Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirected to searcheduncovered.com


  • This topic is locked This topic is locked
8 replies to this topic

#1 MelissaRN

MelissaRN

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:05:17 PM

Posted 20 July 2015 - 02:20 PM

While using all browsers (Chrome, IE, Firefox), when visiting the site www.autotrader.com I get redirected to searcheduncovered.com.  My browser only gets redirected when visiting that particular site.  I am also posting log files named FRST.txt and attaching Addition.txt  Please see below:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Melissa (administrator) on MININT-7NHCQDH on 20-07-2015 14:00:44
Running from C:\Users\Melissa\Downloads
Loaded Profiles: Melissa & UpdatusUser (Available Profiles: Melissa & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_f7375244d0579de7\stacsv64.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_f7375244d0579de7\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Broadcom Corporation) C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Akamai Technologies, Inc.) C:\Users\Melissa\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Melissa\AppData\Local\Akamai\netsession_win.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(© 2015 Microsoft Corporation) C:\Users\Melissa\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-10-12] (IDT, Inc.)
HKLM\...\Run: [USCService] => C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-06-22] (Broadcom Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3013360 2013-01-31] (Synaptics Incorporated)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-3697647838-3597863788-1965172072-1002\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-07] (Google Inc.)
HKU\S-1-5-21-3697647838-3597863788-1965172072-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Melissa\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3697647838-3597863788-1965172072-1002\...\Run: [DellSystemDetect] => C:\Users\Melissa\AppData\Local\Apps\2.0\3Q3VVELP.4MG\13GA4R57.4G3\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe
HKU\S-1-5-21-3697647838-3597863788-1965172072-1002\...\Run: [BingSvc] => C:\Users\Melissa\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3697647838-3597863788-1965172072-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403224 2015-05-29] (Garmin Ltd. or its subsidiaries)
Lsa: [Authentication Packages] msv1_0 wvauth
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [2010-03-29] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [2010-03-29] (Wave Systems Corp.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3697647838-3597863788-1965172072-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=SK2F&ocid=SK2FDHP&osmkt=en-us
HKU\S-1-5-21-3697647838-3597863788-1965172072-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
HKU\S-1-5-21-3697647838-3597863788-1965172072-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-3697647838-3597863788-1965172072-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-17] (Google Inc.)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-15] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-17] (Google Inc.)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-15] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-17] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-17] (Google Inc.)
Toolbar: HKU\S-1-5-21-3697647838-3597863788-1965172072-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-17] (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50
Tcpip\..\Interfaces\{7BBC4A9E-3885-4041-807D-ECC4A4393BDB}: [NameServer] 107.6.133.8,23.23.180.210
Tcpip\..\Interfaces\{7BBC4A9E-3885-4041-807D-ECC4A4393BDB}: [DhcpNameServer] 24.116.0.53 24.116.2.50
Tcpip\..\Interfaces\{A12E3EEA-47EB-4AC2-BCF8-B519FDF090A9}: [NameServer] 107.6.133.8,23.23.180.210
Tcpip\..\Interfaces\{A12E3EEA-47EB-4AC2-BCF8-B519FDF090A9}: [DhcpNameServer] 24.116.0.53 24.116.2.50
Tcpip\..\Interfaces\{A225D5CC-2BDB-46B0-8143-3E51FD8ED92B}: [NameServer] 107.6.133.8,23.23.180.210
Tcpip\..\Interfaces\{E53A79C2-4A56-4A7C-AB6E-5942D6DB5432}: [NameServer] 107.6.133.8,23.23.180.210

