Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Will not allow me to open .exe files or system restore or download


  • This topic is locked This topic is locked
20 replies to this topic

#1 jamestennis951

jamestennis951

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 19 August 2015 - 12:08 PM

Hi support staff! My name is James I have used your guys help before in the past and it has been great. Hopefully I can get the same results.

 

I currently have a Virus that Will not allow me to open .exe files or system restore or download anything. I have downloaded all of the appropriate anti malware/ virus programs needed and I have logs. I am able to download through my safe network mode. 

 

Please let me know what you think and the options I have.

 

Attached File  FRST.txt   74.23KB   17 downloads

Attached File  Addition.txt   43.05KB   8 downloads

Attached File  JRT.txt   1.36KB   5 downloads



BC AdBot (Login to Remove)

 


#2 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 PM

Posted 21 August 2015 - 03:02 PM

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.


Hello jamestennis951,

My name is mAL_rEm018, but feel free to call me mAL.  I'm an undergraduate trainee and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.
 

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.


Cobian Backup
DriveImage XML


To make sure everything goes smoothly, I would like you to observe the following rules:

  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread.  Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum.  Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

I am currently reviewing you logs and will return as soon as possible, with additional instructions.


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#3 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 PM

Posted 21 August 2015 - 06:01 PM

Hello jamestennis951,

I need you to run some additional scans..
 

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Copy/Paste or Type the following line into the Search: box.

Services.exe;Explorer.exe

  • Press the Search Files button.
  • When finished searching a log will open on your Desktop ... Search.txt
  • Please post it in your next reply.

Next..

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.



  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to  ESET online scannner

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • When prompted allow the Add-On/Active X to install.
  • Click on Run ESET Online Scanner, then elect the option YES, I accept the Terms of Use, then click Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is  checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

If you have trouble performing any of the steps, please let me know.


-----------------------------------------
In your next reply, I would like to see..


  • Search.txt
  • Eset scan results
    Please post everything in the order given.

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#4 jamestennis951

jamestennis951
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 23 August 2015 - 05:08 AM

Farbar Recovery Scan Tool (x64) Version:21-08-2015 03
Ran by swag daddy (2015-08-22 22:00:33)
Running from C:\Users\swag daddy\Desktop
Boot Mode: Safe Mode (with Networking)
 
================== Search Files: "Services.exe;Explorer.exe" =============
 
C:\Windows\explorer.exe
[2011-08-29 20:30][2011-02-24 23:19] 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3 [File is digitally signed]
 
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011-08-29 20:30][2011-02-25 22:19] 2616320 ____A (Microsoft Corporation) 0FB9C74046656D1579A64660AD67B746 [File is digitally signed]
 
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011-08-29 20:30][2011-02-24 22:30] 2616320 ____A (Microsoft Corporation) 8B88EBBB05A0E56B7DCC708498C02B3E [File is digitally signed]
 
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011-08-30 11:18][2010-11-20 05:17] 2616320 ____A (Microsoft Corporation) 40D777B7A95E00593EB1568C68514493 [File is digitally signed]
 
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011-08-29 20:30][2011-02-25 22:51] 2614784 ____A (Microsoft Corporation) 255CF508D7CFB10E0794D6AC93280BD8 [File is digitally signed]
 
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011-08-29 20:30][2009-10-30 23:00] 2614272 ____A (Microsoft Corporation) C76153C7ECA00FA852BB0C193378F917 [File is digitally signed]
 
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2011-08-29 20:33][2009-08-02 22:49] 2613248 ____A (Microsoft Corporation) 9FF6C4C91A3711C0A3B18F87B08B518D [File is digitally signed]
 
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011-08-29 20:30][2011-02-25 22:33] 2614784 ____A (Microsoft Corporation) 2AF58D15EDC06EC6FDACCE1F19482BBF [File is digitally signed]
 
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011-08-29 20:30][2009-10-30 22:45] 2614272 ____A (Microsoft Corporation) 2626FC9755BE22F805D3CFA0CE3EE727 [File is digitally signed]
 
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2011-08-29 20:33][2009-08-02 22:35] 2613248 ____A (Microsoft Corporation) B95EEB0F4E5EFBF1038A35B3351CF047 [File is digitally signed]
 
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009-07-13 16:41][2009-07-13 18:14] 2613248 ____A (Microsoft Corporation) 15BC38A7492BEFE831966ADB477CF76F [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.23033_none_2df8898bfd178df8\services.exe
[2015-05-15 08:22][2015-04-10 21:31] 0328704 ____A (Microsoft Corporation) 43DCEC23557C32F7702C8D5BC729738F [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.18829_none_2d7fe646e3ec3705\services.exe
[2015-05-15 08:22][2015-04-12 20:28] 0328704 ____A (Microsoft Corporation) 71C85477DF9347FE8E7BC55768473FCA [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 16:19][2009-07-13 18:39] 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2011-08-29 20:30][2011-02-25 23:14] 2871808 ____A (Microsoft Corporation) 3B69712041F3D63605529BD66DC00C48 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011-08-29 20:30][2011-02-24 23:19] 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011-08-30 11:19][2010-11-20 06:24] 2872320 ____A (Microsoft Corporation) AC4C51EB24AA95B77F705AB159189E24 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2011-08-29 20:30][2011-02-25 23:26] 2870784 ____A (Microsoft Corporation) E38899074D4951D31B4040E994DD7C8D [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011-08-29 20:30][2009-10-30 23:38] 2870272 ____A (Microsoft Corporation) B8EC4BD49CE8F6FC457721BFC210B67F [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011-08-29 20:33][2009-08-02 23:19] 2868224 ____A (Microsoft Corporation) 700073016DAC1C3D2E7E2CE4223334B6 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011-08-29 20:30][2011-02-25 23:23] 2870272 ____A (Microsoft Corporation) 0862495E0C825893DB75EF44FAEA8E93 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2011-08-29 20:30][2009-10-30 23:34] 2870272 ____A (Microsoft Corporation) 9AAAEC8DAC27AA17B053E6352AD233AE [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2011-08-29 20:33][2009-08-02 23:17] 2868224 ____A (Microsoft Corporation) F170B4A061C9E026437B193B4D571799 [File is digitally signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009-07-13 16:56][2009-07-13 18:39] 2868224 ____A (Microsoft Corporation) C235A51CB740E45FFA0EBFB9BAFCDA64 [File is digitally signed]
 
C:\Windows\SysWOW64\explorer.exe
[2011-08-29 20:30][2011-02-24 22:30] 2616320 ____A (Microsoft Corporation) 8B88EBBB05A0E56B7DCC708498C02B3E [File is digitally signed]
 
C:\Windows\System32\services.exe
[2015-05-15 08:22][2015-04-12 20:28] 0328704 ____A (Microsoft Corporation) 71C85477DF9347FE8E7BC55768473FCA [File is digitally signed]
 
C:\Windows\erdnt\cache86\explorer.exe
[2015-08-19 00:14][2011-02-24 23:19] 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3 [File is digitally signed]
 
C:\Windows\erdnt\cache64\services.exe
[2015-08-19 00:14][2015-04-12 20:28] 0328704 ____A (Microsoft Corporation) 71C85477DF9347FE8E7BC55768473FCA [File is digitally signed]
 
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_10.0.10240.16384_none_4719371d97508a19\services.exe
[2015-07-10 03:30][2015-07-10 03:30] 0446336 ___AL () D41D8CD98F00B204E9800998ECF8427E [File not signed]
 
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\services.exe
[2015-07-10 03:30][2015-07-10 03:30] 0446336 ___AL () D41D8CD98F00B204E9800998ECF8427E [File not signed]
 
====== End of Search ======
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f0ea4812d2a925499d33b5bdf45ef8ef
# end=init
# utc_time=2015-08-23 07:02:39
# local_time=2015-08-23 12:02:39 (-0800, Pacific Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 25403
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f0ea4812d2a925499d33b5bdf45ef8ef
# end=updated
# utc_time=2015-08-23 07:04:36
# local_time=2015-08-23 12:04:36 (-0800, Pacific Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=f0ea4812d2a925499d33b5bdf45ef8ef
# engine=25403
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-08-23 09:59:44
# local_time=2015-08-23 02:59:44 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 0 191867434 0 0
# scanned=295133
# found=2
# cleaned=0
# scan_time=10508


#5 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 PM

Posted 23 August 2015 - 02:19 PM

Hello jamestennis951,

There is a section from you ESET log missing, please re-post the log.

I also notice that you ran several malware removal tools prior to posting here: Combofix, Malwarebytes Anti-Malware, Rkill.  I need to see those logs as well.

They should be in the following location:


 

C:\Users\swag daddy\Desktop\Rkill.txt
C:\Users\swag daddy\Desktop\unhide.txt
C:\ComboFix.txt
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs



-----------------------------------------
In your next reply, I would like to see..

  • ESET scan results
  • Rkill log
  • Unhide log
  • Combofix log
  • Malwarebytes Anti-Malware log
    Please post everything in the order given.

 

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#6 jamestennis951

jamestennis951
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 23 August 2015 - 11:23 PM

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f0ea4812d2a925499d33b5bdf45ef8ef
# end=init
# utc_time=2015-08-23 07:02:39
# local_time=2015-08-23 12:02:39 (-0800, Pacific Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 25403
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f0ea4812d2a925499d33b5bdf45ef8ef
# end=updated
# utc_time=2015-08-23 07:04:36
# local_time=2015-08-23 12:04:36 (-0800, Pacific Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=f0ea4812d2a925499d33b5bdf45ef8ef
# engine=25403
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-08-23 09:59:44
# local_time=2015-08-23 02:59:44 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 0 191867434 0 0
# scanned=295133
# found=2
# cleaned=0
# scan_time=10508
sh=D3D9DC93349AF680AD710BD58377233EE824EE3B ft=1 fh=e789fd1e81990c15 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\System Volume Information\SystemRestore\FRStaging\$Recycle.Bin\S-1-5-21-3500353208-2455046699-3851492630-1000\$R7W5WQ8.exe"
sh=A8B824E958A07E177CE20E35B86498F7EB1453A1 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Windows\Installer\195ad2.msi"
 
 
 
 2.8.1 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 08/18/2015 11:29:47 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
 
Unhide by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
 
Program started at: 08/18/2015 11:13:03 PM
Windows Version: Windows 7
 
Please be patient while your files are made visible again.
 
