 _____ () C:\Users\Michael\Documents\Administrator name change17.reg
2014-10-30 13:58 - 2014-10-30 13:58 - 00003442 _____ () C:\Users\Michael\Documents\Administrator name change18.reg
2014-10-30 13:57 - 2014-10-30 13:57 - 00003458 _____ () C:\Users\Michael\Documents\Administrator name change16.reg
2014-10-30 13:57 - 2014-10-30 13:57 - 00003458 _____ () C:\Users\Michael\Documents\Administrator name change15.reg
2014-10-30 13:56 - 2014-10-30 13:56 - 00003468 _____ () C:\Users\Michael\Documents\Administrator name change14.reg
2014-10-30 13:56 - 2014-10-30 13:56 - 00003442 _____ () C:\Users\Michael\Documents\Administrator name change13.reg
2014-10-30 13:55 - 2014-10-30 13:55 - 00003452 _____ () C:\Users\Michael\Documents\Administrator name change11.reg
2014-10-30 13:55 - 2014-10-30 13:55 - 00003364 _____ () C:\Users\Michael\Documents\Administrator name change12.reg
2014-10-30 13:54 - 2014-10-30 13:54 - 00003452 _____ () C:\Users\Michael\Documents\Administrator name change10.reg
2014-10-30 13:53 - 2014-10-30 13:53 - 00003668 _____ () C:\Users\Michael\Documents\Administrator name change8.reg
2014-10-30 13:53 - 2014-10-30 13:53 - 00003478 _____ () C:\Users\Michael\Documents\Administrator name change9.reg
2014-10-30 13:52 - 2014-10-30 13:52 - 00003468 _____ () C:\Users\Michael\Documents\Administrator name change7.reg
2014-10-30 13:52 - 2014-10-30 13:52 - 00003458 _____ () C:\Users\Michael\Documents\Administrator name change6.reg
2014-10-30 13:51 - 2014-10-30 13:51 - 00003464 _____ () C:\Users\Michael\Documents\Administrator name change5.reg
2014-10-30 13:51 - 2014-10-30 13:51 - 00003452 _____ () C:\Users\Michael\Documents\Administrator name change4.reg
2014-10-30 13:50 - 2014-10-30 13:50 - 00003468 _____ () C:\Users\Michael\Documents\Administrator name change3.reg
2014-10-30 13:50 - 2014-10-30 13:50 - 00003442 _____ () C:\Users\Michael\Documents\Administrator name change2.reg
2014-10-30 13:49 - 2014-10-30 13:49 - 00017264 _____ () C:\Users\Michael\Documents\Administrator name change.reg
2014-10-30 11:30 - 2011-06-25 22:45 - 00256000 _____ () C:\windows\PEV.exe
2014-10-30 11:30 - 2010-11-07 09:20 - 00208896 _____ () C:\windows\MBR.exe
2014-10-30 11:30 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-10-30 11:30 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-10-30 11:30 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-10-30 11:30 - 2000-08-30 16:00 - 00098816 _____ () C:\windows\sed.exe
2014-10-30 11:30 - 2000-08-30 16:00 - 00080412 _____ () C:\windows\grep.exe
2014-10-30 11:30 - 2000-08-30 16:00 - 00068096 _____ () C:\windows\zip.exe
2014-10-30 11:15 - 2014-11-13 20:17 - 00000000 ____D () C:\Qoobox
2014-10-30 11:15 - 2014-10-30 11:41 - 00000000 ____D () C:\windows\erdnt
2014-10-24 12:56 - 2014-10-24 12:56 - 00000132 _____ () C:\Users\Michael\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2014-10-21 08:27 - 2014-10-21 08:27 - 00001413 _____ () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-21 08:18 - 2014-10-21 08:18 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2014-10-21 08:18 - 2014-10-21 08:18 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2014-10-21 08:18 - 2014-10-21 08:18 - 00610304 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00413696 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2014-10-21 08:18 - 2014-10-21 08:18 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2014-10-21 08:18 - 2014-10-21 08:18 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2014-10-21 08:18 - 2014-10-21 08:18 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2014-10-21 08:18 - 2014-10-21 08:18 