FireFox:
========
FF ProfilePath: C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\gv2lkpw9.default
FF DefaultSearchEngine: Bing
FF DefaultSearchEngine.US: Google
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: https://www.google.com/
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2FDF&PC=SK2F&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll [2013-10-25] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-03-11] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-15] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-07-19] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-07-19] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-07-19] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-07-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-07-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-07-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-07-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-07-06] (Apple Inc.)
FF SearchPlugin: C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\gv2lkpw9.default\searchplugins\aol-search.xml [2012-11-27]
FF SearchPlugin: C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\gv2lkpw9.default\searchplugins\firefox-help.xml [2015-07-19]
FF Extension: Bing Search - C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\gv2lkpw9.default\Extensions\bingsearch.full@microsoft.com [2015-05-29]
FF Extension: WOT - C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\gv2lkpw9.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-09]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-08-23]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-07-19]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-07-19]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-07-19]
FF HKU\S-1-5-21-3697647838-3597863788-1965172072-1002\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Profile: C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-07-09]
CHR Extension: (Google Wallet) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKU\S-1-5-21-3697647838-3597863788-1965172072-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_f7375244d0579de7\AESTSr64.exe [89600 2009-10-12] (Andrea Electronics Corporation)
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-06-27] (Kaspersky Lab ZAO)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [717768 2015-05-29] (Garmin Ltd. or its subsidiaries)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [6237800 2010-04-30] ()
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [1290016 2013-09-05] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1558016 2010-02-03] (Wave Systems Corp.) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_f7375244d0579de7\STacSV64.exe [240640 2009-10-12] (IDT, Inc.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-06-27] (Kaspersky Lab UK Ltd)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [64368 2015-06-27] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [159960 2015-06-27] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [225976 2015-06-27] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [850608 2015-06-27] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39280 2015-06-27] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [40304 2015-06-27] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [39280 2015-06-27] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-06-27] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-27] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [85360 2015-06-27] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [190648 2015-06-27] (Kaspersky Lab ZAO)
S3 QCFilterdl; C:\Windows\system32\drivers\qcfilterdl.sys [5248 2009-10-24] (QUALCOMM Incorporated)
S3 qcusbserdl; C:\Windows\system32\drivers\qcusbserdl.sys [118272 2009-10-24] (QUALCOMM Incorporated)
R3 tifm21; C:\Windows\System32\drivers\tifm21.sys [319488 2009-10-12] (Texas Instruments)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 14:00 - 2015-07-20 14:01 - 00025493 _____ C:\Users\Melissa\Downloads\FRST.txt
2015-07-20 13:57 - 2015-07-20 14:00 - 00000000 ____D C:\FRST
2015-07-20 13:57 - 2015-07-20 13:57 - 02135552 _____ (Farbar) C:\Users\Melissa\Downloads\FRST64.exe
2015-07-19 15:13 - 2015-07-19 15:14 - 00001316 _____ C:\AdwCleaner[S2].txt
2015-07-19 15:13 - 2015-07-19 15:13 - 00001252 _____ C:\AdwCleaner[R1].txt
2015-07-19 15:11 - 2015-07-19 15:11 - 00000882 _____ C:\Users\Melissa\Desktop\JRT.txt
2015-07-19 15:02 - 2015-07-19 15:02 - 00003690 _____ C:\Users\Melissa\Desktop\Rkill.txt
2015-07-19 13:28 - 2015-07-19 13:28 - 00002300 _____ C:\Users\Melissa\Desktop\Safe Money.lnk
2015-07-19 12:58 - 2015-07-19 12:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-07-19 12:58 - 2015-07-19 12:57 - 00002098 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-07-19 12:56 - 2015-06-27 22:14 - 00850608 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-07-19 12:56 - 2015-06-27 22:14 - 00225976 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-07-19 12:56 - 2015-06-27 22:14 - 00159960 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-07-19 12:54 - 2015-07-19 12:55 - 172364912 _____ (Kaspersky Lab) C:\Users\Melissa\Downloads\kis15.0.2.361abcen_8105.exe
2015-07-15 18:12 - 2015-07-15 18:12 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-15 18:12 - 2015-07-15 18:12 - 00002013 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-07-15 18:08 - 2015-07-15 18:08 - 00563296 _____ (Oracle Corporation) C:\Users\Melissa\Downloads\jre-8u51-windows-i586-iftw.exe
2015-07-14 22:00 - 2015-07-09 12:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-14 22:00 - 2015-07-09 12:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-14 22:00 - 2015-07-09 12:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-14 22:00 - 2015-07-09 12:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-14 22:00 - 2015-07-09 12:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-14 22:00 - 2015-07-09 12:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-14 22:00 - 2015-07-09 12:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-14 22:00 - 2015-07-09 12:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-14 22:00 - 2015-07-09 12:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-14 22:00 - 2015-07-09 12:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-14 22:00 - 2015-07-09 12:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-14 22:00 - 2015-07-09 12:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-14 22:00 - 2015-07-09 12:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-14 22:00 - 2015-07-09 12:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-14 22:00 - 2015-07-09 12:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-14 22:00 - 2015-07-09 12:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-14 22:00 - 2015-06-26 21:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-14 22:00 - 2015-06-26 21:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-14 22:00 - 2015-06-26 20:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-14 22:00 - 2015-06-26 20:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-14 22:00 - 2015-06-25 03:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-14 22:00 - 2015-06-17 12:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-14 22:00 - 2015-06-17 12:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-14 22:00 - 2015-06-09 13:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-14 22:00 - 2015-06-09 13:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-14 22:00 - 2015-06-01 19:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-14 22:00 - 2015-06-01 18:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-14 21:59 - 2015-07-04 13:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-14 21:59 - 2015-07-04 12:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-14 21:59 - 2015-07-02 16:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-14 21:59 - 2015-07-02 16:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-14 21:59 - 2015-07-02 15:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-14 21:59 - 2015-07-02 15:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-14 21:59 - 2015-07-02 15:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-14 21:59 - 2015-07-02 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-14 21:59 - 2015-07-02 15:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-14 21:59 - 2015-07-02 15:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-14 21:59 - 2015-07-02 15:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-14 21:59 - 2015-07-02 14:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-14 21:59 - 2015-07-02 14:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-14 21:59 - 2015-07-02 13:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-14 21:59 - 2015-06-25 13:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-14 21:59 - 2015-06-25 12:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-14 21:59 - 2015-06-20 15:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-14 21:59 - 2015-06-20 14:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-14 21:59 - 2015-06-20 14:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-14 21:59 - 2015-06-20 14:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-14 21:59 - 2015-06-20 14:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-14 21:59 - 2015-06-20 14:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-14 21:59 - 2015-06-20 14:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-14 21:59 - 2015-06-20 14:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-14 21:59 - 2015-06-20 14:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-14 21:59 - 2015-06-20 14:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-14 21:59 - 2015-06-20 14:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-14 21:59 - 2015-06-20 14:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-14 21:59 - 2015-06-20 14:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-14 21:59 - 2015-06-20 14:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-14 21:59 - 2015-06-20 14:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-14 21:59 - 2015-06-20 14:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-14 21:59 - 2015-06-20 14:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-14 21:59 - 2015-06-20 13:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-14 21:59 - 