Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet disconnects, DNS Problems, AAM Updates Notifier virus?


  • This topic is locked This topic is locked
11 replies to this topic

#1 snickers0

snickers0

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 05 March 2015 - 04:09 PM

Hi - Thank you in advance for any help that you can provide.

 

About 2 weeks ago my internet became slow and my computer started disconnecting from the internet. Sometimes it will reconnect, mostly  I will restart my computer and router to get reconnected. My ISP says it is on my end. I bought a new router, same problem, I bypassed the router and plugged straight into my computer, same problem.

 

Recently AAM Updates Notifier is starting, when it had not before. I have many adobe programs but never noticed this icon in my system tray. Not sure if that is related, but after google, it seems this might be a virus spoofing this program.

 

I checked in device manager and my Ethernet Controller and Network Controller have no drivers and can not find drivers. I think that is new. Possible they were deleted by virus?

 

I downloaded glasswire to view network info. I don't know what I'm looking for but I think my password manager (sticky password) is connecting to hosts that it shouldn't. I also see a lot of DNs server setting changes.

 

I have not gone to my banking website after reading about bank site spoofing attacks.

 

Malwarebytes scan is clean, MSE scan is clean. Bitdefender online scanner is clean. I tried ESET scanner and it found 3 unwanted programs but they were with some old but legit programs.

 

Editing to add: When this problem first started and I discovered bleeping computer I downloaded RogueKiller to scan my computer, I would hang after about 40% and I had to restart.

 

 

 I followed the preparation guide and have FRST logs to post.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
Ran by Ron (administrator) on RON-PC on 04-03-2015 20:01:00
Running from C:\Users\Ron\Desktop
Loaded Profiles: Ron (Available profiles: Ron)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Xp-Zed.com) C:\Program Files\xp-zed\hddb\Hddb_Srv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Marvell) C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
() C:\Windows\SysWOW64\NMSAccessU.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Graphic Tablet Company Shenzhen) C:\Program Files\PenDisplay\PenDisplay.exe
(Lamantine Software a.s.) C:\Program Files (x86)\Sticky Password\stpass.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(FolderActions.com) C:\Program Files (x86)\Folder Actions for Windows\FolderActions.exe
(Microsoft Corporation) C:\Users\Ron\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(KEDMI Scientific Computing) C:\Program Files (x86)\tinySpell\tinyspell.exe
(SanDisk Corporation) C:\Users\Ron\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(Dropbox, Inc.) C:\Users\Ron\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\EPUShortCut.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7192792 2013-07-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LgDeviceAgent] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415816 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2412616 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [TabletDriver] => C:\Program Files\PenDisplay\PenDisplay.exe [1141464 2015-02-05] (Graphic Tablet Company Shenzhen)
HKLM-x32\...\Run: [MSUTray] => C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe [1213952 2012-06-12] ()
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3978920838-4042057555-1546727288-1000\...\Run: [StickyPassword] => C:\Program Files (x86)\Sticky Password\stpass.exe [8326968 2014-09-25] (Lamantine Software a.s.)
HKU\S-1-5-21-3978920838-4042057555-1546727288-1000\...\Run: [Folder Actions] => C:\Program Files (x86)\Folder Actions for Windows\folderactions.exe [2278400 2012-09-17] (FolderActions.com)
HKU\S-1-5-21-3978920838-4042057555-1546727288-1000\...\Run: [SkyDrive] => C:\Users\Ron\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-24] (Microsoft Corporation)
HKU\S-1-5-21-3978920838-4042057555-1546727288-1000\...\Run: [tinySpell] => C:\Program Files (x86)\tinySpell\tinyspell.exe [559616 2014-02-25] (KEDMI Scientific Computing)
HKU\S-1-5-21-3978920838-4042057555-1546727288-1000\...\Run: [SansaDispatch] => C:\Users\Ron\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [1465616 2014-10-25] (SanDisk Corporation)
HKU\S-1-5-21-3978920838-4042057555-1546727288-1000\...\Run: [Google Update] => C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-14] (Google Inc.)
HKU\S-1-5-21-3978920838-4042057555-1546727288-1000\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [10571048 2015-02-18] (SecureMix LLC)
Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ron\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ron\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ron\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ron\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ron\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ron\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ron\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ron\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3978920838-4042057555-1546727288-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: QTTabBar AutoLoader -> {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: QTTabBar AutoLoader -> {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - QTTabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - QTTab Standard Buttons - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - QTTabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - QTTab Standard Buttons - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\2kfgp0w1.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: file:///C:/Files/My%20Life%20Management/Start%20Page/index.html
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll (Skype)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-3978920838-4042057555-1546727288-1000: @stickypassword.com/Sticky Password -> C:\Program Files (x86)\Sticky Password\npspAutofill.dll (Lamantine Software a.s.)
FF Plugin HKU\S-1-5-21-3978920838-4042057555-1546727288-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3978920838-4042057555-1546727288-1000: @talk.google.com/O1DPlugin -> C:\Users\Ron\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3978920838-4042057555-1546727288-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3978920838-4042057555-1546727288-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3978920838-4042057555-1546727288-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ron\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3978920838-4042057555-1546727288-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Ron\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Ron\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\2kfgp0w1.default\searchplugins\youtube-video-search.xml
FF Extension: Bitdefender QuickScan - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\2kfgp0w1.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-06-11]
FF Extension: Classic Theme Restorer - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\2kfgp0w1.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-10]
FF Extension: YouTube Center - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\2kfgp0w1.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2013-11-15]
FF Extension: Youtube Subscriptions Grid - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\2kfgp0w1.default\Extensions\jid1-PmCaAQKMFABjHg@jetpack.xpi [2014-11-24]
FF Extension: Stylish - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\2kfgp0w1.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2013-11-15]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-02-25]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-11-16]
FF HKU\S-1-5-21-3978920838-4042057555-1546727288-1000\...\Firefox\Extensions: [{54affe52-8223-453b-be1e-2fe2e250045c}] - C:\Users\Ron\AppData\Roaming\Lamantine\Sticky Password\spAutofill
FF Extension: Sticky Password Autofill Engine - C:\Users\Ron\AppData\Roaming\Lamantine\Sticky Password\spAutofill [2013-11-17]
FF HKU\S-1-5-21-3978920838-4042057555-1546727288-1000\...\Thunderbird\Extensions: [{54affe52-8223-453b-be1e-2fe2e250045c}] - C:\Users\Ron\AppData\Roaming\Lamantine\Sticky Password\spAutofill