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2014-10-21 08:18 - 2014-10-21 08:18 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2014-10-21 08:18 - 2014-10-21 08:18 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2014-10-21 08:18 - 2014-10-21 08:18 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-10-21 08:18 - 2014-10-21 08:18 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2014-10-21 08:18 - 2014-10-21 08:18 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2014-10-21 08:18 - 2014-10-21 08:18 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-10-21 08:18 - 2014-10-21 08:18 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2014-10-21 08:18 - 2014-10-21 08:18 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2014-10-21 08:18 - 2014-10-21 08:18 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2014-10-21 08:18 - 2014-10-21 08:18 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2014-10-21 08:18 - 2014-10-21 08:18 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2014-10-21 08:18 - 2014-10-21 08:18 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2014-10-21 07:13 - 2014-10-21 07:13 - 00000134 _____ () C:\Users\Michael\Desktop\Internet Explorer Troubleshooting.url
2014-10-21 06:52 - 2014-10-21 06:52 - 00000792 _____ () C:\windows\ie8_main.log
2014-10-21 06:44 - 2014-10-21 06:44 - 00000000 ____D () C:\Users\David\AppData\Roaming\Intel Corporation
2014-10-21 06:43 - 2014-11-13 21:51 - 00245544 _____ () C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-21 06:43 - 2014-11-13 21:51 - 00000000 ____D () C:\Users\David\AppData\Local\LogMeIn Hamachi
2014-10-21 06:43 - 2014-11-02 07:40 - 00003954 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{7F5D06F2-B7DA-41ED-BFB1-0F6D453CCF7D}
2014-10-21 06:43 - 2014-10-30 19:53 - 00000000 ____D () C:\Users\David\AppData\Local\Adobe
2014-10-21 06:43 - 2014-10-21 06:44 - 00000000 ____D () C:\Users\David\AppData\Roaming\Google
2014-10-21 06:43 - 2014-10-21 06:43 - 00001413 _____ () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-21 06:43 - 2014-10-21 06:43 - 00000000 __SHD () C:\Users\David\AppData\Local\EmieUserList
2014-10-21 06:43 - 2014-10-21 06:43 - 00000000 __SHD () C:\Users\David\AppData\Local\EmieSiteList
2014-10-21 06:43 - 2014-10-21 06:43 - 00000000 ____D () C:\Users\David\AppData\Roaming\Synaptics
2014-10-21 06:43 - 2014-10-21 06:43 - 00000000 ____D () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-21 06:43 - 2014-10-21 06:43 - 00000000 ____D () C:\Users\David\AppData\Roaming\hpqLog
2014-10-21 06:43 - 2014-10-21 06:43 - 00000000 ____D () C:\Users\David\AppData\Roaming\Hewlett-Packard
2014-10-21 06:43 - 2014-10-21 06:43 - 00000000 ____D () C:\Users\David\AppData\Roaming\Adobe
2014-10-21 06:43 - 2014-10-21 06:43 - 00000000 ____D () C:\Users\David\AppData\Local\Wondershare
2014-10-21 06:43 - 2014-10-21 06:43 - 00000000 ____D () C:\Users\David\AppData\Local\PDFC
2014-10-21 06:43 - 2014-10-21 06:43 - 00000000 ____D () C:\Users\David\AppData\Local\LogMeIn
2014-10-21 06:43 - 2014-10-21 06:43 - 00000000 ____D () C:\Users\David\AppData\Local\Google
2014-10-21 06:43 - 2014-10-21 06:43 - 00000000 ____D () C:\Users\David\AppData\Local\Broadcom
2014-10-21 06:42 - 2014-11-13 16:05 - 00000000 ____D () C:\Users\David
2014-10-21 06:42 - 2014-05-20 06:08 - 00000000 ____D () C:\Users\David\AppData\Roaming\Macromedia
2014-10-21 06:42 - 2014-05-15 06:34 - 00000000 ____D () C:\Users\David\AppData\Local\Microsoft Help
2014-10-21 06:42 - 2011-02-10 21:19 - 00000020 ___SH () C:\Users\David\ntuser.ini