2015-06-20 13:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-14 21:59 - 2015-06-20 13:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-14 21:59 - 2015-06-20 13:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-14 21:59 - 2015-06-20 13:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-14 21:59 - 2015-06-20 13:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-14 21:59 - 2015-06-19 13:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-14 21:59 - 2015-06-19 13:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-14 21:59 - 2015-06-19 13:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-14 21:59 - 2015-06-19 13:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-14 21:59 - 2015-06-19 13:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-14 21:59 - 2015-06-19 13:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-14 21:59 - 2015-06-19 13:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-14 21:59 - 2015-06-19 13:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-14 21:59 - 2015-06-19 13:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-14 21:59 - 2015-06-19 13:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-14 21:59 - 2015-06-19 12:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-14 21:59 - 2015-06-19 12:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-14 21:59 - 2015-06-19 12:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-14 21:59 - 2015-06-19 12:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-14 21:59 - 2015-06-19 12:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-14 21:59 - 2015-06-19 12:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-14 21:59 - 2015-06-19 12:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-14 21:59 - 2015-06-19 12:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-14 21:59 - 2015-06-19 12:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-14 21:59 - 2015-06-11 12:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-07-14 21:59 - 2015-06-11 12:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-07-14 21:59 - 2015-06-11 12:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-07-14 21:59 - 2015-06-11 12:56 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-14 21:59 - 2015-06-11 12:56 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-07-14 21:59 - 2015-06-11 12:56 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-07-14 21:59 - 2015-06-11 08:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-07-14 21:59 - 2015-04-27 14:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-14 21:59 - 2015-04-27 14:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-14 21:59 - 2015-04-27 14:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-14 21:59 - 2015-04-27 14:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-14 21:59 - 2015-04-27 14:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-14 21:59 - 2015-04-27 14:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-14 21:59 - 2015-04-27 14:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-14 21:59 - 2015-04-27 14:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-14 21:58 - 2015-07-09 12:59 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-14 21:58 - 2015-07-09 12:58 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-14 21:58 - 2015-07-09 12:58 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-14 21:58 - 2015-07-09 12:58 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-14 21:58 - 2015-07-09 12:58 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-14 21:58 - 2015-07-09 12:58 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-14 21:58 - 2015-07-09 12:58 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-14 21:58 - 2015-07-09 12:50 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-14 21:58 - 2015-07-03 13:05 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-14 21:58 - 2015-07-03 13:05 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-14 21:58 - 2015-07-03 13:05 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-14 21:58 - 2015-07-03 13:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-14 21:58 - 2015-07-03 12:56 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-14 21:58 - 2015-07-03 12:56 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-14 21:58 - 2015-07-03 12:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-14 21:58 - 2015-07-03 12:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-14 21:58 - 2015-07-03 11:52 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-14 21:58 - 2015-07-03 11:42 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-14 21:58 - 2015-07-01 15:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-14 21:58 - 2015-07-01 15:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-14 21:58 - 2015-07-01 15:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-14 21:58 - 2015-07-01 15:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-14 21:58 - 2015-07-01 15:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-14 21:58 - 2015-07-01 15:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-14 21:58 - 2015-07-01 15:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-14 21:58 - 2015-07-01 15:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-14 21:58 - 2015-07-01 15:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-14 21:58 - 2015-07-01 15:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-14 21:58 - 2015-07-01 15:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-14 21:58 - 2015-07-01 15:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-14 21:58 - 2015-07-01 15:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-14 21:58 - 2015-07-01 15:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-14 21:58 - 2015-07-01 15:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-14 21:58 - 2015-07-01 15:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-14 21:58 - 2015-07-01 15:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-14 21:58 - 2015-07-01 15:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-14 21:58 - 2015-07-01 15:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-14 21:58 - 2015-07-01 15:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-14 21:58 - 2015-07-01 15:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-14 21:58 - 2015-07-01 15:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-14 21:58 - 2015-07-01 15:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-14 21:58 - 2015-07-01 15:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-14 21:58 - 2015-07-01 15:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-14 21:58 - 2015-07-01 15:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-14 21:58 - 2015-07-01 15:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-14 21:58 - 2015-07-01 15:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-14 21:58 - 2015-07-01 15:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-14 21:58 - 2015-07-01 15:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-14 21:58 - 2015-07-01 15:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-14 21:58 - 2015-07-01 15:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-14 21:58 - 2015-07-01 15:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-14 21:58 - 2015-07-01 15:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-14 21:58 - 2015-07-01 15:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-14 21:58 - 2015-07-01 14:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-14 21:58 - 2015-07-01 14:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-14 21:58 - 2015-07-01 14:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-14 21:58 - 2015-06-15 16:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-14 21:58 - 2015-06-15 16:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-14 21:58 - 2015-06-15 16:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-14 21:58 - 2015-06-15 16:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-14 21:58 - 2015-06-15 16:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-14 21:58 - 2015-06-15 16:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-14 21:58 - 2015-06-15 16:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-14 21:58 - 2015-06-15 16:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-14 21:58 - 2015-06-15 16:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-14 21:58 - 2015-06-15 16:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-14 21:58 - 2015-06-15 16:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-14 21:58 - 2015-06-15 16:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-07 15:03 - 2015-07-10 17:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-06 17:14 - 2015-07-06 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-06 17:14 - 2015-07-06 17:14 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-06-28 10:24 - 2015-06-28 10:24 - 00000000 __HDC C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1}
2015-06-27 22:14 - 2015-06-27 22:14 - 00478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2015-06-27 22:14 - 2015-06-27 22:14 - 00247016 _____ (Kaspersky Lab UK Ltd) C:\Windows\system32\Drivers\cm_km_w.sys
2015-06-27 22:14 - 2015-06-27 22:14 - 00190648 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2015-06-27 22:14 - 2015-06-27 22:14 - 00085360 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwtp.sys
2015-06-27 22:14 - 2015-06-27 22:14 - 00065208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kltdi.sys
2015-06-27 22:14 - 2015-06-27 22:14 - 00064368 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kldisk.sys
2015-06-27 22:14 - 2015-06-27 22:14 - 00040304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2015-06-27 22:14 - 2015-06-27 22:14 - 00039280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klmouflt.sys
2015-06-27 22:14 - 2015-06-27 22:14 - 00039280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2015-06-27 22:14 - 2015-06-27 22:14 - 00024944 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klpd.sys
2015-06-22 15:46 - 2015-07-20 13:32 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-06-22 15:46 - 2015-06-22 15:46 - 00004046 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-06-22 15:46 - 2015-06-22 15:46 - 00003234 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-06-22 15:46 - 2015-06-22 15:46 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2015-06-22 15:46 - 2015-06-22 15:46 - 00000000 ____D C:\Program Files\Dell Support Center

