Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes crashes during scan


  • This topic is locked This topic is locked
96 replies to this topic

#1 wrattephinque

wrattephinque

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:57 PM

Posted 19 July 2015 - 07:27 AM

I am running into crashes during the ‘scan file system’ segment of Malwarebytes on a Dell laptop, Windows 7, 64 bit system. I am not exactly a novice but definitely not an expert on computers. And maybe not a decent intermediate.

 

I conduct business on this computer and transact a great deal of business by email from individuals (not companies) and am always concerned about opening email including attachments, but have to do it to conduct my business. I do not open any suspicious or spam email, I simply purge it.

 

I have not loaded any new programs other than tax software last January. I attempted to install Microsoft updates today and that failed completely, which alerted me to a problem. Then I decided to run Malwarebytes.

 

When I started Malwarebytes it ran ok although it was taking more time than usual. During the ‘scan file system’ segment it identified 4 issues which I opened before it had completed the scan to see what they were. All 4 were instances of the same Trojan (did not write it down). I allowed the scan to continue until finally it crashed. I had to reboot, used the ‘normal’ boot sequence, and ran Malwarebytes again. Same problem occurred but this time it crashed before identifying any malware.

 

I rebooted normally again so I could continue to do work but there is a lot of delay time between clicking on something and getting it to open. I need help to get rid of the malware and restore Malwarebytes to its normal operation.

 

I have followed “The preparation guide for use before using malware removal tools and requesting help” by Grinier and have run Farbar.

 

PS – After the fact, are there any suggestions for excellent Anti-malware programs that can scan emails and email attachments for malware?



BC AdBot (Login to Remove)

 


#2 wrattephinque

wrattephinque
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:57 PM

Posted 19 July 2015 - 11:28 AM

Update information: While working on my computer after posting on bleeping computer malwarebytes ran in the background and successfully completed. It identified the 4 Trojans and I had them deleted. I then reran malwarebytes and it successfully completed without picking up anything new. Hopefully this resolves my issue. I will keep this topic open for a few days and if there are no new or recurring problems I will close it.

 

Are there any suggestions for software that will effectively scan emails and their attachments. Due to the nature of my work I suspect this as the mechanism by which I get malware infections.



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,432 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:57 PM

Posted 21 July 2015 - 01:15 PM

Greetings wrattephinque and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Given what you have gone through I think it would be of benefit to take a deeper look at your computer. If you would like to do that please complete the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#4 wrattephinque

wrattephinque
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:57 PM

Posted 22 July 2015 - 07:38 AM

Hi Gary, Thank you for your response. Please call me Karl.

 

Because I use my computer for my small business every day the recent events that caused me to come to Bleeping Computer have been particularly difficult to work with. As I mentioned I have to open attached files from potential clients in order to consummate business with them. I am aware this makes me extremely vulnerable to malware but it is the nature of my business,

 

Fortunately I backup my entire system once per month and my data files every day. Two days ago, after I had posted my topic requesting help, I restored my computer to a backup that I knew was good and also restored all of my data files to the most recent.

 

I am up and running again, although, as you suggest, I am very interested in finding out if there are any other problems that are not obvious to me.

 

And I would also be very interested in knowing if there is some better way to identify malware in attachments before opening them; don’t know if this is possible.

 

So my original malwarebytes issue is resolved but there are some residual problems such as there is a lot of delay time between clicking on something and getting it to open. I would like your continued help if your time permits. I am experiencing a slight delay in getting a response when I click on something to open it. I will rerun Farbar on the restored system and post the resulting files here unless it would be better for me to begin a topic.

 

Thanks, Karl



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,432 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:57 PM

Posted 22 July 2015 - 08:41 AM

Hi Karl,

We can take a look at your computer together here. I will be away from my computer this morning but will check back in upon my return. Once we evaluate the logs we will have a better idea if anything needs to be done and, if so, what.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#6 wrattephinque

wrattephinque
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:57 PM

Posted 22 July 2015 - 01:13 PM

Hi Gary, I was away from my computer until now as well. I have a bit of business I need to attend to, then I will run Farbar and post the results. I am configured to receive notifications of your replies and check this topic quite often anyway. Thanks for your help, Karl.



#7 wrattephinque

wrattephinque
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:57 PM

Posted 22 July 2015 - 02:15 PM

Gary, The Farbar files:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Karl Laptop (administrator) on KARLW7LAPTOP on 22-07-2015 14:42:36
Running from C:\Users\Karl Laptop\Downloads
Loaded Profiles: Karl Laptop (Available Profiles: Karl Laptop)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Google Inc.) C:\Users\Karl Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
(Starfield Technologies) C:\Users\Karl Laptop\AppData\Local\Workspace\workspaceupdate.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Users\Karl Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Karl Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Chaos Software\Chaos 7\chaos7.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Users\Karl Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-03] (Dell Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-17] (IDT, Inc.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [358200 2011-01-28] 
 
(Acronis)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, 
 
Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-74331191-494572096-592015046-1001\...\Run: [Google Update] => C:\Users\Karl Laptop\AppData\Local\Google\Update
 
\GoogleUpdate.exe [107912 2014-12-05] (Google Inc.)
HKU\S-1-5-21-74331191-494572096-592015046-1001\...\Run: [GoogleChromeAutoLaunch_010387C91CAE7F2634A718781CD74BE7] => C:
 
\Users\Karl Laptop\AppData\Local\Google\Chrome\Application\chrome.exe [813896 2015-07-13] (Google Inc.)
HKU\S-1-5-21-74331191-494572096-592015046-1001\...\Run: [Starfield Updater] => C:\Users\Karl Laptop\AppData\Local\Workspace
 
\WorkspaceUpdate.exe [35008 2015-03-27] (Starfield Technologies)
HKU\S-1-5-21-74331191-494572096-592015046-1001\...\Run: [Google Photos Backup] => C:\Users\Karl Laptop\AppData\Local\Programs\Google
 
\Google Photos Backup\Google Photos Backup.exe [3791176 2015-07-10] (Google, Inc)
ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll 
 
[2015-07-21] (Starfield Technologies, LLC)
ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll 
 
[2015-07-21] (Starfield Technologies, LLC)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-74331191-494572096-592015046-1001 -> {76E9350E-0392-9C19-F83A-99BC015260AF} URL = 
 
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 
 
15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 
 
15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-03-11] (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared
 
\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 
 
15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky 
 
Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-
 
Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2015-03-11] (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft 
 
Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28] 
 
(Microsoft Corporation.)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 
 
15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28] 
 
(Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-74331191-494572096-592015046-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-
 
04-16] (Belarc, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{62E6B3F6-1857-4C4D-B401-62BF0E23F747}: [DhcpNameServer] 10.0.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Karl Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\4k8lc7gn.default
FF Keyword.URL: hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-20] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft 
 
Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-20] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll [2008-10-15] (CANON 
 
INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt
 
\content_blocker@kaspersky.com [2015-03-11] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt
 
\virtual_keyboard@kaspersky.com [2015-03-11] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft 
 
Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] 
 
(Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] 
 
(Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] 
 
(Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] 
 
(Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-20] 
 
(Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-20] 
 
(Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-74331191-494572096-592015046-1001: @starfield.com/off -> C:\Users\Karl Laptop\AppData\Roaming\Mozilla\Plugins
 
\npoff.dll [2015-03-27] ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-74331191-494572096-592015046-1001: @starfield.com/off64 -> C:\Users\Karl Laptop\AppData\Roaming\Mozilla\Plugins
 
