Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Many missing files in hijackthis scan. Doens't show in CBS logs


  • This topic is locked This topic is locked
16 replies to this topic

#1 Hollowman4

Hollowman4

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:38 PM

Posted 11 April 2015 - 09:44 PM

I just ran a Hijackthis scan, and it lists many missing files. I ran a sfc /scannow and the cbs log doesn't seem to show any of these items as missing. The CBS log does show that my tcpmon.ini file is corrupted and cannot be repaired. I would really appreciate any kind of help in this matter. I have posted here before, and the moderator did a great job. I am hoping that someone could take a look at the hijackthis log and let me know what you think. Should I be worried? Is this a common problem with hijackthis.. maybe the program is misinterpreting some of the applications and processes.

My computer is a Dell Inspiron 400

My OS is Windows 7 Home Premium from 2009.

My current security programs are: Kaspersky Total Security 2015, Malwarebytes Anti malware, tdsskiller, ccleaner, CCE with kill switch and autorun scanner, MBAR, Revo uninstaller, Tweaking-all in one windows repair tool.

 

I am wondering if any or all of these programs have played a hand in deleting any of the "missing" files, or the corrupted file "tcpmon.ini."

Any help would be appreciated. Thank you.

 

I posted this in the wrong forum earlier today, and I apologize for doing so. I will post the results of my Farber scan now.



BC AdBot (Login to Remove)

 


#2 Hollowman4

Hollowman4
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:38 PM

Posted 11 April 2015 - 09:45 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-04-2015
Ran by Lynette (administrator) on LYNETTE-PC on 11-04-2015 22:26:21
Running from C:\Users\Lynette\Desktop
Loaded Profiles: Lynette (Available profiles: Lynette)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Lynette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BdBkpFolder ()
Startup: C:\Users\Lynette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cardisabled ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lynette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lynette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lynette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lynette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lynette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lynette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lynette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lynette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-555236874-2283841365-2319319747-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-555236874-2283841365-2319319747-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-555236874-2283841365-2319319747-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
SearchScopes: HKLM -> {FD3B77BA-0CC0-4A21-8F09-72F58F4406E8} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {FF6B49E8-579C-47A7-A9D3-A501FBC4298A} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-555236874-2283841365-2319319747-1000 -> DefaultScope {1F86B97B-9EDC-4A3B-9F5F-C6757ECC6B2B} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-555236874-2283841365-2319319747-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-555236874-2283841365-2319319747-1000 -> {1F86B97B-9EDC-4A3B-9F5F-C6757ECC6B2B} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-555236874-2283841365-2319319747-1000 -> {FD3B77BA-0CC0-4A21-8F09-72F58F4406E8} URL =
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll [2015-02-19] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Lynette\AppData\Roaming\Mozilla\Firefox\Profiles\kp82loso.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-18] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-18] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-03-21] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-03-21] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-03-21] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Lynette\AppData\Roaming\Mozilla\Firefox\Profiles\kp82loso.default\user.js [2015-04-05]
FF Extension: ZenMate Security &amp; Privacy VPN - C:\Users\Lynette\AppData\Roaming\Mozilla\Firefox\Profiles\kp82loso.default\Extensions\firefox@zenmate.com.xpi [2015-04-10]
FF Extension: NoScript - C:\Users\Lynette\AppData\Roaming\Mozilla\Firefox\Profiles\kp82loso.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-02-24]
FF Extension: Adblock Plus - C:\Users\Lynette\AppData\Roaming\Mozilla\Firefox\Profiles\kp82loso.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-10]
FF Extension: YouTube Flash Video Player - C:\Users\Lynette\AppData\Roaming\Mozilla\Firefox\Profiles\kp82loso.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2015-03-18]
FF Extension: Adblock Edge - C:\Users\Lynette\AppData\Roaming\Mozilla\Firefox\Profiles\kp82loso.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-02-21]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-03-21]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-03-21]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-03-21]