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-20 13:49 - 2010-04-12 23:43 - 00000000 ____D C:\Users\Melissa\Documents\Outlook1
2015-07-20 13:25 - 2012-08-07 18:19 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-20 13:20 - 2012-08-07 21:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-20 09:58 - 2009-07-13 23:45 - 00030896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-20 09:58 - 2009-07-13 23:45 - 00030896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-20 05:00 - 2012-07-18 09:15 - 01190237 _____ C:\Windows\WindowsUpdate.log
2015-07-20 03:18 - 2013-10-27 18:55 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-07-20 02:00 - 2012-08-07 20:12 - 00000344 _____ C:\Windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job
2015-07-20 01:00 - 2012-08-07 20:13 - 00000330 _____ C:\Windows\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job
2015-07-19 17:25 - 2012-08-07 18:19 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-19 15:22 - 2014-11-28 10:05 - 00000000 __SHD C:\Users\Melissa\AppData\Local\EmieBrowserModeList
2015-07-19 15:22 - 2014-05-12 12:31 - 00000000 __SHD C:\Users\Melissa\AppData\Local\EmieUserList
2015-07-19 15:22 - 2014-05-12 12:31 - 00000000 __SHD C:\Users\Melissa\AppData\Local\EmieSiteList
2015-07-19 15:22 - 2012-08-07 18:19 - 00000000 ____D C:\Users\Melissa\AppData\Local\Google
2015-07-19 15:21 - 2009-07-14 00:13 - 00801342 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-19 15:15 - 2014-12-07 02:00 - 00002688 _____ C:\Windows\setupact.log
2015-07-19 15:15 - 2012-07-18 09:16 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-19 15:15 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-19 15:03 - 2013-05-15 22:33 - 00000000 ____D C:\JRT
2015-07-19 12:58 - 2013-10-27 18:55 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-07-16 03:00 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-16 03:00 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-15 18:13 - 2015-01-09 19:51 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-15 18:13 - 2014-09-04 15:47 - 00000000 ____D C:\Users\Melissa\AppData\Local\Adobe
2015-07-15 18:12 - 2012-08-07 19:28 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-15 18:12 - 2012-07-18 09:33 - 00000000 ____D C:\ProgramData\Adobe
2015-07-15 18:11 - 2013-10-31 17:46 - 00000000 ____D C:\ProgramData\Oracle
2015-07-15 18:10 - 2014-10-20 13:20 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-15 18:09 - 2014-10-20 13:20 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-15 17:20 - 2012-08-07 18:19 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 17:20 - 2012-08-07 18:19 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 05:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-07-15 05:08 - 2009-07-13 23:45 - 00461048 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-15 05:07 - 2014-12-10 04:29 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 05:07 - 2014-05-06 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-15 04:50 - 2012-08-08 16:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-15 03:04 - 2013-08-14 13:03 - 00000000 ____D C:\Windows\system32\MRT
2015-07-14 21:20 - 2012-08-07 21:39 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-14 21:20 - 2012-08-07 21:39 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-14 21:20 - 2012-08-07 21:39 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-10 17:55 - 2012-08-23 15:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-10 17:55 - 2010-11-20 22:47 - 00203580 _____ C:\Windows\PFRO.log
2015-07-06 17:14 - 2013-05-24 11:05 - 00000000 ____D C:\ProgramData\Apple Computer
2015-07-03 08:43 - 2012-08-07 19:33 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-28 10:24 - 2015-02-12 12:23 - 00003818 _____ C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-06-28 10:24 - 2015-02-12 12:23 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2015-06-23 13:30 - 2010-11-20 22:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-22 15:46 - 2012-07-18 09:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-06-22 15:45 - 2015-01-09 22:30 - 00000000 ____D C:\ProgramData\PCDr