Processing the C:\ drive
 
 
ComboFix 15-08-20.01 - swag daddy 08/23/2015  20:44:18.2.4 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8140.6395 [GMT -7:00]
Running from: c:\users\swag daddy\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
AV: K7TotalSecurity Pro *Enabled/Outdated* {96053243-D4B1-7CB4-BBA0-4BFBC0A5A129}
AV: Kaspersky Total Security *Enabled/Updated* {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
FW: K7TotalSecurity Pro *Enabled* {AE3EB366-9EDE-7DEC-90FF-E2CE3E76E652}
FW: Kaspersky Total Security *Enabled* {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: K7TotalSecurity Pro *Enabled/Outdated* {2D64D3A7-F28B-733A-8110-7089BB22EB94}
SP: Kaspersky Total Security *Enabled/Updated* {0F7D947C-13CC-4207-47BE-41AC12334EC6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1439969335.bdinstall.bin
c:\programdata\1440000222.bdinstall.bin
c:\programdata\1440000260.bdinstall.bin
.
.
(((((((((((((((((((((((((   Files Created from 2015-07-24 to 2015-08-24  )))))))))))))))))))))))))))))))
.
.
2015-08-24 04:02 . 2015-08-24 04:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-08-24 04:02 . 2015-08-24 04:02 -------- d-----w- c:\users\UpdatusUser.swagdaddy-PC\AppData\Local\temp
2015-08-24 04:02 . 2015-08-24 04:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-08-19 12:16 . 2015-07-21 14:25 12222168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD1949FD-5EDD-4965-B726-E6CF850B1AE6}\mpengine.dll
2015-08-19 06:55 . 2015-08-19 06:57 -------- d-----w- C:\AdwCleaner
2015-08-19 06:44 . 2015-08-23 04:53 -------- d-----w- C:\FRST
2015-08-19 06:10 . 2015-08-24 03:46 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-19 06:09 . 2015-06-18 15:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-08-19 06:09 . 2015-06-18 15:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-08-19 06:09 . 2015-08-19 06:09 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-08-19 06:09 . 2015-06-18 15:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-08-19 06:09 . 2015-08-19 06:09 -------- d-----w- c:\users\swag daddy\AppData\Local\Programs
2015-08-19 05:58 . 2015-08-19 05:58 -------- d-----w- c:\program files\Common Files\AV
2015-08-19 05:56 . 2015-08-19 05:56 -------- d-----w- c:\programdata\AVG Web TuneUp
2015-08-19 05:56 . 2015-08-19 05:56 -------- d-----w- c:\program files (x86)\AVG Web TuneUp
2015-08-19 05:54 . 2015-08-19 05:54 -------- d-----w- c:\users\swag daddy\AppData\Roaming\AVG2015
2015-08-19 05:53 . 2015-08-19 05:53 -------- d-----w- c:\users\swag daddy\AppData\Roaming\TuneUp Software
2015-08-19 05:51 . 2015-08-19 05:53 -------- d-----w- c:\programdata\AVG2015
2015-08-19 05:51 . 2015-08-19 05:51 -------- d-----w- C:\$AVG
2015-08-19 05:50 . 2015-08-19 16:28 -------- d-----w- c:\programdata\MFAData
2015-08-19 05:50 . 2015-08-19 05:50 -------- d-----w- c:\users\swag daddy\AppData\Local\MFAData
2015-08-19 05:49 . 2015-08-19 05:51 -------- d-----w- c:\program files (x86)\AVG
2015-08-19 05:49 . 2015-08-19 05:50 -------- d-----w- c:\programdata\Avg
2015-08-19 05:49 . 2015-08-19 05:49 -------- d-----w- c:\programdata\Common Files
2015-08-19 05:49 . 2015-08-19 05:49 -------- d-----w- c:\users\swag daddy\AppData\Local\Avg
2015-08-19 05:39 . 2015-08-19 05:39 -------- d-----w- c:\users\swag daddy\AppData\Roaming\QuickScan
2015-08-19 05:30 . 2015-08-19 05:30 -------- d-----w- c:\windows\SysWow64\%Report%
2015-08-19 05:30 . 2015-08-19 05:30 -------- d-----w- c:\windows\SysWow64\%Data%
2015-08-14 04:00 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-14 04:00 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 03:33 . 2015-07-28 20:05 774656 ----a-w- c:\windows\system32\invagent.dll
2015-08-13 03:31 . 2015-07-15 03:19 52736 ----a-w- c:\windows\system32\basesrv.dll
2015-08-13 03:28 . 2015-05-09 18:26 493504 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2015-08-09 16:24 . 2015-08-09 19:30 -------- d-----w- c:\users\swag daddy\AppData\Local\043F316A-FA56-4773-82D5-DFA1C212D4F1.aplzod
2015-08-09 16:19 . 2015-08-19 06:24 -------- d-----r- c:\users\swag daddy\iCloudDrive
2015-08-09 01:44 . 2013-05-06 15:13 110176 ----a-w- c:\windows\system32\klfphc.dll
2015-08-09 01:44 . 2015-08-09 01:44 -------- d-----w- c:\windows\ELAMBKUP
2015-08-09 01:44 . 2015-08-23 05:10 -------- d-----w- c:\programdata\Kaspersky Lab
2015-08-09 01:44 . 2015-08-09 01:44 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2015-08-09 01:43 . 2015-07-04 09:18 227000 ----a-w- c:\windows\system32\drivers\klhk.sys
2015-08-09 01:43 . 2015-06-30 08:05 931000 ----a-w- c:\windows\system32\drivers\klif.sys
2015-08-09 01:43 . 2015-06-30 08:05 171192 ----a-w- c:\windows\system32\drivers\klflt.sys
2015-07-28 18:02 . 2015-07-28 18:02 312752 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2015-07-28 18:01 . 2015-07-28 18:01 245680 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-14 03:31 . 2011-08-30 03:47 132483416 ----a-w- c:\windows\system32\MRT.exe
2015-07-19 18:44 . 2012-08-06 16:33 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-19 18:44 . 2012-08-06 16:33 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-15 17:54 . 2015-08-13 03:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-06 07:10 . 2015-07-06 07:10 389816 ----a-w- c:\windows\system32\drivers\cm_km.sys
2015-07-04 18:07 . 2015-07-17 20:48 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-04 17:48 . 2015-07-17 20:48 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
2015-06-27 08:30 . 2015-06-27 08:30 70000 ----a-w- c:\windows\system32\drivers\klbackupflt.sys
2015-06-24 08:31 . 2015-06-24 08:31 1615016 ----a-w- c:\windows\system32\FM20.DLL
2015-06-24 01:30 . 2015-06-24 01:30 187056 ----a-w- c:\windows\system32\drivers\kneps.sys
2015-06-23 03:40 . 2015-06-23 03:40 478392 ----a-w- c:\windows\system32\drivers\kl1.sys
2015-06-17 17:47 . 2015-07-17 20:49 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-06-17 17:37 . 2015-07-17 20:49 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-06-17 04:56 . 2015-06-17 04:56 103096 ----a-w- c:\windows\system32\drivers\klwtp.sys
2015-06-16 22:55 . 2015-06-16 22:55 259040 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2015-06-15 21:50 . 2015-07-17 20:47 112064 ----a-w- c:\windows\system32\consent.exe
2015-06-15 21:45 . 2015-07-17 20:47 3242496 ----a-w- c:\windows\system32\msi.dll
2015-06-15 21:45 . 2015-07-17 20:47 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-06-15 21:45 . 2015-07-17 20:47 1941504 ----a-w- c:\windows\system32\authui.dll
2015-06-15 21:45 . 2015-07-17 20:47 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-06-15 21:44 . 2015-07-17 20:47 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-06-15 21:43 . 2015-07-17 20:47 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-06-15 21:43 . 2015-07-17 20:47 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-06-15 21:43 . 2015-07-17 20:47 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-06-15 21:42 . 2015-07-17 20:47 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-06-15 21:42 . 2015-07-17 20:47 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-06-15 21:37 . 2015-07-17 20:47 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2015-06-12 02:32 . 2015-06-12 02:32 39096 ----a-w- c:\windows\system32\drivers\klim6.sys
2015-06-11 22:56 . 2015-06-11 22:56 65208 ----a-w- c:\windows\system32\drivers\kltdi.sys
2015-06-09 02:43 . 2015-06-09 02:43 30392 ----a-w- c:\windows\system32\drivers\klpd.sys
2015-06-07 08:50 . 2015-06-07 08:50 41648 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2015-06-06 15:51 . 2015-06-06 15:51 68280 ----a-w- c:\windows\system32\drivers\kldisk.sys
2015-06-06 15:48 . 2015-06-06 15:48 53432 ----a-w- c:\windows\system32\drivers\klbackupdisk.sys
2015-06-06 15:31 . 2015-06-06 15:31 41144 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
2015-06-02 00:07 . 2015-07-17 20:49 254976 ----a-w- c:\windows\system32\cewmdm.dll
2015-06-01 23:47 . 2015-07-17 20:49 210432 ----a-w- c:\windows\SysWow64\cewmdm.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 189464 ----a-w- c:\users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\K7BkOLIExcluded]
@="{4143799A-96D3-41DE-9C26-D1B638AD9B9A}"
[HKEY_CLASSES_ROOT\CLSID\{4143799A-96D3-41DE-9C26-D1B638AD9B9A}]
2011-10-18 13:05 167008 ----a-w- c:\program files (x86)\K7 Computing\K7TSecurity\K7BkOLI32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\K7BkOLINotBacked]
@="{5DE40518-4F5F-4608-8E71-AA04AD942FC2}"
[HKEY_CLASSES_ROOT\CLSID\{5DE40518-4F5F-4608-8E71-AA04AD942FC2}]
2011-10-18 13:05 167008 ----a-w- c:\program files (x86)\K7 Computing\K7TSecurity\K7BkOLI32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\K7BkOverlayIcon]
@="{695C4C7E-8140-4CF1-A586-870C5945E1C7}"
[HKEY_CLASSES_ROOT\CLSID\{695C4C7E-8140-4CF1-A586-870C5945E1C7}]
2011-10-18 13:05 167008 ----a-w- c:\program files (x86)\K7 Computing\K7TSecurity\K7BkOLI32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\swag daddy\AppData\Local\Akamai\netsession_win.exe" [2015-07-24 4691384]
"Spotify Web Helper"="c:\users\swag daddy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2015-01-10 1676344]
"Spotify"="c:\users\swag daddy\AppData\Roaming\Spotify\spotify.exe" [2015-01-10 6737976]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2015-07-29 22344224]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-11-21 43816]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-11-21 43816]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-07-29 53655680]
"Dropbox Update"="c:\users\swag daddy\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-07-21 134512]
"iCloudDrive"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe" [2014-11-21 43816]
"GoogleChromeAutoLaunch_994AEAB09D204442A82B51361A762927"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-08-08 813896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-02-01 113288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Salling Media Sync"="c:\program files (x86)\Salling Software AB\Salling Media Sync\Salling Media Sync.exe" [2011-01-07 333512]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"K7TSStart"="c:\program files (x86)\K7 Computing\K7TSecurity\K7TSecurity.exe" [2015-03-06 189976]
"AvgUi"="c:\program files (x86)\AVG\Framework\Common\avguix.exe" [2015-04-07 1069008]
"AVG_UI"="c:\program files (x86)\AVG\AVG2015\avgui.exe" [2015-07-31 3780520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
c:\users\swag daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\swag daddy\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-4 39179912]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 246472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0a\0u\0t\0o\0c\0h\0k\0 \0*\0K7TSDbg
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
R0 K7Sentry;K7AntiVirus MiniFilter Driver;c:\windows\system32\drivers\K7Sentry.sys;c:\windows\SYSNATIVE\drivers\K7Sentry.sys [x]
R1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO64\HWiNFO64A.SYS;c:\program files\HWiNFO64\HWiNFO64A.SYS [x]
R1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\DRIVERS\klbackupflt.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupflt.sys [x]
R1 klhk;Kaspersky Lab service driver;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
R1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
R1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
R1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe;c:\program files\Alienware\Command Center\AlienFusionService.exe [x]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe [x]
R2 avgsvc;AVG Service;c:\program files (x86)\AVG\Framework\Common\avgsvca.exe;c:\program files (x86)\AVG\Framework\Common\avgsvca.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe [x]
R2 AVP16.0.0;Kaspersky Anti-Virus Service 16.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [x]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
R2 K7CrvSvc;K7Carnivore Service;c:\program files (x86)\K7 Computing\K7TSecurity\K7CrvSvc.exe;c:\program files (x86)\K7 Computing\K7TSecurity\K7CrvSvc.exe [x]
R2 K7EmlPxy;K7Computng - EMail Proxy Server;c:\program files (x86)\K7 Computing\K7TSecurity\K7EmlPxy.exe;c:\program files (x86)\K7 Computing\K7TSecurity\K7EmlPxy.exe [x]
R2 K7FWSrvc;K7Firewall Services;c:\program files (x86)\K7 Computing\K7TSecurity\K7FWSrvc.exe;c:\program files (x86)\K7 Computing\K7TSecurity\K7FWSrvc.exe [x]
R2 K7PSSrvc;K7Privacy Services;c:\program files (x86)\K7 Computing\K7TSecurity\K7PSSrvc.exe;c:\program files (x86)\K7 Computing\K7TSecurity\K7PSSrvc.exe [x]
R2 K7RTScan;K7RealTime AntiVirus Services;c:\program files (x86)\K7 Computing\K7TSecurity\K7RTScan.exe;c:\program files (x86)\K7 Computing\K7TSecurity\K7RTScan.exe [x]
R2 K7TSMngr;K7TotalSecurity Manager;c:\program files (x86)\K7 Computing\K7TSecurity\K7TSMngr.exe;c:\program files (x86)\K7 Computing\K7TSecurity\K7TSMngr.exe [x]
R2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
R2 RsMgrSvc;Rsd Service;c:\program files (x86)\Rising\RSD\RsMgrSvc.exe;c:\program files (x86)\Rising\RSD\RsMgrSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R2 WtuSystemSupport;WtuSystemSupport;c:\program files (x86)\AVG Web TuneUp\WtuSystemSupport.exe;c:\program files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [x]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
R3 AhnFlt2K;AhnFlt2K;c:\windows\system32\drivers\AhnFlt2K.sys;c:\windows\SYSNATIVE\drivers\AhnFlt2K.sys [x]
R3 AhnRec2K;AhnRec2K;c:\windows\system32\drivers\AhnRec2K.sys;c:\windows\SYSNATIVE\drivers\AhnRec2K.sys [x]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 K7SpmSrc;K7SpmSrc;c:\program files (x86)\K7 Computing\K7TSecurity\K7SpmSrc.exe;c:\program files (x86)\K7 Computing\K7TSecurity\K7SpmSrc.exe [x]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 vssbrigde64;vssbrigde64;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 cm_km;Kaspersky Lab ZAO Cryptographic Module x64 (Weak);c:\windows\system32\DRIVERS\cm_km.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km.sys [x]
S0 K7FWHlpr;K7FWHlpr;c:\windows\system32\drivers\K7FWHlpr.sys;c:\windows\SYSNATIVE\drivers\K7FWHlpr.sys [x]
S0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\DRIVERS\klbackupdisk.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupdisk.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 Klwtp;Klwtp;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-14 03:26 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.155\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-06 18:44]
.
2015-08-14 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3500353208-2455046699-3851492630-1000Core.job
- c:\users\swag daddy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-21 15:42]
.
2015-08-19 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3500353208-2455046699-3851492630-1000UA.job
- c:\users\swag daddy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-21 15:42]
.
2015-08-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3500353208-2455046699-3851492630-1000Core.job
- c:\users\swag daddy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-14 23:23]
.
2015-08-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3500353208-2455046699-3851492630-1000UA.job
- c:\users\swag daddy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-14 23:23]
.
2015-08-19 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-3500353208-2455046699-3851492630-1000.job
- c:\users\swag daddy\AppData\Local\Citrix\GoToMeeting\3164\g2mupdate.exe [2015-08-11 00:16]
.
2015-08-19 c:\windows\Tasks\G2MUploadTask-S-1-5-21-3500353208-2455046699-3851492630-1000.job
- c:\users\swag daddy\AppData\Local\Citrix\GoToMeeting\3164\g2mupload.exe [2015-08-11 00:16]
.
2015-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-28 17:02]
.
2015-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-28 17:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-07-29 16:23 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-07-29 16:23 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-07-29 16:23 775496 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 226328 ----a-w- c:\users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 226328 ----a-w- c:\users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 226328 ----a-w- c:\users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-05 22:53 226328 ----a-w- c:\users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\K7BkOLIExcluded]
@="{4143799A-96D3-41DE-9C26-D1B638AD9B9A}"
[HKEY_CLASSES_ROOT\CLSID\{4143799A-96D3-41DE-9C26-D1B638AD9B9A}]
2011-10-18 13:05 193632 ----a-w- c:\program files (x86)\K7 Computing\K7TSecurity\K7BkOLI64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\K7BkOLINotBacked]
@="{5DE40518-4F5F-4608-8E71-AA04AD942FC2}"
[HKEY_CLASSES_ROOT\CLSID\{5DE40518-4F5F-4608-8E71-AA04AD942FC2}]
2011-10-18 13:05 193632 ----a-w- c:\program files (x86)\K7 Computing\K7TSecurity\K7BkOLI64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\K7BkOverlayIcon]
@="{695C4C7E-8140-4CF1-A586-870C5945E1C7}"
[HKEY_CLASSES_ROOT\CLSID\{695C4C7E-8140-4CF1-A586-870C5945E1C7}]
2011-10-18 13:05 193632 ----a-w- c:\program files (x86)\K7 Computing\K7TSecurity\K7BkOLI64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-01 6602856]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-02-01 2186856]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 703088]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]
"Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2012-06-15 12656]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\swag daddy\AppData\Roaming\Mozilla\Firefox\Profiles\7g7m1d8w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z144&install_date=20111107
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
HKLM-Run-InstallerLauncher - c:\users\SWAGDA~1\AppData\Local\Temp\GZ_INSTALL_0\setuplauncher.exe
AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-PDFLite Toolbar - c:\program files (x86)\PDFLite Toolbar\PDFLiteToolbarUninstall.exe
AddRemove-SoftwareUpdUtility - c:\program files (x86)\Common Files\Software Update Utility\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-08-23  21:07:26
ComboFix-quarantined-files.txt  2015-08-24 04:07
ComboFix2.txt  2015-08-19 07:16
.
Pre-Run: 609,624,350,720 bytes free
Post-Run: 609,347,256,320 bytes free
.
- - End Of File - - 455289C21C2DA63B4DB8C93CFDB4D586
A36C5E4F47E84449FF07ED3517B43A31


#7 jamestennis951

jamestennis951
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 23 August 2015 - 11:27 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/23/2015
Scan Time: 8:46 PM
Logfile: mbam log.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.08.19.01
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: swag daddy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 471850
Time Elapsed: 38 min, 14 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#8 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 PM

Posted 24 August 2015 - 06:51 PM

Hello jamestennis951,


Please answer the following question..

  • Did you set your Tcpip address to 75.75.75.75, 75.75.76.76?

    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{0D54B561-1353-446A-BE5D-9489060735BB}: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{B4E171D7-49A6-472A-B61A-2582C591D731}: [DhcpNameServer] 75.75.75.75 75.75.76.76
    DNS Servers: 75.75.75.75 - 75.75.76.76



Backup your registry using TCRB


  • Download TCRB from the following link TCRB
  • Open Tweaking.com Registry Backup.
  • Click on the Backup Registry tab and ensure that all options are checked.
  • Press on Backup Now.
  • Wait until the backup is complete and exit the program.


I notice you have several security programs installed and running on your computer.  Although this might seem like a good idea, you are in fact putting your computer at risk, since they will interfere with each other. Please choose one program from the list below and uninstall the other two.


 

  • AVG AntiVirus Free Edition 2015
  • K7TotalSecurity Pro
  • Kaspersky Total Security

 



PUP (Potentially Unwanted Programs)


Free Opener
Yahoo! Toolbar

Potentially Unwanted Programs (PUP) are software that have unpredictable behaviour and/or might have been installed on your computer without your direct consent.  You might have installed them willingly, in which case feel free to keep them.  However, if you did not I advise you to remove them.  If you decide to uninstall them, please follow the steps below.


Removing a program in Windows 7

  • Click the Star Menu and select Control Panel.
  • Click Programs, then Programs and Features.
  • Select the following programs:

    Download Updater (AOL Inc.)
    McAfee Security Scan Plus
    PDFLite Toolbar
    Rising Software Deployment System
    Strongvault Online Backup

  • Select Uninstall.
  • When prompted select Yes.
  • Answer any questions attentively.
  • When the process is finished, please restart your computer.

Note: you can only remove one program at a time.


Next..


RogueKiller


  • Please download RogueKiller and save it to your desktop.
  • Right-click on RogueKiller.exe and select Run as administrator
  • The tool will now start to run a Prescan, wait until it is finished.
  • When the Prescan is over, select Scan.
  • Once the Scan has finished, click on Report.
  • A window entitled Rogue Killer will open, please post the contents in your next reply.

I need to see a fresh FRST log..



  • Right-click on FRST64.exe and select Run as administrator.
  • Ensure that Addition.txt is checked.
  • Select Scan.
  • When the scan is over two windows will open, FRST.txt and Addition.txt.
  • Please post the contents of both logs in your next reply.

Can you give me an update on your computer's behaviour?


-----------------------------------------
In your next reply, I would like to see..


  • Answer to my question.
  • Did you have trouble performing any of the steps?
  • RogueKiller scan results
  • FRST.txt
  • Addition.txt
    Please post everything in the order given.

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#9 jamestennis951

jamestennis951
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 25 August 2015 - 12:02 AM

No I didnt change the tcpip.

Also I couldnt unistall Rising Software Deployment System

Strongvault Online Backup because it wasnt on the programs list.

 