Chrome:
=======
CHR StartupUrls: Default -> "https://google.com/"
CHR Profile: C:\Users\Lynette\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Lynette\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-07]
CHR Extension: (Adguard AdBlocker) - C:\Users\Lynette\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-04-08]
CHR Extension: (YouTube) - C:\Users\Lynette\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-07]
CHR Extension: (Google Search) - C:\Users\Lynette\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-07]
CHR Extension: (ZenMate Security & Privacy VPN) - C:\Users\Lynette\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-04-10]
CHR Extension: (Avast Online Security) - C:\Users\Lynette\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Lynette\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-07]
CHR Extension: (Ghostery) - C:\Users\Lynette\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-04-08]
CHR Extension: (Google Wallet) - C:\Users\Lynette\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-07]
CHR Extension: (Gmail) - C:\Users\Lynette\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
S3 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-02-23] (REALiX™)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [56008 2015-03-26] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [151240 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [245960 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [842440 2015-03-26] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30920 2014-10-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [30920 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [57032 2014-10-09] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77000 2014-11-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [181960 2014-11-10] (Kaspersky Lab ZAO)
S0 maagqb; No ImagePath
S0 ofvpmj; No ImagePath
S0 raeehd; No ImagePath
S0 rqkdql; No ImagePath
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-11 22:26 - 2015-04-11 22:26 - 00016261 _____ () C:\Users\Lynette\Desktop\FRST.txt
2015-04-11 22:26 - 2015-04-11 22:26 - 00000000 ____D () C:\FRST
2015-04-11 22:25 - 2015-04-11 22:25 - 02095616 _____ (Farbar) C:\Users\Lynette\Desktop\FRST64.exe
2015-04-11 20:29 - 2015-04-11 20:29 - 00006439 _____ () C:\Users\Lynette\Downloads\hijackthis.log
2015-04-11 19:29 - 2015-04-11 19:29 - 00075616 _____ () C:\Users\Lynette\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-11 19:28 - 2015-04-11 19:28 - 00311384 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-11 19:28 - 2015-04-11 19:28 - 00000364 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-11 19:28 - 2015-04-11 19:28 - 00000056 _____ () C:\Windows\setupact.log
2015-04-11 19:28 - 2015-04-11 19:28 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-11 03:10 - 2015-04-11 03:10 - 00000000 ____D () C:\Users\Lynette\New folder (2)
2015-04-11 01:44 - 2015-04-11 01:41 - 00000819 _____ () C:\Users\Lynette\Documents\CBS.log - Shortcut.lnk
2015-04-11 01:41 - 2015-04-11 02:51 - 00000616 _____ () C:\Users\Lynette\Desktop\CBS.lnk
2015-04-11 01:03 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-11 01:03 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-11 01:03 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-11 01:03 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-11 01:03 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-11 01:03 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-11 01:03 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-11 01:03 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-11 01:03 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-11 01:03 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-11 01:03 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-11 01:03 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-11 01:03 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-11 01:03 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-11 01:03 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-11 01:03 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-11 00:36 - 2015-04-11 00:36 - 00000000 _____ () C:\Windows\system32\sfc
2015-04-11 00:25 - 2015-04-11 00:25 - 00000360 _____ () C:\Users\Lynette\Downloads\tcp reg.reg
2015-04-10 23:21 - 2015-04-10 23:21 - 00000360 _____ () C:\Users\Lynette\t.reg
2015-04-10 23:17 - 2015-04-10 23:17 - 00001984 _____ () C:\Users\Lynette\Desktop\tcp reg.reg - Shortcut.lnk
2015-04-10 23:15 - 2015-04-10 23:15 - 00000360 _____ () C:\Users\Lynette\Documents\tcp reg.reg
2015-04-10 21:52 - 2015-04-10 21:44 - 00699106 _____ () C:\Users\Lynette\Documents\CBS (3).log
2015-04-10 21:15 - 2015-04-10 21:15 - 00003144 _____ () C:\Windows\System32\Tasks\{987C031D-02FC-498C-9F09-D8F324CD3425}
2015-04-10 18:16 - 2015-04-10 18:16 - 00002972 _____ () C:\Windows\System32\Tasks\{EB6AF1D4-F1FA-4438-86DB-1923AB60AE69}
2015-04-10 17:35 - 2015-04-10 17:35 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LYNETTE-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-10 17:35 - 2015-04-10 17:35 - 00000000 ____D () C:\RegBackup
2015-04-10 05:16 - 2015-04-10 05:16 - 00002161 _____ () C:\Users\Lynette\Desktop\Tweaking.com - Windows Repair.lnk
2015-04-10 05:15 - 2015-04-10 05:15 - 00003660 _____ () C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2015-04-10 05:15 - 2015-04-10 05:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-04-10 05:15 - 2015-04-10 05:15 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-04-10 05:13 - 2015-04-10 05:13 - 12849424 _____ () C:\Users\Lynette\Desktop\tweaking.com_windows_repair_aio_setup.exe
2015-04-10 04:59 - 2015-04-10 04:59 - 243513382 _____ () C:\reg backup 4-10-15.reg
2015-04-10 04:18 - 2015-04-10 04:19 - 00000000 _____ () C:\re-regdll.bat
2015-04-10 04:07 - 2010-03-05 12:49 - 00060224 _____ () C:\Windows\SysWOW64\tcpmon.ini
2015-04-10 03:07 - 2015-04-10 03:00 - 00698410 _____ () C:\Users\Lynette\Documents\CBS.log
2015-04-10 02:24 - 2015-04-07 23:07 - 12962399 _____ () C:\Users\Lynette\Documents\CbsPersist_20150408031303.cab
2015-04-10 01:22 - 2010-03-05 12:49 - 00060224 _____ () C:\Windows\system32\tcpmon.ini
2015-04-09 17:50 - 2015-04-09 18:19 - 00000000 ____D () C:\ProgramData\GlarySoft
2015-04-09 17:43 - 2015-04-09 17:43 - 13631488 _____ () C:\Windows\system32\config\system.gu
2015-04-09 17:42 - 2015-03-30 02:07 - 00028960 _____ (Glarysoft Ltd) C:\Windows\system32\RegBootDefrag.exe
2015-04-09 16:21 - 2015-04-09 18:19 - 00000000 ____D () C:\Users\Lynette\AppData\Roaming\GlarySoft
2015-04-09 16:21 - 2015-04-09 16:21 - 00000000 ____D () C:\Users\Lynette\AppData\Roaming\DiskDefrag
2015-04-09 15:19 - 2015-04-09 15:19 - 00001142 _____ () C:\Users\Lynette\Desktop\HijackThis.exe - Shortcut.lnk
2015-04-09 15:18 - 2015-04-09 15:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\Lynette\Downloads\HijackThis.exe
2015-04-09 14:26 - 2015-04-10 22:02 - 00000000 _____ () C:\Users\Lynette\Desktop\LogAnalyZer.ini
2015-04-09 14:26 - 2015-04-09 14:26 - 01490944 _____ (Adlice Softwares) C:\Users\Lynette\Desktop\LogAnalyzer.exe
2015-04-08 22:40 - 2015-04-11 20:09 - 00397313 _____ () C:\Windows\WindowsUpdate.log
2015-04-08 20:51 - 2015-04-08 20:51 - 00002257 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-08 20:51 - 2015-04-08 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-08 20:23 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-08 20:23 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-08 20:23 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-08 20:23 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-08 20:22 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-08 20:22 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-08 20:22 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-08 20:22 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-07 20:12 - 2015-04-07 20:12 - 00000000 ____D () C:\Program Files (x86)\Disconnect
2015-04-07 20:11 - 2015-04-07 20:11 - 00000000 ____D () C:\Users\Lynette\AppData\Roaming\Disconnect
2015-04-07 01:06 - 2015-04-07 17:42 - 00000000 ____D () C:\ProgramData\Comodo
2015-04-07 00:42 - 2015-04-07 23:11 - 00000000 ____D () C:\Users\Lynette\AppData\Roaming\Comodo
2015-04-07 00:42 - 2015-04-07 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-04-07 00:42 - 2015-04-07 23:11 - 00000000 ____D () C:\Program Files (x86)\Comodo
2015-04-07 00:42 - 2015-04-07 17:31 - 00000000 ____D () C:\Users\Lynette\AppData\Local\Comodo
2015-04-06 23:04 - 2015-04-08 20:04 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2015-04-06 23:04 - 2015-04-06 23:10 - 00000000 ____D () C:\Users\Lynette\AppData\Roaming\Notepad++
2015-04-06 23:04 - 2015-04-06 23:04 - 00000000 ____D () C:\Users\Lynette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-04-05 18:00 - 2015-04-08 20:04 - 00000000 ____D () C:\Program Files (x86)\FileASSASSIN
2015-04-05 16:36 - 2015-04-05 16:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-05 16:05 - 2015-04-05 16:05 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-04-05 12:24 - 2015-04-08 20:04 - 00000000 ____D () C:\Qoobox
2015-04-05 12:24 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-05 12:24 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-05 12:24 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-05 12:24 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-05 12:24 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-05 12:24 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-05 12:24 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-05 12:23 - 2015-04-05 15:14 - 00000000 ____D () C:\Windows\erdnt
2015-04-04 17:00 - 2015-04-04 17:00 - 00000000 ____D () C:\Users\Lynette\AppData\Local\AntiLogger Free
2015-04-03 06:41 - 2015-04-03 06:16 - 00243368 _____ () C:\Users\Lynette\Documents\Firefox Setup Stub 37.0.exe
2015-04-03 06:18 - 2015-04-08 20:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-03 06:18 - 2015-04-03 06:18 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-03 06:18 - 2015-04-03 06:18 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-03 05:09 - 2015-04-03 05:09 - 32243696 _____ () C:\Users\Lynette\Downloads\Firefox Setup 31.6.0esr.exe
2015-04-03 03:31 - 2015-04-11 19:08 - 00000000 ____D () C:\Users\Lynette\Desktop\mbar
2015-04-03 03:16 - 2015-04-03 03:16 - 05623235 _____ () C:\Users\Lynette\Downloads\Windows6.1-KB3023607-x64.msu
2015-03-29 14:27 - 2015-03-29 14:27 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dat
2015-03-29 14:15 - 2015-04-03 01:34 - 00003486 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-03-29 14:14 - 2015-03-29 14:14 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2015-03-29 14:14 - 2015-03-29 14:14 - 00000000 ____D () C:\Program Files\Dell Support Center
2015-03-29 13:58 - 2015-03-29 13:58 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-03-29 13:55 - 2015-03-29 13:55 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-03-29 13:55 - 2015-03-29 13:55 - 00000000 ____D () C:\Program Files\ATI
2015-03-29 13:53 - 2015-03-29 13:53 - 00457112 _____ () C:\Users\Lynette\Downloads\DELL_DATASAFE-LOCAL-2-0_A00_R260476 (1).exe
2015-03-29 13:50 - 2015-03-29 13:50 - 00783805 _____ () C:\Users\Lynette\Downloads\F3_Patch.zip
2015-03-29 13:50 - 2015-03-29 13:50 - 00000000 ____D () C:\Users\Lynette\Downloads\F3_Patch
2015-03-29 13:48 - 2015-03-29 13:48 - 00000000 ____D () C:\Program Files\Broadcom
2015-03-29 13:46 - 2015-03-29 13:46 - 05499339 _____ () C:\Users\Lynette\Downloads\R235081.exe
2015-03-29 13:42 - 2015-04-09 13:36 - 00003178 _____ () C:\Windows\System32\Tasks\{AACDE734-2929-48BA-9031-086C836F2DAA}
2015-03-29 13:41 - 2015-03-29 13:41 - 19729279 _____ () C:\Users\Lynette\Downloads\R244364_RoxioBurn_v1.01_120B16F.zip
2015-03-29 13:41 - 2015-03-29 13:41 - 00000000 ____D () C:\Users\Lynette\AppData\Roaming\Roxio Log Files
2015-03-29 13:40 - 2015-03-29 13:40 - 00457112 _____ () C:\Users\Lynette\Downloads\DELL_DATASAFE-LOCAL-2-0_A00_R260476.exe
2015-03-29 13:36 - 2015-04-08 20:04 - 00000000 ____D () C:\Users\Lynette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-03-29 11:05 - 2015-03-29 11:05 - 00000000 ____D () C:\Users\Lynette\Desktop\cce_2.5.242177.201_x64
2015-03-29 11:04 - 2015-03-29 11:04 - 25543261 _____ () C:\Users\Lynette\Desktop\cce_2.5.242177.201_x64.zip
2015-03-29 10:39 - 2015-03-29 10:39 - 00000000 ____D () C:\NPE
2015-03-29 10:37 - 2015-04-08 20:04 - 00000000 ____D () C:\ProgramData\Norton
2015-03-29 10:37 - 2015-03-29 10:48 - 00000000 ____D () C:\Users\Lynette\AppData\Local\NPE
2015-03-29 07:16 - 2015-03-29 07:16 - 00028848 _____ () C:\Users\Lynette\Documents\cc_20150329_071627.reg
2015-03-28 09:56 - 2015-04-10 05:38 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-03-28 09:44 - 2015-04-08 20:04 - 00000000 ___SD () C:\Windows\system32\GWX
2015-03-28 09:44 - 2015-03-28 09:44 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-03-24 02:05 - 2015-03-24 02:06 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Lynette\Desktop\tdsskiller.exe
2015-03-21 06:32 - 2015-03-21 06:32 - 00001482 _____ () C:\Users\Lynette\Documents\kaspersky total security receipt 2015.txt
2015-03-21 03:16 - 2015-04-10 18:22 - 00002305 _____ () C:\Users\Lynette\Desktop\Safe Money.lnk
2015-03-21 03:15 - 2015-04-10 18:20 - 00002055 _____ () C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2015-03-21 03:15 - 2015-03-21 03:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2015-03-21 03:14 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-03-21 03:13 - 2015-03-21 03:13 - 00000000 ____D () C:\Windows\ELAMBKUP
2015-03-21 03:13 - 2015-03-21 03:13 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-03-21 03:13 - 2014-10-22 21:13 - 00245960 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-03-21 02:43 - 2015-03-21 02:44 - 196444992 _____ (Kaspersky Lab) C:\Users\Lynette\Desktop\kts15.0.2.361en_7225.exe
2015-03-21 02:32 - 2015-03-21 02:32 - 196444992 _____ (Kaspersky Lab) C:\Users\Lynette\Downloads\kts15.0.2.361en_7225 (1).exe
2015-03-19 03:43 - 2015-03-19 03:44 - 00000000 ____D () C:\Users\Lynette\New folder
2015-03-18 21:41 - 2015-03-18 21:41 - 05007216 _____ (Adobe Systems Inc.) C:\Users\Lynette\Downloads\Shockwave_Installer_Slim.exe
2015-03-18 21:33 - 2015-03-18 22:10 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-18 21:33 - 2015-03-18 22:10 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-18 19:00 - 2015-03-18 19:01 - 00001855 _____ () C:\DelFix.txt
2015-03-18 19:00 - 2015-03-18 19:00 - 00000000 ____D () C:\Windows\ERUNT
2015-03-17 11:59 - 2015-04-09 15:09 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-16 12:39 - 2015-03-15 19:27 - 00000987 _____ () C:\Users\Lynette\Documents\Dropbox.lnk
2015-03-16 11:24 - 2015-04-11 19:08 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-16 11:22 - 2015-03-16 11:22 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Lynette\Downloads\mbar-1.09.1.1004.exe
2015-03-16 00:40 - 2015-03-16 00:40 - 04909382 _____ () C:\Users\Lynette\Downloads\mbam-chameleon-3_1_7_0_zip
2015-03-16 00:38 - 2015-04-11 18:11 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-16 00:37 - 2015-04-11 18:09 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-16 00:37 - 2015-03-16 00:37 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-16 00:37 - 2015-03-16 00:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-16 00:37 - 2015-03-16 00:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-16 00:37 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-16 00:37 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-16 00:36 - 2015-03-16 00:36 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Lynette\Downloads\mbam-setup-2.0.4.1028 (2).exe
2015-03-15 00:59 - 2015-04-10 15:13 - 00002776 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-03-15 00:59 - 2015-03-15 00:59 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-15 00:59 - 2015-03-15 00:59 - 00000000 ____D () C:\Program Files\CCleaner