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-11]
CHR Extension: (YouTube) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-14]
CHR Extension: (Google Search) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-14]
CHR Extension: (Sticky Password Autofill Engine) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggepjhbdgijjkbelnggboeoehacbphed [2014-07-12]
CHR Extension: (YouTube) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijoffpmfcdnncgblkdnobhomnjnkofdm [2014-09-24]
CHR Extension: (Start!) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniabgbbmccaomaocmhcfioahgipigbh [2014-06-24]
CHR Extension: (Skype Click to Call) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-11-17]
CHR Extension: (Google Search) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfpjmkngecpnnajkmdhplmeoelenkpgk [2014-09-24]
CHR Extension: (Google Wallet) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-14]
CHR Extension: (Gmail) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-14]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-06-04] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-07-31] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe [1656464 2013-08-08] (ASUSTeK Computer Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-16] (NVIDIA Corporation)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [6309672 2015-02-18] (SecureMix LLC)
R2 Hddb_Service; C:\Program Files\xp-zed\hddb\Hddb_Srv.exe [152576 2014-11-02] (Xp-Zed.com) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-13] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 MSUWebService; C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe [24645 2011-11-21] (Apache Software Foundation) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NMSAccess; C:\Windows\SysWOW64\NMSAccessU.exe [71096 2009-01-12] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-16] (NVIDIA Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [47512 2013-01-10] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-13] ()
R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [33296 2015-02-18] (SecureMix LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R3 Mv_Process; c:\windows\syswow64\mv_process.sys [14376 2011-11-21] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-01-24] ()
R3 vmulti; C:\Windows\System32\DRIVERS\vmulti.sys [10752 2014-09-16] (Windows ® Win 7 DDK provider)
S3 ALSysIO; \??\C:\Users\Ron\AppData\Local\Temp\ALSysIO64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 20:01 - 2015-03-04 20:01 - 00031403 _____ () C:\Users\Ron\Desktop\FRST.txt
2015-03-04 20:00 - 2015-03-04 20:01 - 00000000 ____D () C:\FRST
2015-03-04 19:59 - 2015-03-04 19:59 - 02092544 _____ (Farbar) C:\Users\Ron\Desktop\FRST64.exe
2015-03-03 22:34 - 2015-03-03 22:34 - 00000219 _____ () C:\Users\Ron\Desktop\Art Fundamentals Learning to Draw from the Ground Up.URL
2015-03-03 22:32 - 2015-03-03 22:32 - 00000208 _____ () C:\Users\Ron\Desktop\Lesson 1 Lines, Ellipses and Boxes.URL
2015-03-02 22:01 - 2015-03-02 22:01 - 00000216 _____ () C:\Users\Ron\Desktop\Figure Drawing References.URL
2015-03-02 21:57 - 2015-03-02 21:57 - 00000224 _____ () C:\Users\Ron\Desktop\(1) Dynamic poses on Pinterest 964 Pins.URL
2015-03-02 20:23 - 2015-03-02 20:23 - 00000232 _____ () C:\Users\Ron\Desktop\What is Unreal Engine 4.URL
2015-03-01 21:03 - 2015-03-01 21:03 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GlassWire 1.0
2015-03-01 21:02 - 2015-03-01 21:03 - 00000000 ____D () C:\Program Files (x86)\GlassWire
2015-03-01 17:25 - 2015-03-01 17:25 - 00000223 _____ () C:\Users\Ron\Desktop\▶ VHS Glitch - Evil Technology [Full Album] - YouTube.URL
2015-03-01 15:40 - 2015-03-01 15:40 - 00001721 _____ () C:\Users\Ron\Desktop\Untitled.gde
2015-03-01 15:37 - 2015-03-01 15:37 - 00000999 _____ () C:\Users\Ron\Desktop\The Guide.lnk
2015-03-01 15:37 - 2015-03-01 15:37 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Guide
2015-03-01 15:37 - 2015-03-01 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Guide
2015-03-01 15:37 - 2015-03-01 15:37 - 00000000 ____D () C:\Program Files (x86)\The Guide
2015-03-01 01:20 - 2015-03-01 01:20 - 00000223 _____ () C:\Users\Ron\Desktop\▶ [STREAM] Going Berserk - YouTube.URL
2015-02-28 03:16 - 2015-02-28 03:16 - 00000000 ____D () C:\Users\Ron\Desktop\ResophNotes157
2015-02-28 03:14 - 2015-02-28 03:14 - 00000000 ____D () C:\Users\Ron\Desktop\hellish-simplicity.1.6.3
2015-02-28 03:11 - 2015-02-28 03:11 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-02-28 02:58 - 2015-02-28 02:58 - 00000000 ____D () C:\Users\Ron\Desktop\DAUB_Pencils
2015-02-28 01:54 - 2015-03-04 18:06 - 00002982 _____ () C:\Windows\setupact.log
2015-02-28 01:54 - 2015-02-28 01:54 - 00005616 _____ () C:\Windows\DPINST.LOG
2015-02-28 01:54 - 2015-02-28 01:54 - 00000836 _____ () C:\Users\Public\Desktop\PenDisplay.lnk
2015-02-28 01:54 - 2015-02-28 01:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PenDisplay
2015-02-28 01:54 - 2015-02-28 01:54 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-28 01:54 - 2015-02-05 16:31 - 00042200 _____ (Graphics Tablet) C:\Windows\system32\wintab32.dll
2015-02-28 01:54 - 2015-02-05 16:31 - 00037592 _____ (Graphics Tablet) C:\Windows\SysWOW64\wintab32.dll
2015-02-28 01:33 - 2015-02-28 01:54 - 00000000 ____D () C:\Program Files\PenDisplay
2015-02-26 01:45 - 2015-01-08 18:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-26 01:45 - 2015-01-08 18:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-25 22:50 - 2015-02-25 22:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-17 21:50 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-17 21:50 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-17 21:50 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-17 21:50 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-12 22:46 - 2015-03-04 19:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-12 22:46 - 2015-02-12 22:46 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-12 22:46 - 2015-02-12 22:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-12 22:46 - 2015-02-12 22:46 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-12 22:14 - 2015-02-12 22:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-12 20:56 - 2015-02-12 20:56 - 00000218 _____ () C:\Users\Ron\.recently-used.xbel
2015-02-11 22:29 - 2015-03-04 20:00 - 00370592 _____ () C:\Windows\backend.log
2015-02-11 21:23 - 2015-02-11 21:23 - 00002179 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk
2015-02-11 21:23 - 2015-02-11 21:23 - 00000000 ____D () C:\Program Files (x86)\Cisco Systems
2015-02-11 21:22 - 2015-02-11 21:22 - 00000000 ____D () C:\ProgramData\Cisco Systems
2015-02-11 19:49 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 19:49 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 19:49 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-11 19:49 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 01:09 - 2015-02-11 01:09 - 00000208 _____ () C:\Users\Ron\Desktop\Grimdark Magazine.URL
2015-02-10 18:16 - 2015-02-03 22:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-10 18:16 - 2015-02-03 22:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-10 18:16 - 2015-02-03 22:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-10 18:16 - 2015-02-03 22:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-10 18:16 - 2015-02-03 22:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-10 18:16 - 2015-02-03 22:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-10 18:16 - 2015-02-03 22:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-10 18:16 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-10 18:16 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 18:16 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 18:16 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 18:16 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 18:16 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 18:16 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-10 18:16 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 18:16 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 18:16 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-10 18:16 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 18:16 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 18:16 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-10 18:16 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 18:16 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 18:16 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-10 18:16 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 18:16 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 18:16 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-10 18:16 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 18:16 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 18:16 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 18:16 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-10 18:16 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 18:16 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-10 18:16 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-10 18:16 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 18:16 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 18:16 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 18:16 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-10 18:16 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-10 18:16 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-10 18:16 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-10 18:16 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 18:16 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 18:16 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 18:16 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-10 18:16 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 18:16 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 18:16 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 18:16 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-10 18:16 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-10 18:16 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-10 18:16 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 18:16 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 18:16 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 18:16 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-10 18:16 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 18:16 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 18:16 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 18:16 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 18:16 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 18:16 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 18:16 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-10 18:16 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 18:16 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-10 18:16 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-10 18:16 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-10 18:16 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-10 18:16 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-10 18:16 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-10 18:16 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-10 18:16 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 18:16 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-10 18:16 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-10 18:16 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-10 18:16 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-10 18:15 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 18:15 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 18:15 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 18:15 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 18:15 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 18:15 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 18:15 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 18:15 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 18:15 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 18:15 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 18:15 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 18:15 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-10 18:15 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-10 18:15 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-10 18:15 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 18:15 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-10 18:15 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 18:15 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 18:15 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 18:15 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-10 18:15 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-10 18:15 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-10 18:15 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-10 18:15 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 18:15 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-10 18:15 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 18:15 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 18:15 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 18:15 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-10 18:15 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-10 18:15 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 18:15 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 18:15 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 18:15 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 18:15 - 2014-10-03 21:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-10 18:15 - 2014-10-03 20:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-10 18:15 - 2014-10-03 20:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-04 23:32 - 2015-02-04 23:38 - 00000000 ____D () C:\Users\Ron\Desktop\mbar