2014-10-21 06:42 - 2009-07-13 20:54 - 00000000 ___RD () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-21 06:42 - 2009-07-13 20:49 - 00000000 ___RD () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-20 15:46 - 2014-05-17 10:13 - 00000152 _____ () C:\windows\system32\config\netlogon.ftl
2014-11-20 15:32 - 2014-05-17 17:10 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-20 15:16 - 2014-07-15 18:39 - 00000000 ____D () C:\Program Files (x86)\The KMPlayer
2014-11-20 14:50 - 2014-07-13 10:14 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-20 14:08 - 2014-05-17 10:06 - 00000000 ____D () C:\Support
2014-11-20 12:39 - 2009-07-13 21:13 - 00786622 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-20 10:27 - 2014-04-11 13:52 - 01560601 _____ () C:\windows\WindowsUpdate.log
2014-11-20 10:12 - 2014-04-11 13:28 - 00000000 ____D () C:\ProgramData\PDFC
2014-11-20 09:23 - 2014-05-20 21:42 - 00003962 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{1504B2BB-D165-4FD3-8D77-6E3A70F27D3B}
2014-11-20 09:20 - 2009-07-13 20:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-20 09:20 - 2009-07-13 20:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-20 09:14 - 2014-05-20 21:42 - 00000000 ____D () C:\Users\Michael\AppData\Local\LogMeIn Hamachi
2014-11-20 09:14 - 2014-05-17 17:10 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-20 09:12 - 2009-07-13 21:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-20 09:11 - 2014-04-11 14:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-20 09:11 - 2009-07-13 20:51 - 00062682 _____ () C:\windows\setupact.log
2014-11-19 17:44 - 2014-05-22 12:39 - 00000000 ___RD () C:\Users\Michael\Desktop\Michael's Briefcase
2014-11-19 15:41 - 2014-05-14 14:32 - 00000166 _____ () C:\windows\SysWOW64\DOErrors.log
2014-11-17 22:56 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\rescache
2014-11-17 19:31 - 2009-07-13 20:45 - 05920400 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-17 18:37 - 2014-05-13 16:56 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-17 18:18 - 2014-05-14 12:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-17 18:15 - 2014-05-13 14:44 - 00000000 ____D () C:\windows\system32\MRT
2014-11-17 18:10 - 2014-05-13 14:43 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-17 12:05 - 2014-05-20 07:08 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-11-16 00:50 - 2014-07-13 10:14 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-16 00:50 - 2014-04-11 13:29 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-16 00:50 - 2014-04-11 13:29 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-15 19:12 - 2014-05-19 14:36 - 00000000 ____D () C:\UNZIPPED
2014-11-15 13:08 - 2014-05-20 21:42 - 00000000 ____D () C:\Users\Michael\AppData\Local\Adobe
2014-11-13 22:49 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\system32\NDF
2014-11-13 22:27 - 2014-05-17 17:10 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 22:27 - 2014-05-17 17:10 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 21:51 - 2009-07-13 21:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-11-13 21:31 - 2010-11-20 19:47 - 00101008 _____ () C:\windows\PFRO.log
2014-11-13 20:19 - 2014-07-14 12:15 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-13 20:15 - 2009-07-13 18:34 - 00000215 _____ () C:\windows\system.ini
2014-11-13 19:09 - 2014-05-13 13:20 - 00003954 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{458A75B3-40D6-4024-9AAF-47750EB2C4C2}
2014-11-13 19:08 - 2014-08-07 15:22 - 00000000 ____D () C:\Users\Administrater\AppData\Local\Google
2014-11-13 19:06 - 2014-05-24 08:59 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-11-13 19:06 - 2014-05-15 04:50 - 00000000 ____D () C:\Users\Administrater\AppData\Local\LogMeIn Hamachi