\npoff64.dll [2015-03-27] ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-74331191-494572096-592015046-1001: @starfield.com/wbe -> C:\Users\Karl Laptop\AppData\Roaming\Mozilla\Plugins
 
\npwbe.dll [2015-03-27] (Starfield Technology, LLC)
FF Plugin HKU\S-1-5-21-74331191-494572096-592015046-1001: @starfield.com/wbe64 -> C:\Users\Karl Laptop\AppData\Roaming\Mozilla
 
\Plugins\npwbe64.dll [2015-03-27] (Starfield Technology, LLC)
FF Plugin HKU\S-1-5-21-74331191-494572096-592015046-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Karl Laptop\AppData
 
\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-74331191-494572096-592015046-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Karl Laptop\AppData
 
\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-20] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-03-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-03-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-03-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-03-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-03-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Karl Laptop\AppData\Roaming\mozilla\plugins\npoff.dll [2015-03-27] ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Karl Laptop\AppData\Roaming\mozilla\plugins\npoff64.dll [2015-03-27] ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Karl Laptop\AppData\Roaming\mozilla\plugins\npwbe.dll [2015-03-27] (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Karl Laptop\AppData\Roaming\mozilla\plugins\npwbe64.dll [2015-03-27] (Starfield Technology, LLC)
FF Extension: WBE Paste - C:\Users\Karl Laptop\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-
 
13a3a9e97384}\wbepaste@starfield [2015-03-27]
FF Extension: Search Toolbar - C:\Users\Karl Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\4k8lc7gn.default\Extensions
 
\searchtoolbar@zugo.com [2011-03-28]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-
 
07-18]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-08-31]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} 
 
[2013-07-18]
FF HKLM-x32\...\Firefox\Extensions: [{203FB6B2-2E1E-4474-863B-4C483ECCE78E}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-
 
765CE1E929FB}\NST_1.2.0.6\coFFNST
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 
 
15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt
 
\content_blocker@kaspersky.com [2015-03-11]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 
 
15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com 
 
[2015-03-11]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt
 
\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com 
 
[2015-03-11]
 
Chrome: 
=======
CHR Profile: C:\Users\Karl Laptop\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Karl Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\Karl Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-05]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium
 
\skype_chrome_extension.crx [2013-10-09]
StartMenuInternet: Google Chrome - C:\Users\Karl Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S4 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [697472 2014-10-20] (Starfield Technologies)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-02-03] (Dell Inc.) [File not signed]
S2 NSL; "C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe" /s "NSL" /m "C:\Program Files (x86)\Norton Safe Web 
 
Lite\Engine\1.2.0.6\diMaster.dll" /prefetch:1
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2015-03-11] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2015-03-11] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 cpuz134; \??\C:\Users\KARLLA~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-22 14:42 - 2015-07-22 14:43 - 00020192 _____ C:\Users\Karl Laptop\Downloads\FRST.txt
2015-07-22 14:41 - 2015-07-22 14:41 - 02135552 _____ (Farbar) C:\Users\Karl Laptop\Downloads\FRST64.exe
2015-07-21 20:06 - 2015-07-21 20:06 - 00000000 ____D C:\Users\Karl Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
 
\Google Photos Backup
2015-07-21 19:36 - 2015-07-21 19:36 - 00000000 ____D C:\Users\Karl Laptop\AppData\Local\offsync
2015-07-21 19:20 - 2015-07-21 19:20 - 00000000 ____D C:\Program Files (x86)\Workspace
2015-07-21 07:00 - 2015-07-21 07:02 - 00000000 ____D C:\Users\Karl Laptop\Desktop\Posts
2015-07-21 06:54 - 2015-07-21 06:54 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-21 06:54 - 2015-07-21 06:54 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-20 23:29 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows
 
\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-20 23:29 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows
 
\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-07-20 22:53 - 2015-06-19 14:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-20 22:53 - 2015-06-19 14:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-20 22:52 - 2015-06-25 14:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-20 22:52 - 2015-06-25 13:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-20 22:52 - 2015-06-20 16:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-20 22:52 - 2015-06-20 15:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-20 22:52 - 2015-06-20 15:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-20 22:52 - 2015-06-20 15:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-20 22:52 - 2015-06-20 15:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-20 22:52 - 2015-06-20 15:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-20 22:52 - 2015-06-20 15:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-20 22:52 - 2015-06-20 15:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-20 22:52 - 2015-06-20 15:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-20 22:52 - 2015-06-20 15:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-20 22:52 - 2015-06-20 15:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-20 22:52 - 2015-06-20 15:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-20 22:52 - 2015-06-20 15:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-20 22:52 - 2015-06-20 15:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-20 22:52 - 2015-06-20 15:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-20 22:52 - 2015-06-20 15:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-20 22:52 - 2015-06-20 15:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-20 22:52 - 2015-06-20 14:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-20 22:52 - 2015-06-20 14:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-20 22:52 - 2015-06-20 14:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-20 22:52 - 2015-06-20 14:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-20 22:52 - 2015-06-20 14:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-20 22:52 - 2015-06-20 14:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-20 22:52 - 2015-06-19 14:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-20 22:52 - 2015-06-19 14:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-20 22:52 - 2015-06-19 14:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-20 22:52 - 2015-06-19 14:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-20 22:52 - 2015-06-19 14:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-20 22:52 - 2015-06-19 14:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-20 22:52 - 2015-06-19 14:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-20 22:52 - 2015-06-19 14:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-20 22:52 - 2015-06-19 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-20 22:52 - 2015-06-19 13:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-20 22:52 - 2015-06-19 13:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-20 22:52 - 2015-06-19 13:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-20 22:52 - 2015-06-19 13:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-20 22:52 - 2015-06-19 13:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-20 22:52 - 2015-06-19 13:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-20 22:52 - 2015-06-19 13:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-20 22:52 - 2015-06-19 13:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-20 22:48 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-20 22:48 - 2015-07-02 17:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-20 22:48 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-20 22:48 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-20 22:48 - 2015-07-02 16:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-20 22:48 - 2015-07-02 16:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-20 22:48 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-20 22:48 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-20 22:48 - 2015-07-02 16:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-20 22:48 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-20 22:48 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-20 22:48 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-20 22:45 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-07-20 22:45 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-07-20 22:43 - 2015-05-25 14:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-07-20 22:43 - 2015-05-25 14:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-07-20 22:43 - 2015-05-25 14:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-07-20 22:43 - 2015-05-25 14:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-07-20 22:43 - 2015-05-25 14:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-07-20 22:43 - 2015-05-25 14:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-07-20 22:43 - 2015-05-25 14:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-07-20 22:43 - 2015-05-25 14:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-07-20 22:43 - 2015-05-25 14:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-07-20 22:43 - 2015-05-25 14:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-07-20 22:43 - 2015-05-25 14:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-07-20 22:43 - 2015-05-25 14:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-07-20 22:43 - 2015-05-25 14:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-07-20 22:43 - 2015-05-25 14:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-07-20 22:43 - 2015-05-25 14:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-07-20 22:43 - 2015-05-25 14:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-07-20 22:43 - 2015-05-25 14:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-07-20 22:43 - 2015-05-25 14:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-07-20 22:43 - 2015-05-25 14:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-07-20 22:43 - 2015-05-25 14:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-07-20 22:43 - 2015-05-25 14:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-07-20 22:43 - 2015-05-25 14:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-07-20 22:43 - 2015-05-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-07-20 22:43 - 2015-05-25 14:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-07-20 22:43 - 2015-05-25 14:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-07-20 22:43 - 2015-05-25 14:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 14:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-
 