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 20:01 - 2013-11-14 11:21 - 00000512 _____ () C:\Windows\SysWOW64\za_mv_raid.ev
2015-03-04 20:01 - 2011-11-21 22:08 - 00222208 _____ () C:\Windows\SysWOW64\freqdb.db
2015-03-04 19:50 - 2013-11-21 20:57 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3978920838-4042057555-1546727288-1000UA.job
2015-03-04 19:41 - 2013-11-14 10:01 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-04 18:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-04 18:41 - 2013-11-14 10:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-04 18:26 - 2014-02-13 08:44 - 00004956 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Ron-PC-Ron Ron-PC
2015-03-04 18:16 - 2014-06-27 08:57 - 00000000 ____D () C:\Users\Ron\AppData\Local\Adobe
2015-03-04 18:13 - 2009-07-13 23:45 - 00032096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-04 18:13 - 2009-07-13 23:45 - 00032096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-04 18:12 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-04 18:07 - 2013-11-14 12:53 - 01645962 _____ () C:\Windows\WindowsUpdate.log
2015-03-04 18:06 - 2014-02-02 14:38 - 00000000 ___RD () C:\Users\Ron\SkyDrive
2015-03-04 18:06 - 2013-11-16 12:32 - 1062656000 _____ () C:\Users\Ron\AppData\Local\SageThumbs.db3
2015-03-04 18:06 - 2013-11-16 08:59 - 00000000 ___RD () C:\Users\Ron\Dropbox
2015-03-04 18:06 - 2013-11-16 08:56 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\Dropbox
2015-03-04 18:06 - 2013-11-14 11:20 - 00059384 _____ () C:\Windows\SysWOW64\mvaccelerator.log
2015-03-04 18:06 - 2013-11-14 10:47 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-04 18:06 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-04 00:50 - 2013-11-21 20:57 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3978920838-4042057555-1546727288-1000Core.job
2015-03-03 20:03 - 2014-12-10 21:34 - 00000000 ____D () C:\ProgramData\69B6DBD2-8E05-476F-B662-CF8D235FD499
2015-03-03 18:47 - 2013-11-17 23:52 - 00000000 ___SD () C:\Users\Ron\Documents\Sticky Passwords
2015-03-03 08:17 - 2010-11-20 22:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-01 21:03 - 2015-01-04 00:13 - 00001905 _____ () C:\Users\Ron\Desktop\GlassWire.lnk
2015-03-01 17:21 - 2014-06-11 15:00 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\QuickScan
2015-03-01 16:46 - 2013-11-30 18:55 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-01 15:52 - 2013-11-16 09:59 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\vlc
2015-03-01 15:46 - 2013-11-16 11:55 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\medit-1
2015-02-28 20:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-02-28 03:00 - 2014-12-25 21:51 - 00000000 ____D () C:\Users\Ron\Desktop\Unity Project
2015-02-28 03:00 - 2013-11-16 13:34 - 00000000 ____D () C:\ProgramData\Unity
2015-02-28 01:40 - 2015-01-04 17:03 - 00000000 ____D () C:\Users\Ron\AppData\Local\CrashDumps
2015-02-28 01:14 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-28 01:14 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-26 00:40 - 2013-11-14 11:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-24 11:36 - 2013-11-16 12:37 - 00000000 ____D () C:\Users\Ron\AppData\Local\Liquid Story Binder XE
2015-02-24 11:36 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-02-24 09:23 - 2014-02-05 10:37 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-24 08:37 - 2013-11-14 08:54 - 00000000 ____D () C:\Users\Ron
2015-02-20 23:10 - 2014-02-11 11:14 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\foobar2000
2015-02-18 17:30 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2015-02-18 03:35 - 2015-01-04 00:13 - 00008704 _____ () C:\Windows\system32\Drivers\gwdrv.cat
2015-02-18 03:24 - 2015-01-04 00:13 - 00033296 _____ (SecureMix LLC) C:\Windows\system32\Drivers\gwdrv.sys
2015-02-13 22:30 - 2013-11-16 08:57 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 20:56 - 2013-11-21 21:58 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\gtk-2.0
2015-02-11 21:50 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-11 19:45 - 2009-07-13 23:45 - 05115744 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 19:44 - 2014-12-10 19:00 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 19:44 - 2014-04-30 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 01:34 - 2014-12-30 20:40 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 01:33 - 2013-11-14 11:11 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-11 01:33 - 2013-11-14 11:11 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-11 01:33 - 2013-11-14 11:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-11 01:33 - 2013-11-14 11:10 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-11 01:32 - 2013-11-17 13:33 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 01:30 - 2013-11-17 13:33 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-06 00:45 - 2013-11-21 20:57 - 00003866 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3978920838-4042057555-1546727288-1000UA
2015-02-06 00:45 - 2013-11-21 20:57 - 00003470 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3978920838-4042057555-1546727288-1000Core
2015-02-05 16:31 - 2015-01-05 19:17 - 00042200 _____ (Graphics Tablet) C:\Windows\system32\wintab32rename (2).dll
2015-02-04 23:38 - 2014-01-06 16:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-04 23:32 - 2014-01-06 16:05 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-04 18:36 - 2013-11-14 10:01 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 18:36 - 2013-11-14 10:01 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2014-02-23 00:13 - 2014-02-23 00:13 - 0000132 _____ () C:\Users\Ron\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2014-02-13 22:53 - 2014-12-26 20:13 - 0000132 _____ () C:\Users\Ron\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-01-04 12:15 - 2015-01-04 15:08 - 0000108 _____ () C:\Users\Ron\AppData\Roaming\PureRef.ini
2013-12-13 04:11 - 2013-12-13 04:13 - 144752885 _____ () C:\Users\Ron\AppData\Local\ACCCx2_2_1_260.zip.aamdownload
2013-12-13 04:11 - 2013-12-13 04:13 - 0001817 _____ () C:\Users\Ron\AppData\Local\ACCCx2_2_1_260.zip.aamdownload.aamd
2015-01-24 14:00 - 2015-01-24 14:00 - 0001456 _____ () C:\Users\Ron\AppData\Local\Adobe Save for Web 12.0 Prefs
2013-11-19 22:15 - 2013-12-30 16:33 - 0007619 _____ () C:\Users\Ron\AppData\Local\resmon.resmoncfg
2013-11-16 12:32 - 2015-03-04 18:06 - 1062656000 _____ () C:\Users\Ron\AppData\Local\SageThumbs.db3