2014-11-13 19:06 - 2014-05-13 13:20 - 00245544 _____ () C:\Users\Administrater\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-13 17:09 - 2014-05-20 21:42 - 00000000 ____D () C:\Users\Michael
2014-11-13 17:09 - 2014-04-11 13:59 - 00000000 ____D () C:\windows\Options
2014-11-13 16:05 - 2014-05-25 19:15 - 00000000 ____D () C:\windows\system32\Macromed
2014-11-13 16:05 - 2014-05-17 11:17 - 00000000 ____D () C:\Users\Administrater.CONSIDEREDFAITH
2014-11-13 16:05 - 2014-05-13 13:16 - 00000000 ____D () C:\Users\Administrater
2014-11-13 16:05 - 2014-04-11 13:29 - 00000000 ____D () C:\windows\SysWOW64\Macromed
2014-11-13 16:05 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\security
2014-11-13 16:05 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-11-13 16:04 - 2014-09-30 07:52 - 00000000 ____D () C:\Users\Michael\Desktop\Digicentric Remote Desktops
2014-11-13 16:04 - 2014-05-22 13:16 - 00000000 ____D () C:\Users\Michael\Documents\Digicentric
2014-11-13 16:04 - 2014-05-21 14:19 - 00000000 ____D () C:\Users\Michael\AppData\Local\MicroVision Applications
2014-11-13 16:04 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\AppCompat
2014-11-13 16:02 - 2014-05-14 19:03 - 00000000 ____D () C:\Program Files (x86)\Burrrn
2014-11-13 16:02 - 2014-05-13 15:32 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-11-13 16:02 - 2014-04-11 14:35 - 00000000 ____D () C:\ProgramData\Skype
2014-11-13 16:02 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-13 15:58 - 2014-04-11 12:12 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-13 15:57 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\registration
2014-11-13 15:51 - 2014-05-20 05:58 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-11 12:29 - 2014-09-03 09:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-10 16:07 - 2014-05-22 13:15 - 00001882 _____ () C:\Users\Michael\Desktop\Rkill.txt
2014-11-10 14:27 - 2014-05-19 14:36 - 00000000 ____D () C:\TEMP
2014-11-06 12:27 - 2014-05-20 21:42 - 00245544 _____ () C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-06 05:21 - 2014-05-20 21:42 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Adobe
2014-11-03 22:08 - 2014-05-30 07:41 - 00000000 ____D () C:\Users\Michael\AppData\Local\Deployment
2014-11-03 13:16 - 2014-05-30 07:41 - 00000000 ____D () C:\Users\Michael\AppData\Local\Apps\2.0
2014-11-03 03:47 - 2014-05-17 11:18 - 00000000 ____D () C:\Users\Administrater.CONSIDEREDFAITH\AppData\Local\LogMeIn Hamachi
2014-11-02 20:41 - 2014-05-17 11:17 - 00003986 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{ED9A3F32-3AF4-48AA-9516-241568F8FCE6}
2014-11-02 03:47 - 2014-05-17 12:06 - 00000000 ____D () C:\windows\System32\Tasks\Games
2014-11-01 15:01 - 2009-07-13 19:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-10-30 19:52 - 2014-07-10 10:30 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities
2014-10-30 19:52 - 2014-05-14 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
2014-10-30 16:46 - 2014-05-22 13:16 - 00000000 ____D () C:\Users\Michael\Documents\My Widgets
2014-10-30 08:19 - 2014-07-14 12:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-30 03:25 - 2010-11-20 19:27 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-10-27 13:29 - 2014-08-02 13:29 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-24 13:08 - 2014-05-28 12:37 - 00000132 _____ () C:\Users\Michael\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-10-21 08:22 - 2014-05-13 15:57 - 00033615 _____ () C:\windows\IE11_main.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-15 01:00