0.dll
2015-07-20 22:43 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 14:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-07-20 22:43 - 2015-05-25 14:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-07-20 22:43 - 2015-05-25 14:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-07-20 22:43 - 2015-05-25 14:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-07-20 22:43 - 2015-05-25 14:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-07-20 22:43 - 2015-05-25 14:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-07-20 22:43 - 2015-05-25 14:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-07-20 22:43 - 2015-05-25 14:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-07-20 22:43 - 2015-05-25 14:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-07-20 22:43 - 2015-05-25 14:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-07-20 22:43 - 2015-05-25 14:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-07-20 22:43 - 2015-05-25 14:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-07-20 22:43 - 2015-05-25 14:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-07-20 22:43 - 2015-05-25 14:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-07-20 22:43 - 2015-05-25 13:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-07-20 22:43 - 2015-05-25 13:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-07-20 22:43 - 2015-05-25 13:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-07-20 22:43 - 2015-05-25 13:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-07-20 22:43 - 2015-05-25 13:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-
 
0.dll
2015-07-20 22:43 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1
 
-1-0.dll
2015-07-20 22:43 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 13:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-07-20 22:43 - 2015-05-25 12:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-07-20 22:43 - 2015-05-25 12:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-07-20 22:43 - 2015-05-25 12:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 12:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 12:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-07-20 22:43 - 2015-05-25 12:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-07-20 22:43 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-07-20 22:43 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-07-20 22:42 - 2015-07-01 16:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-20 22:42 - 2015-07-01 16:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-20 22:42 - 2015-07-01 16:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-20 22:42 - 2015-07-01 16:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-20 22:42 - 2015-07-01 16:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-20 22:42 - 2015-07-01 16:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-20 22:42 - 2015-07-01 16:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-20 22:42 - 2015-07-01 16:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-20 22:42 - 2015-07-01 16:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-20 22:42 - 2015-07-01 16:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-20 22:42 - 2015-07-01 16:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-20 22:42 - 2015-07-01 16:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-20 22:42 - 2015-07-01 16:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-20 22:42 - 2015-07-01 16:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-20 22:42 - 2015-07-01 16:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-20 22:42 - 2015-07-01 16:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-20 22:42 - 2015-07-01 16:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-20 22:42 - 2015-07-01 16:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-20 22:42 - 2015-07-01 16:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-20 22:42 - 2015-07-01 16:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-20 22:42 - 2015-07-01 16:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-20 22:42 - 2015-07-01 16:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-20 22:42 - 2015-07-01 16:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-20 22:42 - 2015-07-01 16:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-20 22:42 - 2015-07-01 16:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-20 22:42 - 2015-07-01 16:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-20 22:42 - 2015-07-01 16:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-20 22:42 - 2015-07-01 16:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-20 22:42 - 2015-07-01 16:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-20 22:42 - 2015-07-01 16:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-20 22:42 - 2015-07-01 16:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-20 22:42 - 2015-07-01 16:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-20 22:42 - 2015-07-01 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-20 22:42 - 2015-07-01 16:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-20 22:42 - 2015-07-01 16:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-20 22:42 - 2015-07-01 15:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-20 22:42 - 2015-07-01 15:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-20 22:42 - 2015-07-01 15:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-20 22:42 - 2015-01-28 23:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-07-20 22:42 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-07-20 22:41 - 2015-07-09 13:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-20 22:41 - 2015-07-09 13:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-20 22:41 - 2015-07-09 13:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-20 22:41 - 2015-07-09 13:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-20 22:41 - 2015-07-09 13:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-20 22:41 - 2015-07-09 13:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-20 22:41 - 2015-07-09 13:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-20 22:41 - 2015-07-09 13:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-20 22:41 - 2015-07-09 13:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-20 22:41 - 2015-07-09 13:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-20 22:41 - 2015-07-09 13:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-20 22:41 - 2015-07-09 13:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-20 22:41 - 2015-07-09 13:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-20 22:41 - 2015-07-09 13:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-20 22:41 - 2015-07-09 13:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-20 22:41 - 2015-07-09 13:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-20 22:41 - 2015-07-09 13:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-20 22:41 - 2015-07-09 13:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-20 22:41 - 2015-07-09 13:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-20 22:41 - 2015-07-09 13:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-20 22:41 - 2015-07-09 13:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-20 22:41 - 2015-07-09 13:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-20 22:41 - 2015-07-09 13:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-20 22:41 - 2015-07-09 13:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-20 22:41 - 2015-06-26 22:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-20 22:41 - 2015-06-26 22:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-20 22:41 - 2015-06-26 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-20 22:41 - 2015-06-26 21:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-20 22:41 - 2015-06-03 16:16 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-07-20 22:41 - 2015-04-29 14:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-07-20 22:41 - 2015-04-29 14:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-07-20 22:41 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-07-20 22:41 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-07-20 22:41 - 2015-04-29 14:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-07-20 22:41 - 2015-04-29 14:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-07-20 22:41 - 2015-04-29 14:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-07-20 22:41 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-07-20 22:41 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-07-20 22:41 - 2015-04-29 14:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-07-20 22:41 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-20 22:41 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-20 22:41 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-07-20 22:41 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-07-20 22:41 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-07-20 22:40 - 2015-07-04 14:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-20 22:40 - 2015-07-04 13:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-20 22:40 - 2015-06-25 04:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-20 22:40 - 2015-06-15 17:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-20 22:40 - 2015-06-15 17:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-20 22:40 - 2015-06-15 17:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-20 22:40 - 2015-06-15 17:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-20 22:40 - 2015-06-15 17:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-20 22:40 - 2015-06-15 17:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-20 22:40 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-20 22:40 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-20 22:40 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-20 22:40 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-20 22:40 - 2015-06-15 17:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-20 22:40 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-20 22:40 - 2015-06-09 14:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-20 22:40 - 2015-06-09 14:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-20 22:40 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-07-20 22:40 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-07-20 22:40 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-07-20 22:40 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-07-20 22:40 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-07-20 22:40 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-07-20 22:40 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-07-20 22:40 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-20 22:40 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-07-20 22:40 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-07-20 22:40 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-07-20 22:40 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-07-20 22:40 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-07-20 22:40 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-07-20 22:40 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-07-20 22:40 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-07-20 22:39 - 2015-07-14 23:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-20 22:39 - 2015-07-14 23:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-20 22:39 - 2015-07-14 23:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-20 22:39 - 2015-07-14 23:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-20 22:39 - 2015-07-14 22:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-20 22:39 - 2015-07-14 22:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-20 22:39 - 2015-07-14 22:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-20 22:39 - 2015-07-14 22:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-20 22:39 - 2015-07-14 21:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-20 22:39 - 2015-07-14 21:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 22:39 - 2015-06-01 20:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-20 22:39 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-20 22:39 - 2015-04-27 15:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-20 22:39 - 2015-04-27 15:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-20 22:39 - 2015-04-27 15:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-20 22:39 - 2015-04-27 15:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-20 22:39 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-20 22:39 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-20 22:39 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-20 22:39 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-20 22:37 - 2015-06-17 13:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-20 22:37 - 2015-06-17 13:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-20 22:37 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-07-20 22:37 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-07-20 22:37 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-07-20 22:37 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-22 14:42 - 2015-03-13 13:12 - 00000000 ____D C:\FRST
2015-07-22 14:38 - 2013-02-22 08:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-22 14:25 - 2011-03-03 09:45 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2015-07-22 14:23 - 2011-03-03 09:46 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2015-07-22 14:23 - 2011-03-03 09:45 - 00003468 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-07-22 14:17 - 2015-03-11 16:25 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-07-22 14:17 - 2009-07-14 00:45 - 00022704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289
 