Some content of TEMP:
====================
C:\Users\Ron\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpusuos4.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-24 17:22

==================== End Of Log ============================

Attached Files


Edited by snickers0, 05 March 2015 - 05:06 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 AM

Posted 10 March 2015 - 04:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/569196 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 snickers0

snickers0
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 10 March 2015 - 07:51 PM

Hi - I still need help.

 

I haven't lost internet in a few days after configuring my router again.

 

There has been a new development. Three times my computer has gone crazy. Many programs opening by themselves. Desktop icons resized and rearranged, I had no control to click anything. My screens populated with a bunch of random programs. Using control +alt+delete got hung up on a blue screen. I had to turn off the power supply.

 

I downloaded Superantispyware and it cleared out a lot of tracking cookies but nothing else. I downloaded Kaspersky free scanner and it found two threats, on is a false positive.

 

This computer is Windows 7 64bit. I have my windows CD, It's an oem version if that matters.

 

My FRST log -

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-03-2015 01
Ran by Ron (administrator) on RON-PC on 10-03-2015 20:34:56
Running from C:\Users\Ron\Desktop
Loaded Profiles: Ron (Available profiles: Ron)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Xp-Zed.com) C:\Program Files\xp-zed\hddb\Hddb_Srv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Marvell) C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
() C:\Windows\SysWOW64\NMSAccessU.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Graphic Tablet Company Shenzhen) C:\Program Files\PenDisplay\PenDisplay.exe
(Lamantine Software a.s.) C:\Program Files (x86)\Sticky Password\stpass.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(FolderActions.com) C:\Program Files (x86)\Folder Actions for Windows\FolderActions.exe
(KEDMI Scientific Computing) C:\Program Files (x86)\tinySpell\tinyspell.exe
(SanDisk Corporation) C:\Users\Ron\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GlassWire.exe
(Microsoft Corporation) C:\Users\Ron\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
() C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe
(Dropbox, Inc.) C:\Users\Ron\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\EPUShortCut.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7192792 2013-07-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-04] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LgDeviceAgent] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415816 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2412616 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4725320 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [TabletDriver] => C:\Program Files\PenDisplay\PenDisplay.exe [1141464 2015-02-05] (Graphic Tablet Company Shenzhen)
HKLM-x32\...\Run: [MSUTray] => C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe [1213952 2012-06-12] ()
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-10] (Nuance Communications, Inc.)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3978920838-4042057555-1546727288-1000\...\Run: [StickyPassword] => C:\Program Files (x86)\Sticky Password\stpass.exe [8326968 2014-09-25] (Lamantine Software a.s.)
HKU\S-1-5-21-3978920838-4042057555-1546727288-1000\...\Run: [Folder Actions] => C:\Program Files (x86)\Folder Actions for Windows\folderactions.exe [2278400 2012-09-17] (FolderActions.com)
HKU\S-1-5-21-3978920838-4042057555-1546727288-1000\...\Run: [tinySpell] => C:\Program Files (x86)\tinySpell\tinyspell.exe [559616 2014-02-25] (KEDMI Scientific Computing)
HKU\S-1-5-21-3978920838-4042057555-1546727288-1000\...\Run: [SansaDispatch] => C:\Users\Ron\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [1465616 2014-10-25] (SanDisk Corporation)
HKU\S-1-5-21-3978920838-4042057555-1546727288-1000\...\Run: [Google Update] => C:\Users\Ron\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-14] (Google Inc.)
HKU\S-1-5-21-3978920838-4042057555-1546727288-1000\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [10571048 2015-02-18] (SecureMix LLC)
HKU\S-1-5-21-3978920838-4042057555-1546727288-1000\...\Run: [OneDrive] => C:\Users\Ron\AppData\Local\Microsoft\OneDrive\OneDrive.exe [281256 2015-03-06] (Microsoft Corporation)
HKU\S-1-5-21-3978920838-4042057555-1546727288-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-22] (SUPERAntiSpyware)
HKU\S-1-5-21-3978920838-4042057555-1546727288-1000\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ron\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Ron\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Ron\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Ron\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ron\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ron\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ron\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ron\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Ron\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Ron\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Ron\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ron\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ron\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ron\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3978920838-4042057555-1546727288-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-12-02] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-01-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-14] (Microsoft Corporation)
BHO: QTTabBar AutoLoader -> {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} -> C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2014-10-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-01-14] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-01-14] (Microsoft Corporation)
BHO-x32: QTTabBar AutoLoader -> {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM - QTTabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Toolbar: HKLM - QTTab Standard Buttons - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - QTTabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
Toolbar: HKLM-x32 - QTTab Standard Buttons - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-09-20] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\2kfgp0w1.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: file:///C:/Files/My%20Life%20Management/Start%20Page/index.html
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll [2013-12-04] (Skype)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-02-05] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-02-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-09-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-09-13] (NVIDIA Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll [2013-12-04] (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3978920838-4042057555-1546727288-1000: @stickypassword.com/Sticky Password -> C:\Program Files (x86)\Sticky Password\npspAutofill.dll [2014-09-25] (Lamantine Software a.s.)
FF Plugin HKU\S-1-5-21-3978920838-4042057555-1546727288-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ron\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-3978920838-4042057555-1546727288-1000: @talk.google.com/O1DPlugin -> C:\Users\Ron\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF Plugin HKU\S-1-5-21-3978920838-4042057555-1546727288-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3978920838-4042057555-1546727288-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ron\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-3978920838-4042057555-1546727288-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ron\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-18] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3978920838-4042057555-1546727288-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Ron\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Ron\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
FF SearchPlugin: C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\2kfgp0w1.default\searchplugins\youtube-video-search.xml [2013-05-04]
FF Extension: Bitdefender QuickScan - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\2kfgp0w1.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-06-11]
FF Extension: Classic Theme Restorer - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\2kfgp0w1.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-10]
FF Extension: YouTube Center - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\2kfgp0w1.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2013-11-15]
FF Extension: Youtube Subscriptions Grid - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\2kfgp0w1.default\Extensions\jid1-PmCaAQKMFABjHg@jetpack.xpi [2014-11-24]
FF Extension: Stylish - C:\Users\Ron\AppData\Roaming\Mozilla\Firefox\Profiles\2kfgp0w1.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2013-11-15]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-03-05]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-11-16]
FF HKU\S-1-5-21-3978920838-4042057555-1546727288-1000\...\Firefox\Extensions: [{54affe52-8223-453b-be1e-2fe2e250045c}] - C:\Users\Ron\AppData\Roaming\Lamantine\Sticky Password\spAutofill
FF Extension: Sticky Password Autofill Engine - C:\Users\Ron\AppData\Roaming\Lamantine\Sticky Password\spAutofill [2013-11-18]
FF HKU\S-1-5-21-3978920838-4042057555-1546727288-1000\...\Thunderbird\Extensions: [{54affe52-8223-453b-be1e-2fe2e250045c}] - C:\Users\Ron\AppData\Roaming\Lamantine\Sticky Password\spAutofill