roguekillerRogueKiller V10.10.2.0 [Aug 24 2015] by Adlice Software

 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : swag daddy [Administrator]
Started from : C:\Users\swag daddy\Desktop\RogueKiller.exe
Mode : Scan -- Date : 08/24/2015 21:47:12
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 1 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | InstallerLauncher : "C:\Users\SWAGDA~1\AppData\Local\Temp\GZ_INSTALL_0\setuplauncher.exe" /run:"C:\Users\SWAGDA~1\AppData\Local\Temp\GZ_INSTALL_0\Installer.exe" [x][x] -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUP][FIREFX:Addon] 7g7m1d8w.default : Yahoo Toolbar [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] -> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9750420AS ATA Device +++++
--- User ---
[MBR] d6f67903ba4a63d94e2553319e3b2ca9
[BSP] 26ff1a0383345d496bc93b519914a1be : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 715288 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-08-2015
Ran by swag daddy (2015-08-24 21:54:17)
Running from C:\Users\swag daddy\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3500353208-2455046699-3851492630-500 - Administrator - Disabled)
Guest (S-1-5-21-3500353208-2455046699-3851492630-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3500353208-2455046699-3851492630-1003 - Limited - Enabled)
swag daddy (S-1-5-21-3500353208-2455046699-3851492630-1000 - Administrator - Enabled) => C:\Users\swag daddy
UpdatusUser (S-1-5-21-3500353208-2455046699-3851492630-1001 - Limited - Enabled) => C:\Users\UpdatusUser.swagdaddy-PC
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: K7TotalSecurity Pro (Enabled - Out of date) {96053243-D4B1-7CB4-BBA0-4BFBC0A5A129}
AV: Kaspersky Total Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Kaspersky Total Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: K7TotalSecurity Pro (Enabled - Out of date) {2D64D3A7-F28B-733A-8110-7089BB22EB94}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: K7TotalSecurity Pro (Enabled) {AE3EB366-9EDE-7DEC-90FF-E2CE3E76E652}
FW: Kaspersky Total Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
AIM for Windows (HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\...\AIM) (Version:  - AOL Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alienware Command Center (HKLM-x32\...\InstallShield_{FD1AE10F-163C-4D4B-9FCE-AC667AF1DC6E}) (Version: 2.8.8.0 - Alienware Corp.)
Alienware Command Center (Version: 2.8.8.0 - Alienware Corp.) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Bing Bar (HKLM-x32\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon iP2700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version:  - Canon Inc.)
Canon iP2700 series User Registration (HKLM-x32\...\Canon iP2700 series User Registration) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\...\Dropbox) (Version: 3.8.6 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
GoToMeeting 7.2.4.3164 (HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\...\GoToMeeting) (Version: 7.2.4.3164 - CitrixOnline)
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.017 - HTC Corporation)
HTC Sync (HKLM-x32\...\{D5B18B60-4FC3-42AD-A629-9CA10ACC06CD}) (Version: 3.0.5579 - HTC Corporation)
HWiNFO64 Version 4.04 (HKLM\...\HWiNFO64_is1) (Version: 4.04 - Martin Malík - REALiX)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2321 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417007FF}) (Version: 7.0.70 - Oracle)
Java SE Development Kit 7 Update 7 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170070}) (Version: 1.7.0.70 - Oracle)
Java™ 7 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Hotmail Connector 64-bit (HKLM\...\{95140000-007A-0409-1000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit (HKLM\...\{95140000-007D-0409-1000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Store Download Manager (HKLM-x32\...\{124CA4D3-B532-4D1F-98C4-E8035DB39E2F}) (Version: 2.7.4126.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
NVIDIA 3D Vision Driver 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 296.10 - NVIDIA Corporation)
NVIDIA Graphics Driver 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.10 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.16.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.16.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.7.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.11 - NVIDIA Corporation)
PDFlite 0.4 (HKLM-x32\...\PDFlite) (Version: 0.4 - PDFlite)
POWERPREP II (HKLM-x32\...\{2687340C-C114-47DC-9F0E-C1BA85FEB001}) (Version: 2.00.0000 - ETS)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6291 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.75 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.40 - Piriform)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Salling Media Sync (HKLM-x32\...\{A0E3B2AE-27BF-4A38-96C9-9B8D211661C2}) (Version: 1.2.135 - Salling Software AB)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.19.0 - Synaptics Incorporated)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.1.0 - Tweaking.com)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3500353208-2455046699-3851492630-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3500353208-2455046699-3851492630-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\swag daddy\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll No File
CustomCLSID: HKU\S-1-5-21-3500353208-2455046699-3851492630-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3500353208-2455046699-3851492630-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3500353208-2455046699-3851492630-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3500353208-2455046699-3851492630-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3500353208-2455046699-3851492630-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3500353208-2455046699-3851492630-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3500353208-2455046699-3851492630-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3500353208-2455046699-3851492630-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3500353208-2455046699-3851492630-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3500353208-2455046699-3851492630-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
08-08-2015 18:20:13 Windows Update
08-08-2015 18:20:27 Windows Backup
12-08-2015 20:22:48 Windows Update
13-08-2015 20:26:37 Windows Update
18-08-2015 09:00:04 Windows Backup
18-08-2015 09:07:11 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2015-08-23 21:02 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04144171-31E2-49EB-8807-07F075987EF5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-19] (Adobe Systems Incorporated)
Task: {070FB9ED-0C79-430D-A2EB-AC8B8AC78015} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3500353208-2455046699-3851492630-1000UA => C:\Users\swag daddy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-21] (Dropbox, Inc.)
Task: {20114E75-5350-4A4E-9A10-7E46AB1208DE} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {4F43907C-9160-4B34-94E6-C70082EBE6E9} - \Scheduled Update for Ask Toolbar -> No File <==== ATTENTION
Task: {575BCB0D-6E61-476E-8C58-EA802740CE92} - System32\Tasks\{38CD121C-895B-44AD-8C7C-679F2142A51A} => pcalua.exe -a "C:\Users\swag daddy\Downloads\esetsmartinstaller_enu.exe" -d "C:\Users\swag daddy\Downloads"
Task: {70475479-47DD-4F40-824C-1F71D9BC4F8E} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2011-08-22] ()
Task: {950C886E-C67F-4FD2-ABD8-EECC8D70657A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {961C0BC7-37D0-4BC1-9B06-5ABC736D8538} - System32\Tasks\{D300E456-E553-4345-9C95-698A63AE5A34} => pcalua.exe -a "C:\Users\swag daddy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SUJPZ18L\MicrosoftStoreDownloadmanager.exe" -d "C:\Users\swag daddy\Desktop"
Task: {AB301A90-DD7E-41C0-B8DA-EB70659FED6C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-28] (Google Inc.)
Task: {AEC7D69F-F67C-4B4D-B393-A1FCE7053554} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3500353208-2455046699-3851492630-1000Core => C:\Users\swag daddy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {B68A9FFC-10CF-44DC-9BF9-9CB125F01739} - System32\Tasks\{953A43DA-C1F5-4BA7-8368-B1617C937374} => pcalua.exe -a "C:\Users\swag daddy\Downloads\tg74pluginsetup.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {C4B05D0D-B96E-4B5F-B239-AAE0587C7680} - System32\Tasks\G2MUpdateTask-S-1-5-21-3500353208-2455046699-3851492630-1000 => C:\Users\swag daddy\AppData\Local\Citrix\GoToMeeting\3164\g2mupdate.exe [2015-08-10] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {CE4C792D-8C58-44AB-9658-6ED868AED07D} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {E2807F9E-AA52-4EF1-96EC-5015EC19E254} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-28] (Google Inc.)
Task: {EF26D48D-0B53-4A05-BFBB-C7500AF95D28} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3500353208-2455046699-3851492630-1000Core => C:\Users\swag daddy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-21] (Dropbox, Inc.)
Task: {F0E51F1E-6AE8-40B8-97C0-46A24C54A8D9} - System32\Tasks\G2MUploadTask-S-1-5-21-3500353208-2455046699-3851492630-1000 => C:\Users\swag daddy\AppData\Local\Citrix\GoToMeeting\3164\g2mupload.exe [2015-08-10] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {FC87F259-8F8B-4A6C-9AC7-085D3C5ABCFE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3500353208-2455046699-3851492630-1000UA => C:\Users\swag daddy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3500353208-2455046699-3851492630-1000Core.job => C:\Users\swag daddy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3500353208-2455046699-3851492630-1000UA.job => C:\Users\swag daddy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3500353208-2455046699-3851492630-1000Core.job => C:\Users\swag daddy\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3500353208-2455046699-3851492630-1000UA.job => C:\Users\swag daddy\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3500353208-2455046699-3851492630-1000.job => C:\Users\swag daddy\AppData\Local\Citrix\GoToMeeting\3164\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3500353208-2455046699-3851492630-1000.job => C:\Users\swag daddy\AppData\Local\Citrix\GoToMeeting\3164\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-24 20:57 - 2015-08-24 21:00 - 18772040 _____ () C:\Users\swag daddy\Desktop\RogueKiller.exe
2015-08-18 22:53 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\swag daddy\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-08-18 22:53 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\swag daddy\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:63238B95
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\swag daddy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^swag daddy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: HTC Sync Loader => "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{AA8E8908-4178-432A-99E0-3369C9E2828B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{92ECEE5E-2141-4FE2-8E3F-C6B7AA0368F5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{79282028-EA79-4EC8-B7B4-6C259CCE2677}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CB5E820D-3E19-4776-96A1-6C57ACD0585C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{83FAD357-E10B-4304-83C7-C43B87E8DD3B}] => (Allow) LPort=2869
FirewallRules: [{CFFA0B2E-AF3E-4537-BF22-9E22195A8AF9}] => (Allow) LPort=1900
FirewallRules: [{409245F2-722F-4C63-8376-F6A323674C32}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E7689E79-7197-40C4-9747-48DECEA2D5EE}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{651F3957-53CD-4D72-9AFD-803EF5DD740A}] => (Allow) C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{09F6C5A7-20A3-48B4-8FF4-7CD04B46E225}] => (Allow) C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{FA230E36-BAF5-49DE-A0C9-CD4972C01EDE}C:\users\swag daddy\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\swag daddy\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{A263B672-5DFD-472F-93BD-73DB5116114C}C:\users\swag daddy\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\swag daddy\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{99422CF4-A3E1-4674-A4F4-7E8C19219CF1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{2A647F1E-201D-4FA3-8207-C09A3E8D595F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{75D5CEB0-B3AB-4EB5-B540-E8E7833D4F50}] => (Allow) C:\Program Files\AhnLab\V3IS80\V3Proxy.ahn
FirewallRules: [{C94000A4-CC5C-406B-AA3C-5E4622E43A90}] => (Allow) C:\Program Files\AhnLab\V3IS80\V3Proxy.ahn
FirewallRules: [{1234FBE8-88B9-4F6A-8190-B98EDB958E0E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{3CAC213F-F4EE-46FB-94A1-7AD02E70DB06}] => (Allow) C:\Program Files\AhnLab\V3IS80\V3Proxy.ahn
FirewallRules: [{97CA3EEE-E1B7-4471-98D8-F05F5DA411FB}] => (Allow) C:\Program Files\AhnLab\V3IS80\V3Proxy.ahn
FirewallRules: [TCP Query User{8619ABAA-6FC0-4BF9-A53A-C084EFEB7755}C:\users\swag daddy\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\swag daddy\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{C9BEF6E1-1DAB-41FE-98D7-D4C45A231417}C:\users\swag daddy\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\swag daddy\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{A8FFDE8F-DD48-43DE-BCEB-BFDB19C60396}C:\users\swag daddy\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\swag daddy\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{DAA90FB7-45CE-4CC1-AFBB-89DF49EA074B}C:\users\swag daddy\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\swag daddy\appdata\local\akamai\netsession_win.exe
FirewallRules: [{FECE6D62-FA7D-4686-ACF2-B3B1E7865491}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BFFD1826-7AE4-4E39-836A-E612B5CE17DB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A17D9271-1D7E-4D1D-B987-FE3C7A9400EC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FF64E922-0D6A-43FA-B86C-1FF753B44A67}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FDB14699-5AB3-4098-9B02-84A5ED7E0802}] => (Allow) C:\Users\swag daddy\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{0D14BAB6-9797-4A32-85FA-3547868F5844}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{FE000CDA-44A6-4F87-A775-1E78866445ED}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{4DDEAED9-A664-4913-A5CD-06AA0A9B09AA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{DC8B2D4E-D145-4BBA-B8AE-42F134125932}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{9EC3426D-7C6B-42A2-8130-CEE3788D1BBC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{94D9841B-4A98-4278-BF74-1E8CA1D77710}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{E3BE1826-B0E5-46DD-9BF5-92E619875619}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{C7E989FA-1D21-4FA8-8983-9D4A8DF2FF64}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{87F209CE-77E3-4164-836F-8F1E85D05AB2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{65F50F94-0460-443D-ACB7-08BDCE8C549A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/24/2015 08:59:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (08/24/2015 08:59:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (08/24/2015 08:40:59 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\swag daddy\AppData\Local\Temp\Temp1_revouninstaller.zip\revouninstaller-portable\Revouninstaller.exe daddy\AppData\Local\Temp\Temp1_revouninstaller.zip\revouninstaller-portable\Revouninstaller.exe" ; Description = Revo Uninstaller's restore point - Yahoo! Software Update; Error = 0x8007043c).
 
Error: (08/24/2015 08:38:36 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\swag daddy\AppData\Local\Temp\Temp1_revouninstaller.zip\revouninstaller-portable\Revouninstaller.exe daddy\AppData\Local\Temp\Temp1_revouninstaller.zip\revouninstaller-portable\Revouninstaller.exe" ; Description = Revo Uninstaller's restore point - Yahoo! Toolbar; Error = 0x8007043c).
 
Error: (08/24/2015 08:32:47 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\swag daddy\AppData\Local\Temp\Temp1_revouninstaller.zip\revouninstaller-portable\Revouninstaller.exe daddy\AppData\Local\Temp\Temp1_revouninstaller.zip\revouninstaller-portable\Revouninstaller.exe" ; Description = Revo Uninstaller's restore point - Yahoo! Messenger; Error = 0x8007043c).
 
Error: (08/24/2015 07:47:49 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed AVG 2015; Error = 0x8007043c).
 
Error: (08/24/2015 07:47:49 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed AVG 2015; Error = 0x8007043c).
 
Error: (08/24/2015 07:46:55 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed AVG 2015; Error = 0x8007043c).
 
Error: (08/24/2015 07:46:48 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed AVG 2015; Error = 0x8007043c).
 
Error: (08/24/2015 07:13:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
 
System errors:
=============
Error: (08/24/2015 09:54:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/24/2015 09:54:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/24/2015 09:54:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/24/2015 09:54:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/24/2015 09:54:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/24/2015 09:54:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/24/2015 09:54:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/24/2015 09:54:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/24/2015 09:54:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (08/24/2015 09:54:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office:
=========================
Error: (08/24/2015 08:59:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\swag daddy\Desktop\esetsmartinstaller_enu (1).exe
 
Error: (08/24/2015 08:59:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\swag daddy\Desktop\esetsmartinstaller_enu.exe
 
Error: (08/24/2015 08:40:59 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Users\swag daddy\AppData\Local\Temp\Temp1_revouninstaller.zip\revouninstaller-portable\Revouninstaller.exe daddy\AppData\Local\Temp\Temp1_revouninstaller.zip\revouninstaller-portable\Revouninstaller.exe" Revo Uninstaller's restore point - Yahoo! Software Update0x8007043c
 
Error: (08/24/2015 08:38:36 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Users\swag daddy\AppData\Local\Temp\Temp1_revouninstaller.zip\revouninstaller-portable\Revouninstaller.exe daddy\AppData\Local\Temp\Temp1_revouninstaller.zip\revouninstaller-portable\Revouninstaller.exe" Revo Uninstaller's restore point - Yahoo! Toolbar0x8007043c
 
Error: (08/24/2015 08:32:47 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Users\swag daddy\AppData\Local\Temp\Temp1_revouninstaller.zip\revouninstaller-portable\Revouninstaller.exe daddy\AppData\Local\Temp\Temp1_revouninstaller.zip\revouninstaller-portable\Revouninstaller.exe" Revo Uninstaller's restore point - Yahoo! Messenger0x8007043c
 
Error: (08/24/2015 07:47:49 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved AVG 20150x8007043c
 
Error: (08/24/2015 07:47:49 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved AVG 20150x8007043c
 
Error: (08/24/2015 07:46:55 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved AVG 20150x8007043c
 
Error: (08/24/2015 07:46:48 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\msiexec.exe /VRemoved AVG 20150x8007043c
 
Error: (08/24/2015 07:13:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\swag daddy\Desktop\esetsmartinstaller_enu (1).exe
 
 
CodeIntegrity:
===================================
  Date: 2015-08-23 21:01:19.443
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-08-23 21:01:19.225
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-08-23 21:01:19.004
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-08-23 21:01:18.786
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-08-19 00:11:15.308
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-08-19 00:11:15.137
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-02 19:59:30.256
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-10-02 19:59:30.253
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-10-02 19:59:30.249
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-10-02 19:51:29.381
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 35%
Total physical RAM: 8139.86 MB
Available physical RAM: 5279.05 MB
Total Virtual: 16277.92 MB
Available Virtual: 13927.94 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:698.52 GB) (Free:568 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End of FRST.txt ============================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-08-2015
Ran by swag daddy (administrator) on SWAGDADDY-PC (24-08-2015 21:52:56)
Running from C:\Users\swag daddy\Desktop
Loaded Profiles: swag daddy (Available Profiles: swag daddy & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\swag daddy\Desktop\RogueKiller.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-02-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2011-02-01] (Realtek Semiconductor)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [703088 2010-12-17] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392872 2011-02-22] (Synaptics Incorporated)
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-06-15] (Alienware)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [InstallerLauncher] => "C:\Users\SWAGDA~1\AppData\Local\Temp\GZ_INSTALL_0\setuplauncher.exe" /run:"C:\Users\SWAGDA~1\AppData\Local\Temp\GZ_INSTALL_0\Installer.exe" <===== ATTENTION
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-02-01] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Salling Media Sync] => C:\Program Files (x86)\Salling Software AB\Salling Media Sync\Salling Media Sync.exe [333512 2011-01-07] (Salling Software AB)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\RunOnce: [] => [X]
HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\...\Run: [Akamai NetSession Interface] => C:\Users\swag daddy\AppData\Local\Akamai\netsession_win.exe [4691384 2015-07-23] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\...\Run: [Spotify Web Helper] => C:\Users\swag daddy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-09] (Spotify Ltd)
HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\...\Run: [Spotify] => C:\Users\swag daddy\AppData\Roaming\Spotify\spotify.exe [6737976 2015-01-09] (Spotify Ltd)
HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53655680 2015-07-28] (Skype Technologies S.A.)
HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\...\Run: [Dropbox Update] => C:\Users\swag daddy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-21] (Dropbox, Inc.)
HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\...\Run: [GoogleChromeAutoLaunch_994AEAB09D204442A82B51361A762927] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-07] (Google Inc.)
HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\...\Run: [K7NfyUnst] => rundll32.exe "C:\Users\swag daddy\AppData\Roaming\K7Uninstall\K7InetChk.dll",K7OnUninstall
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [260416 2012-02-29] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-02-29] (NVIDIA Corporation)
Startup: C:\Users\swag daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-08-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\swag daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-07-12]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [K7BkOLIExcluded] -> {4143799A-96D3-41DE-9C26-D1B638AD9B9A} => C:\Program Files (x86)\K7 Computing\K7TSecurity\K7BkOLI64.dll No File
ShellIconOverlayIdentifiers: [K7BkOLINotBacked] -> {5DE40518-4F5F-4608-8E71-AA04AD942FC2} => C:\Program Files (x86)\K7 Computing\K7TSecurity\K7BkOLI64.dll No File
ShellIconOverlayIdentifiers: [K7BkOverlayIcon] -> {695C4C7E-8140-4CF1-A586-870C5945E1C7} => C:\Program Files (x86)\K7 Computing\K7TSecurity\K7BkOLI64.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
BootExecute: autocheck autochk * autochk * 
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3500353208-2455046699-3851492630-1000 -> {0B85D0B2-60F4-94A0-3164-F228253EF30E} URL = hxxp://www.bing.com/search?q={searchTerms}&pc=Z144&form=ZGAIDF&install_date=20111107&iesrc={referrer:source}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-09-06] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-07-08] (AO Kaspersky Lab)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-09-06] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-07-08] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
DPF: HKLM-x32 {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{0D54B561-1353-446A-BE5D-9489060735BB}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{B4E171D7-49A6-472A-B61A-2582C591D731}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\swag daddy\AppData\Roaming\Mozilla\Firefox\Profiles\7g7m1d8w.default
FF Homepage: hxxp://www.msn.com/?pc=Z144&install_date=20111107
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-19] ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll [2012-09-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-09-06] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-19] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-04] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-05-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-05-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-02-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-02-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3500353208-2455046699-3851492630-1000: @citrixonline.com/appdetectorplugin -> C:\Users\swag daddy\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-04-09] (Citrix Online)
FF Plugin HKU\S-1-5-21-3500353208-2455046699-3851492630-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\swag daddy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nptgeqplugin.dll [2007-07-18] (Tamarack Software, Inc.)
FF Extension: Default Manager - C:\Users\swag daddy\AppData\Roaming\Mozilla\Firefox\Profiles\7g7m1d8w.default\Extensions\DefaultManager@Microsoft [2012-02-15]
FF Extension: Yahoo! Toolbar - C:\Users\swag daddy\AppData\Roaming\Mozilla\Firefox\Profiles\7g7m1d8w.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-11-27]
FF Extension: PDFLite Toolbar - C:\Users\swag daddy\AppData\Roaming\Mozilla\Firefox\Profiles\7g7m1d8w.default\Extensions\{7C8ACEEB-B1D8-43cc-A387-DA838515368D} [2011-11-07]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-11-27]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-11-27]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2015-08-08]
 