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-11 22:23 - 2015-03-08 18:01 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-04-11 22:18 - 2012-01-26 06:50 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-11 19:37 - 2015-03-10 04:54 - 00007104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-11 19:37 - 2015-03-10 04:54 - 00007104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-11 19:33 - 2009-07-14 01:13 - 00772352 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-11 19:28 - 2012-01-26 06:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-11 19:28 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-11 18:56 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-04-11 03:10 - 2010-03-28 16:52 - 00000000 ____D () C:\Users\Lynette
2015-04-11 02:23 - 2015-03-04 05:21 - 00000000 ____D () C:\temp
2015-04-11 02:16 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-11 01:05 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-10 22:48 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-10 22:46 - 2010-03-28 16:52 - 00000000 ___RD () C:\Users\Lynette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-10 19:35 - 2010-03-05 12:48 - 00000000 ____D () C:\Windows\Panther
2015-04-10 18:20 - 2015-02-22 09:36 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2015-04-10 17:54 - 2009-07-13 22:34 - 00000474 _____ () C:\Windows\win.ini
2015-04-10 17:50 - 2011-02-04 00:13 - 00799078 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-10 15:30 - 2015-03-01 00:20 - 00000000 ____D () C:\Users\Thomas
2015-04-10 15:30 - 2009-07-14 01:08 - 00000000 __RHD () C:\Users\Default
2015-04-10 00:57 - 2013-05-14 21:15 - 00000000 ____D () C:\Users\Lynette\AppData\Local\Apps\2.0
2015-04-09 17:43 - 2009-07-13 22:34 - 73924608 _____ () C:\Windows\system32\config\software.gu.bak
2015-04-09 17:43 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\security.gu.bak
2015-04-09 17:42 - 2009-07-13 22:34 - 01310720 _____ () C:\Windows\system32\config\default.gu.bak
2015-04-09 17:42 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\sam.gu.bak
2015-04-09 17:13 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-08 20:25 - 2014-12-11 21:48 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-08 20:25 - 2014-04-24 01:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-08 20:04 - 2015-03-07 04:50 - 00000000 ____D () C:\ProgramData\Auslogics
2015-04-08 20:04 - 2015-03-07 04:41 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2015-04-08 20:04 - 2015-03-06 03:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-08 20:04 - 2015-02-28 23:15 - 00000000 ____D () C:\ProgramData\IObit
2015-04-08 20:04 - 2015-02-26 01:08 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-08 20:04 - 2011-11-15 06:55 - 00000000 ____D () C:\ProgramData\GFI Software
2015-04-08 20:04 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-04-08 20:03 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2015-04-08 20:02 - 2012-01-26 06:50 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-07 03:33 - 2014-07-25 18:43 - 00000000 ____D () C:\Users\Lynette\AppData\Local\Adobe
2015-04-05 17:50 - 2015-03-08 09:39 - 00000000 ____D () C:\ProgramData\Trend Micro
2015-04-05 16:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-05 15:11 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-05 15:10 - 2009-07-13 22:34 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_163
2015-03-29 14:14 - 2010-03-05 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-03-29 13:59 - 2010-03-05 11:15 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-29 13:40 - 2010-03-05 12:39 - 00000000 ____D () C:\dell
2015-03-29 13:36 - 2013-05-14 21:14 - 00000000 ____D () C:\Users\Lynette\AppData\Local\Deployment
2015-03-29 07:45 - 2015-02-16 03:17 - 00002962 _____ () C:\Windows\System32\Tasks\{3134CD73-A116-4726-A152-A6F69B7EAAAC}
2015-03-29 07:41 - 2015-02-23 17:51 - 00000000 ____D () C:\Users\Lynette\Downloads\backups
2015-03-29 07:00 - 2015-03-03 10:33 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-26 18:20 - 2014-12-13 18:21 - 00842440 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-03-26 18:20 - 2014-08-19 12:31 - 00056008 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kldisk.sys
2015-03-21 04:04 - 2014-09-20 23:01 - 00000118 _____ () C:\Users\Lynette\AppData\Roaming\wklnhst.dat
2015-03-18 21:42 - 2013-02-28 18:28 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2015-03-16 04:34 - 2015-03-08 20:49 - 00000000 ___RD () C:\Users\Lynette\Dropbox
2015-03-16 04:34 - 2015-03-01 01:42 - 00000000 ____D () C:\Users\Lynette\AppData\Roaming\Dropbox
2015-03-15 19:27 - 2015-03-01 01:43 - 00000000 ____D () C:\Users\Lynette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== Files in the root of some directories =======

2010-04-30 19:47 - 2010-04-30 19:48 - 8656832 _____ (Dell, Inc.                                                   ) C:\Users\Lynette\AppData\Roaming\DataSafeDotNet.exe
2013-09-21 14:07 - 2013-09-21 14:19 - 0213187 _____ () C:\Users\Lynette\AppData\Roaming\MMUpgrade.jpg
2011-03-03 10:52 - 2012-08-13 17:51 - 0000091 _____ () C:\Users\Lynette\AppData\Roaming\netstat.bat
2014-09-20 23:01 - 2015-03-21 04:04 - 0000118 _____ () C:\Users\Lynette\AppData\Roaming\wklnhst.dat
2011-03-02 13:42 - 2015-02-23 14:27 - 0092153 _____ () C:\Users\Lynette\AppData\Local\ars.cache
2011-03-02 13:43 - 2015-02-23 14:28 - 0977795 _____ () C:\Users\Lynette\AppData\Local\census.cache
2012-07-29 18:37 - 2013-05-03 21:58 - 0004608 _____ () C:\Users\Lynette\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-03-02 13:31 - 2011-03-02 13:31 - 0000036 _____ () C:\Users\Lynette\AppData\Local\housecall.guid.cache
2015-02-22 06:53 - 2015-03-04 12:50 - 0007599 _____ () C:\Users\Lynette\AppData\Local\Resmon.ResmonCfg
2015-02-23 14:30 - 2015-02-23 14:30 - 0000010 _____ () C:\Users\Lynette\AppData\Local\sponge.last.runtime.cache

Files to move or delete:
====================
C:\Users\Lynette\t.reg

Some zero byte size files/folders:
==========================
C:\Windows\System32\BDSandBoxUISkin32.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-06 15:11

==================== End Of Log ============================



#3 Hollowman4

Hollowman4
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:38 PM

Posted 11 April 2015 - 09:50 PM

Here is the FRST "Addition txt" file.

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:38 PM

Posted 13 April 2015 - 08:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-555236874-2283841365-2319319747-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF user.js: detected! => C:\Users\Lynette\AppData\Roaming\Mozilla\Firefox\Profiles\kp82loso.default\user.js [2015-04-05]
CHR Extension: (Avast Online Security) - C:\Users\Lynette\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-08]
CHR Extension: (Ghostery) - C:\Users\Lynette\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-04-08]
S0 maagqb; No ImagePath
S0 ofvpmj; No ImagePath
S0 raeehd; No ImagePath
S0 rqkdql; No ImagePath
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===


How is the computer running now?

p.s.
HijackThis is not ready for Windows 7 and later versions.
You should remove it using the Add/Remove Progams.
Use the Farbar tool from now on.