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-11]
CHR Extension: (YouTube) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-14]
CHR Extension: (Google Search) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-14]
CHR Extension: (Sticky Password Autofill Engine) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggepjhbdgijjkbelnggboeoehacbphed [2014-07-12]
CHR Extension: (YouTube) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijoffpmfcdnncgblkdnobhomnjnkofdm [2014-09-24]
CHR Extension: (Start!) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniabgbbmccaomaocmhcfioahgipigbh [2014-06-24]
CHR Extension: (Skype Click to Call) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-11-17]
CHR Extension: (Google Search) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfpjmkngecpnnajkmdhplmeoelenkpgk [2014-09-24]
CHR Extension: (Google Wallet) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-14]
CHR Extension: (Gmail) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-14]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-06-04] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-07-31] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe [1656464 2013-08-08] (ASUSTeK Computer Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-16] (NVIDIA Corporation)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [6309672 2015-02-18] (SecureMix LLC)
R2 Hddb_Service; C:\Program Files\xp-zed\hddb\Hddb_Srv.exe [152576 2014-11-02] (Xp-Zed.com) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-13] (Intel Corporation)
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 MSUWebService; C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe [24645 2011-11-21] (Apache Software Foundation) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NMSAccess; C:\Windows\SysWOW64\NMSAccessU.exe [71096 2009-01-12] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-16] (NVIDIA Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [47512 2013-01-10] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-13] ()
R1 gwdrv; C:\Windows\System32\DRIVERS\gwdrv.sys [33296 2015-02-18] (SecureMix LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R3 Mv_Process; c:\windows\syswow64\mv_process.sys [14376 2011-11-21] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-01-24] ()
R3 vmulti; C:\Windows\System32\DRIVERS\vmulti.sys [10752 2014-09-16] (Windows ® Win 7 DDK provider)
S3 ALSysIO; \??\C:\Users\Ron\AppData\Local\Temp\ALSysIO64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-10 20:33 - 2015-03-10 20:33 - 00000000 ____D () C:\Users\Ron\Desktop\FRST-OlderVersion
2015-03-10 18:06 - 2015-03-10 18:06 - 00000000 ___HD () C:\OneDriveTemp
2015-03-10 00:24 - 2015-03-10 00:24 - 00001077 _____ () C:\Users\Ron\Desktop\Kaspersky Security Scan.lnk
2015-03-10 00:24 - 2015-03-10 00:24 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2015-03-10 00:24 - 2015-03-10 00:24 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-03-10 00:24 - 2015-03-10 00:24 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-03-10 00:22 - 2015-03-10 00:22 - 00364640 _____ (Kaspersky Lab) C:\Users\Ron\Downloads\kss12.0.1.808_6398_6399.exe
2015-03-09 23:58 - 2015-03-10 00:03 - 00000000 ____D () C:\AdwCleaner
2015-03-09 23:57 - 2015-03-09 23:57 - 02171392 _____ () C:\Users\Ron\Downloads\AdwCleaner.exe
2015-03-09 02:20 - 2015-03-09 02:20 - 00000000 _____ () C:\Users\Ron\Desktop\~training booklet~l$(a_$.idlk
2015-03-09 01:26 - 2015-03-09 01:26 - 00000000 ____D () C:\Users\Ron\Desktop\New folder
2015-03-09 00:16 - 2015-03-09 00:16 - 00000223 _____ () C:\Users\Ron\Desktop\▶ How to Draw Gaara (Fan Art) - YouTube.URL
2015-03-08 23:30 - 2015-03-08 23:30 - 00000223 _____ () C:\Users\Ron\Desktop\▶ Drawing For Comics FreeWebinar (July 2013) CGWorkshops - YouTube.URL
2015-03-08 13:43 - 2015-03-10 18:06 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-03-08 13:43 - 2015-03-08 13:43 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-03-08 13:43 - 2015-03-08 13:43 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\SUPERAntiSpyware.com
2015-03-08 13:43 - 2015-03-08 13:43 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-03-08 13:43 - 2015-03-08 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-03-08 13:42 - 2015-03-08 13:42 - 00000226 _____ () C:\Users\Ron\Desktop\Virus, Spyware, & Malware Removal Guides.URL
2015-03-08 13:37 - 2015-03-08 13:37 - 21386376 _____ (SUPERAntiSpyware) C:\Users\Ron\Downloads\SUPERAntiSpyware.exe
2015-03-08 13:02 - 2015-03-08 13:02 - 00001077 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-03-08 13:02 - 2015-03-08 13:02 - 00000000 ____D () C:\Users\Ron\AppData\Local\VS Revo Group
2015-03-08 13:02 - 2015-03-08 13:02 - 00000000 ____D () C:\ProgramData\VS Revo Group
2015-03-08 13:02 - 2015-03-08 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-03-08 13:02 - 2015-03-08 13:02 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-08 13:02 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-03-08 12:58 - 2015-03-08 12:58 - 10801480 _____ (VS Revo Group ) C:\Users\Ron\Downloads\RevoUninProSetup.exe
2015-03-07 22:14 - 2015-03-07 22:14 - 00000218 _____ () C:\Users\Ron\.recently-used.xbel
2015-03-07 14:33 - 2015-03-07 14:33 - 00000278 _____ () C:\Users\Ron\Desktop\Amazon.com Bestar Hampton Corner Workstation In Tuscany Brown & Black Office Products.URL
2015-03-07 11:55 - 2015-03-10 18:05 - 00001848 _____ () C:\Windows\setupact.log
2015-03-07 11:55 - 2015-03-07 11:55 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-05 23:24 - 2015-03-05 23:24 - 00000223 _____ () C:\Users\Ron\Desktop\▶ Beginners Power Yoga For Flexibility - Total Body Workout - 45 Minute Yoga Class - YouTube.URL
2015-03-05 23:23 - 2015-03-05 23:23 - 00000223 _____ () C:\Users\Ron\Desktop\▶ Terence McKenna ~ Dreaming Awake at the End of Time - YouTube.URL
2015-03-05 16:28 - 2015-03-05 16:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-04 21:01 - 2015-03-10 20:35 - 00034007 _____ () C:\Users\Ron\Desktop\FRST.txt
2015-03-04 21:00 - 2015-03-10 20:34 - 00000000 ____D () C:\FRST
2015-03-04 20:59 - 2015-03-10 20:33 - 02095104 _____ (Farbar) C:\Users\Ron\Desktop\FRST64.exe
2015-03-03 23:34 - 2015-03-03 23:34 - 00000219 _____ () C:\Users\Ron\Desktop\Art Fundamentals Learning to Draw from the Ground Up.URL
2015-03-03 23:32 - 2015-03-03 23:32 - 00000208 _____ () C:\Users\Ron\Desktop\Lesson 1 Lines, Ellipses and Boxes.URL
2015-03-02 23:01 - 2015-03-02 23:01 - 00000216 _____ () C:\Users\Ron\Desktop\Figure Drawing References.URL
2015-03-02 22:57 - 2015-03-02 22:57 - 00000224 _____ () C:\Users\Ron\Desktop\(1) Dynamic poses on Pinterest 964 Pins.URL
2015-03-02 21:23 - 2015-03-02 21:23 - 00000232 _____ () C:\Users\Ron\Desktop\What is Unreal Engine 4.URL
2015-03-01 22:03 - 2015-03-01 22:03 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GlassWire 1.0
2015-03-01 22:02 - 2015-03-01 22:03 - 00000000 ____D () C:\Program Files (x86)\GlassWire
2015-03-01 02:20 - 2015-03-01 02:20 - 00000223 _____ () C:\Users\Ron\Desktop\▶ [STREAM] Going Berserk - YouTube.URL
2015-02-28 04:16 - 2015-02-28 04:16 - 00000000 ____D () C:\Users\Ron\Desktop\ResophNotes157
2015-02-28 02:54 - 2015-02-28 02:54 - 00000836 _____ () C:\Users\Public\Desktop\PenDisplay.lnk
2015-02-28 02:54 - 2015-02-28 02:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PenDisplay
2015-02-28 02:54 - 2015-02-05 17:31 - 00042200 _____ (Graphics Tablet) C:\Windows\system32\wintab32.dll
2015-02-28 02:54 - 2015-02-05 17:31 - 00037592 _____ (Graphics Tablet) C:\Windows\SysWOW64\wintab32.dll
2015-02-28 02:33 - 2015-02-28 02:54 - 00000000 ____D () C:\Program Files\PenDisplay