-439d-8115-601632D005A0
2015-07-22 14:17 - 2009-07-14 00:45 - 00022704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289
 
-439d-8115-601632D005A0
2015-07-22 14:09 - 2010-08-11 15:19 - 01779876 _____ C:\Windows\WindowsUpdate.log
2015-07-22 14:08 - 2015-03-15 20:53 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-22 14:04 - 2010-11-07 10:33 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-22 14:04 - 2010-08-19 09:58 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-74331191-494572096-592015046-
 
1001UA.job
2015-07-22 14:01 - 2014-06-27 07:04 - 00003976 _____ C:\Windows\setupact.log
2015-07-22 14:01 - 2010-11-07 10:33 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-22 14:01 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-22 10:42 - 2010-08-05 16:54 - 00000000 ____D C:\Users\Karl Laptop\Documents\Chaos Data
2015-07-22 09:19 - 2015-03-14 07:41 - 00000000 ____D C:\Users\Karl Laptop\Desktop\Bleeping Computer
2015-07-22 07:34 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2015-07-21 20:07 - 2010-08-19 09:58 - 00000000 ____D C:\Users\Karl Laptop\AppData\Local\Google
2015-07-21 20:04 - 2010-08-19 09:58 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-74331191-494572096-592015046-
 
1001Core.job
2015-07-21 19:47 - 2009-07-14 01:13 - 00806240 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-21 19:17 - 2009-07-14 00:45 - 00421696 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-21 08:16 - 2010-08-17 21:27 - 00112232 _____ C:\Users\Karl Laptop\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-21 07:58 - 2013-01-15 14:07 - 00000000 ____D C:\Program Files (x86)\HRBlock2012
2015-07-21 07:56 - 2011-11-16 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2011
2015-07-21 07:56 - 2011-11-16 14:09 - 00000000 ____D C:\Program Files (x86)\HRBlock2011
2015-07-21 07:55 - 2010-11-28 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2010
2015-07-21 07:54 - 2010-11-28 21:41 - 00000000 ____D C:\Program Files (x86)\HRBlock2010
2015-07-21 07:17 - 2015-02-04 11:03 - 00000000 ____D C:\Users\Karl Laptop\Desktop\Sample resumes for website
2015-07-21 06:49 - 2015-03-23 20:06 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-21 06:49 - 2015-03-15 20:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-21 06:49 - 2015-03-15 20:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-21 05:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-07-21 03:44 - 2014-09-01 06:44 - 00489692 _____ C:\Windows\PFRO.log
2015-07-21 03:40 - 2010-08-11 18:11 - 00000000 ____D C:\Program Files\Windows Journal
2015-07-21 03:40 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-21 03:39 - 2015-03-11 18:56 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-21 03:39 - 2014-05-06 21:12 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-21 03:39 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-07-21 00:16 - 2010-08-18 20:36 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-21 00:12 - 2010-11-27 21:13 - 00798854 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-07-20 23:28 - 2013-03-13 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-07-20 23:24 - 2013-03-13 22:20 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-07-20 23:24 - 2013-03-13 22:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-07-20 23:16 - 2013-08-01 21:30 - 00000000 ____D C:\Windows\system32\MRT
2015-07-20 22:52 - 2013-02-22 08:05 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-20 22:52 - 2013-02-22 08:05 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-20 22:52 - 2012-02-04 08:33 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-20 21:00 - 2015-03-16 09:57 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-20 20:58 - 2015-03-16 15:08 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-20 20:37 - 2013-10-04 15:09 - 00001024 _____ C:\Windows\system32\AutoPartNt.let
2015-07-20 20:35 - 2013-10-04 15:09 - 03696480 _____ (Acronis) C:\Windows\system32\AutoPartNt.exe
2015-07-20 20:28 - 2011-03-03 09:45 - 00004288 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-07-20 20:28 - 2011-03-03 09:45 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-07-20 19:59 - 2010-11-07 10:33 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-20 19:59 - 2010-11-07 10:33 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-20 19:59 - 2010-08-19 09:58 - 00003914 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-74331191-494572096-
 
592015046-1001UA
2015-07-20 19:59 - 2010-08-19 09:58 - 00003518 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-74331191-494572096-
 
592015046-1001Core
2015-07-20 11:10 - 2007-06-17 20:42 - 00000000 ____D C:\Users\Karl Laptop\Documents\Health
2015-07-10 11:30 - 2007-06-17 20:41 - 00000000 ____D C:\Users\Karl Laptop\Documents\Lawn & Garden
2015-07-08 19:28 - 2012-01-02 08:55 - 00000000 ____D C:\Users\Karl Laptop\Documents\@-Hooch Resumes
2015-07-03 08:43 - 2010-08-18 20:42 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-23 13:30 - 2015-03-11 16:37 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2010-11-22 20:11 - 2014-05-07 19:36 - 0024064 _____ () C:\Users\Karl Laptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-
 
E0D61DEA3FDF.ini
2010-09-03 18:37 - 2010-09-03 18:40 - 0007597 _____ () C:\Users\Karl Laptop\AppData\Local\resmon.resmoncfg
2014-01-03 15:43 - 2014-01-18 14:03 - 0000298 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Some files in TEMP:
====================
C:\Users\Karl Laptop\AppData\Local\Temp\HitmanPro.exe
C:\Users\Karl Laptop\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Karl Laptop\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Karl Laptop\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Karl Laptop\AppData\Local\Temp\Quarantine.exe
C:\Users\Karl Laptop\AppData\Local\Temp\sqlite3.dll
C:\Users\Karl Laptop\AppData\Local\Temp\{394B67A7-E2D2-4640-840D-74777C404276}-43.0.2357.134_41.0.2272.101_chrome_updater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-21 05:20
 
==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Karl Laptop at 2015-07-22 14:45:11
Running from C:\Users\Karl Laptop\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-74331191-494572096-592015046-500 - Administrator - Disabled)
ASPNET (S-1-5-21-74331191-494572096-592015046-1004 - Limited - Enabled)
Guest (S-1-5-21-74331191-494572096-592015046-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-74331191-494572096-592015046-1002 - Limited - Enabled)
Karl Laptop (S-1-5-21-74331191-494572096-592015046-1001 - Administrator - Enabled) => C:\Users\Karl Laptop
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Acronis True Image Home (HKLM-x32\...\{67ED38A3-4882-448B-B44D-3428AB00D7D5}) (Version: 13.0.7160 - Acronis)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaImpression (HKLM-x32\...\{531F0013-964C-4BE6-B382-4117DC8BCDF9}) (Version:  - ArcSoft)
Bing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM-x32\...\Software Guide) (Version: 1.1.0.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.2.11 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.4.0.8 - Canon Inc.)
Canon Personal Printing Guide (HKLM-x32\...\Personal Printing Guide) (Version: 1.1.0.2 - Canon Inc.)
Canon PhotoRecord (HKLM-x32\...\PhotoRecord) (Version:  - )
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\InstallShield_{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}) (Version: 0.9.0 - 
 