==================== Files in the root of some directories =======

2012-08-11 22:45 - 2012-08-11 22:45 - 0003584 _____ () C:\Users\Melissa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-25 12:10 - 2013-04-25 12:10 - 0004096 ____H () C:\Users\Melissa\AppData\Local\keyfile3.drm
2015-01-08 17:22 - 2015-01-08 17:22 - 0000017 _____ () C:\Users\Melissa\AppData\Local\resmon.resmoncfg
2013-10-27 18:59 - 2013-10-27 18:59 - 0017408 _____ () C:\Users\Melissa\AppData\Local\WebpageIcons.db
2012-08-13 16:01 - 2012-08-23 17:44 - 0001911 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\Melissa\GoToAssistDownloadHelper (1).exe


Some files in TEMP:
====================
C:\Users\Melissa\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Melissa\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\Melissa\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Melissa\AppData\Local\Temp\lowproc.exe
C:\Users\Melissa\AppData\Local\Temp\stubhelper.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-13 00:28

==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Melissa at 2015-07-20 14:01:25
Running from C:\Users\Melissa\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3697647838-3597863788-1965172072-500 - Administrator - Disabled)
Guest (S-1-5-21-3697647838-3597863788-1965172072-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3697647838-3597863788-1965172072-1004 - Limited - Enabled)
Melissa (S-1-5-21-3697647838-3597863788-1965172072-1002 - Administrator - Enabled) => C:\Users\Melissa
UpdatusUser (S-1-5-21-3697647838-3597863788-1965172072-1005 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4500_G510nz_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Akamai NetSession Interface (HKU\S-1-5-21-3697647838-3597863788-1965172072-1002\...\Akamai) (Version: - Akamai Technologies, Inc)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Chinese Simplified Fonts Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-2447-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3426 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell Control Point 64 (Version: 1.6.468.86 - Broadcom Corporation) Hidden
Dell ControlPoint Security Manager (HKLM-x32\...\{F4487649-7368-4217-AEA3-1E04DB3E2C5C}) (Version: 1.6.468.86 - Dell Inc.)
Dell ControlVault Host Components Installer 64Bit (Version: 1.7.459.360 - Broadcom Corporation) Hidden
Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell Embassy Trust Suite by Wave Systems (Version: 02.05.04.001 - Wave Systems Corp) Hidden
Dell Security Device Driver Pack (HKLM-x32\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.4.056 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Elevated Installer (x32 Version: 4.0.23.0 - Garmin Ltd or its subsidiaries) Hidden
EMBASSY Security Center Lite (Version: 04.01.00.044 - Wave Systems Corp) Hidden
EMBASSY Security Center Lite (x32 Version: - ) Hidden
EMBASSY Security Setup (Version: 04.01.00.043 - Wave Systems Corp) Hidden
EMBASSY Security Setup (x32 Version: - ) Hidden
ESC Home Page Plugin (Version: 04.01.00.010 - Wave Systems Corp) Hidden
ESC Home Page Plugin (x32 Version: - ) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Garmin Express (HKLM-x32\...\{6f56bdd5-41e5-4ad6-a03a-76bd4debc2d4}) (Version: 4.0.23.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.23.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.23.0 - Garmin Ltd or its subsidiaries) Hidden
Gemalto (Version: 01.64.00.0010 - Wave Systems Corp) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.2.0.822 - Citrix Online, a division of Citrix Systems, Inc.)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510n-z (HKLM\...\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}) (Version: 13.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.2.361 - Kaspersky Lab) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.18.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.18.0 - NEC Electronics Corporation) Hidden
Network64 (Version: 130.0.550.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NTRU TCG Software Stack (Version: 2.1.29 - NTRU Cryptosystems) Hidden
NVIDIA 3D Vision Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5729 - NVIDIA Corporation)
NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA nView 140.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.62 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.13516 - NVIDIA Corporation)
NVIDIA Performance Drivers (HKLM\...\{4C0A8D65-4286-4B58-87FE-18AD24289285}) (Version: 2.2.5.0 - NVIDIA Corporation)
NVIDIA WMI 2.14.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.14.0 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Preboot Manager (Version: 03.01.00.084 - Wave Systems Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.8.8 - Synaptics Incorporated)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Trusted Drive Manager (Version: 3.3.3.104 - Wave Systems Corp.) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
UPEK TouchChip Fingerprint Reader (Version: 1.2.0 - Dell Inc.) Hidden
Wave Infrastructure Installer (Version: 07.65.31.0000 - Wave Systems Corp) Hidden
Wave Support Software (Version: 05.11.00.040 - Wave Systems Corp) Hidden
Wave Support Software (x32 Version: - ) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9603 - Broadcom Corporation)
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