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2014
Ran by michael at 2014-11-20 15:48:15
Running from C:\Support\Malware Tools\1-Fabar Recover Scan Tool
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{FBB02B04-C034-4382-A3F6-57416E2752C4}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Advanced Font Viewer 5.1 (HKLM-x32\...\Advanced Font Viewer_is1) (Version:  - Alexander G Styopkin)
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.28.0 - Alcor Micro Corp.)
Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.28.0 - Alcor Micro Corp.) Hidden
Anvi Browser Repair Tool (HKLM-x32\...\Anvi Browser Repair Tool) (Version: 2.0 - Anvisoft)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.3.0 - SlySoft)
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.39 - ArcSoft)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
AVStoDVD 2.7.5 (HKLM-x32\...\AVStoDVD) (Version: 2.7.5 - MrC)
Broadcom Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2300 - Broadcom Corporation)
Bulk Rename Utility 2.7.1.2 (HKLM-x32\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
FlexiMusic Wave Editor (HKLM-x32\...\FlexiMusic Wave Editor_is1) (Version:  - Ponnuchamy Varatharaj - FlexiMusic.com)
foobar2000 v1.3.5 (HKLM-x32\...\foobar2000) (Version: 1.3.5 - Peter Pawlowski)
Free Alarm Clock 2.7.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 2.7 - Comfort Software Group)
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 5.20 - Philipp Winterberg)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP 3D DriveGuard (HKLM\...\{C0C9A493-51CB-4F3F-A296-5B5E410C338E}) (Version: 5.0.9.0 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{F5AEB2E2-F856-448F-8C32-46CA5C6149FE}) (Version: 4.5.27.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{11B945E6-B81D-4265-9F33-21D72682E1C9}) (Version: 1.1.1.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.9.8004.0_WHQL - Sonix)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.5.13.1 - Hewlett-Packard Company)
HP Performance Advisor (HKLM-x32\...\{91ED9ADC-3FF3-4447-8C33-E6EBC5EEFAB8}) (Version: 1.4.3907 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{223AE3E8-4445-410F-8EDA-13EC137E3BDB}) (Version: 3.4.3.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{1DFA0C99-6E2E-46F4-B242-51C7CF41DDE5}) (Version: 4.5.12.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{C4E9E8A4-EEC4-4F9E-B140-520A8B75F430}) (Version: 2.4.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company)
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.27.17 - Roxio)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6398.0 - IDT)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 17.1 - Intel)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{705EE775-5776-48FD-B704-C3C9CF535420}) (Version: 15.1.1.0170 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
InViewer version 0.80 (HKLM-x32\...\{7E575733-1DF5-4064-AE38-289BA932398A}_is1) (Version: 0.80 - Stefan Wobbe)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.25.03 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.)
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C4}) (Version: 12.0.1.881 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 12.0.1.881 - Kaspersky Lab) Hidden
KMPlayer (HKLM-x32\...\The KMPlayer) (Version: 3.9.1.129 - PandoraTV)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.266 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.266 - LogMeIn, Inc.) Hidden
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mp3tag v2.62 (HKLM-x32\...\Mp3tag) (Version: v2.62 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA nView 140.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.62 - NVIDIA Corporation)
NVIDIA WMI 2.14.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.14.0 - NVIDIA Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.93 - PDF Complete, Inc)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SureThing CD Labeler Deluxe 4 (HKLM-x32\...\MVApplication1) (Version:  - )
SwordSearcher 4.6 Deluxe Edition (HKLM-x32\...\SwordSearcher_4_InnoSetup_is1) (Version: 4.6 Deluxe Edition - Brandon Staggs)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.1.6.2 - Synaptics Incorporated)
TreeSize Free V3.0.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.0.1 - JAM Software)
Unlocker 1.8.9 (HKLM-x32\...\Unlocker) (Version: 1.8.9 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Validity Fingerprint Sensor Driver (HKLM\...\{93581599-ECF1-4DCD-BE36-BD969A6C8DB5}) (Version: 4.4.213.0 - Validity Sensors, Inc.)
VIP Access SDK (1.1.0.7)  (HKLM-x32\...\VIP Access SDK) (Version: 1.1.0.7 - Symantec Inc.)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}) (Version: 15.0.10039 - WinZip Computing, S.L. )
XnConvert 1.63 (HKLM\...\XnConvert_is1) (Version: 1.63 - Gougelet Pierre-e)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