#5 Hollowman4

Hollowman4
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:38 PM

Posted 14 April 2015 - 01:42 AM

Dear Nasdaq, I'm pretty sure we're going to have to start all over again. I pasted the information you posted in the box and saved it as directed. I saved the Farber scanner, the two logs from that scan and the fixlist.txt all in the same place (my documents). I opened the FRST program, but did not run another scan as the directions say just to "run" it. I hope I didn't misinterpret the "run" part as just opening the program and NOT running a new scan, because as I previously mentioned I did not. I pressed the fix button once.. it did what it does (I guess) and when it stopped it said that I needed to restart the computer, and it provided a box to click on to do just that, so I clicked on it.. it shut down the computer, but when it started up again my keyboard was non functional. I had to create a virtual keyboard through the "ease of access" option. I have a password set to log on to my computer, and with the virtual keyboard I was able to log in. I immediately restored my computer to an earlier time (I think it was from Monday). Thinking that I had just downloaded some malware I scanned the computer with Kaspersky tdsskiller, Mbar, Kaspersky Total Security, and quite possibly MBAM also, (I think). All scans came up negative for malware. I'm wondering that if I saved the FRIST files in my documents where I had some old CBS logs, could that have screwed up the process for the fix? Or, since I was not instructed to turn off my antivirus program, and didn't, could that have impeded the fix, and causing the keyboard to become unusable? I have uninstalled Firefox. I ran the "All in one repair" by Tweaker.com, and that made some adjustments to the system. My keyboard is behaving normally. I have a couple of questions concerning some items on the 'fixlist' that I pasted to notepad. There are Four items that have an [x] placed at the very end of that lines entry. Does the "x" indicate that that file is to be deleted or altered in some way? In particular the last 3 lines concerning 'system32 Drivers', they are confusing and I am wondering if one or all three of those lines may have played a part in the keyboard failure at start up. I only mention this because 1) I see the words "KeyCrypt64-sys [x], and S3 USBCCID;system32\DRIVERS\RtsUCcid.sys [x] in two of the last 3 lines. Now when I finally was able to get back to my home screen, a small icon appeared and the a box saying "installing USB driver." Is this a coincidence or possibly related to the last 3 lines of the "close processes" in the fixlist? I haven't a clue! So if you're up for it, do you think we should start over again? And if you could clarify the "run" portion of the FRST program (meaning do I run another scan just before pressing the fix button, or do I just open the program and do nothing but press "fix" once? You also say to say to save the fixlist.txt file in the same folder as FRST. Do you mean in the same area as where the FRST, and other two notepad items are filed? Should it just be the following: the fixlist.txt and FRST..., or should all four files be kept in the same area? Can I save all of them to my desktop? My documents? Or someplace you think would be best. I worry about other folders in the same area with them, 'ya know, possibly being grabbed by FRST also. As I mentioned before all of those original files have been deleted (FRST,fixlist.txt..etc.,). I apologize for the lengthy reply. I will wait for further instructions. Thank you for your time.    ~hollowman4



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:38 PM

Posted 14 April 2015 - 08:35 AM

The Farbar tool in running from your Desktop

Running from C:\Users\Lynette\Desktop

Since you have made a system restore plese run it again and post a fresh FRST log for my review.

I will give you a new fix of what must be removed.

p.s.

S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]

The x means that the file is missing but the registry entry is still listed in the registry.

#7 Hollowman4

Hollowman4
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:38 PM

Posted 15 April 2015 - 09:18 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 02
Ran by Lynette (administrator) on LYNETTE-PC on 15-04-2015 10:03:50
Running from C:\Users\Lynette\Desktop
Loaded Profiles: Lynette (Available profiles: Lynette)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\wmi64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lynette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lynette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lynette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lynette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lynette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lynette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lynette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lynette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-555236874-2283841365-2319319747-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-555236874-2283841365-2319319747-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-555236874-2283841365-2319319747-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
SearchScopes: HKLM -> {FD3B77BA-0CC0-4A21-8F09-72F58F4406E8} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {FF6B49E8-579C-47A7-A9D3-A501FBC4298A} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-555236874-2283841365-2319319747-1000 -> DefaultScope {1F86B97B-9EDC-4A3B-9F5F-C6757ECC6B2B} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-555236874-2283841365-2319319747-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-555236874-2283841365-2319319747-1000 -> {1F86B97B-9EDC-4A3B-9F5F-C6757ECC6B2B} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-555236874-2283841365-2319319747-1000 -> {FD3B77BA-0CC0-4A21-8F09-72F58F4406E8} URL =
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\syswow64\urlmon.dll [2015-03-12] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-18] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-18] ()
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-03-21] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-03-21] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-03-21] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-03-21]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-03-21]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-03-21]