Chrome: 
=======
CHR Profile: C:\Users\swag daddy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\swag daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-28]
CHR Extension: (YouTube) - C:\Users\swag daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-28]
CHR Extension: (Adblock Plus) - C:\Users\swag daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-10-25]
CHR Extension: (Google Search) - C:\Users\swag daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-28]
CHR Extension: (Kaspersky Protection) - C:\Users\swag daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2015-08-09]
CHR Extension: (iCloud Bookmarks) - C:\Users\swag daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2014-12-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\swag daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-28]
CHR Extension: (Skype Click to Call) - C:\Users\swag daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-09-05]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\swag daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-13]
CHR Extension: (iCloud Dashboard) - C:\Users\swag daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgojgddhfhekopdpkocobommepgdeffb [2014-12-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\swag daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Gmail) - C:\Users\swag daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-28]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - https://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - https://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2015-08-08] (Kaspersky Lab ZAO)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2011-08-12] () [File not signed]
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1195920 2015-08-18] ()
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S1 HWiNFO32; C:\Program Files\HWiNFO64\HWiNFO64A.SYS [30592 2012-05-10] (REALiX™)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
S1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
S2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [171192 2015-06-30] (Kaspersky Lab ZAO)
S1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [227000 2015-07-04] (AO Kaspersky Lab)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [931000 2015-06-30] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39096 2015-06-11] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [30392 2015-06-08] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-24] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [249152 2012-02-29] (NVIDIA Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-08-24] ()
S3 AhnFlt2K; \??\C:\Windows\system32\drivers\AhnFlt2K.sys [X]
S3 AhnRec2K; \??\C:\Windows\system32\drivers\AhnRec2K.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-24 21:01 - 2015-08-24 21:01 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-08-24 21:01 - 2015-08-24 21:01 - 00000000 ____D C:\ProgramData\RogueKiller
2015-08-24 20:57 - 2015-08-24 21:00 - 18772040 _____ C:\Users\swag daddy\Desktop\RogueKiller.exe
2015-08-24 20:31 - 2015-08-24 20:31 - 03007700 _____ C:\Users\swag daddy\Desktop\revouninstaller.zip
2015-08-24 19:52 - 2015-08-24 19:52 - 00000000 ____D C:\Users\swag daddy\AppData\Roaming\K7Uninstall
2015-08-24 19:37 - 2015-08-24 19:37 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SWAGDADDY-PC-Windows-7-Home-Premium-(64-bit).dat
2015-08-24 19:37 - 2015-08-24 19:37 - 00000000 ____D C:\RegBackup
2015-08-24 19:36 - 2015-08-24 19:36 - 04664160 _____ (Tweaking.com) C:\Users\swag daddy\Desktop\tweaking.com_registry_backup_setup.exe
2015-08-24 19:36 - 2015-08-24 19:36 - 00002239 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-08-24 19:36 - 2015-08-24 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-08-24 19:36 - 2015-08-24 19:36 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-08-23 21:07 - 2015-08-23 21:07 - 00033803 _____ C:\ComboFix.txt
2015-08-23 00:02 - 2015-08-23 00:02 - 02870984 _____ (ESET) C:\Users\swag daddy\Desktop\esetsmartinstaller_enu (1).exe
2015-08-22 22:17 - 2015-08-22 22:17 - 02870984 _____ (ESET) C:\Users\swag daddy\Desktop\esetsmartinstaller_enu.exe
2015-08-22 22:00 - 2015-08-22 22:07 - 00007569 _____ C:\Users\swag daddy\Desktop\Search.txt
2015-08-22 21:25 - 2015-08-24 21:52 - 00000000 ____D C:\Users\swag daddy\Desktop\FRST-OlderVersion
2015-08-19 00:06 - 2015-08-19 00:06 - 00001396 _____ C:\Users\swag daddy\Desktop\JRT.txt
2015-08-18 23:55 - 2015-08-18 23:57 - 00000000 ____D C:\AdwCleaner
2015-08-18 23:54 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
2015-08-18 23:54 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
2015-08-18 23:54 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-08-18 23:54 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-08-18 23:54 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-08-18 23:54 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
2015-08-18 23:54 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
2015-08-18 23:54 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
2015-08-18 23:49 - 2015-08-23 21:07 - 00000000 ____D C:\Qoobox
2015-08-18 23:49 - 2015-08-19 00:13 - 00000000 ____D C:\Windows\erdnt
2015-08-18 23:45 - 2015-08-18 23:46 - 00044082 _____ C:\Users\swag daddy\Desktop\Addition.txt
2015-08-18 23:44 - 2015-08-24 21:53 - 00027610 _____ C:\Users\swag daddy\Desktop\FRST.txt
2015-08-18 23:44 - 2015-08-24 21:53 - 00000000 ____D C:\FRST
2015-08-18 23:43 - 2015-08-24 21:52 - 02186752 _____ (Farbar) C:\Users\swag daddy\Desktop\FRST64.exe
2015-08-18 23:21 - 2015-08-18 23:21 - 01101640 _____ (Bleeping Computer, LLC) C:\Users\swag daddy\Desktop\rkill (1)64.exe
2015-08-18 23:20 - 2015-08-18 23:20 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\swag daddy\Desktop\mbam-setup-2.1.8.1057 (1).exe
2015-08-18 23:20 - 2015-08-18 23:20 - 05635271 _____ (Swearware) C:\Users\swag daddy\Desktop\ComboFix (1).exe
2015-08-18 23:20 - 2015-08-18 23:20 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\swag daddy\Desktop\rkill (1).exe
2015-08-18 23:16 - 2015-08-23 20:39 - 05635234 ____R (Swearware) C:\Users\swag daddy\Desktop\ComboFix.exe
2015-08-18 23:15 - 2015-08-18 23:15 - 01791580 _____ (Malwarebytes Corporation) C:\Users\swag daddy\Desktop\JRT.exe
2015-08-18 23:15 - 2015-08-18 23:15 - 01585664 _____ C:\Users\swag daddy\Desktop\AdwCleaner.exe
2015-08-18 23:14 - 2015-08-18 23:32 - 00001764 _____ C:\Users\swag daddy\Desktop\Rkill.txt
2015-08-18 23:14 - 2015-08-18 23:14 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\swag daddy\Desktop\rkill.exe
2015-08-18 23:14 - 2015-08-18 23:14 - 01101640 _____ (Bleeping Computer, LLC) C:\Users\swag daddy\Desktop\rkill64.exe
2015-08-18 23:13 - 2015-08-24 20:52 - 00000794 _____ C:\Users\swag daddy\Desktop\unhide.txt
2015-08-18 23:12 - 2015-08-18 23:12 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\swag daddy\Desktop\unhide.exe
2015-08-18 23:10 - 2015-08-24 19:09 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-18 23:09 - 2015-08-18 23:09 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\swag daddy\Desktop\mbam-setup-2.1.8.1057.exe
2015-08-18 23:09 - 2015-08-18 23:09 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-18 23:09 - 2015-08-18 23:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-18 23:09 - 2015-08-18 23:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-18 23:09 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-18 23:09 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-18 23:09 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-18 22:58 - 2015-08-24 19:50 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-18 22:56 - 2015-08-18 22:56 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2015-08-18 22:56 - 2015-08-18 22:56 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2015-08-18 22:53 - 2015-08-18 22:53 - 00000000 ____D C:\Users\swag daddy\AppData\Roaming\TuneUp Software
2015-08-18 22:50 - 2015-08-24 20:02 - 00000000 ____D C:\ProgramData\MFAData
2015-08-18 22:50 - 2015-08-18 22:50 - 00000000 ____D C:\Users\swag daddy\AppData\Local\MFAData
2015-08-18 22:49 - 2015-08-24 19:39 - 00000000 ____D C:\Users\swag daddy\AppData\Local\AvgSetupLog
2015-08-18 22:49 - 2015-08-24 19:39 - 00000000 ____D C:\ProgramData\Avg
2015-08-18 22:49 - 2015-08-18 22:49 - 00000000 ____D C:\Users\swag daddy\AppData\Local\Avg
2015-08-18 22:48 - 2015-08-18 22:48 - 16903872 _____ (AVG Technologies) C:\Users\swag daddy\Desktop\avg_gsr_stb_all_ltst_651.exe
2015-08-18 22:39 - 2015-08-19 09:04 - 10447328 _____ C:\Users\swag daddy\Desktop\Antivirus_Free_Edition_x64.exe
2015-08-18 22:39 - 2015-08-18 22:39 - 00162208 _____ C:\Users\swag daddy\Desktop\Antivirus_Free_Edition.exe
2015-08-18 22:39 - 2015-08-18 22:39 - 00000000 ____D C:\Users\swag daddy\AppData\Roaming\QuickScan
2015-08-18 22:30 - 2015-08-18 22:30 - 00000000 ____D C:\Windows\SysWOW64\%Report%
2015-08-18 22:30 - 2015-08-18 22:30 - 00000000 ____D C:\Windows\SysWOW64\%Data%
2015-08-18 22:16 - 2015-08-18 22:25 - 48093528 _____ C:\Users\swag daddy\Desktop\Windows-KB890830-x64-V5.27.exe
2015-08-13 21:00 - 2015-07-30 06:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 21:00 - 2015-07-30 06:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 20:29 - 2015-08-13 20:29 - 00000000 ____D C:\Users\swag daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-12 20:34 - 2015-07-15 11:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 20:34 - 2015-07-15 11:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-12 20:34 - 2015-07-15 11:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-12 20:34 - 2015-07-15 11:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 20:34 - 2015-07-15 11:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 20:34 - 2015-07-15 11:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-12 20:34 - 2015-07-15 11:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-12 20:34 - 2015-07-15 11:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-12 20:34 - 2015-07-15 11:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-12 20:34 - 2015-07-15 11:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-12 20:34 - 2015-07-15 11:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-12 20:34 - 2015-07-15 11:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-12 20:34 - 2015-07-15 11:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 20:34 - 2015-07-15 11:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-12 20:34 - 2015-07-15 11:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-12 20:34 - 2015-07-15 11:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-12 20:34 - 2015-07-15 11:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-12 20:34 - 2015-07-15 10:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-12 20:34 - 2015-07-15 10:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-12 20:34 - 2015-07-15 10:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-12 20:34 - 2015-07-15 10:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-12 20:34 - 2015-07-15 10:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-12 20:34 - 2015-07-15 10:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-12 20:34 - 2015-07-15 10:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-12 20:34 - 2015-07-15 10:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-12 20:34 - 2015-07-15 10:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-12 20:34 - 2015-07-15 10:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-12 20:34 - 2015-07-15 10:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-12 20:34 - 2015-07-15 10:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-12 20:34 - 2015-07-15 10:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-12 20:34 - 2015-07-15 10:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-12 20:34 - 2015-07-15 10:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-12 20:34 - 2015-07-15 10:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-12 20:34 - 2015-07-15 10:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-12 20:34 - 2015-07-15 10:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-12 20:34 - 2015-07-15 10:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-12 20:34 - 2015-07-15 10:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-12 20:34 - 2015-07-15 10:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-12 20:34 - 2015-07-15 10:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 09:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-12 20:34 - 2015-07-15 09:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-12 20:34 - 2015-07-15 09:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-12 20:34 - 2015-07-15 09:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-12 20:34 - 2015-07-15 09:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-12 20:34 - 2015-07-15 09:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 09:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 09:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 09:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 20:33 - 2015-07-28 13:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 20:33 - 2015-07-28 13:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 20:33 - 2015-07-28 13:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 20:33 - 2015-07-28 13:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 20:33 - 2015-07-28 13:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 20:33 - 2015-07-28 13:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 20:33 - 2015-07-28 13:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 20:33 - 2015-07-28 12:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 20:33 - 2015-07-10 10:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 20:33 - 2015-07-10 10:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-12 20:33 - 2015-07-10 10:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 20:33 - 2015-07-10 10:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-12 20:33 - 2015-07-10 10:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-12 20:33 - 2015-07-10 10:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-12 20:31 - 2015-07-14 20:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 20:30 - 2015-07-30 11:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 20:30 - 2015-07-30 11:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 20:30 - 2015-07-30 11:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 20:30 - 2015-07-30 11:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-12 20:30 - 2015-07-30 11:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 20:30 - 2015-07-30 11:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-12 20:30 - 2015-07-30 11:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-12 20:30 - 2015-07-30 10:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-12 20:30 - 2015-07-30 10:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 20:30 - 2015-07-30 10:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-12 20:30 - 2015-07-30 10:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-12 20:30 - 2015-07-30 10:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-12 20:30 - 2015-07-30 10:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-12 20:30 - 2015-07-30 09:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 20:30 - 2015-07-30 09:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 20:30 - 2015-07-30 09:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-12 20:30 - 2015-07-20 17:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-12 20:30 - 2015-07-20 17:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-12 20:30 - 2015-07-20 11:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 20:30 - 2015-07-20 11:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 20:30 - 2015-07-20 11:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 20:30 - 2015-07-20 11:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 20:30 - 2015-07-20 11:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 20:30 - 2015-07-20 11:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 20:30 - 2015-07-20 11:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 20:30 - 2015-07-20 11:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 20:30 - 2015-07-20 11:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 20:30 - 2015-07-20 11:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 20:30 - 2015-07-20 11:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 20:30 - 2015-07-20 10:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-12 20:30 - 2015-07-20 10:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-12 20:30 - 2015-07-20 10:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-12 20:30 - 2015-07-20 10:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-12 20:30 - 2015-07-20 10:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-12 20:30 - 2015-07-16 14:14 - 25192448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-12 20:30 - 2015-07-16 13:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-12 20:30 - 2015-07-16 13:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-12 20:30 - 2015-07-16 13:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-12 20:30 - 2015-07-16 13:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 20:30 - 2015-07-16 13:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 20:30 - 2015-07-16 13:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-12 20:30 - 2015-07-16 13:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 20:30 - 2015-07-16 13:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-12 20:30 - 2015-07-16 13:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 20:30 - 2015-07-16 13:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 20:30 - 2015-07-16 13:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-12 20:30 - 2015-07-16 13:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 20:30 - 2015-07-16 13:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 20:30 - 2015-07-16 13:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-12 20:30 - 2015-07-16 13:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 20:30 - 2015-07-16 13:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-12 20:30 - 2015-07-16 13:20 - 19870208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-12 20:30 - 2015-07-16 13:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-12 20:30 - 2015-07-16 13:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 20:30 - 2015-07-16 13:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-12 20:30 - 2015-07-16 13:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 20:30 - 2015-07-16 12:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-12 20:30 - 2015-07-16 12:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 20:30 - 2015-07-16 12:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-12 20:30 - 2015-07-16 12:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 20:30 - 2015-07-16 12:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-12 20:30 - 2015-07-16 12:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-12 20:30 - 2015-07-16 12:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-12 20:30 - 2015-07-16 12:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-12 20:30 - 2015-07-16 12:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-12 20:30 - 2015-07-16 12:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-12 20:30 - 2015-07-16 12:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-12 20:30 - 2015-07-16 12:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-12 20:30 - 2015-07-16 12:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-12 20:30 - 2015-07-16 12:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-12 20:30 - 2015-07-16 12:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-12 20:30 - 2015-07-16 12:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 20:30 - 2015-07-16 12:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-12 20:30 - 2015-07-16 12:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 20:30 - 2015-07-16 12:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-12 20:30 - 2015-07-16 12:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 20:30 - 2015-07-16 12:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-12 20:30 - 2015-07-16 12:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-12 20:30 - 2015-07-16 12:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-12 20:30 - 2015-07-16 12:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-12 20:30 - 2015-07-16 12:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-12 20:30 - 2015-07-16 12:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-12 20:30 - 2015-07-16 12:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 20:30 - 2015-07-16 12:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-12 20:30 - 2015-07-16 12:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-12 20:30 - 2015-07-16 12:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-12 20:30 - 2015-07-16 12:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-12 20:30 - 2015-07-16 12:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 20:30 - 2015-07-16 11:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-12 20:30 - 2015-07-16 11:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-12 20:30 - 2015-07-16 11:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-12 20:30 - 2015-07-16 11:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-12 20:30 - 2015-07-14 20:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 20:30 - 2015-07-14 20:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 20:30 - 2015-07-14 20:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-12 20:30 - 2015-07-14 20:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 20:30 - 2015-07-14 19:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-12 20:30 - 2015-07-14 19:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-12 20:30 - 2015-07-14 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-12 20:30 - 2015-07-14 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-12 20:30 - 2015-07-10 10:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 20:30 - 2015-07-10 10:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-12 20:30 - 2015-07-09 10:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 20:30 - 2015-07-09 10:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 20:30 - 2015-07-09 10:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 20:30 - 2015-07-01 13:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 20:30 - 2015-07-01 13:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 20:30 - 2015-07-01 13:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 20:30 - 2015-07-01 13:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-12 20:28 - 2015-05-09 11:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-11 07:42 - 2015-08-11 07:42 - 02870566 _____ C:\Users\swag daddy\Desktop\Constitution Committee Questions regarding P-4-F14 (6 units).pptx
2015-08-09 13:08 - 2015-08-09 13:08 - 00000000 ____D C:\Users\swag daddy\Desktop\iphone
2015-08-09 10:29 - 2015-08-09 10:29 - 00000165 _____ C:\Users\swag daddy\Desktop\~$Canada College recruiting powerpoint good one.pptx
2015-08-09 09:24 - 2015-08-09 12:30 - 00000000 ____D C:\Users\swag daddy\AppData\Local\043F316A-FA56-4773-82D5-DFA1C212D4F1.aplzod
2015-08-09 09:19 - 2015-08-18 23:24 - 00000000 ___RD C:\Users\swag daddy\iCloudDrive
2015-08-09 09:16 - 2015-08-09 09:16 - 00000000 ____D C:\Users\swag daddy\Documents\Outlook Files
2015-08-08 18:47 - 2015-08-08 18:47 - 00002371 _____ C:\Users\swag daddy\Desktop\Safe Money.lnk
2015-08-08 18:46 - 2015-08-08 18:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2015-08-08 18:46 - 2015-08-08 18:45 - 00002111 _____ C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2015-08-08 18:44 - 2015-08-24 19:10 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-08-08 18:44 - 2015-08-08 18:44 - 00000000 ____D C:\Windows\ELAMBKUP
2015-08-08 18:44 - 2015-08-08 18:44 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-08-08 18:44 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-08-08 18:43 - 2015-07-04 02:18 - 00227000 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2015-08-08 18:43 - 2015-06-30 01:05 - 00931000 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-08-08 18:43 - 2015-06-30 01:05 - 00171192 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-08-08 18:37 - 2015-08-08 18:37 - 01728112 _____ (Kaspersky Lab) C:\Users\swag daddy\Desktop\kts16.0.0.614en_8244.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-24 20:57 - 2012-10-07 20:36 - 00000000 ____D C:\Users\swag daddy\Downloads\music3
2015-08-24 20:52 - 2011-08-30 20:56 - 00499500 _____ C:\Windows\PFRO.log
2015-08-24 20:41 - 2012-04-13 20:06 - 00000000 ____D C:\ProgramData\Yahoo!
2015-08-24 20:41 - 2012-04-13 20:04 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-08-24 20:40 - 2012-04-13 20:06 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2015-08-24 19:55 - 2012-05-07 18:49 - 00000000 ____D C:\Program Files (x86)\Rising
2015-08-24 19:53 - 2012-12-07 18:58 - 00000000 ____D C:\Users\swag daddy\AppData\Local\K7 Computing
2015-08-24 19:53 - 2012-12-07 18:57 - 00000000 ____D C:\ProgramData\K7 Computing
2015-08-24 19:52 - 2015-04-13 21:03 - 00000142 _____ C:\Windows\K7TSUsrInfo.dat
2015-08-24 19:13 - 2009-07-13 21:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-24 19:13 - 2009-07-13 21:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-24 19:12 - 2013-08-26 23:10 - 00000000 ____D C:\Users\swag daddy\AppData\Roaming\Spotify
2015-08-24 19:09 - 2012-12-28 10:02 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-24 19:09 - 2011-08-28 15:00 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-24 19:09 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-24 19:09 - 2009-07-13 21:51 - 00074390 _____ C:\Windows\setupact.log
2015-08-23 21:02 - 2009-07-13 19:34 - 00000215 _____ C:\Windows\system.ini
2015-08-23 00:57 - 2014-11-27 10:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-22 21:26 - 2011-08-28 12:47 - 01614073 _____ C:\Windows\WindowsUpdate.log
2015-08-22 21:25 - 2012-08-23 21:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-22 21:22 - 2011-08-30 15:33 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-19 10:26 - 2013-06-23 15:36 - 00001973 _____ C:\Users\Public\Desktop\Canon My Printer.lnk
2015-08-19 00:11 - 2011-08-28 13:04 - 00000000 ____D C:\Users\swag daddy
2015-08-18 23:25 - 2012-03-04 18:42 - 00000000 ___RD C:\Users\swag daddy\Dropbox
2015-08-18 23:25 - 2012-03-04 18:39 - 00000000 ____D C:\Users\swag daddy\AppData\Roaming\Dropbox
2015-08-18 23:24 - 2013-11-15 13:40 - 00000000 ___RD C:\Users\swag daddy\Google Drive
2015-08-18 23:09 - 2012-10-02 18:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-18 23:01 - 2011-08-30 15:21 - 00000000 ____D C:\Users\swag daddy\AppData\Roaming\Skype
2015-08-18 21:52 - 2015-07-21 08:42 - 00000938 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3500353208-2455046699-3851492630-1000UA.job
2015-08-18 21:37 - 2014-04-09 11:55 - 00000592 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3500353208-2455046699-3851492630-1000.job
2015-08-18 21:36 - 2012-04-13 20:01 - 00000926 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3500353208-2455046699-3851492630-1000Core.job
2015-08-18 21:28 - 2012-04-13 20:01 - 00000948 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3500353208-2455046699-3851492630-1000UA.job
2015-08-18 21:25 - 2015-06-11 12:38 - 00000688 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3500353208-2455046699-3851492630-1000.job
2015-08-18 09:00 - 2013-10-19 17:13 - 00002042 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-08-18 09:00 - 2013-10-19 17:13 - 00002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-08-18 09:00 - 2013-10-19 17:13 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-08-18 09:00 - 2013-10-19 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-08-13 21:26 - 2009-07-13 22:13 - 00786460 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-13 21:21 - 2012-05-14 18:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 21:21 - 2012-05-14 18:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-13 21:21 - 2009-07-13 21:45 - 00425808 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-13 21:18 - 2014-12-12 17:32 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-13 21:18 - 2014-05-10 13:29 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-13 21:01 - 2009-07-13 19:34 - 00000478 _____ C:\Windows\win.ini
2015-08-13 20:59 - 2012-05-14 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 20:49 - 2013-08-13 10:38 - 00000000 ____D C:\Windows\system32\MRT
2015-08-13 20:38 - 2015-07-21 08:42 - 00000886 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3500353208-2455046699-3851492630-1000Core.job
2015-08-13 20:31 - 2011-08-29 20:47 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-12 20:08 - 2011-08-30 15:21 - 00000000 ____D C:\ProgramData\Skype
2015-08-12 20:07 - 2012-09-20 06:33 - 00000000 ____D C:\Users\swag daddy\AppData\Local\Akamai
2015-08-12 20:04 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-08-11 07:52 - 2015-07-10 06:39 - 00000000 ____D C:\$Windows.~BT
2015-08-10 17:57 - 2011-08-28 13:40 - 00000000 ____D C:\Windows\Panther
2015-08-10 17:17 - 2015-06-11 12:38 - 00003732 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-3500353208-2455046699-3851492630-1000
2015-08-10 17:17 - 2014-04-09 11:55 - 00003636 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3500353208-2455046699-3851492630-1000
2015-08-09 13:26 - 2012-06-09 14:29 - 00000000 ____D C:\Users\swag daddy\AppData\Local\Apple
2015-08-09 11:23 - 2012-12-28 10:02 - 00002259 _____ C:\Users\swag daddy\Desktop\Google Chrome.lnk
2015-08-09 09:19 - 2014-12-26 23:01 - 00000000 ____D C:\Users\swag daddy\AppData\Local\Apple Inc
2015-08-09 08:44 - 2012-10-05 17:31 - 00000000 ____D C:\Users\swag daddy\AppData\Local\Apple Computer
2015-08-08 21:59 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2015-07-26 15:54 - 2015-04-09 21:10 - 00000000 ___SD C:\Windows\system32\GWX
 