17-11-2014 05:42:21 Windows Update
18-11-2014 02:09:02 Windows Update
18-11-2014 20:21:40 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2014-11-17 12:02 - 00000125 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {15D8FAD5-E69C-4FCF-A05B-37775ED5EC28} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {170EE5CD-0096-487C-983F-F3D070231CAE} - System32\Tasks\{2214A945-7D8C-F52D-43BC-AC7CF89EDA3C} => C:\windows\system32\jkdnnt.dll/s "C:\windows\system32\jkdnnt.dll"
Task: {1D4B1813-8A41-4558-97A0-8EE722F4DBB7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-17] (Google Inc.)
Task: {207E023D-EB22-43AF-BBEE-28BCB87752FC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {20DC794F-6C8D-422C-8C37-1D9FC8ECFAA0} - System32\Tasks\AdobeAAMUpdater-1.0-CONSIDEREDFAITH-michael => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {3146809F-E56B-4F63-BBC5-E43861F4553B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {3174F8FB-B78A-44BA-8361-49E7E190841D} - System32\Tasks\At1 => cmd.exe /c del /F /Q "C:\Support\Setup\XForce Keygen\adobe_master_collection_cs5_keygen_xforce.exe" <==== ATTENTION
Task: {3DBEB6C7-5A63-4147-ABF7-282104A4318D} - \BrowserSafeguard Update Task No Task File <==== ATTENTION
Task: {62189473-D10A-4ADE-997F-13C4F062803D} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2012-03-21] ()
Task: {634A9768-AEC1-4D7B-B9A1-80A2207F0B06} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-17] (Google Inc.)
Task: {651E9608-8CCE-4543-869D-B83C313303F2} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {68C73594-986C-493B-9F98-AC48BE8E8146} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3423800681-3491351388-3600878864-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {69C32217-F737-4CC9-8706-159539F3CE97} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {8EED3B0D-ED08-4FAF-B7BF-F5EA56FB950E} - System32\Tasks\AdobeAAMUpdater-1.0-CONSIDEREDFAITH-administrater => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {90E455CA-1FF5-4D2A-8BDD-FD2B69B3C2E2} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-16] (Adobe Systems Incorporated)
Task: {A81F0C87-C653-4B39-95F7-8CE68A7D6E33} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {F9E2DC4D-80A4-42F2-A3C2-9353A1ADA2CD} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3423800681-3491351388-3600878864-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-11 14:03 - 2013-08-29 14:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-03-08 18:52 - 2010-03-08 18:52 - 00015872 _____ () C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
2014-09-29 16:51 - 2014-09-29 16:51 - 00074664 _____ () C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
2012-02-10 13:26 - 2012-02-10 13:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2014-04-11 13:58 - 2012-03-28 09:38 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2014-04-11 14:04 - 2013-09-05 01:37 - 00496928 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2010-04-07 01:45 - 2010-04-07 01:45 - 00050176 _____ () C:\Program Files\Adobe\Adobe Photoshop CS5 (64 Bit)\QuickTimeGlue.dll
2010-03-08 18:55 - 2010-03-08 18:55 - 00004608 _____ () C:\Program Files (x86)\Unlocker\UnlockerHook.dll
2014-06-16 04:22 - 2012-05-25 03:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2014-09-04 13:04 - 2014-08-05 09:22 - 01489408 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-09-04 13:04 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-10-15 09:51 - 2014-10-15 09:51 - 00172544 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1eeea3ab8d69ec722bdcb28b8eb8dd75\IsdiInterop.ni.dll
2014-04-11 13:21 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2013-05-28 09:50 - 2013-05-28 09:50 - 00514570 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-04-11 13:57 - 2012-03-28 09:18 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2009-02-26 12:46 - 2009-02-26 12:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 10:46 - 2011-06-22 10:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2010-02-22 03:50 - 2010-02-22 03:50 - 00060416 _____ () C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\zlib1.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrater (S-1-5-21-3423800681-3491351388-3600878864-1001 - Administrator - Enabled) => C:\Users\Administrater
Administrator (S-1-5-21-3423800681-3491351388-3600878864-500 - Administrator - Disabled)
Guest (S-1-5-21-3423800681-3491351388-3600878864-501 - Limited - Disabled)
MDavenport (S-1-5-21-3423800681-3491351388-3600878864-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: qknfd
Description: qknfd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: qknfd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/20/2014 03:09:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 24cc4