Chrome:
=======
CHR StartupUrls: Default -> "https://google.com/"
CHR Profile: C:\Users\Lynette\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Lynette\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-07]
CHR Extension: (Adguard AdBlocker) - C:\Users\Lynette\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-04-08]
CHR Extension: (YouTube) - C:\Users\Lynette\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-07]
CHR Extension: (Google Search) - C:\Users\Lynette\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-07]
CHR Extension: (Avast Online Security) - C:\Users\Lynette\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Lynette\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-07]
CHR Extension: (Ghostery) - C:\Users\Lynette\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-04-13]
CHR Extension: (Google Wallet) - C:\Users\Lynette\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-07]
CHR Extension: (Gmail) - C:\Users\Lynette\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
S3 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-02-23] (REALiX™)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [76520 2014-12-30] (Zemana Ltd.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [56008 2015-03-26] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [151240 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [245960 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [842440 2015-03-26] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30920 2014-10-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [30920 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [57032 2014-10-09] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77000 2014-11-22] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [181960 2014-11-10] (Kaspersky Lab ZAO)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 10:03 - 2015-04-15 10:04 - 00015446 _____ () C:\Users\Lynette\Desktop\FRST.txt
2015-04-15 09:57 - 2015-04-15 09:57 - 02097152 _____ (Farbar) C:\Users\Lynette\Desktop\FRST64.exe
2015-04-15 09:12 - 2015-04-15 09:12 - 00000364 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-14 21:50 - 2015-04-14 21:51 - 00164970 _____ () C:\Users\Lynette\Downloads\microsoft help subscription reciept 4-14-15.htm
2015-04-14 16:47 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 16:47 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 16:47 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 16:47 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 16:47 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 16:47 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 16:47 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 16:46 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 16:46 - 2015-03-17 01:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 16:46 - 2015-03-17 01:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 16:46 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 16:46 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 16:46 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 16:46 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 16:46 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 16:46 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 16:46 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 16:46 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 16:46 - 2015-03-17 01:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 16:46 - 2015-03-17 01:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 16:46 - 2015-03-17 01:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 16:46 - 2015-03-17 01:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 16:46 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 16:46 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 16:46 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 16:46 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 16:46 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 16:46 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 16:46 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 16:46 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 16:46 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 16:46 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 16:46 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 16:46 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 16:46 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 16:46 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 16:46 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 16:46 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 16:46 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 16:46 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 16:46 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 16:46 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 16:46 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 16:46 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 16:46 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 16:46 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 16:46 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 16:46 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 16:46 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 16:37 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 16:37 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 16:37 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-14 15:22 - 2015-04-14 15:22 - 00588816 _____ () C:\Users\Lynette\Downloads\Autoruns.zip
2015-04-14 15:04 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 15:04 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 15:04 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 15:04 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 15:04 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 15:04 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 15:04 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 15:04 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 15:04 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 15:04 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 15:04 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 15:04 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 15:04 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 15:04 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 15:04 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 15:04 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 15:04 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 15:04 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 15:04 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 15:04 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 15:04 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 15:04 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 15:04 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 15:04 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 15:04 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 15:04 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 15:04 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 15:04 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 15:04 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 15:04 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 15:04 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 15:04 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 15:04 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 15:04 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 15:04 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 15:03 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 15:03 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 15:03 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 15:03 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 15:03 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 15:03 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 15:03 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 15:03 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 15:03 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 15:03 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 15:03 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 15:03 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 15:03 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 15:03 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 15:03 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 15:03 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 15:03 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 15:03 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 15:03 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 15:03 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 15:03 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 15:03 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 15:03 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 14:59 - 2015-04-14 18:10 - 00000000 ____D () C:\Users\Lynette\AppData\Local\LogMeIn Rescue Applet
2015-04-14 02:49 - 2015-04-14 12:06 - 00000000 _____ () C:\Users\Lynette\Desktop\LogAnalyZer.ini
2015-04-14 00:40 - 2015-04-14 19:34 - 00003108 _____ () C:\Windows\PFRO.log
2015-04-13 21:55 - 2015-04-13 21:55 - 00001307 _____ () C:\Users\Lynette\Downloads\Missing startup software (Microsoft Security Client).reg - Shortcut.zip
2015-04-13 20:05 - 2015-04-13 21:06 - 00000000 ____D () C:\Windows\SysWOW64\%Data%
2015-04-13 15:26 - 2015-04-14 00:49 - 00075616 _____ () C:\Users\Lynette\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-13 14:48 - 2015-04-14 00:41 - 00311384 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-13 11:53 - 2015-04-15 09:12 - 00001434 _____ () C:\Windows\setupact.log
2015-04-13 11:53 - 2015-04-13 11:53 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-13 02:06 - 2015-04-13 02:06 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-04-13 00:55 - 2015-04-13 00:56 - 00000000 ____D () C:\Users\Lynette\Documents\key_sim
2015-04-13 00:29 - 2015-04-13 00:34 - 00000000 ____D () C:\Users\Lynette\Downloads\key_sim
2015-04-13 00:27 - 2015-04-13 00:27 - 00330980 _____ () C:\Users\Lynette\Downloads\key_sim.zip
2015-04-12 21:12 - 2015-04-12 21:12 - 03688000 _____ (Zemana Ltd. ) C:\Users\Lynette\Downloads\AntiLoggerFree_Setup_1.8.2.198.exe
2015-04-12 21:12 - 2015-04-12 21:12 - 00001147 _____ () C:\Users\Public\Desktop\AntiLogger Free.lnk
2015-04-12 21:12 - 2015-04-12 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2015-04-12 21:12 - 2015-04-12 21:12 - 00000000 ____D () C:\Program Files (x86)\Zemana AntiLogger Free
2015-04-12 21:12 - 2015-04-12 21:12 - 00000000 ____D () C:\Program Files (x86)\KeyCryptSDK
2015-04-12 21:12 - 2014-12-30 13:18 - 00076520 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\KeyCrypt64.sys
2015-04-12 16:16 - 2015-04-12 16:16 - 00000000 ____D () C:\Windows\en
2015-04-12 16:15 - 2015-04-12 16:15 - 00001381 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-04-12 16:15 - 2015-04-12 16:15 - 00001312 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-04-12 16:15 - 2015-04-12 16:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-04-12 16:14 - 2015-04-12 16:16 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-04-12 16:14 - 2015-04-12 16:14 - 00000000 ____D () C:\Windows\PCHEALTH
2015-04-12 16:14 - 2015-04-12 16:14 - 00000000 ____D () C:\Program Files\Windows Live
2015-04-12 16:14 - 2014-03-31 21:06 - 00058056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2015-04-12 16:13 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-04-12 16:13 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-04-12 16:13 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-04-12 16:13 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-04-12 16:13 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-04-12 16:13 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-04-12 16:12 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-04-12 16:12 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-04-12 16:11 - 2015-04-12 16:11 - 00000382 _____ () C:\Windows\DirectX.log
2015-04-12 16:08 - 2015-04-12 16:08 - 01239752 _____ (Microsoft Corporation) C:\Users\Lynette\Downloads\wlsetup-web.exe
2015-04-11 22:26 - 2015-04-15 10:03 - 00000000 ____D () C:\FRST
2015-04-11 03:10 - 2015-04-11 03:10 - 00000000 ____D () C:\Users\Lynette\New folder (2)
2015-04-11 01:03 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-11 01:03 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-11 01:03 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-11 01:03 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-11 01:03 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-11 01:03 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-11 01:03 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-11 01:03 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-11 01:03 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-11 01:03 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-11 01:03 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-11 01:03 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-11 01:03 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-11 01:03 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-11 01:03 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-11 01:03 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-11 00:36 - 2015-04-11 00:36 - 00000000 _____ () C:\Windows\system32\sfc
2015-04-10 23:21 - 2015-04-10 23:21 - 00000360 _____ () C:\Users\Lynette\t.reg
2015-04-10 21:15 - 2015-04-10 21:15 - 00003144 _____ () C:\Windows\System32\Tasks\{987C031D-02FC-498C-9F09-D8F324CD3425}
2015-04-10 18:16 - 2015-04-10 18:16 - 00002972 _____ () C:\Windows\System32\Tasks\{EB6AF1D4-F1FA-4438-86DB-1923AB60AE69}
2015-04-10 17:35 - 2015-04-10 17:35 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LYNETTE-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-10 17:35 - 2015-04-10 17:35 - 00000000 ____D () C:\RegBackup
2015-04-10 05:16 - 2015-04-10 05:16 - 00002161 _____ () C:\Users\Lynette\Desktop\Tweaking.com - Windows Repair.lnk
2015-04-10 05:15 - 2015-04-12 17:16 - 00003662 _____ () C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2015-04-10 05:15 - 2015-04-10 05:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-04-10 05:15 - 2015-04-10 05:15 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-04-10 05:13 - 2015-04-10 05:13 - 12849424 _____ () C:\Users\Lynette\Downloads\tweaking.com_windows_repair_aio_setup.exe
2015-04-10 04:59 - 2015-04-10 04:59 - 243513382 _____ () C:\reg backup 4-10-15.reg
2015-04-10 04:18 - 2015-04-10 04:19 - 00000000 _____ () C:\re-regdll.bat
2015-04-10 04:07 - 2010-03-05 12:49 - 00060224 _____ () C:\Windows\SysWOW64\tcpmon.ini
2015-04-10 01:22 - 2010-03-05 12:49 - 00060224 _____ () C:\Windows\system32\tcpmon.ini
2015-04-09 17:50 - 2015-04-09 18:19 - 00000000 ____D () C:\ProgramData\GlarySoft
2015-04-09 17:43 - 2015-04-09 17:43 - 13631488 _____ () C:\Windows\system32\config\system.gu
2015-04-09 17:42 - 2015-03-30 02:07 - 00028960 _____ (Glarysoft Ltd) C:\Windows\system32\RegBootDefrag.exe
2015-04-09 16:21 - 2015-04-09 18:19 - 00000000 ____D () C:\Users\Lynette\AppData\Roaming\GlarySoft
2015-04-09 16:21 - 2015-04-09 16:21 - 00000000 ____D () C:\Users\Lynette\AppData\Roaming\DiskDefrag
2015-04-09 14:26 - 2015-04-13 17:05 - 00000000 _____ () C:\Users\Lynette\Downloads\LogAnalyZer.ini
2015-04-09 14:26 - 2015-04-09 14:26 - 01490944 _____ (Adlice Softwares) C:\Users\Lynette\Desktop\LogAnalyzer.exe
2015-04-08 22:40 - 2015-04-15 03:29 - 01023743 _____ () C:\Windows\WindowsUpdate.log
2015-04-08 20:23 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-08 20:23 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-08 20:23 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-08 20:23 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-08 20:22 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-08 20:22 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-08 20:22 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-08 20:22 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-07 20:12 - 2015-04-07 20:12 - 00000000 ____D () C:\Program Files (x86)\Disconnect
2015-04-07 20:11 - 2015-04-07 20:11 - 00000000 ____D () C:\Users\Lynette\AppData\Roaming\Disconnect
2015-04-07 01:06 - 2015-04-07 17:42 - 00000000 ____D () C:\ProgramData\Comodo
2015-04-07 00:42 - 2015-04-07 23:11 - 00000000 ____D () C:\Users\Lynette\AppData\Roaming\Comodo
2015-04-07 00:42 - 2015-04-07 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-04-07 00:42 - 2015-04-07 23:11 - 00000000 ____D () C:\Program Files (x86)\Comodo
2015-04-07 00:42 - 2015-04-07 17:31 - 00000000 ____D () C:\Users\Lynette\AppData\Local\Comodo
2015-04-06 23:04 - 2015-04-08 20:04 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2015-04-06 23:04 - 2015-04-06 23:10 - 00000000 ____D () C:\Users\Lynette\AppData\Roaming\Notepad++
2015-04-06 23:04 - 2015-04-06 23:04 - 00000000 ____D () C:\Users\Lynette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-04-05 18:00 - 2015-04-08 20:04 - 00000000 ____D () C:\Program Files (x86)\FileASSASSIN
2015-04-05 16:05 - 2015-04-05 16:05 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-04-05 12:24 - 2015-04-08 20:04 - 00000000 ____D () C:\Qoobox
2015-04-05 12:24 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-05 12:24 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-05 12:24 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-05 12:24 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-05 12:24 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-05 12:24 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-05 12:24 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-05 12:23 - 2015-04-05 15:14 - 00000000 ____D () C:\Windows\erdnt
2015-04-04 17:00 - 2015-04-04 17:00 - 00000000 ____D () C:\Users\Lynette\AppData\Local\AntiLogger Free
2015-04-03 03:31 - 2015-04-14 01:49 - 00000000 ____D () C:\Users\Lynette\Desktop\mbar
2015-04-03 03:16 - 2015-04-03 03:16 - 05623235 _____ () C:\Users\Lynette\Downloads\Windows6.1-KB3023607-x64.msu
2015-03-29 14:27 - 2015-03-29 14:27 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dat
2015-03-29 14:15 - 2015-04-03 01:34 - 00003486 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-03-29 14:14 - 2015-03-29 14:14 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2015-03-29 14:14 - 2015-03-29 14:14 - 00000000 ____D () C:\Program Files\Dell Support Center
2015-03-29 13:58 - 2015-03-29 13:58 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-03-29 13:55 - 2015-03-29 13:55 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-03-29 13:55 - 2015-03-29 13:55 - 00000000 ____D () C:\Program Files\ATI
2015-03-29 13:53 - 2015-03-29 13:53 - 00457112 _____ () C:\Users\Lynette\Downloads\DELL_DATASAFE-LOCAL-2-0_A00_R260476 (1).exe
2015-03-29 13:50 - 2015-03-29 13:50 - 00783805 _____ () C:\Users\Lynette\Downloads\F3_Patch.zip
2015-03-29 13:50 - 2015-03-29 13:50 - 00000000 ____D () C:\Users\Lynette\Downloads\F3_Patch
2015-03-29 13:48 - 2015-03-29 13:48 - 00000000 ____D () C:\Program Files\Broadcom
2015-03-29 13:46 - 2015-03-29 13:46 - 05499339 _____ () C:\Users\Lynette\Downloads\R235081.exe
2015-03-29 13:42 - 2015-04-09 13:36 - 00003178 _____ () C:\Windows\System32\Tasks\{AACDE734-2929-48BA-9031-086C836F2DAA}
2015-03-29 13:41 - 2015-03-29 13:41 - 19729279 _____ () C:\Users\Lynette\Downloads\R244364_RoxioBurn_v1.01_120B16F.zip
2015-03-29 13:41 - 2015-03-29 13:41 - 00000000 ____D () C:\Users\Lynette\AppData\Roaming\Roxio Log Files
2015-03-29 13:40 - 2015-03-29 13:40 - 00457112 _____ () C:\Users\Lynette\Downloads\DELL_DATASAFE-LOCAL-2-0_A00_R260476.exe
2015-03-29 13:36 - 2015-04-08 20:04 - 00000000 ____D () C:\Users\Lynette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2015-03-29 11:05 - 2015-03-29 11:05 - 00000000 ____D () C:\Users\Lynette\Desktop\cce_2.5.242177.201_x64
2015-03-29 11:04 - 2015-03-29 11:04 - 25543261 _____ () C:\Users\Lynette\Downloads\cce_2.5.242177.201_x64.zip
2015-03-29 10:39 - 2015-03-29 10:39 - 00000000 ____D () C:\NPE
2015-03-29 10:37 - 2015-04-08 20:04 - 00000000 ____D () C:\ProgramData\Norton
2015-03-29 10:37 - 2015-03-29 10:48 - 00000000 ____D () C:\Users\Lynette\AppData\Local\NPE
2015-03-28 09:56 - 2015-04-10 05:38 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-03-28 09:44 - 2015-04-13 21:06 - 00000000 ___SD () C:\Windows\system32\GWX
2015-03-28 09:44 - 2015-03-28 09:44 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-03-24 02:05 - 2015-03-24 02:06 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Lynette\Desktop\tdsskiller.exe
2015-03-21 03:16 - 2015-04-10 18:22 - 00002305 _____ () C:\Users\Lynette\Desktop\Safe Money.lnk
2015-03-21 03:15 - 2015-04-10 18:20 - 00002055 _____ () C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2015-03-21 03:15 - 2015-03-21 03:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2015-03-21 03:14 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-03-21 03:13 - 2015-03-21 03:13 - 00000000 ____D () C:\Windows\ELAMBKUP
2015-03-21 03:13 - 2015-03-21 03:13 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2015-03-21 03:13 - 2014-10-22 21:13 - 00245960 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-03-21 02:43 - 2015-03-21 02:44 - 196444992 _____ (Kaspersky Lab) C:\Users\Lynette\Desktop\kts15.0.2.361en_7225.exe
2015-03-21 02:32 - 2015-03-21 02:32 - 196444992 _____ (Kaspersky Lab) C:\Users\Lynette\Downloads\kts15.0.2.361en_7225 (1).exe
2015-03-19 03:43 - 2015-03-19 03:44 - 00000000 ____D () C:\Users\Lynette\New folder
2015-03-18 21:33 - 2015-03-18 22:10 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-18 21:33 - 2015-03-18 22:10 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-18 19:00 - 2015-03-18 19:01 - 00001855 _____ () C:\DelFix.txt
2015-03-18 19:00 - 2015-03-18 19:00 - 00000000 ____D () C:\Windows\ERUNT
2015-03-17 11:59 - 2015-04-14 20:19 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-16 12:39 - 2015-03-15 19:27 - 00000987 _____ () C:\Users\Lynette\Documents\Dropbox.lnk
2015-03-16 11:24 - 2015-04-14 01:49 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-16 11:22 - 2015-03-16 11:22 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Lynette\Downloads\mbar-1.09.1.1004.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 10:02 - 2015-03-08 18:01 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-04-15 09:21 - 2015-03-10 04:54 - 00007104 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-15 09:21 - 2015-03-10 04:54 - 00007104 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-15 09:18 - 2012-01-26 06:50 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-15 09:16 - 2009-07-14 01:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-15 09:12 - 2012-01-26 06:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-15 09:12 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-14 17:08 - 2011-02-04 00:13 - 00749070 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-14 17:02 - 2013-07-16 16:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-14 16:55 - 2010-04-12 18:43 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 15:33 - 2012-08-07 13:54 - 00000000 ____D () C:\Windows\pss
2015-04-14 11:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-14 11:09 - 2014-11-21 07:00 - 00000000 ____D () C:\Users\Lynette\AppData\Roaming\HpUpdate
2015-04-14 10:33 - 2010-03-28 16:52 - 00000000 ____D () C:\Users\Lynette
2015-04-14 10:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2015-04-13 21:13 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-13 02:02 - 2010-05-18 23:43 - 00000000 ____D () C:\Users\Lynette\AppData\Local\Windows Live Writer
2015-04-12 16:15 - 2010-03-05 11:31 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-04-12 16:14 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-11 18:56 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-04-11 02:23 - 2015-03-04 05:21 - 00000000 ____D () C:\temp
2015-04-11 01:05 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-10 22:48 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-10 22:46 - 2010-03-28 16:52 - 00000000 ___RD () C:\Users\Lynette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-10 19:35 - 2010-03-05 12:48 - 00000000 ____D () C:\Windows\Panther
2015-04-10 18:20 - 2015-02-22 09:36 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2015-04-10 17:54 - 2009-07-13 22:34 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_341
2015-04-10 17:54 - 2009-07-13 22:34 - 00000474 _____ () C:\Windows\win.ini
2015-04-10 15:30 - 2015-03-01 00:20 - 00000000 ____D () C:\Users\Thomas
2015-04-10 15:30 - 2009-07-14 01:08 - 00000000 ___RD () C:\Users\Default
2015-04-10 00:57 - 2013-05-14 21:15 - 00000000 ____D () C:\Users\Lynette\AppData\Local\Apps\2.0
2015-04-09 17:43 - 2009-07-13 22:34 - 73924608 _____ () C:\Windows\system32\config\software.gu.bak
2015-04-09 17:43 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\security.gu.bak
2015-04-09 17:42 - 2009-07-13 22:34 - 01310720 _____ () C:\Windows\system32\config\default.gu.bak
2015-04-09 17:42 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\sam.gu.bak
2015-04-09 17:13 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-08 20:25 - 2014-12-11 21:48 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-08 20:25 - 2014-04-24 01:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-08 20:04 - 2015-03-07 04:50 - 00000000 ____D () C:\ProgramData\Auslogics
2015-04-08 20:04 - 2015-03-07 04:41 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2015-04-08 20:04 - 2015-03-06 03:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-08 20:04 - 2015-02-28 23:15 - 00000000 ____D () C:\ProgramData\IObit
2015-04-08 20:04 - 2015-02-26 01:08 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-08 20:04 - 2011-11-15 06:55 - 00000000 ____D () C:\ProgramData\GFI Software
2015-04-08 20:04 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-04-08 20:02 - 2012-01-26 06:50 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-07 03:33 - 2014-07-25 18:43 - 00000000 ____D () C:\Users\Lynette\AppData\Local\Adobe
2015-04-05 17:50 - 2015-03-08 09:39 - 00000000 ____D () C:\ProgramData\Trend Micro
2015-04-05 15:11 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-05 15:10 - 2009-07-13 22:34 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_163
2015-03-29 14:14 - 2010-03-05 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-03-29 13:59 - 2010-03-05 11:15 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2015-03-29 13:40 - 2010-03-05 12:39 - 00000000 ____D () C:\dell
2015-03-29 13:36 - 2013-05-14 21:14 - 00000000 ____D () C:\Users\Lynette\AppData\Local\Deployment
2015-03-29 07:45 - 2015-02-16 03:17 - 00002962 _____ () C:\Windows\System32\Tasks\{3134CD73-A116-4726-A152-A6F69B7EAAAC}
2015-03-29 07:41 - 2015-02-23 17:51 - 00000000 ____D () C:\Users\Lynette\Downloads\backups
2015-03-29 07:00 - 2015-03-03 10:33 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-26 18:20 - 2014-12-13 18:21 - 00842440 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-03-26 18:20 - 2014-08-19 12:31 - 00056008 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kldisk.sys
2015-03-21 04:04 - 2014-09-20 23:01 - 00000118 _____ () C:\Users\Lynette\AppData\Roaming\wklnhst.dat
2015-03-16 04:34 - 2015-03-08 20:49 - 00000000 ___RD () C:\Users\Lynette\Dropbox
2015-03-16 04:34 - 2015-03-01 01:42 - 00000000 ____D () C:\Users\Lynette\AppData\Roaming\Dropbox