2015-02-26 02:45 - 2015-01-08 19:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-26 02:45 - 2015-01-08 19:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-17 22:50 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-17 22:50 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-17 22:50 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-17 22:50 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-12 23:46 - 2015-03-10 19:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-12 23:46 - 2015-02-12 23:46 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-12 23:46 - 2015-02-12 23:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-12 23:46 - 2015-02-12 23:46 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-12 23:14 - 2015-02-12 23:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-02-11 23:29 - 2015-03-10 20:34 - 00451104 _____ () C:\Windows\backend.log
2015-02-11 20:49 - 2015-01-23 00:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 20:49 - 2015-01-23 00:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 20:49 - 2015-01-22 23:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-11 20:49 - 2015-01-22 23:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 02:09 - 2015-02-11 02:09 - 00000208 _____ () C:\Users\Ron\Desktop\Grimdark Magazine.URL
2015-02-10 19:16 - 2015-02-03 23:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-10 19:16 - 2015-02-03 23:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-10 19:16 - 2015-02-03 23:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-10 19:16 - 2015-02-03 23:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-10 19:16 - 2015-02-03 23:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-10 19:16 - 2015-02-03 23:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-10 19:16 - 2015-02-03 23:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-10 19:16 - 2015-01-27 19:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-10 19:16 - 2015-01-14 01:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 19:16 - 2015-01-14 01:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 19:16 - 2015-01-11 23:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 19:16 - 2015-01-11 23:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 19:16 - 2015-01-11 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 19:16 - 2015-01-11 22:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-10 19:16 - 2015-01-11 22:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 19:16 - 2015-01-11 22:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 19:16 - 2015-01-11 22:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-10 19:16 - 2015-01-11 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 19:16 - 2015-01-11 22:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 19:16 - 2015-01-11 22:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-10 19:16 - 2015-01-11 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 19:16 - 2015-01-11 22:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 19:16 - 2015-01-11 22:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-10 19:16 - 2015-01-11 22:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 19:16 - 2015-01-11 22:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 19:16 - 2015-01-11 22:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-10 19:16 - 2015-01-11 22:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 19:16 - 2015-01-11 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 19:16 - 2015-01-11 22:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 19:16 - 2015-01-11 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-10 19:16 - 2015-01-11 22:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 19:16 - 2015-01-11 22:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-10 19:16 - 2015-01-11 22:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-10 19:16 - 2015-01-11 22:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 19:16 - 2015-01-11 22:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 19:16 - 2015-01-11 22:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 19:16 - 2015-01-11 22:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-10 19:16 - 2015-01-11 21:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-10 19:16 - 2015-01-11 21:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-10 19:16 - 2015-01-11 21:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-10 19:16 - 2015-01-11 21:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 19:16 - 2015-01-11 21:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 19:16 - 2015-01-11 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 19:16 - 2015-01-11 21:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-10 19:16 - 2015-01-11 21:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 19:16 - 2015-01-11 21:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 19:16 - 2015-01-11 21:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 19:16 - 2015-01-11 21:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-10 19:16 - 2015-01-11 21:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-10 19:16 - 2015-01-11 21:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-10 19:16 - 2015-01-11 21:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 19:16 - 2015-01-11 21:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 19:16 - 2015-01-11 21:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 19:16 - 2015-01-11 21:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-10 19:16 - 2015-01-11 21:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 19:16 - 2015-01-11 21:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 19:16 - 2015-01-11 21:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 19:16 - 2015-01-11 21:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 19:16 - 2015-01-11 20:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 19:16 - 2015-01-11 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 19:16 - 2015-01-10 02:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-10 19:16 - 2015-01-10 02:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 19:16 - 2015-01-10 02:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-10 19:16 - 2015-01-10 02:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-10 19:16 - 2015-01-10 02:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-10 19:16 - 2015-01-10 02:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-10 19:16 - 2015-01-10 02:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-10 19:16 - 2015-01-10 02:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-10 19:16 - 2015-01-10 02:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-10 19:16 - 2015-01-10 02:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 19:16 - 2015-01-10 02:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-10 19:16 - 2015-01-10 02:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-10 19:16 - 2015-01-10 02:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-10 19:16 - 2015-01-10 02:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-10 19:15 - 2015-01-15 04:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 19:15 - 2015-01-15 04:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 19:15 - 2015-01-15 04:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 19:15 - 2015-01-15 04:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 19:15 - 2015-01-15 04:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 19:15 - 2015-01-15 04:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 19:15 - 2015-01-15 04:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 19:15 - 2015-01-15 04:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 19:15 - 2015-01-15 04:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 19:15 - 2015-01-15 04:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 19:15 - 2015-01-15 04:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 19:15 - 2015-01-15 03:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-10 19:15 - 2015-01-15 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-10 19:15 - 2015-01-15 03:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-10 19:15 - 2015-01-15 03:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 19:15 - 2015-01-15 03:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-10 19:15 - 2015-01-15 03:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 19:15 - 2015-01-15 00:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 19:15 - 2015-01-14 02:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 19:15 - 2015-01-14 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-10 19:15 - 2015-01-14 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-10 19:15 - 2015-01-14 02:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-10 19:15 - 2015-01-14 01:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-10 19:15 - 2015-01-14 01:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 19:15 - 2015-01-14 01:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-10 19:15 - 2015-01-12 23:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 19:15 - 2015-01-12 22:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 19:15 - 2015-01-08 22:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 19:15 - 2014-12-12 01:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-10 19:15 - 2014-12-12 01:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-10 19:15 - 2014-12-07 23:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 19:15 - 2014-12-07 22:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 19:15 - 2014-11-25 23:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 19:15 - 2014-11-25 23:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 19:15 - 2014-10-03 22:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-10 19:15 - 2014-10-03 21:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-10 19:15 - 2014-10-03 21:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-10 20:35 - 2013-11-14 12:21 - 00000512 _____ () C:\Windows\SysWOW64\za_mv_raid.ev
2015-03-10 20:34 - 2011-11-21 23:08 - 00225280 _____ () C:\Windows\SysWOW64\freqdb.db
2015-03-10 20:14 - 2013-11-14 13:53 - 01094524 _____ () C:\Windows\WindowsUpdate.log
2015-03-10 19:50 - 2013-11-21 21:57 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3978920838-4042057555-1546727288-1000UA.job
2015-03-10 19:41 - 2013-11-14 11:01 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-10 18:41 - 2013-11-14 11:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-10 18:26 - 2014-02-13 09:44 - 00004958 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Ron-PC-Ron Ron-PC
2015-03-10 18:15 - 2014-06-27 09:57 - 00000000 ____D () C:\Users\Ron\AppData\Local\Adobe
2015-03-10 18:12 - 2009-07-14 00:45 - 00032096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-10 18:12 - 2009-07-14 00:45 - 00032096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-10 18:11 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-10 18:06 - 2014-02-02 15:38 - 00000000 ___RD () C:\Users\Ron\SkyDrive
2015-03-10 18:06 - 2013-11-16 09:59 - 00000000 ___RD () C:\Users\Ron\Dropbox
2015-03-10 18:06 - 2013-11-16 09:56 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\Dropbox
2015-03-10 18:05 - 2013-11-14 12:20 - 00061152 _____ () C:\Windows\SysWOW64\mvaccelerator.log
2015-03-10 18:05 - 2013-11-14 11:47 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-10 18:05 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-10 00:50 - 2013-11-21 21:57 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3978920838-4042057555-1546727288-1000Core.job
2015-03-10 00:02 - 2013-11-16 12:55 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\medit-1
2015-03-09 23:47 - 2014-02-11 12:14 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\foobar2000
2015-03-09 23:15 - 2013-11-16 13:32 - 1064174592 _____ () C:\Users\Ron\AppData\Local\SageThumbs.db3
2015-03-09 22:59 - 2013-11-30 19:55 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-09 22:54 - 2013-11-14 12:54 - 00000000 ____D () C:\Users\Ron\AppData\Local\Thunderbird
2015-03-08 23:17 - 2014-12-10 22:34 - 00000000 ____D () C:\ProgramData\69B6DBD2-8E05-476F-B662-CF8D235FD499
2015-03-08 22:51 - 2013-11-18 00:52 - 00000000 ___SD () C:\Users\Ron\Documents\Sticky Passwords
2015-03-08 11:26 - 2013-11-14 09:54 - 00000000 ____D () C:\Users\Ron
2015-03-07 22:14 - 2013-11-21 22:58 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\gtk-2.0
2015-03-07 00:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-07 00:30 - 2014-02-02 15:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-03-06 23:28 - 2013-11-16 10:59 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\vlc
2015-03-06 23:11 - 2015-01-04 13:15 - 00000108 _____ () C:\Users\Ron\AppData\Roaming\PureRef.ini
2015-03-06 20:16 - 2014-02-20 12:53 - 00002152 _____ () C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-03-05 22:42 - 2013-11-14 12:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-05 16:54 - 2014-06-11 16:00 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\QuickScan
2015-03-04 19:54 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-03 09:17 - 2010-11-20 23:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-01 22:03 - 2015-01-04 01:13 - 00001905 _____ () C:\Users\Ron\Desktop\GlassWire.lnk
2015-02-28 21:01 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-02-28 04:00 - 2013-11-16 14:34 - 00000000 ____D () C:\ProgramData\Unity
2015-02-28 02:40 - 2015-01-04 18:03 - 00000000 ____D () C:\Users\Ron\AppData\Local\CrashDumps
2015-02-28 02:14 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-28 02:14 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-24 12:36 - 2013-11-16 13:37 - 00000000 ____D () C:\Users\Ron\AppData\Local\Liquid Story Binder XE
2015-02-24 12:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2015-02-24 10:23 - 2014-02-05 11:37 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-18 18:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2015-02-18 04:35 - 2015-01-04 01:13 - 00008704 _____ () C:\Windows\system32\Drivers\gwdrv.cat
2015-02-18 04:24 - 2015-01-04 01:13 - 00033296 _____ (SecureMix LLC) C:\Windows\system32\Drivers\gwdrv.sys
2015-02-13 23:30 - 2013-11-16 09:57 - 00000000 ____D () C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-11 20:45 - 2009-07-14 00:45 - 05115744 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 20:44 - 2014-12-10 20:00 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 20:44 - 2014-04-30 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 02:34 - 2014-12-30 21:40 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 02:33 - 2013-11-14 12:11 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-11 02:33 - 2013-11-14 12:11 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-11 02:33 - 2013-11-14 12:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-11 02:33 - 2013-11-14 12:10 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-11 02:32 - 2013-11-17 14:33 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 02:30 - 2013-11-17 14:33 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2014-02-23 01:13 - 2014-02-23 01:13 - 0000132 _____ () C:\Users\Ron\AppData\Roaming\Adobe AIFF Format CS5 Prefs
2014-02-13 23:53 - 2014-12-26 21:13 - 0000132 _____ () C:\Users\Ron\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-01-04 13:15 - 2015-03-06 23:11 - 0000108 _____ () C:\Users\Ron\AppData\Roaming\PureRef.ini
2013-12-13 05:11 - 2013-12-13 05:13 - 144752885 _____ () C:\Users\Ron\AppData\Local\ACCCx2_2_1_260.zip.aamdownload
2013-12-13 05:11 - 2013-12-13 05:13 - 0001817 _____ () C:\Users\Ron\AppData\Local\ACCCx2_2_1_260.zip.aamdownload.aamd
2015-01-24 15:00 - 2015-01-24 15:00 - 0001456 _____ () C:\Users\Ron\AppData\Local\Adobe Save for Web 12.0 Prefs
2013-11-19 23:15 - 2013-12-30 17:33 - 0007619 _____ () C:\Users\Ron\AppData\Local\resmon.resmoncfg
2013-11-16 13:32 - 2015-03-09 23:15 - 1064174592 _____ () C:\Users\Ron\AppData\Local\SageThumbs.db3