04-04-2014 12:41:44 Windows Update
08-04-2014 05:01:54 Windows Update
10-04-2014 03:00:26 Windows Update
15-04-2014 05:02:10 Windows Update
22-04-2014 05:01:58 Windows Update
22-04-2014 12:51:20 Installed Java 7 Update 55
29-04-2014 03:00:12 Windows Update
02-05-2014 05:00:57 Windows Update
03-05-2014 03:00:11 Windows Update
06-05-2014 03:00:33 Windows Update
09-05-2014 05:01:39 Windows Update
13-05-2014 03:27:24 Windows Update
15-05-2014 03:00:15 Windows Update
20-05-2014 15:25:50 Windows Update
28-05-2014 00:00:02 Scheduled Checkpoint
30-05-2014 05:00:58 Windows Update
03-06-2014 13:24:59 Windows Update
04-06-2014 03:00:10 Windows Update
10-06-2014 05:01:17 Windows Update
11-06-2014 03:00:14 Windows Update
04-07-2014 10:05:41 Windows Update
08-07-2014 05:01:50 Windows Update
09-07-2014 10:05:56 Windows Update
15-07-2014 01:37:59 Windows Update
18-07-2014 05:02:16 Windows Update
22-07-2014 05:02:27 Windows Update
25-07-2014 03:00:10 Windows Update
29-07-2014 05:02:36 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-12-09 15:38 - 00450892 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B0334DB-890C-45E8-87C1-9905EE7F4629} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {0F5EAE44-9596-446B-961A-B2B2417194DE} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3697647838-3597863788-1965172072-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {224FDC82-3B74-4A47-9479-4B491562ACF3} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {2DFEE8B9-7BA0-4A00-9D2D-863D7328C7C0} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3697647838-3597863788-1965172072-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {33766F05-D523-45B9-9222-1CA63601A32A} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-05-29] ()
Task: {375CED09-9A2A-44A5-A2B1-C73D15C0553E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-07] (Google Inc.)
Task: {4E721D97-582C-422A-A9A7-4A7D1579BD35} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5501F0F6-7A3A-4053-982D-A7224DB8D761} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {559F3BBF-BC9E-454C-B400-0E99F447CF4C} - System32\Tasks\Spybot - Search & Destroy - Scheduled Task => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
Task: {5F70F64F-39A5-416C-B1DC-48A78B495847} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3697647838-3597863788-1965172072-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {63C0C598-A1C7-460F-B420-FB75A201F90C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-07] (Google Inc.)
Task: {6FA5E537-FD11-49E9-9BDF-9F11065322DB} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3697647838-3597863788-1965172072-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {90CA61CD-F3E1-4D93-98F4-2B031BDAED1D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {9904FD5C-94DF-48AD-8071-2E28F9820020} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
Task: {A92E2788-B620-4E95-B1CB-AB7C57D0CEF2} - System32\Tasks\Spybot - Search & Destroy Updater - Scheduled Task => C:\Program Files (x86)\Spybot - Search & Destroy\SDUpdate.exe
Task: {E0F5D2DA-C9E4-45CC-8C23-9AA7C30E4AA6} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {E2B34447-68DD-4638-B583-2E54D8A84FB3} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3697647838-3597863788-1965172072-1002 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {F734C3C2-F0E6-499E-9E8F-03EF7921DF4B} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3697647838-3597863788-1965172072-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
Task: C:\Windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SDUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2008-11-12 13:24 - 2008-11-12 13:24 - 00004608 _____ () C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
2014-03-18 13:49 - 2013-08-29 17:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-04-30 07:52 - 2010-04-30 07:52 - 06237800 _____ () C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
2010-03-02 14:49 - 2010-03-02 14:49 - 00013824 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll
2008-11-12 13:24 - 2008-11-12 13:24 - 00004608 _____ () C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
2010-11-17 10:35 - 2010-11-17 10:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-23 16:54 - 2014-12-23 16:54 - 01272616 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\kpcengine.2.3.dll
2010-11-24 22:44 - 2010-11-24 22:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2014-12-23 16:54 - 2014-12-23 16:54 - 00502056 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-12-23 16:54 - 2014-12-23 16:54 - 00608040 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2014-12-23 16:54 - 2014-12-23 16:54 - 00338216 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
2015-07-14 21:20 - 2015-07-14 21:20 - 17448624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7868 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3697647838-3597863788-1965172072-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 107.6.133.8 - 23.23.180.210
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: DellSystemDetect => C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{1CCBAC13-E4A1-4D38-8622-CAEFD37BDD5B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{6FEB894E-498C-47E1-8778-CBC51E0DA9B7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{BB356F1C-FD93-47FC-8A9F-5A78E3759529}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BE58E147-A759-4EF7-AB35-CC06F414607E}] => (Allow) LPort=2869
FirewallRules: [{8FA9A6CF-D78E-405D-B642-CBA555A94313}] => (Allow) LPort=1900
FirewallRules: [{3AA0A04E-E61A-414D-A7D9-6144A869E147}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{A0D3798C-D260-40E8-BA84-5C4C8A034250}] => (Allow) LPort=61117
FirewallRules: [{BD038B6D-2138-4EA6-A0D6-00EB70D7B656}] => (Allow) LPort=61116
FirewallRules: [{F668267E-9312-4ED3-844D-68D8A30F2E22}] => (Allow) C:\Users\Melissa\AppData\Local\Temp\HP\OJ4500vG510n-z_Basic_13_en\setup\hpznui40.exe
FirewallRules: [{2B00F626-3B02-4F37-8054-CF35E31AE811}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{48435363-11E7-4A42-9EDB-21DF031F91FC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{EF9E3872-5CC0-4953-B6CD-BEA0CFA470E8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{4FD93318-2772-4268-AC66-18AC0AB1D718}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{10BC57BE-B4CB-437E-91F5-7C1AED7EDE7E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{A3438AC5-BAE6-4FFF-9A67-DB0AF9E54F0F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{772C14DB-61A8-4CEC-BDC5-86759FCC68C6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{59D9A3FF-6B7D-4477-B27C-247B8BA62A7D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{4B33C68B-344B-4E3B-988C-B5EFE733E666}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{0C4CD1A2-4971-4D3A-942A-25C8542F6B70}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{9148E644-BF4F-43CB-BB9A-FAB4904A6906}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{60CE4766-E7E4-49F6-B1B6-1013E63F297B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{4FAD091A-AB0A-4F78-9246-FB7A1E85D397}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{797EC67B-F79D-4FE7-8976-1FB42BEC9C0A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{91F996B3-61C9-4E4F-B4EB-E45DD919305F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{1B5A2A72-8323-4156-ADFE-7E5F417EFFA0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{DFEB9202-0625-4972-A9DE-39611922BDCB}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{0CD843AE-42C5-462D-8CEE-7219B955A05D}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{825EF30D-8931-4A09-9249-ABBB2E16BE4F}] => (Allow) C:\Program Files (x86)\Barnes & Noble\NOOKstudy\NOOKStudy.exe
FirewallRules: [{9430B4BC-F098-4C1F-9558-9DBB6F9ED91B}] => (Allow) C:\Program Files (x86)\Barnes & Noble\NOOKstudy\NOOKStudy.exe
FirewallRules: [TCP Query User{C5423107-F4A0-4B85-B155-BA3F45886146}C:\users\melissa\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\melissa\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{A64C1788-6409-41FE-A432-16BC41BF7160}C:\users\melissa\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\melissa\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{97C8CF8B-CE77-4824-9034-8C5FBD59E221}C:\program files (x86)\real\realplayer\realplay.exe] => (Block) C:\program files (x86)\real\realplayer\realplay.exe
FirewallRules: [UDP Query User{F3F4CE2E-35E1-4E65-A94F-F1AF7BBAEA95}C:\program files (x86)\real\realplayer\realplay.exe] => (Block) C:\program files (x86)\real\realplayer\realplay.exe
FirewallRules: [TCP Query User{1D16AF85-F945-4BEC-90E2-C9B0E4528183}C:\users\melissa\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\melissa\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{31EBE428-5776-48AA-BA90-6D7850BE999F}C:\users\melissa\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\melissa\appdata\local\akamai\netsession_win.exe
FirewallRules: [{26F602F4-2BE9-4251-95DF-EBE041ECDEF6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E463AB84-8AB1-4426-A432-CF811223B9F4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{26620950-B5F3-451E-A328-56F4124959EC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E02C55B1-D0ED-42F7-B9B0-2FAF4400BC1A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3BD8DED2-E045-468A-9611-DD0BA4CBDA38}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{660AE139-414E-4848-A18E-E77C158274B5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{1CC5B1E3-4AE0-41A4-8E11-1991D0F55A0E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{53FD700C-0627-435B-A938-4E7FCB615202}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0D09DC7A-1696-4622-A4EE-D46CDC51129E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet Professional P 1102w
Description: HP LaserJet Professional P 1102w
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2015 01:42:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time stamp: 0x4ce79f70
Faulting module name: BIPDll.dll, version: 1.6.459.57, time stamp: 0x4ba7ea7d
Exception code: 0xc0000005
Fault offset: 0x00000000000041ce
Faulting process id: 0x118
Faulting application start time: 0xLogonUI.exe0
Faulting application path: LogonUI.exe1
Faulting module path: LogonUI.exe2
Report Id: LogonUI.exe3