Canon)
Canon RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\InstallShield_{2236B741-6631-49AE-B76E-3E14CA01CC87}) (Version: 0.9.0 - 
 
Canon)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.4.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.1.0.11 - Canon Inc.)
Canon Utilities File Viewer Utility 1.3 (HKLM-x32\...\InstallShield_{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D}) (Version: 1.3.2 - Canon)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities RemoteCapture 2.7 (HKLM-x32\...\InstallShield_{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}) (Version: 2.7.5 - Canon)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.5.0.14 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Chaos 7 (HKLM-x32\...\{C36F0970-455C-11DE-3D6C-00CA5A144AE1}) (Version:  - Chaos Software Group, Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.40 - Dell)
Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Driver Download Manager (HKU\S-1-5-21-74331191-494572096-592015046-1001\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.0.5744.02 - Dell Inc.)
Dell Support Center (Version: 3.0.5744.02 - PC-Doctor, Inc.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.35 - Dell Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
File Viewer Utility 1.3.2 (x32 Version: 1.3.2 - Canon) Hidden
Google Chrome (HKU\S-1-5-21-74331191-494572096-592015046-1001\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Photos Backup (HKU\S-1-5-21-74331191-494572096-592015046-1001\...\Google Photos Backup) (Version: 1.1.0.239 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
HP Photosmart C309a All-In-One Driver 14.0 Rel. 5 (HKLM\...\{71C4F928-136A-4222-A191-310E081FB96B}) (Version: 14.0 - HP)
HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.8.0 - Hewlett-Packard Company)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6289.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel 
 
Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel 
 
Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes 
 
Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft 
 
Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-
 
199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft 
 
Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft 
 
Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - 
 
Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 
 
8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 
 
8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - 
 
Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft 
 
Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft 
 
Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 
 
9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) 
 
(Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - 
 
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 
 
9.0.30729.6161 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 21.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 21.0 (x86 en-US)) (Version: 21.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 21.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Outlook Setup Tool (HKLM-x32\...\outlookset) (Version: 2.1.16 - Starfield Technologies)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PS_AIO_05_C309_Software_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.5.0 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RAW Image Task (x32 Version: 0.9.0 - Canon) Hidden
RemoteCapture 2.7.5 (x32 Version: 2.7.5 - Canon) Hidden
RemoteCapture Task (x32 Version: 0.9.0 - Canon) Hidden
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.0.1 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-
 
48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-74331191-494572096-592015046-1001_Classes\CLSID\{1BFB1268-6353-495A-AB78-
 
97BF7CAB4D59}\InprocServer32 -> C:\Users\Karl Laptop\AppData\Local\Workspace\gdeditwrapperax64.dll (Starfield Technologies)
CustomCLSID: HKU\S-1-5-21-74331191-494572096-592015046-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-
 
34D9EA01FC2E}\InprocServer32 -> C:\Users\Karl Laptop\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-74331191-494572096-592015046-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-
 
F332194690F8}\InprocServer32 -> C:\Users\Karl Laptop\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-74331191-494572096-592015046-1001_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-
 
32FE4FED7C5C}\InprocServer32 -> C:\Users\Karl Laptop\AppData\Local\Workspace\wbetoolsax64.dll (Starfield Technology, LLC)
CustomCLSID: HKU\S-1-5-21-74331191-494572096-592015046-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-
 
41373F017C9A}\InprocServer32 -> C:\Users\Karl Laptop\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-74331191-494572096-592015046-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-
 
2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Karl Laptop\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-74331191-494572096-592015046-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-
 
948E6CB34B9F}\InprocServer32 -> C:\Users\Karl Laptop\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-74331191-494572096-592015046-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-
 
3641AAAF5E9E}\InprocServer32 -> C:\Users\Karl Laptop\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points =========================
 
18-03-2015 14:58:30 Windows Update
19-03-2015 10:58:04 Removed Skype™ 6.11
19-03-2015 11:00:49 Removed Skype Click to Call
19-03-2015 11:02:01 Removed Skype Click to Call
20-07-2015 22:56:21 Windows Update
21-07-2015 06:53:50 Windows Update
21-07-2015 07:24:21 Removed H&R Block Deluxe + Efile + State 2010.
21-07-2015 07:32:43 Removed H&R Block Deluxe + Efile + State 2011.
21-07-2015 07:41:21 Removed H&R Block Deluxe + Efile + State 2011.
21-07-2015 07:47:10 Removed H&R Block Deluxe + Efile + State 2012.
21-07-2015 07:53:44 Removed H&R Block Georgia 2010.
21-07-2015 07:55:16 Removed H&R Block Georgia 2011.
21-07-2015 07:56:56 Removed H&R Block Georgia 2012.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2015-03-17 06:47 - 00001993 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
 
There are 4 more lines.
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0831183D-610C-4579-984D-DE29E5A3F34E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft 
 
Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {12C09B6C-B4BD-4F25-9861-388CA22114A1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed
 
\Flash\FlashPlayerUpdateService.exe [2015-07-20] (Adobe Systems Incorporated)
Task: {203ABEA1-F0D9-4A66-94FF-E47B0C041642} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center
 
\pcdrcui.exe [2010-11-18] (PC-Doctor, Inc.)
Task: {23529619-53BF-4145-973A-518FAAB84270} - System32\Tasks\{40A3646C-2334-45A4-89F5-5B82BC7FE038} => pcalua.exe -a "C:
 
\Program Files (x86)\Google\Picasa3\Picasa3.exe" -d "C:\Program Files (x86)\Google\Picasa3"
Task: {31678B48-0C26-4D54-B7DD-661702CB7831} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft 
 
Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {35B2D203-7070-43A6-AE12-E26D58802C5C} - System32\Tasks\Regwork => C:\Program Files (x86)\RegWork\RegWork.exe
Task: {3B15F833-7729-4572-AB84-17668D5485BB} - System32\Tasks\{A538E448-E149-46EE-93C6-CD8B55807951} => pcalua.exe -a C:
 
\PROGRA~1\DELLSU~1\uninst.exe
Task: {4C30AFAE-5A9A-4E30-BB66-D74F57262EA9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google
 
\Update\GoogleUpdate.exe [2014-12-05] (Google Inc.)
Task: {53632C41-7E41-4081-8C19-F815CD0C117D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google
 
\Update\GoogleUpdate.exe [2014-12-05] (Google Inc.)
Task: {74B92807-9A59-4697-A9B6-2C29946C03B7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-74331191-494572096-592015046-
 
1001Core => C:\Users\Karl Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-05] (Google Inc.)
Task: {75C331FD-7F7C-44C2-8DFF-CF26CCFF53A2} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft 
 
IntelliPoint\IPoint.exe
Task: {7DF18F70-48B6-445D-8F11-AFE05165ADFF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software 
 
Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AFF28F26-047A-4827-910C-76257583C1F9} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support 
 
Center\uaclauncher.exe [2010-11-18] (PC-Doctor, Inc.)
Task: {B0FAC10A-AE46-4515-B877-C4BF51CE635B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files
 
\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {B54D87A7-91F9-4DAE-9077-57D27271C15E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-74331191-494572096-592015046-
 
1001UA => C:\Users\Karl Laptop\AppData\Local\Google\Update\GoogleUpdate.exe [2014-12-05] (Google Inc.)
Task: {B7848A0E-766B-49C7-9FC6-BA48D651E98E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-
 