==================== Files in the root of some directories =======

2010-04-30 19:47 - 2010-04-30 19:48 - 8656832 _____ (Dell, Inc.                                                   ) C:\Users\Lynette\AppData\Roaming\DataSafeDotNet.exe
2013-09-21 14:07 - 2013-09-21 14:19 - 0213187 _____ () C:\Users\Lynette\AppData\Roaming\MMUpgrade.jpg
2011-03-03 10:52 - 2012-08-13 17:51 - 0000091 _____ () C:\Users\Lynette\AppData\Roaming\netstat.bat
2014-09-20 23:01 - 2015-03-21 04:04 - 0000118 _____ () C:\Users\Lynette\AppData\Roaming\wklnhst.dat
2011-03-02 13:42 - 2015-02-23 14:27 - 0092153 _____ () C:\Users\Lynette\AppData\Local\ars.cache
2011-03-02 13:43 - 2015-02-23 14:28 - 0977795 _____ () C:\Users\Lynette\AppData\Local\census.cache
2012-07-29 18:37 - 2013-05-03 21:58 - 0004608 _____ () C:\Users\Lynette\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-03-02 13:31 - 2011-03-02 13:31 - 0000036 _____ () C:\Users\Lynette\AppData\Local\housecall.guid.cache
2015-02-22 06:53 - 2015-03-04 12:50 - 0007599 _____ () C:\Users\Lynette\AppData\Local\Resmon.ResmonCfg
2015-02-23 14:30 - 2015-02-23 14:30 - 0000010 _____ () C:\Users\Lynette\AppData\Local\sponge.last.runtime.cache

Files to move or delete:
====================
C:\Users\Lynette\t.reg

Some zero byte size files/folders:
==========================
C:\Windows\System32\BDSandBoxUISkin32.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-06 15:11