Start Time: 01d00511ae0539e2

Termination Time: 140

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (11/20/2014 09:12:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 07:29:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fd0

Start Time: 01d0047118c34c7f

Termination Time: 15

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (11/19/2014 07:19:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2014 09:12:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 10:19:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2014 09:31:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2014 07:32:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2014 08:53:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/16/2014 11:45:17 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

System errors:
=============
Error: (11/20/2014 02:50:04 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.

Error: (11/20/2014 02:36:06 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (11/20/2014 02:29:41 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1053) (User: CONSIDEREDFAITH)
Description: The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (11/20/2014 00:54:52 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (11/20/2014 00:42:25 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1053) (User: CONSIDEREDFAITH)
Description: The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (11/20/2014 10:58:10 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1053) (User: CONSIDEREDFAITH)
Description: The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (11/20/2014 10:54:38 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (11/20/2014 09:26:34 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (11/20/2014 09:26:12 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1053) (User: CONSIDEREDFAITH)
Description: The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (11/20/2014 09:17:40 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Microsoft Office Sessions:
=========================
Error: (10/02/2014 06:56:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3768 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (07/17/2014 06:26:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 345 seconds with 120 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-11-13 16:44:37.860
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-13 16:44:37.844
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-13 16:44:37.813
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-13 16:44:37.782
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-30 12:37:50.174
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-30 12:37:50.147
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-07 16:29:47.990
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-07 16:29:47.943
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-07 16:29:47.912
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-07 16:29:47.865
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i5-3360M CPU @ 2.80GHz
Percentage of memory in use: 75%
Total physical RAM: 8123.47 MB
Available physical RAM: 1994.31 MB
Total Pagefile: 16245.12 MB
Available Pagefile: 9096.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:445.66 GB) (Free:97.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (My Passport) (Fixed) (Total:1862.98 GB) (Free:1346.05 GB) NTFS
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32
Drive g: (HP_RECOVERY) (Fixed) (Total:17.81 GB) (Free:2.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D145FE61)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=445.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0005F107)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

Errors, etc.:

 

1) All errors seem to be in IE 11

2) Script errors point to a different object every time.  As I think I posted, I have run at least 5 different scan products and followed some instructions to remove registry entries, but since it has been a couple of weeks, I couldn't share specific details.  I haven't seen any in a couple of days but I will save any I see.  Along with scans and registry mods, I have uninstalled and reinstalled IE.  I have run a different browser (Chrome) and not seen these problems.

3) Other errors include IE taking forever to load pages as obvious as Hotmail. Constantly failing to respond, often eventually stating "IE has stopped working" and asking if I want to recover the page?  Sometimes (often?) produces a message saying the webpage has stopped responding.  All of this appears across essentially all websites, behaving as if I have no internet connection though in the systray I see I certainly do have a connection.

4) On the other hand, sometimes I do see "no internet" for no apparent reason (I am well within range for my wireless antenna) and, when it lasts long enough, I have been able to demonstrate telnet will not work either.

5) Long delays trying to shutdown, stating a program has not stopped but, again, which one (I believe it is a true statement that it is not always identified, but again since I can get some help here I will begin keeping a log) I can't say.

 

I'm sorry I can't do better than this.  I'm an old man having more than the usual "old man memory problems."  I will keep logs if the steps you outline do not lead us to a solution.



#6 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:09 AM

Posted 24 November 2014 - 11:32 AM

Hello CaribbeanBlues,

I'm sorry I can't do better than this.  I'm an old man having more than the usual "old man memory problems."  I will keep logs if the steps you outline do not lead us to a solution.

No problem, you're doing fine.    :thumbup2:

 
Now let's get down to business....
 
===========================================
 
First thing to address is that you are running FRST from the following location: C:\Support\Malware Tools\1-Fabar Recover Scan Tool
 
I need you to move it from from there to your Desktop in order for the following steps to work properly.
 
===========================================

Uninstall Programs Using Programs and Features

  • Press and hold the Windows key + R on your keyboard.
  • In the Run box type appwiz.cpl and hit Enter.
  • Select the following programs and click Uninstall.
    • Yahoo! Messenger
  • Reboot your computer.