02-19] (Piriform Ltd)
Task: {E16FE3BB-1267-45A0-8B92-A0405E375B46} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center
 
\sessionchecker.exe [2010-11-18] (PC-Doctor, Inc.)
Task: {EE5D4F90-A453-4951-8B33-C2045F9CCADF} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Karl Laptop) => C:\Program Files
 
\SlimCleaner Plus\SlimCleanerPlus.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-74331191-494572096-592015046-1001Core.job => C:\Users\Karl Laptop\AppData
 
\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-74331191-494572096-592015046-1001UA.job => C:\Users\Karl Laptop\AppData\Local
 
\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exeo-backgroundmon 
 
scripts\defaultscan.xml
Task: C:\Windows\Tasks\Regwork.job => C:\Program Files (x86)\RegWork\RegWork.exe-shed C:\Program Files (x86)\RegWork\RegWork.exe
Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Karl Laptop).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-01-10 22:12 - 2012-01-10 22:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-02-17 12:08 - 2011-02-21 15:54 - 02009968 _____ () C:\Program Files (x86)\Chaos Software\Chaos 7\chaos7.exe
2014-03-06 15:00 - 2014-03-06 15:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\kpcengine.2.3.dll
2010-08-11 15:40 - 2009-12-23 18:32 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-07-21 01:11 - 2015-07-13 17:55 - 01281864 _____ () C:\Users\Karl Laptop\AppData\Local\Google\Chrome\Application
 
\43.0.2357.134\libglesv2.dll
2015-07-21 01:11 - 2015-07-13 17:55 - 00080712 _____ () C:\Users\Karl Laptop\AppData\Local\Google\Chrome\Application\43.0.2357.134\libegl.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-74331191-494572096-592015046-1001\...\turbotax.com -> hxxps://turbotax.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-74331191-494572096-592015046-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Karl Laptop\AppData\Roaming\Microsoft
 
\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) 
 
(EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: afcdpsrv => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: BBSvc => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CltMngSvc => 2
MSCONFIG\Services: DockLoginService => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: Garmin Core Update Service => 2
MSCONFIG\Services: GoToAssist => 3
MSCONFIG\Services: IntuitUpdateServiceV4 => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: Unchecky => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupfolder: C:^Users^Karl Laptop^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => 
 
C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: alarm.exe => "C:\Program Files (x86)\Chaos Software\Chaos 7\alarm.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: dellsupportcenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: EEventManager => C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SlimCleaner Plus => "C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe" /minimize
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{9B5041C7-52E8-4F28-9F8E-DE696BA7FC4F}] => (Allow) svchost.exe
FirewallRules: [{5183D5BF-D3C0-4236-BD64-B4707BF47EE1}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{C9076B12-EE52-473B-BE50-F38CBFA5A914}C:\program files (x86)\google\google earth\client\googleearth.exe] 
 
=> (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{4EC1920A-499F-4B64-B49D-BEDE307C5B72}C:\program files (x86)\google\google earth\client
 
\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [TCP Query User{D4B4AB48-CDD1-46A8-A492-D406D5AAFB1C}C:\users\karl laptop\appdata\local\google\chrome\application
 
\chrome.exe] => (Allow) C:\users\karl laptop\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{AE107B2F-DD1F-4915-A864-A15FA3C0528C}C:\users\karl laptop\appdata\local\google\chrome\application
 
\chrome.exe] => (Allow) C:\users\karl laptop\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{192483C3-EC15-4E58-AAED-D2134B2AF55D}C:\program files (x86)\google\google earth\client
 
\googleearth.exe] => (Block) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{6068D73D-A682-404D-AFC0-B0C6C619AB05}C:\program files (x86)\google\google earth\client
 
\googleearth.exe] => (Block) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [{8E9AB065-0C8F-4A1A-9BAD-2077F5F142FF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{938ED7D6-B2A0-4679-B002-16FA723C1860}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{8D84F87D-6153-4718-B9E5-47912C4925A1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{A10A493F-B9FF-4F91-9E00-8267D4D0C77A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\{71C4F928-136A-4222-
 
A191-310E081FB96B}\setup\hpznui40.exe
FirewallRules: [TCP Query User{D760C2BB-E8F0-49B0-A022-3AE333B39EE7}C:\program files (x86)\google\google earth\plugin\geplugin.exe] 
 
=> (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{57904153-0DF3-43B1-B8D1-1310A1EBBD6C}C:\program files (x86)\google\google earth\plugin\geplugin.exe] 
 
=> (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [TCP Query User{5EE88B5D-4D79-446A-AAC1-094276D2A453}C:\program files (x86)\epson software\event manager
 
\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{8E5E9B93-EAE6-4F64-8E34-023D38956392}C:\program files (x86)\epson software\event manager
 
\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{4C1F43F9-3666-4D52-A367-67AE9F122833}C:\program files (x86)\epson software\event manager
 
\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{C6237EA0-0BAF-47A1-B3BB-EA884DDF68E5}C:\program files (x86)\epson software\event manager
 
\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{6E03DC80-E9C2-4838-BDD6-7E3C0E0A32A0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{31383EFA-D2EF-439B-B7C0-C8455F21A759}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{32857DE5-4F2E-4D84-B6DA-29D54971F94B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1F032B09-86FF-4E2A-BC3C-CB46FB99E834}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7669B4A0-7D31-49F2-B26F-9BB19085E518}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E279E0BD-ABE4-43A3-A3F6-02339D2B9066}] => (Allow) LPort=2869
FirewallRules: [{C2D738FA-F974-49FF-A2D9-F4D4684A9D64}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{FCA9BF66-1DE3-45FC-88AC-7D5B70259CFC}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:
 
\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{5012A094-30F7-40BC-8808-157EEBFE67BF}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:
 
\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{CE899445-CF42-4335-9236-1BC1AEFECAE0}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:
 
\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{4A135CA2-DFF3-4A27-AC55-20A3D559E3FE}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:
 
\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{EFDAE6EF-C37D-4451-86EF-8D03DEA48805}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service 
 
v4\IntuitUpdater.exe
FirewallRules: [{D4FD193D-333F-47B0-9A30-FF461B4B359A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service 
 
v4\IntuitUpdateService.exe
FirewallRules: [{8356CAFA-4441-486E-889C-1AB2426C3228}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service 
 
v4\IntuitUpdateService.exe
FirewallRules: [{BDE0F3C4-4DEE-4D73-B033-B7513BACDD93}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service 
 
v4\IntuitUpdateService.exe
FirewallRules: [{231E3571-17BC-4BD6-80EA-5C8D82BCE2EA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service 
 
v4\IntuitUpdateService.exe
FirewallRules: [{A6FDC35C-D1AF-4719-AEFB-E7A16F93B884}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service 
 
v4\IntuitUpdateService.exe
FirewallRules: [TCP Query User{1BDCED38-9822-4654-91DC-BF4E9E10FFE9}C:\users\karl laptop\appdata\locallow\amicas\v6cdviewer
 
\privatejre\bin\armiregistry.exe] => (Allow) C:\users\karl laptop\appdata\locallow\amicas\v6cdviewer\privatejre\bin\armiregistry.exe
FirewallRules: [UDP Query User{FF2780E0-9BBC-485D-8267-EF6AAC2CF3A6}C:\users\karl laptop\appdata\locallow\amicas\v6cdviewer
 