==================== End Of Log ============================



#8 Hollowman4

Hollowman4
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:38 PM

Posted 15 April 2015 - 09:21 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2015 02
Ran by Lynette at 2015-04-15 10:04:53
Running from C:\Users\Lynette\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Total Security (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4500_G510gm_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510gm (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AntiLogger Free version 1.8.2.198 (HKLM-x32\...\{A80DB23D-0618-405B-89D9-28F99814E287}_is1) (Version: 1.8.2.198 - Zemana Ltd.)
ATI Catalyst Install Manager (HKLM\...\{ED1AF4BD-ED24-C13F-96E9-B8768293EBFF}) (Version: 3.0.736.0 - ATI Technologies, Inc.)
Belkin F6D4050 Enhanced Wireless USB Adapter (HKLM-x32\...\InstallShield_{B97A0C89-29C0-4682-902C-364109A9857C}) (Version: 2.0.0.05 - Belkin)
Belkin F6D4050 Enhanced Wireless USB Adapter (x32 Version: 2.0.0.05 - Belkin) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.02 - Broadcom Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
ccc-core-static (x32 Version: 2009.0714.2132.36830 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.3.53 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell)
Dell System Detect (HKU\S-1-5-21-555236874-2283841365-2319319747-1000\...\73f463568823ebbe) (Version: 6.0.0.14 - Dell)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-555236874-2283841365-2319319747-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Google Advertising Cookie Opt-out (HKLM\...\{A2E00B38-848D-4898-9109-BFA37C074DDC}) (Version: 1.0.1.0 - Google Inc)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 15.0.2.361 - Kaspersky Lab) Hidden
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30099 - Realtek Semiconductor Corp.)
Redist (HKLM-x32\...\{0F052922-4BCE-4763-A540-00857554336D}) (Version: 3.00.0000 - Verizon)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skins (x32 Version: 2009.0714.2132.36830 - ATI) Hidden
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.1.2 - Tweaking.com)
Verizon Media Manager (HKLM-x32\...\Verizon Media Manager) (Version: 9.4.94 - Verizon)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-555236874-2283841365-2319319747-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lynette\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-555236874-2283841365-2319319747-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Lynette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-555236874-2283841365-2319319747-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lynette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-555236874-2283841365-2319319747-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lynette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-555236874-2283841365-2319319747-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lynette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-555236874-2283841365-2319319747-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lynette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-555236874-2283841365-2319319747-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lynette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-555236874-2283841365-2319319747-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lynette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-555236874-2283841365-2319319747-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lynette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-555236874-2283841365-2319319747-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lynette\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

11-04-2015 15:33:15 Tweaking.com - Windows Repair
11-04-2015 22:22:09 Tweaking.com - Windows Repair
12-04-2015 16:09:19 Windows Live Essentials
12-04-2015 16:11:05 Installed DirectX
12-04-2015 16:11:46 Installed DirectX
12-04-2015 16:12:24 Installed DirectX
12-04-2015 16:13:56 WLSetup
13-04-2015 18:20:38 Tweaking.com - Windows Repair
13-04-2015 18:22:58 Tweaking.com - Windows Repair
13-04-2015 21:04:06 Restore Operation
13-04-2015 22:53:00 Revo Uninstaller's restore point - Mozilla Firefox 37.0.1 (x86 en-US)
14-04-2015 02:58:34 Windows Update
14-04-2015 10:09:16 Tweaking.com - Windows Repair
14-04-2015 10:26:06 Restore Operation
14-04-2015 14:02:57 Revo Uninstaller's restore point - Google Chrome
14-04-2015 16:48:57 Windows Update
14-04-2015 20:10:24 Tweaking.com - Windows Repair

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-04-14 00:36 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05D08B2B-5289-434D-8615-2A9485DE74CA} - System32\Tasks\{3134CD73-A116-4726-A152-A6F69B7EAAAC} => C:\Program Files\Dell\DellDock\DellDock.exe [2010-10-12] (Stardock Corporation)
Task: {13469391-BCD8-4CAE-BD93-F87E0BB0907C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {20F45FBD-1C61-4E3F-90F9-DC7D37CA87B7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-02] (Google Inc.)
Task: {32D70202-D30F-466A-92D7-F877539B9922} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {57B87D08-B5AB-4E50-BBE4-C756CBE93F61} - System32\Tasks\{987C031D-02FC-498C-9F09-D8F324CD3425} => pcalua.exe -a C:\Users\Lynette\Downloads\HijackThis.exe -d C:\Users\Lynette\Downloads
Task: {71B1E6FC-8E11-4D1D-9BBB-539A0019086F} - System32\Tasks\{AACDE734-2929-48BA-9031-086C836F2DAA} => pcalua.exe -a C:\Users\Lynette\AppData\Local\Temp\Temp1_R244364_RoxioBurn_v1.01_120B16F.zip\setup.exe
Task: {87748A9E-2FD2-42E3-917F-0B9F5E581938} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {8FDD4982-258A-4528-9FA8-16CC7FFA37C1} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {9FABDDE4-2A09-463B-ACB2-3B8A09DDE699} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {BC392ECE-CF88-4E52-99E2-13B842A27B36} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-02] (Google Inc.)
Task: {D7C10F3C-E8B0-4765-87C3-A5049E16CBC3} - System32\Tasks\{EB6AF1D4-F1FA-4438-86DB-1923AB60AE69} => C:\Users\Lynette\Desktop\kts15.0.2.361en_7225.exe [2015-03-21] (Kaspersky Lab)
Task: {DFBEE318-7A94-4C88-9987-588C6CD9CF43} - System32\Tasks\{0D7EA79C-6F41-4AA9-87D1-05435BCE12BA} => pcalua.exe -a "C:\Program Files (x86)\Windows Live Safety Center\wlschost.exe" -c -Uninstall
Task: {EBC01122-3EB4-479D-8BFC-6CB35AEBD7BA} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-12-23 16:54 - 2014-12-23 16:54 - 01272616 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\kpcengine.2.3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Lynette\Downloads\kasbackup.db:com.dropbox.attributes
AlternateDataStreams: C:\Users\Lynette\Downloads\kasbackup2.db:com.dropbox.attributes
AlternateDataStreams: C:\Users\Lynette\Documents\ehome:com.dropbox.attributes
AlternateDataStreams: C:\Users\Lynette\Documents\Microsoft.NET:com.dropbox.attributes
AlternateDataStreams: C:\Users\Lynette\Documents\System32:com.dropbox.attributes
AlternateDataStreams: C:\Users\Lynette\Documents\SysWOW64:com.dropbox.attributes
AlternateDataStreams: C:\Users\Lynette\Documents\Web:com.dropbox.attributes
AlternateDataStreams: C:\Users\Lynette\Documents\winsxs:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\56870754.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\97363714.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\56870754.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\97363714.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-555236874-2283841365-2319319747-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: ZALFree => "C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe" /MINIMIZED

==================== Accounts: =============================

Administrator (S-1-5-21-555236874-2283841365-2319319747-500 - Administrator - Disabled)
Guest (S-1-5-21-555236874-2283841365-2319319747-501 - Limited - Disabled)
Lynette (S-1-5-21-555236874-2283841365-2319319747-1000 - Administrator - Enabled) => C:\Users\Lynette

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/14/2015 01:51:59 PM) (Source: MsiInstaller) (EventID: 11706) (User: Lynette-PC)
Description: Product: TrayApp -- Error 1706. An installation package for the product TrayApp cannot be found. Try the installation again using a valid copy of the installation package 'TrayApp.msi'.

Error: (04/14/2015 01:51:04 PM) (Source: MsiInstaller) (EventID: 11706) (User: Lynette-PC)
Description: Product: TrayApp -- Error 1706. An installation package for the product TrayApp cannot be found. Try the installation again using a valid copy of the installation package 'TrayApp.msi'.

Error: (04/14/2015 01:49:33 PM) (Source: MsiInstaller) (EventID: 11706) (User: Lynette-PC)
Description: Product: TrayApp -- Error 1706. An installation package for the product TrayApp cannot be found. Try the installation again using a valid copy of the installation package 'TrayApp.msi'.

Error: (04/14/2015 01:48:50 PM) (Source: MsiInstaller) (EventID: 11706) (User: Lynette-PC)
Description: Product: TrayApp -- Error 1706. An installation package for the product TrayApp cannot be found. Try the installation again using a valid copy of the installation package 'TrayApp.msi'.

Error: (04/14/2015 01:11:24 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Lynette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8LTZ4CXY\hitmanpro_x64.exe Internet Files\Content.IE5\8LTZ4CXY\hitmanpro_x64.exe" ; Description = Checkpoint by HitmanPro; Error = 0x8007043c).

Error: (04/14/2015 00:19:27 PM) (Source: MsiInstaller) (EventID: 11706) (User: Lynette-PC)
Description: Product: TrayApp -- Error 1706. An installation package for the product TrayApp cannot be found. Try the installation again using a valid copy of the installation package 'TrayApp.msi'.

Error: (04/14/2015 00:19:21 PM) (Source: MsiInstaller) (EventID: 11706) (User: Lynette-PC)
Description: Product: TrayApp -- Error 1706. An installation package for the product TrayApp cannot be found. Try the installation again using a valid copy of the installation package 'TrayApp.msi'.

Error: (04/14/2015 00:00:05 PM) (Source: MsiInstaller) (EventID: 11706) (User: Lynette-PC)
Description: Product: TrayApp -- Error 1706. An installation package for the product TrayApp cannot be found. Try the installation again using a valid copy of the installation package 'TrayApp.msi'.

Error: (04/14/2015 11:59:57 AM) (Source: MsiInstaller) (EventID: 11706) (User: Lynette-PC)
Description: Product: TrayApp -- Error 1706. An installation package for the product TrayApp cannot be found. Try the installation again using a valid copy of the installation package 'TrayApp.msi'.