==================== Files in the root of some directories =======
 
2011-12-06 10:23 - 2011-12-15 09:48 - 0007597 _____ () C:\Users\swag daddy\AppData\Local\Resmon.ResmonCfg
2012-03-07 10:27 - 2012-03-07 10:27 - 0017408 _____ () C:\Users\swag daddy\AppData\Local\WebpageIcons.db
2012-09-05 08:29 - 2012-09-05 08:29 - 0000160 _____ () C:\ProgramData\-0fdpgCiV0pOdGL
2012-09-05 08:29 - 2012-09-05 08:29 - 0000184 _____ () C:\ProgramData\-0fdpgCiV0pOdGLr
2012-09-05 08:29 - 2012-09-05 08:29 - 0000368 _____ () C:\ProgramData\0fdpgCiV0pOdGL
2015-04-13 21:09 - 2015-04-15 14:53 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Some files in TEMP:
====================
C:\Users\swag daddy\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-12 21:51
 
==================== End of FRST.txt =====================


#10 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 PM

Posted 25 August 2015 - 06:04 PM

Hello jamestennis951,
 

Also I couldnt unistall Rising Software Deployment System
Strongvault Online Backup because it wasnt on the programs list.

Rising Software Deployment System doesn't appear to be on your computer anymore.  After running the fix below, Strongvault should appear in your program list.  If you are unable to remove it, let me know.


Please answer the following questions..

  • Did you make the following firewall rule?  It denies Dropbox access to the internet.

    FirewallRules: [TCP Query User{FA230E36-BAF5-49DE-A0C9-CD4972C01EDE}C:\users\swag daddy\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\swag daddy\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [UDP Query User{A263B672-5DFD-472F-93BD-73DB5116114C}C:\users\swag daddy\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\swag daddy\appdata\roaming\dropbox\bin\dropbox.exe


I need you to run a fix..



  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
  • Copy/Paste the contents of the code box below into Notepad.
HKLM\...\Run: [InstallerLauncher] => "C:\Users\SWAGDA~1\AppData\Local\Temp\GZ_INSTALL_0\setuplauncher.exe" /run:"C:\Users\SWAGDA~1\AppData\Local\Temp\GZ_INSTALL_0\Installer.exe" <===== ATTENTION
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\RunOnce: [] => [X]
ShellIconOverlayIdentifiers: [K7BkOLIExcluded] -> {4143799A-96D3-41DE-9C26-D1B638AD9B9A} => C:\Program Files (x86)\K7 Computing\K7TSecurity\K7BkOLI64.dll No File
ShellIconOverlayIdentifiers: [K7BkOLINotBacked] -> {5DE40518-4F5F-4608-8E71-AA04AD942FC2} => C:\Program Files (x86)\K7 Computing\K7TSecurity\K7BkOLI64.dll No File
ShellIconOverlayIdentifiers: [K7BkOverlayIcon] -> {695C4C7E-8140-4CF1-A586-870C5945E1C7} => C:\Program Files (x86)\K7 Computing\K7TSecurity\K7BkOLI64.dll No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: PDFLite Toolbar - C:\Users\swag daddy\AppData\Roaming\Mozilla\Firefox\Profiles\7g7m1d8w.default\Extensions\{7C8ACEEB-B1D8-43cc-A387-DA838515368D} [2011-11-07]
S3 AhnFlt2K; \??\C:\Windows\system32\drivers\AhnFlt2K.sys [X]
S3 AhnRec2K; \??\C:\Windows\system32\drivers\AhnRec2K.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
CustomCLSID: HKU\S-1-5-21-3500353208-2455046699-3851492630-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\swag daddy\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll No File
Task: {4F43907C-9160-4B34-94E6-C70082EBE6E9} - \Scheduled Update for Ask Toolbar -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:63238B95
FirewallRules: [{75D5CEB0-B3AB-4EB5-B540-E8E7833D4F50}] => (Allow) C:\Program Files\AhnLab\V3IS80\V3Proxy.ahn
FirewallRules: [{C94000A4-CC5C-406B-AA3C-5E4622E43A90}] => (Allow) C:\Program Files\AhnLab\V3IS80\V3Proxy.ahn
FirewallRules: [{3CAC213F-F4EE-46FB-94A1-7AD02E70DB06}] => (Allow) C:\Program Files\AhnLab\V3IS80\V3Proxy.ahn
FirewallRules: [{97CA3EEE-E1B7-4471-98D8-F05F5DA411FB}] => (Allow) C:\Program Files\AhnLab\V3IS80\V3Proxy.ahn
Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION
2015-08-24 19:55 - 2012-05-07 18:49 - 00000000 ____D C:\Program Files (x86)\Rising
C:\System Volume Information\SystemRestore\FRStaging\$Recycle.Bin\S-1-5-21-3500353208-2455046699-3851492630-1000\$R7W5WQ8.exe"
C:\Users\swag daddy\AppData\Local\Temp\dllnt_dump.dll
C:\Windows\Installer\195ad2.msi

Hosts:
EmptyTemp:
CMD: ipconfig /flushdns
CreateRestorePoint:
  •  
  • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system



  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log


Adwcleaner


  • Please download AdwCleaner to you Desktop from here.
  • Close all your programs and right-click AdwCleaner.exe and select Run as administrator.
  • Click on Scan.
  • After the scan is over, select Logfile.
  • A notepad window will open.  Please copy/paste the contents in your next reply.
    Note: do not select Cleaning at this point


I need you to run a search..


  • Please download System look to your desktop.
  • Right-click on SystemLook_x64.exe and select Run as administrator.
  • A window will open.  Copy/paste the following inside the window:
    
    :filefind
    
    *babylon*
    
    *Bandoo*
    
    *CleverSearch*
    
    *conduit*
    
    *datamngr*
    
    *Fun4IM*
    
    *iLivid*
    
    *kelkoopartners*
    
    *Lucky Searches*
    
    *Luckysearches*
    
    *QuickSurf*
    
    *Searchnu*
    
    *Searchqu*
    
    *SharkManCoupon*
    
    *sushileads*
    
    *SweetIM*
    
    *SweetPacks*
    
    *TidyNetwork*
    
    *trolltech*
    
    *whitesmoke*
    
    *Wordinator*
    
    *WordSurfer*
    
    
    
    :folderfind
    
    *babylon*
    
    *Bandoo*
    
    *CleverSearch*
    
    *conduit*
    
    *datamngr*
    
    *Fun4IM*
    
    *iLivid*
    
    *kelkoopartners*
    
    *Lucky Searches*
    
    *Luckysearches*
    
    *QuickSurf*
    
    *Searchnu*
    
    *Searchqu*
    
    *SharkManCoupon*
    
    *sushileads*
    
    *SweetIM*
    
    *SweetPacks*
    
    *TidyNetwork*
    
    *trolltech*
    
    *whitesmoke*
    
    *Wordinator*
    
    *WordSurfer*
    
    
    
    :Regfind
    
    babylon
    
    Bandoo
    
    CleverSearch
    
    conduit
    
    datamngr
    
    Fun4IM
    
    iLivid
    
    kelkoopartners
    
    Lucky Searches
    
    Luckysearches
    
    QuickSurf
    
    Searchnu
    
    Searchqu
    
    SharkManCoupon
    
    sushileads
    
    SweetIM
    
    SweetPacks
    
    TidyNetwork
    
    trolltech
    
    whitesmoke
    
    Wordinator
    
    WordSurfer
    
    
  • Select Look and the scan will start.
  • After the scan is finished a window will open.  Please post the content in your next reply.

Please give me an update on your computer's behaviour.

-----------------------------------------
In your next reply, I would like to see..


  • Answer to my question.
  • Were you able to remove Strongvault Online Backup?
  • fixlog.txt
  • AdwCleaner scan results
  • System Look log
    Please post everything in the order given.

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#11 jamestennis951

jamestennis951
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 25 August 2015 - 11:28 PM

I did not authorize blocking dropbox.

 

I deleted the strong vault but i couldnt delete or see Rising Software Deployment System

 

Fix result of Farbar Recovery Scan Tool (x64) Version:24-08-2015
Ran by swag daddy (2015-08-25 20:38:02) Run:1
Running from C:\Users\swag daddy\Desktop
Loaded Profiles: swag daddy (Available Profiles: swag daddy & UpdatusUser)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
HKLM\...\Run: [InstallerLauncher] => "C:\Users\SWAGDA~1\AppData\Local\Temp\GZ_INSTALL_0\setuplauncher.exe" /run:"C:\Users\SWAGDA~1\AppData\Local\Temp\GZ_INSTALL_0\Installer.exe" <===== ATTENTION
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\RunOnce: [] => [X]
ShellIconOverlayIdentifiers: [K7BkOLIExcluded] -> {4143799A-96D3-41DE-9C26-D1B638AD9B9A} => C:\Program Files (x86)\K7 Computing\K7TSecurity\K7BkOLI64.dll No File
ShellIconOverlayIdentifiers: [K7BkOLINotBacked] -> {5DE40518-4F5F-4608-8E71-AA04AD942FC2} => C:\Program Files (x86)\K7 Computing\K7TSecurity\K7BkOLI64.dll No File
ShellIconOverlayIdentifiers: [K7BkOverlayIcon] -> {695C4C7E-8140-4CF1-A586-870C5945E1C7} => C:\Program Files (x86)\K7 Computing\K7TSecurity\K7BkOLI64.dll No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: PDFLite Toolbar - C:\Users\swag daddy\AppData\Roaming\Mozilla\Firefox\Profiles\7g7m1d8w.default\Extensions\{7C8ACEEB-B1D8-43cc-A387-DA838515368D} [2011-11-07]
S3 AhnFlt2K; \??\C:\Windows\system32\drivers\AhnFlt2K.sys [X]
S3 AhnRec2K; \??\C:\Windows\system32\drivers\AhnRec2K.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
CustomCLSID: HKU\S-1-5-21-3500353208-2455046699-3851492630-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\swag daddy\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll No File
Task: {4F43907C-9160-4B34-94E6-C70082EBE6E9} - \Scheduled Update for Ask Toolbar -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:63238B95
FirewallRules: [{75D5CEB0-B3AB-4EB5-B540-E8E7833D4F50}] => (Allow) C:\Program Files\AhnLab\V3IS80\V3Proxy.ahn
FirewallRules: [{C94000A4-CC5C-406B-AA3C-5E4622E43A90}] => (Allow) C:\Program Files\AhnLab\V3IS80\V3Proxy.ahn
FirewallRules: [{3CAC213F-F4EE-46FB-94A1-7AD02E70DB06}] => (Allow) C:\Program Files\AhnLab\V3IS80\V3Proxy.ahn
FirewallRules: [{97CA3EEE-E1B7-4471-98D8-F05F5DA411FB}] => (Allow) C:\Program Files\AhnLab\V3IS80\V3Proxy.ahn
Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION
2015-08-24 19:55 - 2012-05-07 18:49 - 00000000 ____D C:\Program Files (x86)\Rising
C:\System Volume Information\SystemRestore\FRStaging\$Recycle.Bin\S-1-5-21-3500353208-2455046699-3851492630-1000\$R7W5WQ8.exe"
C:\Users\swag daddy\AppData\Local\Temp\dllnt_dump.dll
C:\Windows\Installer\195ad2.msi
 
Hosts:
EmptyTemp:
CMD: ipconfig /flushdns
CreateRestorePoint:
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\InstallerLauncher => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\ => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\K7BkOLIExcluded" => key removed successfully
"HKCR\CLSID\{4143799A-96D3-41DE-9C26-D1B638AD9B9A}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\K7BkOLINotBacked" => key removed successfully
"HKCR\CLSID\{5DE40518-4F5F-4608-8E71-AA04AD942FC2}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\K7BkOverlayIcon" => key removed successfully
"HKCR\CLSID\{695C4C7E-8140-4CF1-A586-870C5945E1C7}" => key removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\swag daddy\AppData\Roaming\Mozilla\Firefox\Profiles\7g7m1d8w.default\Extensions\{7C8ACEEB-B1D8-43cc-A387-DA838515368D} => moved successfully
C:\Users\swag daddy\AppData\Roaming\Mozilla\Firefox\Profiles\7g7m1d8w.default\Extensions\{7C8ACEEB-B1D8-43cc-A387-DA838515368D} => path removed successfullyAhnFlt2K => service removed successfully
AhnRec2K => service removed successfully
catchme => service removed successfully
"HKU\S-1-5-21-3500353208-2455046699-3851492630-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F43907C-9160-4B34-94E6-C70082EBE6E9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F43907C-9160-4B34-94E6-C70082EBE6E9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar" => key removed successfully
C:\ProgramData\TEMP => ":63238B95" ADS removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{75D5CEB0-B3AB-4EB5-B540-E8E7833D4F50} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C94000A4-CC5C-406B-AA3C-5E4622E43A90} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3CAC213F-F4EE-46FB-94A1-7AD02E70DB06} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{97CA3EEE-E1B7-4471-98D8-F05F5DA411FB} => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5E33D30D-D896-4D92-B033-5F45819B2937}\\SystemComponent => value removed successfully
C:\Program Files (x86)\Rising => moved successfully
C:\System Volume Information\SystemRestore\FRStaging\$Recycle.Bin\S-1-5-21-3500353208-2455046699-3851492630-1000\$R7W5WQ8.exe => moved successfully
C:\Users\swag daddy\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Windows\Installer\195ad2.msi => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
Error: Restore point can only be created in normal mode.
EmptyTemp: => 1021.1 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 20:42:54 ====
 