Some content of TEMP:
====================
C:\Users\Ron\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppbrqqc.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-05 17:32

==================== End Of Log ============================

Attached Files


Edited by snickers0, 10 March 2015 - 07:52 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:17 AM

Posted 11 March 2015 - 09:17 AM

Nothing suspicious was found on your log.
This is just a cleanup.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin HKU\S-1-5-21-3978920838-4042057555-1546727288-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
S3 ALSysIO; \??\C:\Users\Ron\AppData\Local\Temp\ALSysIO64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:58A5270D

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Three times my computer has gone crazy. Many programs opening by themselves. Desktop icons resized and rearranged, I had no control to click anything. My screens populated with a bunch of random programs. Using control +alt+delete got hung up on a blue screen. I had to turn off the power supply.

This could be caused by a failing mouse. I have experienced this a few times in my life and changing the Mouse solved the problem.

Keep me posted.

#5 snickers0

snickers0
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 11 March 2015 - 07:12 PM

Hello nasdaq -

 

Thank you for reviewing my log. Recently I got a new tablet monitor and had trouble with deleting old drivers and installing the new. I assume pen input is similar to a mouse in that it could cause all of the random programs opening? I don't know why that would have effected my network connection.

 

I ran the fixlist. It ended up unresponsive. I let it go for 15 more minutes then killed the power to restart the computer.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Ron at 2015-03-11 18:11:29 Run:1
Running from C:\Users\Ron\Desktop
Loaded Profiles: Ron (Available profiles: Ron)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin HKU\S-1-5-21-3978920838-4042057555-1546727288-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
S3 ALSysIO; \??\C:\Users\Ron\AppData\Local\Temp\ALSysIO64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:58A5270D

End
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:17 AM

Posted 12 March 2015 - 08:05 AM


Recently I got a new tablet monitor and had trouble with deleting old drivers and installing the new. I assume pen input is similar to a mouse in that it could cause all of the random programs opening?

This is not malware and not my forte.
You may have to start a new topic in this forum to get exertise help.
http://www.bleepingcomputer.com/forums/f/7/internal-hardware/
---


I don't know why that would have effected my network connection.


Try this.

Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

ipconfig /release

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

How is the Internet connection now?

#7 snickers0

snickers0
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 12 March 2015 - 07:52 PM

I did the command prompt. I haven't had any problems with the internet connection. It you don't think these problems were malware related then I think I'm fine. Are there any more scans I should do?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:17 AM

Posted 13 March 2015 - 07:59 AM

There could be some remnant items.
Run this online scan.
It may take some time. Do it when you know you will not need the computer for a few hours.

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

lesestoff.png

---

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 snickers0

snickers0
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 14 March 2015 - 01:51 PM

Hello I don't see the log file in the folder specified, but I copied the fixes it listed before closing the program.

 

C:\Files\My Tools\system\installers\ccsetup403.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Files\My Tools\system\installers\ccsetup407.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Files\My Tools\system\installers\ccsetup408.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined

 

Looks like it just deleted some old ccleaner installers I had.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:17 AM

Posted 15 March 2015 - 07:07 AM

Are we finished?

#11 snickers0

snickers0
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 15 March 2015 - 12:05 PM

Yes - although I had another instance of my computer opening programs on its own until I shut off the power supply. I was using the graphics tablet at the time so now  I assume it's an issue with the input device/mouse or drivers. Not malware related.

 

Thank you for your help. I'll search around for a solution or possibly open a new thread with questions in a relevant section.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:17 AM

Posted 15 March 2015 - 12:36 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users