Error: (04/14/2015 11:13:43 AM) (Source: MsiInstaller) (EventID: 11706) (User: Lynette-PC)
Description: Product: TrayApp -- Error 1706. An installation package for the product TrayApp cannot be found. Try the installation again using a valid copy of the installation package 'TrayApp.msi'.


System errors:
=============
Error: (04/15/2015 09:12:30 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (04/15/2015 09:12:19 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (04/15/2015 09:12:12 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (04/15/2015 09:12:12 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (04/14/2015 09:25:01 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (04/14/2015 09:24:51 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (04/14/2015 09:24:46 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (04/14/2015 09:24:46 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (04/14/2015 09:09:47 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (04/14/2015 09:09:37 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!


Microsoft Office Sessions:
=========================
Error: (04/14/2015 01:51:59 PM) (Source: MsiInstaller) (EventID: 11706) (User: Lynette-PC)
Description: Product: TrayApp -- Error 1706. An installation package for the product TrayApp cannot be found. Try the installation again using a valid copy of the installation package 'TrayApp.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/14/2015 01:51:04 PM) (Source: MsiInstaller) (EventID: 11706) (User: Lynette-PC)
Description: Product: TrayApp -- Error 1706. An installation package for the product TrayApp cannot be found. Try the installation again using a valid copy of the installation package 'TrayApp.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/14/2015 01:49:33 PM) (Source: MsiInstaller) (EventID: 11706) (User: Lynette-PC)
Description: Product: TrayApp -- Error 1706. An installation package for the product TrayApp cannot be found. Try the installation again using a valid copy of the installation package 'TrayApp.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/14/2015 01:48:50 PM) (Source: MsiInstaller) (EventID: 11706) (User: Lynette-PC)
Description: Product: TrayApp -- Error 1706. An installation package for the product TrayApp cannot be found. Try the installation again using a valid copy of the installation package 'TrayApp.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/14/2015 01:11:24 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Users\Lynette\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8LTZ4CXY\hitmanpro_x64.exe Internet Files\Content.IE5\8LTZ4CXY\hitmanpro_x64.exe" Checkpoint by HitmanPro0x8007043c

Error: (04/14/2015 00:19:27 PM) (Source: MsiInstaller) (EventID: 11706) (User: Lynette-PC)
Description: Product: TrayApp -- Error 1706. An installation package for the product TrayApp cannot be found. Try the installation again using a valid copy of the installation package 'TrayApp.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/14/2015 00:19:21 PM) (Source: MsiInstaller) (EventID: 11706) (User: Lynette-PC)
Description: Product: TrayApp -- Error 1706. An installation package for the product TrayApp cannot be found. Try the installation again using a valid copy of the installation package 'TrayApp.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/14/2015 00:00:05 PM) (Source: MsiInstaller) (EventID: 11706) (User: Lynette-PC)
Description: Product: TrayApp -- Error 1706. An installation package for the product TrayApp cannot be found. Try the installation again using a valid copy of the installation package 'TrayApp.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/14/2015 11:59:57 AM) (Source: MsiInstaller) (EventID: 11706) (User: Lynette-PC)
Description: Product: TrayApp -- Error 1706. An installation package for the product TrayApp cannot be found. Try the installation again using a valid copy of the installation package 'TrayApp.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/14/2015 11:13:43 AM) (Source: MsiInstaller) (EventID: 11706) (User: Lynette-PC)
Description: Product: TrayApp -- Error 1706. An installation package for the product TrayApp cannot be found. Try the installation again using a valid copy of the installation package 'TrayApp.msi'.(NULL)(NULL)(NULL)(NULL)(NULL)


CodeIntegrity Errors:
===================================
Date: 2015-04-05 15:08:59.155
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-04-05 15:08:59.077
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-10 18:14:20.213
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-10 18:14:20.213
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-10 18:14:20.213
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-10 18:14:20.197
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-10 09:34:45.873
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-10 09:34:45.873
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-10 09:34:40.086
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-03-10 09:34:40.086
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD Athlon™ Processor 2650e
Percentage of memory in use: 31%
Total physical RAM: 2814.85 MB
Available physical RAM: 1931.78 MB
Total Pagefile: 5627.89 MB
Available Pagefile: 4357.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (drive c) (Fixed) (Total:451.07 GB) (Free:405.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 5756151B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#9 Hollowman4

Hollowman4
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:38 PM

Posted 15 April 2015 - 09:27 AM

I ran the farber scan with anti virus off, it is now enabled. The "Tray app.msi." is something that I have no idea what it is, or where it came from. Maybe a piggy back of some kind.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:38 PM

Posted 15 April 2015 - 10:42 AM



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-555236874-2283841365-2319319747-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (Avast Online Security) - C:\Users\Lynette\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-13]
CHR Extension: (Ghostery) - C:\Users\Lynette\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-04-13]
AlternateDataStreams: C:\Users\Lynette\Downloads\kasbackup.db:com.dropbox.attributes
AlternateDataStreams: C:\Users\Lynette\Downloads\kasbackup2.db:com.dropbox.attributes
AlternateDataStreams: C:\Users\Lynette\Documents\ehome:com.dropbox.attributes
AlternateDataStreams: C:\Users\Lynette\Documents\Microsoft.NET:com.dropbox.attributes
AlternateDataStreams: C:\Users\Lynette\Documents\System32:com.dropbox.attributes
AlternateDataStreams: C:\Users\Lynette\Documents\SysWOW64:com.dropbox.attributes
AlternateDataStreams: C:\Users\Lynette\Documents\Web:com.dropbox.attributes
AlternateDataStreams: C:\Users\Lynette\Documents\winsxs:com.dropbox.attributes

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

The "Tray app.msi." is something that I have no idea what it is, or where it came from. Maybe a piggy back of some kind.


Tray app.msi file is a Windows Installer Package from Microsoft.

What is the complete message and when do you see it?

#11 Hollowman4

Hollowman4
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:38 PM

Posted 15 April 2015 - 12:13 PM

The tray app msi. appeared yesterday morning. When I logged into my computer my home screen would open and stay opened for about 2 seconds, then the page would be directed to a file page with the following file listed: BdBKFolder.. this file was empty but was part of a folder called "cardisabled." Both of those files have been deleted and they no longer divert my home screen to that page. It was while on this page that a box would appear that said I did not have the disc inserted in order to run the "AppTray.msi" feature (slightly paraphrasing the error message). After the Microsoft fix I have not seen that pop up again, nor has the BdBKFolder appeared. I have no idea what that BdB..folder even is, what it belonged to. Possibly an old download that has since been deleted, or quite possibly some malware. I'm in the dark as to it's origin.

#12 Hollowman4

Hollowman4
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:38 PM

Posted 15 April 2015 - 12:24 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-04-2015 02
Ran by Lynette at 2015-04-15 13:19:55 Run:2
Running from C:\Users\Lynette\Desktop
Loaded Profiles: Lynette (Available profiles: Lynette & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-555236874-2283841365-2319319747-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (Avast Online Security) - C:\Users\Lynette\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-13]
CHR Extension: (Ghostery) - C:\Users\Lynette\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-04-13]
AlternateDataStreams: C:\Users\Lynette\Downloads\kasbackup.db:com.dropbox.attributes
AlternateDataStreams: C:\Users\Lynette\Downloads\kasbackup2.db:com.dropbox.attributes
AlternateDataStreams: C:\Users\Lynette\Documents\ehome:com.dropbox.attributes
AlternateDataStreams: C:\Users\Lynette\Documents\Microsoft.NET:com.dropbox.attributes
AlternateDataStreams: C:\Users\Lynette\Documents\System32:com.dropbox.attributes
AlternateDataStreams: C:\Users\Lynette\Documents\SysWOW64:com.dropbox.attributes
AlternateDataStreams: C:\Users\Lynette\Documents\Web:com.dropbox.attributes
AlternateDataStreams: C:\Users\Lynette\Documents\winsxs:com.dropbox.attributes

End
*****************

Processes closed successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-555236874-2283841365-2319319747-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\Lynette\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => Moved successfully.
C:\Users\Lynette\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij => Moved successfully.
C:\Users\Lynette\Downloads\kasbackup.db => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Lynette\Downloads\kasbackup2.db => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Lynette\Documents\ehome => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Lynette\Documents\Microsoft.NET => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Lynette\Documents\System32 => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Lynette\Documents\SysWOW64 => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Lynette\Documents\Web => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Lynette\Documents\winsxs => ":com.dropbox.attributes" ADS removed successfully.

The system needed a reboot.

==== End of Fixlog 13:19:58 ====



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:38 PM

Posted 15 April 2015 - 12:51 PM

How is the computer running now?

#14 Hollowman4

Hollowman4
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:38 PM

Posted 15 April 2015 - 12:56 PM

It seems to be running normally. I haven't run into any problems as of yet.. thank goodness. Should I run any other type of scans?



#15 Hollowman4

Hollowman4
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:38 PM

Posted 15 April 2015 - 01:02 PM

I know this is off topic, but the Microsoft tech said that I shouldn't have MBAM on my computer even the free program that does not run in real time. I currently have Kaspersky Total Security 2015 as my anti virus program. He says that they interfere with each other. I've never noticed any problems, but maybe there were problems in the background that I was not aware of occurring. He went ahead and deleted MBAM (although there's probably a whole bunch of MBAM registry keys left). I don't know if I should reinstall the free version or not. I kind of liked having a second opinion to turn to when it comes to scanning for malware and viruses. If you have the time maybe you consider this matter and give me some advice. It would be truly appreciated. Thank you for all of your help!  :clapping:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users