 
 
# AdwCleaner v5.002 - Logfile created 25/08/2015 at 20:58:58
# Updated 18/08/2015 by Xplode
# Database : 2015-08-25.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : swag daddy - SWAGDADDY-PC
# Running from : C:\Users\swag daddy\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\ProgramData\Yahoo! Companion
Folder Found : C:\ProgramData\Rising
Folder Found : C:\Users\swag daddy\AppData\LocalLow\Yahoo! Companion
Folder Found : C:\Users\swag daddy\AppData\Roaming\Mozilla\Firefox\Profiles\7g7m1d8w.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found : C:\Users\swag daddy\AppData\Roaming\Mozilla\Firefox\Profiles\7g7m1d8w.default\Extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
 
***** [ Files ] *****
 
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKCU\Software\pc optimizer pro
Key Found : HKLM\SOFTWARE\W3I
Key Found : [x64] HKCU\Software\pc optimizer pro
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
 
***** [ Web browsers ] *****
 
[C:\Users\swag daddy\AppData\Roaming\Mozilla\Firefox\Profiles\7g7m1d8w.default\prefs.js] [Preference] Found : user_pref("{7C8ACEEB-B1D8-43cc-A387-DA838515368D}.startpage", "amns.startnow.com");
[C:\Users\swag daddy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Found : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}","usage_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"n","commands":{},"creation_flags":1,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":false,"install_time":"13014067779687156","location":5,"manifest":{"app":{"launch":{"web_url":"hxxps://chrome.google.com/webstore"},"urls":["hxxps://chrome.google.com/webstore"]},"description":"Chrome Web Store","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Store","permissions":["webstorePrivate","management"],"version":"0.2"},"page_ordinal":"n","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\27.0.1453.94\\resources\\web_store","was_installed_by_default":false},"apdfllckaahabafndbhieahigkjlhalf":{"ack_external":true,"active_permissions":{"api":["background","clipboardRead","clipboardWrite","notifications","unlimitedStorage"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["background","clipboardRead","clipboardWrite","notifications","unlimitedStorage"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13081637988796808","lastpingday":"13084873199616230","location":1,"manifest":{"app":{"launch":{"web_url":"hxxps://drive.google.com/?usp=chrome_app"},"urls":["hxxp://docs.google.com/","hxxp://drive.google.com/","hxxps://docs.google.com/","hxxps://drive.google.com/"]},"background":{"allow_js_access":false},"current_locale":"en_US","default_locale":"en_US","description":"Google Drive: create, share and keep all your stuff in one place.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIl5KlKwL2TSkntkpY3naLLz5jsN0YwjhZyObcTOK6Nda4Ie21KRqZau9lx5SHcLh7pE2/S9OiArb+na2dn7YK5EvH+aRXS1ec3uxVlBhqLdnleVgwgwlg5fH95I52IeHcoeK6pR4hW/Nv39GNlI/Uqk6O6GBCCsAxYrdxww9BiQIDAQAB","manifest_version":2,"name":"Google Drive","offline_enabled":true,"options_page":"hxxps://drive.google.com/settings","permissions":["background","clipboardRead","clipboardWrite","notifications","unlimitedStorage"],"update_url":"hxxps://clients2.google.com/service/update2/crx","version":"14.0"},"page_ordinal":"n","path":"apdfllckaahabafndbhieahigkjlhalf\\14.0_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"bepbmhgboaologfdajaanbcjmnhjmhfn":{"disable_reasons":1,"state":0},"blpcfgokakmgnkcojhhkbfbldkacnbeo":{"ack_external":true,"active_bit":false,"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"x","commands":{},"content_settings":[],"creation_flags":153,"events":[],"from_bookmark":true,"from_webstore":true,"granted_permissions":{"api":[],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13067495227472596","last_active_pingday":"13004265614247279","lastpingday":"13084873199616230","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxp://www.youtube.com/?feature=ytca"},"web_content":{"enabled":true,"origin":"hxxp://www.youtube.com"}},"current_locale":"en_US","default_locale":"en","description":"The world's most popular online video community.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB","manifest_version":2,"name":"YouTube","update_url":"hxxp://clients2.google.com/service/update2/crx","version":"4.2.7"},"page_ordinal":"n","path":"blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.7_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"cfhdojbkjhnklbpkdaibdccddilifddb":{"active_permissions":{"api":["contextMenus","notifications","storage","tabs","unlimitedStorage","webNavigation","webRequest","webRequestBlocking"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"manifest_permissions":[],"scriptable_host":["hxxp://*/*","hxxps://*/*"]},"commands":{},"content_settings":[],"creation_flags":9,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["contextMenus","notifications","tabs","unlimitedStorage","webNavigation","webRequest","webRequestBlocking","webRequestInternal"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"scriptable_host":["hxxp://*/*","hxxps://*/*"]},"has_declarative_rules":{"declarativeContent":{"onPageChanged":false},"declarativeWebRequest":{"onRequest":false}},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13081638030666189","lastpingday":"13084873199616230","location":1,"manifest":{"background":{"scripts":["ext/common.js","ext/background.js","lib/compat.js","lib/info.js","lib/adblockplus.js","lib/punycode.js","lib/publicSuffixList.js","lib/sha1.js","lib/jsbn.js","lib/rsa.js","webrequest.js","messageResponder.js","popupBlocker.js","background.js"]},"browser_action":{"default_icon":{"19":"icons/abp-19.png","38":"icons/abp-38.png"},"default_popup":"popup.html","default_title":"Adblock Plus"},"content_scripts":[{"all_frames":true,"js":["ext/common.js","ext/content.js","include.preload.js"],"match_about_blank":true,"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_start"},{"all_frames":true,"js":["include.postload.js"],"match_about_blank":true,"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_end"}],"current_locale":"en_US","default_locale":"en_US","description":"Used by over 50 million people, a free ad blocker for Chrome that blocks ALL annoying ads, malware and tracking.","icons":{"128":"icons/detailed/abp-128.png","16":"icons/abp-16.png","32":"icons/abp-32.png","48":"icons/detailed/abp-48.png","64":"icons/detailed/abp-64.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxGWIIBRUVzQIXITqE6+js1FA24fsZC58G0fxcO1Duwfps+9gip5tedTziErKEpeAQVkgasdT4kk+b6Lw27yp3oysAj6zD9j+j4W+EMArTXqMIc6SMYD7Z8bPcwPb3tC1MUxMSpO6oOVpFE23UhKe91SYnrK92nHI2cmsor5elXQIDAQAB","manifest_version":2,"minimum_chrome_version":"28.0","name":"Adblock Plus","options_page":"options.html","permissions":["tabs","hxxp://*/*","hxxps://*/*","contextMenus","webRequest","webRequestBlocking","webNavigation","storage","unlimitedStorage","notifications"],"short_name":"Adblock Plus","storage":{"managed_schema":"managed-storage-schema.json"},"update_url":"hxxps://clients2.google.com/service/update2/crx","version":"1.9.1","web_accessible_resources":["block.html"]},"path":"cfhdojbkjhnklbpkdaibdccddilifddb\\1.9.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"coobgpohoikkiipiblmjeljniedjpjpf":{"ack_external":true,"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"y","commands":{},"content_settings":[],"creation_flags":153,"events":[],"from_bookmark":true,"from_webstore":true,"granted_permissions":{"api":[],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13071986856640687","lastpingday":"13084873199616230","location":1,"manifest":{"app":{"launch":{"web_url":"hxxp://www.google.com/webhp?source=search_app"},"urls":["*://www.google.com/search","*://www.google.com/webhp","*://www.google.com/imgres"]},"current_locale":"en_US","default_locale":"en","description":"The fastest way to search the web.
 
*************************
 
C:\AdwCleaner[R1].txt - [5586 bytes] - [02/10/2012 18:57:41]
C:\AdwCleaner[R2].txt - [1034 bytes] - [03/12/2012 19:23:33]
C:\AdwCleaner[S1].txt - [6298 bytes] - [02/10/2012 18:58:39]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [14414 bytes] ##########
 
 
SystemLook 04.09.10 by jpshortstuff
Log created at 20:57 on 25/08/2015 by swag daddy
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "*babylon*"
No files found.
 
Searching for "*Bandoo*"
No files found.
 
Searching for "*CleverSearch*"
No files found.
 
Searching for "*conduit*"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1339720 bytes [23:10 07/10/2014] [23:10 07/10/2014] 372942114D93D63B052A08BA3E30C85E
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1339720 bytes [23:10 07/10/2014] [23:10 07/10/2014] 372942114D93D63B052A08BA3E30C85E
 
Searching for "*datamngr*"
No files found.
 
Searching for "*Fun4IM*"
No files found.
 
Searching for "*iLivid*"
No files found.
 
Searching for "*kelkoopartners*"
No files found.
 
Searching for "*Lucky Searches*"
No files found.
 
Searching for "*Luckysearches*"
No files found.
 
Searching for "*QuickSurf*"
No files found.
 
Searching for "*Searchnu*"
No files found.
 
Searching for "*Searchqu*"
No files found.
 
Searching for "*SharkManCoupon*"
No files found.
 
Searching for "*sushileads*"
No files found.
 
Searching for "*SweetIM*"
No files found.
 
Searching for "*SweetPacks*"
No files found.
 
Searching for "*TidyNetwork*"
No files found.
 
Searching for "*trolltech*"
No files found.
 
Searching for "*whitesmoke*"
No files found.
 
Searching for "*Wordinator*"
No files found.
 
Searching for "*WordSurfer*"
No files found.
 
========== folderfind ==========
 
Searching for "*babylon*"
No folders found.
 
Searching for "*Bandoo*"
No folders found.
 
Searching for "*CleverSearch*"
No folders found.
 
Searching for "*conduit*"
No folders found.
 
Searching for "*datamngr*"
No folders found.
 
Searching for "*Fun4IM*"
No folders found.
 
Searching for "*iLivid*"
No folders found.
 
Searching for "*kelkoopartners*"
No folders found.
 
Searching for "*Lucky Searches*"
No folders found.
 
Searching for "*Luckysearches*"
No folders found.
 
Searching for "*QuickSurf*"
No folders found.
 
Searching for "*Searchnu*"
No folders found.
 
Searching for "*Searchqu*"
No folders found.
 
Searching for "*SharkManCoupon*"
No folders found.
 
Searching for "*sushileads*"
No folders found.
 
Searching for "*SweetIM*"
No folders found.
 
Searching for "*SweetPacks*"
No folders found.
 
Searching for "*TidyNetwork*"
No folders found.
 
Searching for "*trolltech*"
No folders found.
 
Searching for "*whitesmoke*"
No folders found.
 
Searching for "*Wordinator*"
No folders found.
 
Searching for "*WordSurfer*"
No folders found.
 
========== Regfind ==========
 
Searching for "babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
 
Searching for "Bandoo"
No data found.
 
Searching for "CleverSearch"
No data found.
 
Searching for "conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"09699DDB14539164D9A2C3DD3B1EF5E9"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\09699DDB14539164D9A2C3DD3B1EF5E9]
"File"="iSyncConduit.dll"
 
Searching for "datamngr"
No data found.
 
Searching for "Fun4IM"
No data found.
 
Searching for "iLivid"
No data found.
 
Searching for "kelkoopartners"
No data found.
 
Searching for "Lucky Searches"
No data found.
 
Searching for "Luckysearches"
No data found.
 
Searching for "QuickSurf"
No data found.
 
Searching for "Searchnu"
No data found.
 
Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
 
Searching for "SharkManCoupon"
No data found.
 
Searching for "sushileads"
No data found.
 
Searching for "SweetIM"
No data found.
 
Searching for "SweetPacks"
No data found.
 
Searching for "TidyNetwork"
No data found.
 
Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3500353208-2455046699-3851492630-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-3500353208-2455046699-3851492630-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3500353208-2455046699-3851492630-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3500353208-2455046699-3851492630-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
 
Searching for "whitesmoke"
No data found.
 
Searching for "Wordinator"
No data found.
 
Searching for "WordSurfer"
No data found.
 
-= EOF =-
 
 
 


#12 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 PM

Posted 26 August 2015 - 03:58 PM

Hello jamestennis951,
 

I deleted the strong vault but i couldnt delete or see Rising Software Deployment System

The software does not appear to be on your computer anymore.  We'll double-check later with another FRST scan.  For now please perform the steps below.


Please answer the following question..


  • How is your computer behaving now?  Please be as specific as possible. 


AdwCleaner has flagged Yahoo! while running the scan.  As I mentioned before this program is considered a "Potentially Unwanted Program".  If you choose to keep it on your computer, please uncheck the following entries before cleaning with AdwCleaner:


In the "Folders" section:

  • C:\ProgramData\Yahoo! Companion
  • C:\Users\swag daddy\AppData\LocalLow\Yahoo! Companion
  • C:\Users\swag daddy\AppData\Roaming\Mozilla\Firefox\Profiles\7g7m1d8w.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
  • C:\Users\swag daddy\AppData\Roaming\Mozilla\Firefox\Profiles\7g7m1d8w.default\Extensions\staged\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

In the "Files" section:
  • C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml

In the "Registry" section:
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

 


Adwcleaner


  • Close all your programs and right-click AdwCleaner.exe and select Run as administrator.
  • Click on Scan.
  • After the scan is over, unselect the entries listed above (only if you wish to keep Yahoo!).
  • Select Cleaning.
  • Note: All programs will be closed and your computer will be rebooted, therefore I advise you to save any unsaved work.
  • A notepad window will open.  Please copy/paste the contents in your next reply.

I need you to run another fix..



  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
  • Copy/Paste the contents of the code box below into Notepad.
FirewallRules: [TCP Query User{FA230E36-BAF5-49DE-A0C9-CD4972C01EDE}C:\users\swag daddy\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\swag daddy\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{A263B672-5DFD-472F-93BD-73DB5116114C}C:\users\swag daddy\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\swag daddy\appdata\roaming\dropbox\bin\dropbox.exe
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_USERS\S-1-5-21-3500353208-2455046699-3851492630-1000\Software\Trolltech]
  •  
  • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system



  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log


-----------------------------------------
In your next reply, I would like to see..

  • Update on your computer's behaviour.
  • AdwCleaner log
  • fixlog.txt
    Please post everything in the order given.

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#13 jamestennis951

jamestennis951
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 26 August 2015 - 11:32 PM

I ran adwarecleaner and deleted all of the above but i did not save the log and lost it when I used FRST64.

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:24-08-2015
Ran by swag daddy (2015-08-26 21:24:03) Run:2
Running from C:\Users\swag daddy\Desktop
Loaded Profiles: swag daddy (Available Profiles: swag daddy & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
FirewallRules: [TCP Query User{FA230E36-BAF5-49DE-A0C9-CD4972C01EDE}C:\users\swag daddy\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\swag daddy\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{A263B672-5DFD-472F-93BD-73DB5116114C}C:\users\swag daddy\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\swag daddy\appdata\roaming\dropbox\bin\dropbox.exe
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension
Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_USERS\S-1-5-21-3500353208-2455046699-3851492630-1000\Software\Trolltech]
*****************

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FA230E36-BAF5-49DE-A0C9-CD4972C01EDE}C:\users\swag daddy\appdata\roaming\dropbox\bin\dropbox.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{A263B672-5DFD-472F-93BD-73DB5116114C}C:\users\swag daddy\appdata\roaming\dropbox\bin\dropbox.exe => value removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} => key removed successfully
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension => could not removekey.: incorrect path.
Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}] => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63} => key not found.
HKEY_CURRENT_USER\Software\Trolltech => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_CURRENT_USER\Software\Trolltech => key removed successfully
HKEY_USERS\S-1-5-21-3500353208-2455046699-3851492630-1000\Software\Trolltech => key not found.

==== End of Fixlog 21:24:27 ====

 

 

My computer is letting me run .exe files but will not let me open my google chrome



#14 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 308 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:26 PM

Posted 27 August 2015 - 10:52 AM

Hello jamestennis951,
 

I ran adwarecleaner and deleted all of the above but i did not save the log and lost it when I used FRST64.

No problem.  If you navigate to the following location:

C:\AdwCleaner

You will find a file AdwCleaner[SX].txt (X is the number of times that a fix was done using AdwCleaner).  If you have any doubts, you can look at the time stamp in the first line of the log.
 

My computer is letting me run .exe files but will not let me open my google chrome

Your Chrome browser is most likely corrupted.  In the following steps we will remove and re-install Chrome therefore I advise you to backup your bookmarks first.  

To backup your bookmarks, please do the following..

  • Open the Start Menu and copy/paste or type the following:

    %LOCALAPPDATA%\Google\Chrome\User Data\Default

  • Press Enter.
  • Locate the file named Bookmarks or bookmarks.bak and copy it to your desktop.


If you were unable to perform the steps outlined above, STOP and let me know!


Removing a program in Windows 7


  • Click the Star Menu and select Control Panel.
  • Click Programs, then Programs and Features.
  • Select the following programs:

    Google Chrome

  • Select Uninstall.
  • Ensure that Also delete your browsing data? is checked.
  • Click Uninstall.
  • Answer any questions attentively.
  • When the process is finished, please restart your computer.


To re-install Google Chrome, please do the following..


  • Click on the following link: Google Chrome.
  • Read the Terms of Service and select Accept and Install.
  • Save ChromeSetup.exe to your desktop.
  • Go to your desktop and right-click on ChromeSetup.exe and select Run as administrator.
  • Google Chrome will then install itself.
  • When the process is over, Chrome will open.


Do not re-intall your bookmarks and personal stuff right away!  Try using Chrome on its own first and ONLY if you don't run into any issues then you can re-install them.  Let me know if Chrome works in your next post.


Skip this step if you are experiencing difficulties with Chrome after it has been re-installed.  To reinstall your bookmarks, copy/paste the Bookmarks file, located on your desktop, to the following location:


%LOCALAPPDATA%\Google\Chrome\User Data\Default



I would like to get a fresh FRST scan.  Please run the scan in Normal mode rather than Safe Mode.