\privatejre\bin\armiregistry.exe] => (Allow) C:\users\karl laptop\appdata\locallow\amicas\v6cdviewer\privatejre\bin\armiregistry.exe
FirewallRules: [TCP Query User{81DA6675-29BB-4A65-ADC2-D4382933B501}C:\users\karl laptop\appdata\locallow\amicas\v6cdviewer\bin
 
\aviewer.exe] => (Allow) C:\users\karl laptop\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe
FirewallRules: [UDP Query User{68A89C95-8046-4003-9414-0771E031C396}C:\users\karl laptop\appdata\locallow\amicas\v6cdviewer\bin
 
\aviewer.exe] => (Allow) C:\users\karl laptop\appdata\locallow\amicas\v6cdviewer\bin\aviewer.exe
FirewallRules: [TCP Query User{98E2509C-A61B-4067-897E-23532C9FB1A4}C:\users\karl laptop\appdata\locallow\amicas\v6cdviewer\bin
 
\astudycachemgr.exe] => (Allow) C:\users\karl laptop\appdata\locallow\amicas\v6cdviewer\bin\astudycachemgr.exe
FirewallRules: [UDP Query User{CEA17296-78A7-4B7B-87B9-BE21A911CE18}C:\users\karl laptop\appdata\locallow\amicas\v6cdviewer\bin
 
\astudycachemgr.exe] => (Allow) C:\users\karl laptop\appdata\locallow\amicas\v6cdviewer\bin\astudycachemgr.exe
FirewallRules: [{12C7018F-4CE9-414E-9DBC-5E0FAC47CAE6}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{BFC5EA59-AC74-498E-BCF5-A4BD800AE8F9}C:\program files (x86)\spyware clear\spywareclearupdate.exe] 
 
=> (Block) C:\program files (x86)\spyware clear\spywareclearupdate.exe
FirewallRules: [UDP Query User{7D64A4C7-F9A2-47DE-9BEE-0A93D3B81467}C:\program files (x86)\spyware clear\spywareclearupdate.exe] 
 
=> (Block) C:\program files (x86)\spyware clear\spywareclearupdate.exe
FirewallRules: [{47B6FA51-9DE5-44DC-8080-4D1D3DE5CED3}] => (Allow) C:\users\karl laptop\appdata\local\google\chrome\application
 
\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Photosmart C309a series
Description: Photosmart C309a series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart C309a series
Description: Photosmart C309a series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart C309a series
Description: Photosmart C309a series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart C309a series
Description: Photosmart C309a series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart C309a series
Description: Photosmart C309a series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart C309a series
Description: Photosmart C309a series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Photosmart C309a series
Description: Photosmart C309a series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/21/2015 08:13:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 43.0.2357.134 stopped interacting with Windows and was closed. To see if more information about 
 
the problem is available, check the problem history in the Action Center control panel.
 
Process ID: ff0
 
Start Time: 01d0c3a42c473608
 
Termination Time: 40
 
Application Path: C:\Users\Karl Laptop\AppData\Local\Google\Chrome\Application\chrome.exe
 
Report Id: eace5c35-2fa1-11e5-83bb-90ebe4d5b70b
 
Error: (07/20/2015 08:57:48 PM) (Source: MsiInstaller) (EventID: 1024) (User: KarlW7Laptop)
Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011012}' could not be installed. Error code 1625. Windows 
 
Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging 
 
 
Error: (03/25/2015 09:52:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-
 
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests
 
\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS
 
\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-
 
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-
 
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (03/24/2015 08:55:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TrueImage.exe, version: 13.0.0.7160, time stamp: 0x4d42deb7
Faulting module name: fox.dll, version: 2.0.0.4, time stamp: 0x4d42db39
Exception code: 0xc0000005
Fault offset: 0x0000b88a
Faulting process id: 0x15e4
Faulting application start time: 0xTrueImage.exe0
Faulting application path: TrueImage.exe1
Faulting module path: TrueImage.exe2
Report Id: TrueImage.exe3
 
Error: (03/24/2015 08:29:47 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-
 
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests
 
\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS
 
\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-
 
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-
 
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (03/20/2015 07:58:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-
 
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests
 
\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS
 
\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-
 
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-
 
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (03/19/2015 12:43:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-
 
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests
 
\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS
 
\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-
 
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-
 
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (03/18/2015 05:03:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.
 
 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
.
 
Error: (03/17/2015 05:53:09 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-
 
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests
 
\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS
 
\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-
 
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-
 
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (03/16/2015 04:19:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-
 
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests
 
\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS
 
\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-
 
controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-
 
controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
 
System errors:
=============
Error: (07/22/2015 02:02:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT 
 
AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (07/22/2015 02:01:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Norton Safe Web Lite service failed to start due to the following error: 
%%2
 
Error: (07/22/2015 09:16:41 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (120000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (07/22/2015 07:27:50 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT 
 
AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (07/22/2015 07:27:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Norton Safe Web Lite service failed to start due to the following error: 
%%2
 
Error: (07/21/2015 07:20:25 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The File Backup Service service is marked as an interactive service.  However, the system is configured to not allow interactive 
 
services.  This service may not function properly.
 
Error: (07/21/2015 07:18:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT 
 
AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (07/21/2015 07:18:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Norton Safe Web Lite service failed to start due to the following error: 
%%2
 
Error: (07/21/2015 06:58:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT 
 
AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (07/21/2015 06:57:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Norton Safe Web Lite service failed to start due to the following error: 
%%2
 
 
Microsoft Office:
=========================
Error: (12/23/2013 10:13:40 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This 
 
session lasted 193 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/19/2013 01:42:02 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This 
 
session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/19/2013 01:41:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This 
 
session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/19/2013 01:41:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This 
 
session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/19/2013 01:40:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This 
 
session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/19/2013 01:36:51 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This 
 
session lasted 9 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (06/19/2013 01:33:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This 
 
session lasted 0 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (01/02/2013 04:44:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This 
 
session lasted 18 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (01/02/2013 04:43:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This 
 
session lasted 22 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (10/22/2011 09:56:39 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This 
 
session lasted 351 seconds with 300 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 47%
Total physical RAM: 3894.68 MB
Available physical RAM: 2063.64 MB
Total Virtual: 7787.57 MB
Available Virtual: 5171.92 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:361.48 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4F09196A)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
 
==================== End of log ============================
 
System Info
OS Name Microsoft Windows 7 Home Premium
Version 6.1.7601 Service Pack 1 Build 7601
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Name KARLW7LAPTOP
System Manufacturer Dell Inc.
System Model Inspiron N5010
System Type x64-based PC
Processor Intel® Core™ i3 CPU       M 350  @ 2.27GHz, 2261 Mhz, 2 Core(s), 4 Logical Processor(s)
BIOS Version/Date Dell Inc. A14, 6/8/2011
SMBIOS Version 2.6
Windows Directory C:\Windows
System Directory C:\Windows\system32
Boot Device \Device\HarddiskVolume2
Locale United States
Hardware Abstraction Layer Version = "6.1.7601.17514"
User Name KarlW7Laptop\Karl Laptop
Time Zone Eastern Daylight Time
Installed Physical Memory (RAM) 4.00 GB
Total Physical Memory 3.80 GB
Available Physical Memory 1.97 GB
Total Virtual Memory 7.60 GB
Available Virtual Memory 5.00 GB
Page File Space 3.80 GB
Page File C:\pagefile.sys
 

 

Attached Files



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,432 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:57 PM

Posted 22 July 2015 - 05:33 PM

Hi Karl,

I appreciate your diligence in following the Topic. Nothing of any real concern in your logs but a few things to clean up. In addition I would like to run a couple of additional programs.