Error: (07/20/2015 11:36:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time stamp: 0x4ce79f70
Faulting module name: BIPDll.dll, version: 1.6.459.57, time stamp: 0x4ba7ea7d
Exception code: 0xc0000005
Fault offset: 0x00000000000041ce
Faulting process id: 0x1a2c
Faulting application start time: 0xLogonUI.exe0
Faulting application path: LogonUI.exe1
Faulting module path: LogonUI.exe2
Report Id: LogonUI.exe3

Error: (07/20/2015 12:00:08 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created. Additional information: (0x80070070).

Error: (07/20/2015 12:00:08 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070070).

Error: (07/19/2015 09:32:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time stamp: 0x4ce79f70
Faulting module name: BIPDll.dll, version: 1.6.459.57, time stamp: 0x4ba7ea7d
Exception code: 0xc0000005
Fault offset: 0x00000000000041ce
Faulting process id: 0xea4
Faulting application start time: 0xLogonUI.exe0
Faulting application path: LogonUI.exe1
Faulting module path: LogonUI.exe2
Report Id: LogonUI.exe3

Error: (07/19/2015 08:15:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogonUI.exe, version: 6.1.7601.17514, time stamp: 0x4ce79f70
Faulting module name: BIPDll.dll, version: 1.6.459.57, time stamp: 0x4ba7ea7d
Exception code: 0xc0000005
Fault offset: 0x00000000000041ce
Faulting process id: 0x1868
Faulting application start time: 0xLogonUI.exe0
Faulting application path: LogonUI.exe1
Faulting module path: LogonUI.exe2
Report Id: LogonUI.exe3

Error: (07/19/2015 06:08:37 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created. Additional information: (0x80070070).

Error: (07/19/2015 06:08:37 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070070).

Error: (07/19/2015 03:16:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (07/19/2015 03:17:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/19/2015 03:16:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (07/19/2015 03:15:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0


Microsoft Office:
=========================
Error: (05/02/2015 07:52:27 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8695 seconds with 420 seconds of active time. This session ended with a crash.

Error: (05/02/2015 05:27:10 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 176 seconds with 120 seconds of active time. This session ended with a crash.

Error: (11/30/2014 03:01:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 227 seconds with 180 seconds of active time. This session ended with a crash.

Error: (04/25/2014 12:25:39 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1220753 seconds with 16020 seconds of active time. This session ended with a crash.

Error: (12/08/2012 01:30:43 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 20 seconds with 0 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2014-10-14 23:43:09.487
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-14 23:43:09.487
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-14 23:43:09.487
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-14 23:43:09.441
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-14 23:43:09.441
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-14 23:43:09.441
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-14 01:01:48.876
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-14 01:01:48.876
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-14 01:01:48.876
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-10-14 01:01:48.845
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU Q 820 @ 1.73GHz
Percentage of memory in use: 32%
Total physical RAM: 12212.17 MB
Available physical RAM: 8234.96 MB
Total Virtual: 24422.55 MB
Available Virtual: 20160.15 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:452.09 GB) (Free:244.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C7C8637C)
Partition 1: (Not Active) - (Size=452.1 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=13.7 GB) - (Type=07 NTFS)

==================== End of log ============================

Attached Files


Edited by Oh My!, 21 July 2015 - 07:55 PM.


BC AdBot (Login to Remove)

 


m

#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:17 PM

Posted 21 July 2015 - 08:07 PM

Greetings MelissaRN and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do this.

===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
C:\Users\Melissa\GoToAssistDownloadHelper (1).exe
cmd: ipconfig /flushdns
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Junkware log
  • Fixlog
  • System Summary Information
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 MelissaRN

MelissaRN
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:05:17 PM

Posted 22 July 2015 - 02:06 PM

Thank you, Gary, for responding to my post.  As far as the performance is concerned, my browser is no longer being redirected to searcheduncovered.com.  Would you mind giving me some recommendations as to how NOT to get that again?  Below are the findings:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Professional x64
Ran by Melissa on Wed 07/22/2015 at 13:34:41.58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\PCDEventLauncherTask
Successfully deleted: [Task] C:\Windows\system32\tasks\PCDoctorBackgroundMonitorTask



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111251155}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111251155}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\google



~~~ FireFox

Successfully deleted: [File] C:\Users\Melissa\AppData\Roaming\mozilla\firefox\profiles\gv2lkpw9.default\searchplugins\aol-search.xml



~~~ Chrome


[C:\Users\Melissa\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Melissa\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Melissa\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Melissa\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/22/2015 at 13:40:59.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Melissa at 2015-07-22 13:50:12 Run:1
Running from C:\Users\Melissa\Desktop
Loaded Profiles: Melissa (Available Profiles: Melissa & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File
C:\Users\Melissa\GoToAssistDownloadHelper (1).exe
cmd: ipconfig /flushdns
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}" => key removed successfully
"HKCR\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}" => key removed successfully
"HKCR\PROTOCOLS\Handler\tmpx" => key removed successfully
"HKCR\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23}" => key removed successfully
C:\Users\Melissa\GoToAssistDownloadHelper (1).exe => moved successfully.