  • Right-click on FRST64.exe and select Run as administrator.
  • Ensure that Addition.txt is checked.
  • Select Scan.
  • When the scan is over two windows will open, FRST.txt and Addition.txt.
  • Please post the contents of both logs in your next reply.


-----------------------------------------
In your next reply, I would like to see..

  • Are you able to open Chrome?
  • AdwCleaner log
  • FRST.txt
  • Addition.txt
    Please post everything in the order given.

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#15 jamestennis951

jamestennis951
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 27 August 2015 - 11:36 AM

# AdwCleaner v5.002 - Logfile created 26/08/2015 at 21:27:54
# Updated 18/08/2015 by Xplode
# Database : 2015-08-25.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : swag daddy - SWAGDADDY-PC
# Running from : C:\Users\swag daddy\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[C:\Users\swag daddy\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\swag daddy\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
 
*************************
 
C:\AdwCleaner[R1].txt - [5586 bytes] - [02/10/2012 18:57:41]
C:\AdwCleaner[R2].txt - [1034 bytes] - [03/12/2012 19:23:33]
C:\AdwCleaner[S1].txt - [6298 bytes] - [02/10/2012 18:58:39]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [973 bytes] #
 
google chrome started working again! 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-08-2015
Ran by swag daddy (2015-08-27 09:29:25)
Running from C:\Users\swag daddy\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3500353208-2455046699-3851492630-500 - Administrator - Disabled)
Guest (S-1-5-21-3500353208-2455046699-3851492630-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3500353208-2455046699-3851492630-1003 - Limited - Enabled)
swag daddy (S-1-5-21-3500353208-2455046699-3851492630-1000 - Administrator - Enabled) => C:\Users\swag daddy
UpdatusUser (S-1-5-21-3500353208-2455046699-3851492630-1001 - Limited - Enabled) => C:\Users\UpdatusUser.swagdaddy-PC
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Total Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Total Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
AIM for Windows (HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\...\AIM) (Version:  - AOL Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alienware Command Center (HKLM-x32\...\InstallShield_{FD1AE10F-163C-4D4B-9FCE-AC667AF1DC6E}) (Version: 2.8.8.0 - Alienware Corp.)
Alienware Command Center (Version: 2.8.8.0 - Alienware Corp.) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Bing Bar (HKLM-x32\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon iP2700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version:  - Canon Inc.)
Canon iP2700 series User Registration (HKLM-x32\...\Canon iP2700 series User Registration) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\...\Dropbox) (Version: 3.8.6 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
GoToMeeting 7.2.4.3164 (HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\...\GoToMeeting) (Version: 7.2.4.3164 - CitrixOnline)
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.017 - HTC Corporation)
HTC Sync (HKLM-x32\...\{D5B18B60-4FC3-42AD-A629-9CA10ACC06CD}) (Version: 3.0.5579 - HTC Corporation)
HWiNFO64 Version 4.04 (HKLM\...\HWiNFO64_is1) (Version: 4.04 - Martin Malík - REALiX)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2321 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 7 Update 7 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417007FF}) (Version: 7.0.70 - Oracle)
Java SE Development Kit 7 Update 7 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170070}) (Version: 1.7.0.70 - Oracle)
Java™ 7 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Hotmail Connector 64-bit (HKLM\...\{95140000-007A-0409-1000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit (HKLM\...\{95140000-007D-0409-1000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Store Download Manager (HKLM-x32\...\{124CA4D3-B532-4D1F-98C4-E8035DB39E2F}) (Version: 2.7.4126.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.2.5702 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
NVIDIA 3D Vision Driver 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 296.10 - NVIDIA Corporation)
NVIDIA Graphics Driver 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.10 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.16.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.16.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.7.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.11 - NVIDIA Corporation)
PDFlite 0.4 (HKLM-x32\...\PDFlite) (Version: 0.4 - PDFlite)
POWERPREP II (HKLM-x32\...\{2687340C-C114-47DC-9F0E-C1BA85FEB001}) (Version: 2.00.0000 - ETS)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6291 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.75 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.40 - Piriform)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Salling Media Sync (HKLM-x32\...\{A0E3B2AE-27BF-4A38-96C9-9B8D211661C2}) (Version: 1.2.135 - Salling Software AB)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.19.0 - Synaptics Incorporated)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.1.0 - Tweaking.com)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3500353208-2455046699-3851492630-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3500353208-2455046699-3851492630-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3500353208-2455046699-3851492630-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3500353208-2455046699-3851492630-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3500353208-2455046699-3851492630-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3500353208-2455046699-3851492630-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3500353208-2455046699-3851492630-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3500353208-2455046699-3851492630-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3500353208-2455046699-3851492630-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3500353208-2455046699-3851492630-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3500353208-2455046699-3851492630-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
12-08-2015 20:22:48 Windows Update
13-08-2015 20:26:37 Windows Update
18-08-2015 09:00:04 Windows Backup
18-08-2015 09:07:11 Windows Update
26-08-2015 20:45:50 Windows Backup
26-08-2015 20:46:45 Windows Update
26-08-2015 22:01:41 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2015-08-25 20:38 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04144171-31E2-49EB-8807-07F075987EF5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-26] (Adobe Systems Incorporated)
Task: {070FB9ED-0C79-430D-A2EB-AC8B8AC78015} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3500353208-2455046699-3851492630-1000UA => C:\Users\swag daddy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-21] (Dropbox, Inc.)
Task: {20114E75-5350-4A4E-9A10-7E46AB1208DE} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {575BCB0D-6E61-476E-8C58-EA802740CE92} - System32\Tasks\{38CD121C-895B-44AD-8C7C-679F2142A51A} => pcalua.exe -a "C:\Users\swag daddy\Downloads\esetsmartinstaller_enu.exe" -d "C:\Users\swag daddy\Downloads"
Task: {70475479-47DD-4F40-824C-1F71D9BC4F8E} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2011-08-22] ()
Task: {950C886E-C67F-4FD2-ABD8-EECC8D70657A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {961C0BC7-37D0-4BC1-9B06-5ABC736D8538} - System32\Tasks\{D300E456-E553-4345-9C95-698A63AE5A34} => pcalua.exe -a "C:\Users\swag daddy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SUJPZ18L\MicrosoftStoreDownloadmanager.exe" -d "C:\Users\swag daddy\Desktop"
Task: {AB301A90-DD7E-41C0-B8DA-EB70659FED6C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-28] (Google Inc.)
Task: {AEC7D69F-F67C-4B4D-B393-A1FCE7053554} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3500353208-2455046699-3851492630-1000Core => C:\Users\swag daddy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {B68A9FFC-10CF-44DC-9BF9-9CB125F01739} - System32\Tasks\{953A43DA-C1F5-4BA7-8368-B1617C937374} => pcalua.exe -a "C:\Users\swag daddy\Downloads\tg74pluginsetup.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {C4B05D0D-B96E-4B5F-B239-AAE0587C7680} - System32\Tasks\G2MUpdateTask-S-1-5-21-3500353208-2455046699-3851492630-1000 => C:\Users\swag daddy\AppData\Local\Citrix\GoToMeeting\3164\g2mupdate.exe [2015-08-10] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {CE4C792D-8C58-44AB-9658-6ED868AED07D} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-04-26] (Apple Inc.)
Task: {E2807F9E-AA52-4EF1-96EC-5015EC19E254} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-28] (Google Inc.)
Task: {EF26D48D-0B53-4A05-BFBB-C7500AF95D28} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3500353208-2455046699-3851492630-1000Core => C:\Users\swag daddy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-07-21] (Dropbox, Inc.)
Task: {F0E51F1E-6AE8-40B8-97C0-46A24C54A8D9} - System32\Tasks\G2MUploadTask-S-1-5-21-3500353208-2455046699-3851492630-1000 => C:\Users\swag daddy\AppData\Local\Citrix\GoToMeeting\3164\g2mupload.exe [2015-08-10] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {FC87F259-8F8B-4A6C-9AC7-085D3C5ABCFE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3500353208-2455046699-3851492630-1000UA => C:\Users\swag daddy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3500353208-2455046699-3851492630-1000Core.job => C:\Users\swag daddy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3500353208-2455046699-3851492630-1000UA.job => C:\Users\swag daddy\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3500353208-2455046699-3851492630-1000Core.job => C:\Users\swag daddy\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3500353208-2455046699-3851492630-1000UA.job => C:\Users\swag daddy\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3500353208-2455046699-3851492630-1000.job => C:\Users\swag daddy\AppData\Local\Citrix\GoToMeeting\3164\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3500353208-2455046699-3851492630-1000.job => C:\Users\swag daddy\AppData\Local\Citrix\GoToMeeting\3164\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-18 22:56 - 2015-08-18 22:55 - 01195920 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2011-11-07 14:13 - 2005-03-11 17:07 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-12 15:13 - 2011-08-12 15:13 - 00087040 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2011-08-29 19:23 - 2010-12-17 08:27 - 00703088 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2011-08-29 19:28 - 2011-03-14 08:43 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\kpcengine.2.3.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-27 07:53 - 2015-08-27 07:53 - 00098816 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\win32api.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00110080 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\pywintypes27.dll
2015-08-27 07:53 - 2015-08-27 07:53 - 00364544 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\pythoncom27.dll
2015-08-27 07:53 - 2015-08-27 07:53 - 00045568 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\_socket.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 01161216 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\_ssl.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00320512 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\win32com.shell.shell.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00713216 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\_hashlib.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 01176576 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\wx._core_.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00806400 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\wx._gdi_.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00816128 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\wx._windows_.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 01067008 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\wx._controls_.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00733184 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\wx._misc_.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00682496 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\pysqlite2._sqlite.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00087552 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\_ctypes.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00119808 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\win32file.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00108544 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\win32security.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00007168 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\hashobjs_ext.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00068096 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\usb_ext.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00167936 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\win32gui.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00018432 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\win32event.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00128512 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\_elementtree.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00127488 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\pyexpat.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00013824 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\common.time34.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00036864 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\_psutil_windows.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00038912 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\win32inet.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00011264 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\win32crypt.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00077312 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\wx._html2.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00027136 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\_multiprocessing.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00020480 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\_yappi.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00035840 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\win32process.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00686080 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\unicodedata.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00123392 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\wx._wizard.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00024064 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\win32pipe.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00010240 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\select.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00025600 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\win32pdh.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00525640 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\windows._lib_cacheinvalidation.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00017408 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\win32profile.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00022528 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\win32ts.pyd
2015-08-27 07:53 - 2015-08-27 07:53 - 00078848 _____ () C:\Users\swag daddy\AppData\Local\Temp\_MEI52242\wx._animate.pyd
2015-08-27 07:54 - 2015-08-27 07:54 - 00071168 _____ () c:\Users\swag daddy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6vmw3n.dll
2015-07-26 15:53 - 2015-08-05 13:49 - 00012800 _____ () C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 14:45 - 2015-08-05 13:49 - 00779776 _____ () C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-08-02 17:13 - 2015-08-05 13:49 - 00056320 _____ () C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-07-26 15:53 - 2015-08-05 13:49 - 00012288 _____ () C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-08-26 20:48 - 2015-08-17 22:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
2015-08-26 20:48 - 2015-08-17 22:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\swag daddy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^swag daddy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: HTC Sync Loader => "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{AA8E8908-4178-432A-99E0-3369C9E2828B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{92ECEE5E-2141-4FE2-8E3F-C6B7AA0368F5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{79282028-EA79-4EC8-B7B4-6C259CCE2677}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CB5E820D-3E19-4776-96A1-6C57ACD0585C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{83FAD357-E10B-4304-83C7-C43B87E8DD3B}] => (Allow) LPort=2869
FirewallRules: [{CFFA0B2E-AF3E-4537-BF22-9E22195A8AF9}] => (Allow) LPort=1900
FirewallRules: [{409245F2-722F-4C63-8376-F6A323674C32}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E7689E79-7197-40C4-9747-48DECEA2D5EE}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{651F3957-53CD-4D72-9AFD-803EF5DD740A}] => (Allow) C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{09F6C5A7-20A3-48B4-8FF4-7CD04B46E225}] => (Allow) C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{99422CF4-A3E1-4674-A4F4-7E8C19219CF1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{2A647F1E-201D-4FA3-8207-C09A3E8D595F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{1234FBE8-88B9-4F6A-8190-B98EDB958E0E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{8619ABAA-6FC0-4BF9-A53A-C084EFEB7755}C:\users\swag daddy\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\swag daddy\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{C9BEF6E1-1DAB-41FE-98D7-D4C45A231417}C:\users\swag daddy\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\swag daddy\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{A8FFDE8F-DD48-43DE-BCEB-BFDB19C60396}C:\users\swag daddy\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\swag daddy\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{DAA90FB7-45CE-4CC1-AFBB-89DF49EA074B}C:\users\swag daddy\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\swag daddy\appdata\local\akamai\netsession_win.exe
FirewallRules: [{FECE6D62-FA7D-4686-ACF2-B3B1E7865491}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BFFD1826-7AE4-4E39-836A-E612B5CE17DB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A17D9271-1D7E-4D1D-B987-FE3C7A9400EC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FF64E922-0D6A-43FA-B86C-1FF753B44A67}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FDB14699-5AB3-4098-9B02-84A5ED7E0802}] => (Allow) C:\Users\swag daddy\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{FE000CDA-44A6-4F87-A775-1E78866445ED}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{4DDEAED9-A664-4913-A5CD-06AA0A9B09AA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{DC8B2D4E-D145-4BBA-B8AE-42F134125932}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{9EC3426D-7C6B-42A2-8130-CEE3788D1BBC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{94D9841B-4A98-4278-BF74-1E8CA1D77710}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{E3BE1826-B0E5-46DD-9BF5-92E619875619}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{87F209CE-77E3-4164-836F-8F1E85D05AB2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{65F50F94-0460-443D-ACB7-08BDCE8C549A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{D59066FA-E850-4D30-B20C-30C93C209486}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A23A5242-41C9-43A0-9622-C222B51D5676}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E364631E-F7B6-4EE1-B07A-00E9E247D346}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BBF0BE58-F950-4378-BC3B-7A9F6E119C80}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/26/2015 08:37:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (08/26/2015 08:37:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (08/25/2015 09:04:52 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\swag daddy\AppData\Local\Temp\Temp1_revouninstaller.zip\revouninstaller-portable\Revouninstaller.exe daddy\AppData\Local\Temp\Temp1_revouninstaller.zip\revouninstaller-portable\Revouninstaller.exe" ; Description = Revo Uninstaller's restore point - Strongvault Online Backup; Error = 0x8007043c).
 
Error: (08/25/2015 08:52:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (08/25/2015 08:52:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (08/25/2015 08:46:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ZeroConfigService.exe, version: 15.2.0.3, time stamp: 0x4fe8ea02
Faulting module name: MurocApi.dll, version: 15.2.0.1, time stamp: 0x4fe8e921
Exception code: 0xc0000005
Fault offset: 0x000000000002089b
Faulting process id: 0xbe0
Faulting application start time: 0xZeroConfigService.exe0
Faulting application path: ZeroConfigService.exe1
Faulting module path: ZeroConfigService.exe2
Report Id: ZeroConfigService.exe3
 
Error: (08/25/2015 08:37:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (08/25/2015 08:37:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (08/24/2015 08:59:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (08/24/2015 08:59:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
 
System errors:
=============
Error: (08/27/2015 07:55:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (08/27/2015 07:55:54 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (08/27/2015 07:53:18 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (08/26/2015 09:12:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (08/26/2015 09:12:35 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (08/26/2015 09:10:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: 
%%1053
 
Error: (08/26/2015 09:10:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
 
Error: (08/26/2015 09:10:52 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (08/26/2015 09:08:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: 
%%1069
 
Error: (08/26/2015 09:08:02 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
 
Microsoft Office:
=========================
Error: (08/26/2015 08:37:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\swag daddy\Desktop\esetsmartinstaller_enu (1).exe
 
Error: (08/26/2015 08:37:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\swag daddy\Desktop\esetsmartinstaller_enu.exe
 
Error: (08/25/2015 09:04:52 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Users\swag daddy\AppData\Local\Temp\Temp1_revouninstaller.zip\revouninstaller-portable\Revouninstaller.exe daddy\AppData\Local\Temp\Temp1_revouninstaller.zip\revouninstaller-portable\Revouninstaller.exe" Revo Uninstaller's restore point - Strongvault Online Backup0x8007043c
 
Error: (08/25/2015 08:52:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\swag daddy\Desktop\esetsmartinstaller_enu (1).exe
 
Error: (08/25/2015 08:52:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\swag daddy\Desktop\esetsmartinstaller_enu.exe
 
Error: (08/25/2015 08:46:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ZeroConfigService.exe15.2.0.34fe8ea02MurocApi.dll15.2.0.14fe8e921c0000005000000000002089bbe001d0dfb1b71c72bbC:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dll0ee052dc-4ba5-11e5-9b09-1c659df53adc
 
Error: (08/25/2015 08:37:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\swag daddy\Desktop\esetsmartinstaller_enu (1).exe
 
Error: (08/25/2015 08:37:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\swag daddy\Desktop\esetsmartinstaller_enu.exe
 
Error: (08/24/2015 08:59:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\swag daddy\Desktop\esetsmartinstaller_enu (1).exe
 
Error: (08/24/2015 08:59:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\swag daddy\Desktop\esetsmartinstaller_enu.exe
 
 
CodeIntegrity:
===================================
  Date: 2015-08-23 21:01:19.443
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-08-23 21:01:19.225
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-08-23 21:01:19.004
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-08-23 21:01:18.786
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-08-19 00:11:15.308
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-08-19 00:11:15.137
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-10-02 19:59:30.256
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-10-02 19:59:30.253
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-10-02 19:59:30.249
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-10-02 19:51:29.381
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 46%
Total physical RAM: 8139.86 MB
Available physical RAM: 4352.56 MB
Total Virtual: 16277.92 MB
Available Virtual: 11832.57 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:698.52 GB) (Free:569.93 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 6E0D7BD4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)
 