===========================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
    HKLM-x32\...\Run: [] => [X]
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dsites06_14_20_ie&cd=2XzuyEtN2Y1L1QzutByEyByBtDtA0C0Dzz0ByBzytDtC0CzytN0D0Tzu0SzzyCyDtN1L2XzutBtFtBtDtFzytFtCtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyB0CtCyB0CyEtD0AtGyDtA0DtCtGyC0FtDtBtGyEyD0FyEtGyBtByEzz0AyEyCtD0B0EyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0FyEtAtD0BzzzztGzy0DtD0AtGyEyEyBtDtGtB0B0ByEtGtD0AzzyE0B0Czz0E0F0Czzzy2Q&cr=1451373068&ir=
    SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
    SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dnldstr_14_21_ie&cd=2XzuyEtN2Y1L1QzuyB0AyBzytCzyyB0AtA0DtB0DtDtC0CzytN0D0Tzu0SzzyByCtN1L2XzutBtFtBtDtFtCyDtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEtCyC0EyEzyyCyEtGtAtDyE0EtGyBzztAtAtG0A0Dzz0CtGyDyBtAyCyC0B0EtByByDzytC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyD0B0FyEtAtB0DtGtBzyzy0FtGtA0E0A0DtGtC0BtDtBtGtCyB0AyEzz0Fzy0ByD0AyEyC2Q&cr=1544867919&ir=
    SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
    SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
    SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
    SearchScopes: HKU\S-1-5-21-1541233202-508910958-1139562469-1136 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1541233202-508910958-1139562469-1136 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
    SearchScopes: HKU\S-1-5-21-1541233202-508910958-1139562469-1136 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =
    SearchScopes: HKU\S-1-5-21-1541233202-508910958-1139562469-1136 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
    S1 qknfd; system32\drivers\qknfd.sys [X]
    FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    Task: {170EE5CD-0096-487C-983F-F3D070231CAE} - System32\Tasks\{2214A945-7D8C-F52D-43BC-AC7CF89EDA3C} => C:\windows\system32\jkdnnt.dll/s "C:\windows\system32\jkdnnt.dll"
    C:\windows\system32\jkdnnt.dll
    ProxyServer: [S-1-5-21-1541233202-508910958-1139562469-1136] => http=127.0.0.1:49182;https=127.0.0.1:49182
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===========================================

 

Lastly, your logs show evidence of pirated software:

127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com

Task: {3174F8FB-B78A-44BA-8361-49E7E190841D} - System32\Tasks\At1 => cmd.exe /c del /F /Q "C:\Support\Setup\XForce Keygen\adobe_master_collection_cs5_keygen_xforce.exe"  

While I will continue to help you, note that pirated software may or may not be related to issues you are experiencing as you do not know if someone has modified the program.

 

Only software directly from the publisher can be trusted. I encourage you to remove the pirated copy of this software and purchase the legitimate version.

 

===========================================

 

What I'd like to see in your next post:

  • Confirmation that you moved FRST to your Desktop
  • Confirmation that Yahoo Messenger was uninstalled successfully.
  • Fixlog.txt

Edited by TheShooter93, 24 November 2014 - 11:33 AM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#7 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:09 AM

Posted 27 November 2014 - 06:09 PM

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#8 CaribbeanBlues

CaribbeanBlues
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 28 November 2014 - 12:27 AM

Sorry again.  School, mom, Thanksgiving.  I have kept a log of the various problems, though the script errors have stopped and I am very rarely unable to connect to the internet since my last scan.  Do I need to rerun this product after placing it on my desktop?  I will pursue this in the morning.  Thank you for your help and your patience.



#9 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:09 AM

Posted 28 November 2014 - 01:59 AM

Link to Thread

 

Hi CaribbeanBlues,

 

No problem - I'm just required to bump the thread after 3 days of inactivity. Happy Thanksgiving, by the way. :)

Do I need to rerun this product after placing it on my desktop?  I will pursue this in the morning. 

Make the first thing you do moving FRST to your desktop, then follow the steps in my last post.

 

As a final step that I did not include in my previous post, do re-run FRST, check the box next to "Addition.txt", and click "Scan". Again, this is after following all the directions in my last post.


Edited by TheShooter93, 28 November 2014 - 02:01 AM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#10 CaribbeanBlues

CaribbeanBlues
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 30 November 2014 - 08:53 PM

Sorry...  I probably should drop this until I can be responsive.  I have another computer to use, and I apologize for spending your time when I can't follow through at any reasonable pace...



#11 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:09 AM

Posted 30 November 2014 - 10:27 PM

If it would be easier for you to start fresh at another time that is perfectly fine, just let me know what you would like to do. :)


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#12 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:09 AM

Posted 03 December 2014 - 08:41 AM

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.

 

---------------------------------------

 

Please let me know about the answer to my last post as well.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#13 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:09 PM

Posted 05 December 2014 - 10:40 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users