Please run this for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = 
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKU\S-1-5-21-74331191-494572096-592015046-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
FF Extension: Search Toolbar - C:\Users\Karl Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\4k8lc7gn.default\Extensions\searchtoolbar@zugo.com [2011-03-28]
S2 NSL; "C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe" /s "NSL" /m "C:\Program Files (x86)\Norton Safe Web 
C:\Program Files (x86)\Norton Safe Web Lite
S3 cpuz134; \??\C:\Users\KARLLA~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
CustomCLSID: HKU\S-1-5-21-74331191-494572096-592015046-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Karl Laptop\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-74331191-494572096-592015046-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Karl Laptop\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-74331191-494572096-592015046-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Karl Laptop\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-74331191-494572096-592015046-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Karl Laptop\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{203FB6B2-2E1E-4474-863B-4C483ECCE78E}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Copy and paste the contents of the report in your reply
  • Note: If you receive an error report saying there are too many emoticons simply attach the file instead
  • Close the program then click Close
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double click the icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Emsisoft report (if applicable)
  • Security Check log

Edited by Oh My!, 23 July 2015 - 02:01 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#9 wrattephinque

wrattephinque
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:57 PM

Posted 22 July 2015 - 06:54 PM

Thanks Gary. I will have to do these tomorrow because of commitments tonight. Will post when completed. Karl.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,432 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:57 PM

Posted 22 July 2015 - 07:00 PM

Very good, thanks.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#11 wrattephinque

wrattephinque
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:57 PM

Posted 23 July 2015 - 01:03 PM

Gary, Here are the results:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Karl Laptop at 2015-07-23 12:46:56 Run:1
Running from C:\Users\Karl Laptop\Desktop\New folder
Loaded Profiles: Karl Laptop (Available Profiles: Karl Laptop)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = 
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKU\S-1-5-21-74331191-494572096-592015046-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
FF Extension: Search Toolbar - C:\Users\Karl Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\4k8lc7gn.default\Extensions\searchtoolbar@zugo.com [2011-03-28]
S2 NSL; "C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe" /s "NSL" /m "C:\Program Files (x86)\Norton Safe Web 
C:\Program Files (x86)\Norton Safe Web Lite
S3 cpuz134; \??\C:\Users\KARLLA~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
CustomCLSID: HKU\S-1-5-21-74331191-494572096-592015046-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Karl Laptop\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-74331191-494572096-592015046-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Karl Laptop\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-74331191-494572096-592015046-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Karl Laptop\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-74331191-494572096-592015046-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Karl Laptop\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{203FB6B2-2E1E-4474-863B-4C483ECCE78E}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST
 
*****************
 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}" => key removed successfully
HKCR\CLSID\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
HKU\S-1-5-21-74331191-494572096-592015046-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value removed successfully
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => key not found. 
C:\Users\Karl Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\4k8lc7gn.default\Extensions\searchtoolbar@zugo.com => moved successfully.
NSL => Service removed successfully
"C:\Program Files (x86)\Norton Safe Web Lite" => File/Folder not found.
cpuz134 => Service removed successfully
PCDSRVC{1E208CE0-FB7451FF-06020101}_0 => Service stopped successfully.
PCDSRVC{1E208CE0-FB7451FF-06020101}_0 => Service removed successfully
"HKU\S-1-5-21-74331191-494572096-592015046-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-74331191-494572096-592015046-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-74331191-494572096-592015046-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-74331191-494572096-592015046-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E} => value removed successfully
 
==== End of Fixlog 12:46:59 ====
 

Emsisoft Emergency Kit - Version 10.0
Last update: 7/23/2015 1:23:21 PM
User account: KarlW7Laptop\Karl Laptop
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 7/23/2015 1:24:26 PM
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SEARCH TOOLBAR detected: Adware.Win32.SearchBar (A)
Value: HKEY_USERS\S-1-5-21-74331191-494572096-592015046-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-74331191-494572096-592015046-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Key: HKEY_USERS\S-1-5-21-74331191-494572096-592015046-1001\SOFTWARE\SPARKTRUST detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SEARCH TOOLBAR detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SPARKTRUST detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\W3I detected: Application.InstallAd (A)
 
Scanned 71641
Found 7
 
Scan end: 7/23/2015 1:32:51 PM
Scan time: 0:08:25
 
 

 Results of screen317's Security Check version 1.005  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Kaspersky Anti-Virus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 18.0.0.209  
 Adobe Reader XI  
 Mozilla Firefox 21.0 Firefox out of Date!  
 Google Chrome 41.0.2272.101 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Kaspersky Lab Kaspersky Anti-Virus 15.0.0 avp.exe  
 Kaspersky Lab Kaspersky Anti-Virus 15.0.0 avpui.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 3% 
````````````````````End of Log`````````````````````` 
 
 
Thanks for your continued help! Karl.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,432 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:57 PM

Posted 23 July 2015 - 02:11 PM

Can you confirm you deleted the items found by Emsisoft?

Let's update the 2 programs flagged by Security Check. Please do this.

===================================================

Please update Google Chrome by following these instructions.

===================================================

Firefox Update

--------------------

I recommend you consider updating Firefox to the newest version. If you desire to do so please click this link to begin the process.

===================================================

Things I would like to see in your next reply. :thumbsup2:
  • Emsisoft deletions?
  • Did the browsers update?
  • Are there any remaining issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#13 wrattephinque

wrattephinque
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:57 PM

Posted 23 July 2015 - 05:18 PM

How do I confirm deletion of which two files found by Emsisoft?

 

I will update Google Chrome and delete Mozilla Firefox (I haven't used it in years).

 

No remaining issues, but how do I keep things clean in the future?

 

And is there a way to detect that an email attachment is bad before opening it? In my business I ask people for their resumes and then have to open them.



#14 wrattephinque

wrattephinque
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:57 PM

Posted 23 July 2015 - 05:42 PM

While I was trying to post the above message I got a "Aw Snap" twice from Google. I have had a series of these in the recent past. Do you think upgrading Google Chrome will arrest that problem?

 

Tried to do the upgrade and it seemed to hang.

 

I have noticed a zillion things in my startup folder in msconfig. I don't recognize many of them and I don't want to mess with them. How can I ever figure out what is really needed, not needed, safe to remove or disable, etc?



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,432 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:57 PM

Posted 23 July 2015 - 07:23 PM

Hi Karl,

Lots of questions. Let's work our way through them.
 

And is there a way to detect that an email attachment is bad before opening it?

Kaspersky Anti-Virus should do that for you already.

----------


How do I confirm deletion of which two files found by Emsisoft?

Look in C:\EEK

----------
 

Do you think upgrading Google Chrome will arrest that problem?

It may.

----------
 

how do I keep things clean in the future?

I will be providing you with information when we have finished everything.

----------
 

Tried to do the upgrade and it seemed to hang.

See if this helps.

----------
 

I have noticed a zillion things in my startup folder in msconfig.

Please do this.

===================================================

WhatInStartup

-------------------
  • Download WhatInStartup for 64 bit computers and save it to your desktop
  • Unzip the folder onto your desktop
  • Double click the WhatInStartup Application icon to run the program
  • Click Edit then Select All
  • Click File, Save Selected Items, and save the file to your desktop as Startup.txt
  • Copy and paste the information in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Chrome install?
  • WhatInStartup report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users