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


==== End of Fixlog 13:50:12 ====

 

 

 

 

 

 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:17 PM

Posted 22 July 2015 - 04:59 PM

I sure will provide some information to help you. I usually do that when we are finished and we are not done yet! :)

Please do these things for me.

===================================================

Malwarebytes Anti-Malware Free and Malwarebytes Chameleon

----------
  • Download Malwarebytes Anti-Malware Free and save it to your desktop
  • Double click the desktop icon, click Run, then OK
  • Click Next
  • Select I accept the agreement then continue to click Next then finally click Install
  • Uncheck Enable free trial of Malwarebytes Anti-Malware Premium if you do not want the free trial of the paid version, then click Finish
  • If you are notified the Database is out of date click Update Now
  • Click Scan Now >>

----------
Note: If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
Click Start (Start, Search, All files and folders for Windows XP) then type mbam
Double click one of the four following files (if one does not work try the next one, and so on) - A black command window will open. Follow those instructions until the Malwarebytes program starts the scan

mbam-chameleon.scr
mbam-chameleon
mbam-chameleon.exe
mbam-chameleon.com

----------

  • When completed click Save Results in the lower right hand corner of the screen then select Text file (.txt)
  • Save the file to your desktop as MBAM
  • Click Apply Actions then restart your computer if requested
  • Copy and past the contents of MBAM.txt in your reply
===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Copy and paste the contents of the report in your reply
  • Note: If you receive an error report saying there are too many emoticons simply attach the file instead
  • Close the program then click Close
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double click the icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Malwarebytes log
  • Emsisoft report (if applicable)
  • Security Check log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 MelissaRN

MelissaRN
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:05:17 PM

Posted 23 July 2015 - 08:27 PM

Thank you for continuing to assist me, Gary.  You have no idea how much I appreciate it.  I have included all of the logs you requested below:

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/23/2015
Scan Time: 7:11 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.23.05
Rootkit Database: v2015.07.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Melissa

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 410228
Time Elapsed: 15 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, , [9f9233b257330e28dd9b0f80f50dd62a],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, , [9f9233b257330e28dd9b0f80f50dd62a],
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, , [9f9233b257330e28dd9b0f80f50dd62a],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110111251155}, , [72bf8263c5c5d95d3ba2266e36ce0df3],

Registry Values: 2
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110111251155}|AppName, JollyWallet-bg.exe, , [72bf8263c5c5d95d3ba2266e36ce0df3]
PUP.Vulnerable.DellSystemDetect, HKU\S-1-5-21-3697647838-3597863788-1965172072-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DellSystemDetect, C:\Users\Melissa\AppData\Local\Apps\2.0\3Q3VVELP.4MG\13GA4R57.4G3\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe, , [bd74a73e543653e366487b9226dd629e]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Emsisoft Emergency Kit - Version 10.0
Last update: 7/23/2015 7:37:31 PM
User account: MININT-7NHCQDH\Melissa

Scan settings:

Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    7/23/2015 7:39:52 PM
Value: HKEY_USERS\S-1-5-21-3697647838-3597863788-1965172072-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-3697647838-3597863788-1965172072-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASAPI32     detected: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASMANCS     detected: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO.1     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\INFOATOMS     detected: Application.InstallAd (A)

Scanned    269299
Found    7

Scan end:    7/23/2015 8:19:58 PM
Scan time:    0:40:06

Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\INFOATOMS    Quarantined Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO.1    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROTECTOR_DLL.PROTECTORBHO    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASMANCS    Quarantined Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASAPI32    Quarantined Application.Win32.InstallExt (A)
Value: HKEY_USERS\S-1-5-21-3697647838-3597863788-1965172072-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS    Quarantined Setting.DisableRegistryTools (A)
Value: HKEY_USERS\S-1-5-21-3697647838-3597863788-1965172072-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR    Quarantined Setting.DisableTaskMgr (A)

Quarantined    7

 

 

 

 

 Results of screen317's Security Check version 1.005  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
Kaspersky Internet Security   
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 JavaFX 2.1.1    
 Java 8 Update 51  
 Java version 32-bit out of Date!
 Adobe Flash Player 18.0.0.209  
 Mozilla Firefox (39.0)
 Google Chrome (43.0.2357.134)
 Google Chrome (44.0.2403.89)
````````Process Check: objlist.exe by Laurent````````  
 Kaspersky Lab Kaspersky Internet Security 15.0.2 avp.exe  
 Kaspersky Lab Kaspersky Internet Security 15.0.2 avpui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:17 PM

Posted 23 July 2015 - 08:34 PM

You are quite welcome. Nothing of any real concern in the logs. Before I provide some final instructions and information about how to keep your computer clean do you have any questions or concerns?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 MelissaRN

MelissaRN
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:05:17 PM

Posted 23 July 2015 - 08:47 PM

Just a concern as to where I got that malware.  I am a safe browser and have no idea where it came from.  Thanks again for helping me.  I did restart my computer and restarted Kaspersky and reactivated Windows Firewall to the default settings. 



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:17 PM

Posted 23 July 2015 - 08:55 PM

It is hard to say exactly how you got the redirect. There are a variety of ways and some through no fault of your own, like a legitimate web site that has been compromised with injected code. The best thing we can do is do our best to avoid the chances of a repeat in the future and the information below will help you to do that.

Your computer looks good now and we intend to keep it that way!

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder. For everything else you simply delete the log files or desktop icons.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a brief period of time in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:17 PM

Posted 24 July 2015 - 09:08 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users