==================== End of FRST.txt ============================
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-08-2015
Ran by swag daddy (administrator) on SWAGDADDY-PC (27-08-2015 09:27:12)
Running from C:\Users\swag daddy\Desktop
Loaded Profiles: swag daddy (Available Profiles: swag daddy & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Akamai Technologies, Inc.) C:\Users\swag daddy\AppData\Local\Akamai\netsession_win.exe
(Spotify Ltd) C:\Users\swag daddy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Akamai Technologies, Inc.) C:\Users\swag daddy\AppData\Local\Akamai\netsession_win.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Dropbox, Inc.) C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Salling Software AB) C:\Program Files (x86)\Salling Software AB\Salling Media Sync\Salling Media Sync.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-02-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2011-02-01] (Realtek Semiconductor)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [703088 2010-12-17] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392872 2011-02-22] (Synaptics Incorporated)
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-06-15] (Alienware)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-02-01] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Salling Media Sync] => C:\Program Files (x86)\Salling Software AB\Salling Media Sync\Salling Media Sync.exe [333512 2011-01-07] (Salling Software AB)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\...\Run: [Akamai NetSession Interface] => C:\Users\swag daddy\AppData\Local\Akamai\netsession_win.exe [4691384 2015-07-23] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\...\Run: [Spotify Web Helper] => C:\Users\swag daddy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-09] (Spotify Ltd)
HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\...\Run: [Spotify] => C:\Users\swag daddy\AppData\Roaming\Spotify\spotify.exe [6737976 2015-01-09] (Spotify Ltd)
HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53655680 2015-07-28] (Skype Technologies S.A.)
HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\...\Run: [Dropbox Update] => C:\Users\swag daddy\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-21] (Dropbox, Inc.)
HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\...\Run: [GoogleChromeAutoLaunch_994AEAB09D204442A82B51361A762927] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-17] (Google Inc.)
HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\...\Run: [K7NfyUnst] => rundll32.exe "C:\Users\swag daddy\AppData\Roaming\K7Uninstall\K7InetChk.dll",K7OnUninstall
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [260416 2012-02-29] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-02-29] (NVIDIA Corporation)
Startup: C:\Users\swag daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-08-13]
ShortcutTarget: Dropbox.lnk -> C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\swag daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-07-12]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\swag daddy\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
BootExecute: autocheck autochk * autochk * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-3500353208-2455046699-3851492630-1000 -> {0B85D0B2-60F4-94A0-3164-F228253EF30E} URL = hxxp://www.bing.com/search?q={searchTerms}&pc=Z144&form=ZGAIDF&install_date=20111107&iesrc={referrer:source}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-09-06] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-07-08] (AO Kaspersky Lab)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-09-06] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-07-08] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-04-01] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
DPF: HKLM-x32 {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{0D54B561-1353-446A-BE5D-9489060735BB}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{B4E171D7-49A6-472A-B61A-2582C591D731}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF ProfilePath: C:\Users\swag daddy\AppData\Roaming\Mozilla\Firefox\Profiles\7g7m1d8w.default
FF Homepage: hxxp://www.msn.com/?pc=Z144&install_date=20111107
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-26] ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll [2012-09-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-09-06] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-26] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-04] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-05-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-05-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-02-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-02-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3500353208-2455046699-3851492630-1000: @citrixonline.com/appdetectorplugin -> C:\Users\swag daddy\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-04-09] (Citrix Online)
FF Plugin HKU\S-1-5-21-3500353208-2455046699-3851492630-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\swag daddy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nptgeqplugin.dll [2007-07-18] (Tamarack Software, Inc.)
FF Extension: Default Manager - C:\Users\swag daddy\AppData\Roaming\Mozilla\Firefox\Profiles\7g7m1d8w.default\Extensions\DefaultManager@Microsoft [2012-02-15]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-08-23]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-08-23]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2015-08-08]
 
Chrome: 
=======
CHR Profile: C:\Users\swag daddy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\swag daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-27]
CHR Extension: (Kaspersky Protection) - C:\Users\swag daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2015-08-09]
CHR Extension: (AdBlock) - C:\Users\swag daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-08-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\swag daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-28]
CHR Extension: (Skype Click to Call) - C:\Users\swag daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-09-05]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\swag daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\swag daddy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - https://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\SWAGDA~1\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-08-27]
CHR HKU\S-1-5-21-3500353208-2455046699-3851492630-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - https://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2015-08-08] (Kaspersky Lab ZAO)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2011-08-12] () [File not signed]
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1195920 2015-08-18] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R1 HWiNFO32; C:\Program Files\HWiNFO64\HWiNFO64A.SYS [30592 2012-05-10] (REALiX™)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [171192 2015-06-30] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [227000 2015-07-04] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [931000 2015-06-30] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39096 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [30392 2015-06-08] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [249152 2012-02-29] (NVIDIA Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-08-24] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-16] (Apple, Inc.) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-26 22:02 - 2015-08-10 18:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-26 22:02 - 2015-08-10 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-26 22:02 - 2015-08-10 17:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-26 22:02 - 2015-08-10 17:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-26 21:04 - 2015-08-26 21:04 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-26 21:04 - 2015-08-26 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-26 21:03 - 2015-08-26 21:04 - 00000000 ____D C:\Program Files\iTunes
2015-08-26 21:03 - 2015-08-26 21:03 - 00000000 ____D C:\Program Files\iPod
2015-08-26 21:03 - 2015-08-26 21:03 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-08-26 20:51 - 2015-08-26 20:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-08-25 20:57 - 2015-08-25 21:24 - 00013096 _____ C:\Users\swag daddy\Desktop\SystemLook.txt
2015-08-25 20:57 - 2015-08-25 20:57 - 00096256 _____ C:\Users\swag daddy\Desktop\SystemLook_x64.exe
2015-08-25 20:46 - 2015-08-25 20:46 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-08-24 21:01 - 2015-08-24 23:26 - 00000000 ____D C:\ProgramData\RogueKiller
2015-08-24 21:01 - 2015-08-24 21:01 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-08-24 20:57 - 2015-08-24 21:00 - 18772040 _____ C:\Users\swag daddy\Desktop\RogueKiller.exe
2015-08-24 20:31 - 2015-08-24 20:31 - 03007700 _____ C:\Users\swag daddy\Desktop\revouninstaller.zip
2015-08-24 19:52 - 2015-08-24 19:52 - 00000000 ____D C:\Users\swag daddy\AppData\Roaming\K7Uninstall
2015-08-24 19:37 - 2015-08-24 19:37 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SWAGDADDY-PC-Windows-7-Home-Premium-(64-bit).dat
2015-08-24 19:37 - 2015-08-24 19:37 - 00000000 ____D C:\RegBackup
2015-08-24 19:36 - 2015-08-24 19:36 - 04664160 _____ (Tweaking.com) C:\Users\swag daddy\Desktop\tweaking.com_registry_backup_setup.exe
2015-08-24 19:36 - 2015-08-24 19:36 - 00002239 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-08-24 19:36 - 2015-08-24 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-08-24 19:36 - 2015-08-24 19:36 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-08-23 21:07 - 2015-08-23 21:07 - 00033803 _____ C:\ComboFix.txt
2015-08-23 00:57 - 2015-08-23 00:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-23 00:02 - 2015-08-23 00:02 - 02870984 _____ (ESET) C:\Users\swag daddy\Desktop\esetsmartinstaller_enu (1).exe
2015-08-22 22:17 - 2015-08-22 22:17 - 02870984 _____ (ESET) C:\Users\swag daddy\Desktop\esetsmartinstaller_enu.exe
2015-08-22 22:00 - 2015-08-22 22:07 - 00007569 _____ C:\Users\swag daddy\Desktop\Search.txt
2015-08-22 21:25 - 2015-08-24 21:52 - 00000000 ____D C:\Users\swag daddy\Desktop\FRST-OlderVersion
2015-08-19 00:06 - 2015-08-19 00:06 - 00001396 _____ C:\Users\swag daddy\Desktop\JRT.txt
2015-08-18 23:55 - 2015-08-26 21:27 - 00000000 ____D C:\AdwCleaner
2015-08-18 23:54 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
2015-08-18 23:54 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
2015-08-18 23:54 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-08-18 23:54 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-08-18 23:54 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-08-18 23:54 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
2015-08-18 23:54 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
2015-08-18 23:54 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
2015-08-18 23:49 - 2015-08-23 21:07 - 00000000 ____D C:\Qoobox
2015-08-18 23:49 - 2015-08-19 00:13 - 00000000 ____D C:\Windows\erdnt
2015-08-18 23:45 - 2015-08-24 21:54 - 00046606 _____ C:\Users\swag daddy\Desktop\Addition.txt
2015-08-18 23:44 - 2015-08-27 09:27 - 00029233 _____ C:\Users\swag daddy\Desktop\FRST.txt
2015-08-18 23:44 - 2015-08-27 09:27 - 00000000 ____D C:\FRST
2015-08-18 23:43 - 2015-08-24 21:52 - 02186752 _____ (Farbar) C:\Users\swag daddy\Desktop\FRST64.exe
2015-08-18 23:21 - 2015-08-18 23:21 - 01101640 _____ (Bleeping Computer, LLC) C:\Users\swag daddy\Desktop\rkill (1)64.exe
2015-08-18 23:20 - 2015-08-18 23:20 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\swag daddy\Desktop\mbam-setup-2.1.8.1057 (1).exe
2015-08-18 23:20 - 2015-08-18 23:20 - 05635271 _____ (Swearware) C:\Users\swag daddy\Desktop\ComboFix (1).exe
2015-08-18 23:20 - 2015-08-18 23:20 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\swag daddy\Desktop\rkill (1).exe
2015-08-18 23:16 - 2015-08-23 20:39 - 05635234 ____R (Swearware) C:\Users\swag daddy\Desktop\ComboFix.exe
2015-08-18 23:15 - 2015-08-18 23:15 - 01791580 _____ (Malwarebytes Corporation) C:\Users\swag daddy\Desktop\JRT.exe
2015-08-18 23:15 - 2015-08-18 23:15 - 01585664 _____ C:\Users\swag daddy\Desktop\AdwCleaner.exe
2015-08-18 23:14 - 2015-08-18 23:32 - 00001764 _____ C:\Users\swag daddy\Desktop\Rkill.txt
2015-08-18 23:14 - 2015-08-18 23:14 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\swag daddy\Desktop\rkill.exe
2015-08-18 23:14 - 2015-08-18 23:14 - 01101640 _____ (Bleeping Computer, LLC) C:\Users\swag daddy\Desktop\rkill64.exe
2015-08-18 23:13 - 2015-08-24 20:52 - 00000794 _____ C:\Users\swag daddy\Desktop\unhide.txt
2015-08-18 23:12 - 2015-08-18 23:12 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\swag daddy\Desktop\unhide.exe
2015-08-18 23:10 - 2015-08-27 08:52 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-18 23:09 - 2015-08-18 23:09 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\swag daddy\Desktop\mbam-setup-2.1.8.1057.exe
2015-08-18 23:09 - 2015-08-18 23:09 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-18 23:09 - 2015-08-18 23:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-18 23:09 - 2015-08-18 23:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-18 23:09 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-18 23:09 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-18 23:09 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-18 22:58 - 2015-08-24 19:50 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-18 22:56 - 2015-08-18 22:56 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2015-08-18 22:56 - 2015-08-18 22:56 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2015-08-18 22:53 - 2015-08-18 22:53 - 00000000 ____D C:\Users\swag daddy\AppData\Roaming\TuneUp Software
2015-08-18 22:50 - 2015-08-24 20:02 - 00000000 ____D C:\ProgramData\MFAData
2015-08-18 22:50 - 2015-08-18 22:50 - 00000000 ____D C:\Users\swag daddy\AppData\Local\MFAData
2015-08-18 22:49 - 2015-08-24 19:39 - 00000000 ____D C:\Users\swag daddy\AppData\Local\AvgSetupLog
2015-08-18 22:49 - 2015-08-24 19:39 - 00000000 ____D C:\ProgramData\Avg
2015-08-18 22:49 - 2015-08-18 22:49 - 00000000 ____D C:\Users\swag daddy\AppData\Local\Avg
2015-08-18 22:48 - 2015-08-18 22:48 - 16903872 _____ (AVG Technologies) C:\Users\swag daddy\Desktop\avg_gsr_stb_all_ltst_651.exe
2015-08-18 22:39 - 2015-08-19 09:04 - 10447328 _____ C:\Users\swag daddy\Desktop\Antivirus_Free_Edition_x64.exe
2015-08-18 22:39 - 2015-08-18 22:39 - 00162208 _____ C:\Users\swag daddy\Desktop\Antivirus_Free_Edition.exe
2015-08-18 22:39 - 2015-08-18 22:39 - 00000000 ____D C:\Users\swag daddy\AppData\Roaming\QuickScan
2015-08-18 22:30 - 2015-08-18 22:30 - 00000000 ____D C:\Windows\SysWOW64\%Report%
2015-08-18 22:30 - 2015-08-18 22:30 - 00000000 ____D C:\Windows\SysWOW64\%Data%
2015-08-18 22:16 - 2015-08-18 22:25 - 48093528 _____ C:\Users\swag daddy\Desktop\Windows-KB890830-x64-V5.27.exe
2015-08-13 21:00 - 2015-07-30 06:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 21:00 - 2015-07-30 06:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 20:29 - 2015-08-13 20:29 - 00000000 ____D C:\Users\swag daddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-12 20:34 - 2015-07-15 11:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 20:34 - 2015-07-15 11:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-12 20:34 - 2015-07-15 11:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-12 20:34 - 2015-07-15 11:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 20:34 - 2015-07-15 11:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 20:34 - 2015-07-15 11:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-12 20:34 - 2015-07-15 11:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-12 20:34 - 2015-07-15 11:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-12 20:34 - 2015-07-15 11:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-12 20:34 - 2015-07-15 11:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-12 20:34 - 2015-07-15 11:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-12 20:34 - 2015-07-15 11:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-12 20:34 - 2015-07-15 11:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-12 20:34 - 2015-07-15 11:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 20:34 - 2015-07-15 11:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-12 20:34 - 2015-07-15 11:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-12 20:34 - 2015-07-15 11:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-12 20:34 - 2015-07-15 11:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-12 20:34 - 2015-07-15 10:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-12 20:34 - 2015-07-15 10:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-12 20:34 - 2015-07-15 10:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-12 20:34 - 2015-07-15 10:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-12 20:34 - 2015-07-15 10:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-12 20:34 - 2015-07-15 10:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-12 20:34 - 2015-07-15 10:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-12 20:34 - 2015-07-15 10:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-12 20:34 - 2015-07-15 10:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-12 20:34 - 2015-07-15 10:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-12 20:34 - 2015-07-15 10:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-12 20:34 - 2015-07-15 10:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-12 20:34 - 2015-07-15 10:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-12 20:34 - 2015-07-15 10:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-12 20:34 - 2015-07-15 10:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-12 20:34 - 2015-07-15 10:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-12 20:34 - 2015-07-15 10:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-12 20:34 - 2015-07-15 10:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-12 20:34 - 2015-07-15 10:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-12 20:34 - 2015-07-15 10:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-12 20:34 - 2015-07-15 10:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-12 20:34 - 2015-07-15 10:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 09:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-12 20:34 - 2015-07-15 09:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-12 20:34 - 2015-07-15 09:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-12 20:34 - 2015-07-15 09:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-12 20:34 - 2015-07-15 09:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-12 20:34 - 2015-07-15 09:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 09:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 09:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 20:34 - 2015-07-15 09:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 20:33 - 2015-07-28 13:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 20:33 - 2015-07-28 13:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 20:33 - 2015-07-28 13:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 20:33 - 2015-07-28 13:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 20:33 - 2015-07-28 13:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 20:33 - 2015-07-28 13:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 20:33 - 2015-07-28 13:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 20:33 - 2015-07-28 12:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 20:33 - 2015-07-10 10:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 20:33 - 2015-07-10 10:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-12 20:33 - 2015-07-10 10:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 20:33 - 2015-07-10 10:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-12 20:33 - 2015-07-10 10:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-12 20:33 - 2015-07-10 10:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-12 20:31 - 2015-07-14 20:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 20:30 - 2015-07-30 11:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 20:30 - 2015-07-30 11:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 20:30 - 2015-07-30 11:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 20:30 - 2015-07-30 11:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-12 20:30 - 2015-07-30 11:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 20:30 - 2015-07-30 11:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-12 20:30 - 2015-07-30 11:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-12 20:30 - 2015-07-30 10:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-12 20:30 - 2015-07-30 10:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 20:30 - 2015-07-30 10:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-12 20:30 - 2015-07-30 10:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-12 20:30 - 2015-07-30 10:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-12 20:30 - 2015-07-30 10:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-12 20:30 - 2015-07-30 09:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 20:30 - 2015-07-30 09:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 20:30 - 2015-07-30 09:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-12 20:30 - 2015-07-20 17:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-12 20:30 - 2015-07-20 17:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-12 20:30 - 2015-07-20 11:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 20:30 - 2015-07-20 11:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 20:30 - 2015-07-20 11:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 20:30 - 2015-07-20 11:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 20:30 - 2015-07-20 11:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 20:30 - 2015-07-20 11:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 20:30 - 2015-07-20 11:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 20:30 - 2015-07-20 11:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 20:30 - 2015-07-20 11:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 20:30 - 2015-07-20 11:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 20:30 - 2015-07-20 11:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 20:30 - 2015-07-20 10:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-12 20:30 - 2015-07-20 10:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-12 20:30 - 2015-07-20 10:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-12 20:30 - 2015-07-20 10:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-12 20:30 - 2015-07-20 10:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-12 20:30 - 2015-07-16 13:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-12 20:30 - 2015-07-16 13:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-12 20:30 - 2015-07-16 13:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 20:30 - 2015-07-16 13:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 20:30 - 2015-07-16 13:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-12 20:30 - 2015-07-16 13:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 20:30 - 2015-07-16 13:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-12 20:30 - 2015-07-16 13:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 20:30 - 2015-07-16 13:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 20:30 - 2015-07-16 13:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-12 20:30 - 2015-07-16 13:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 20:30 - 2015-07-16 13:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 20:30 - 2015-07-16 13:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-12 20:30 - 2015-07-16 13:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 20:30 - 2015-07-16 13:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-12 20:30 - 2015-07-16 13:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-12 20:30 - 2015-07-16 13:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 20:30 - 2015-07-16 13:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 20:30 - 2015-07-16 12:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-12 20:30 - 2015-07-16 12:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 20:30 - 2015-07-16 12:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-12 20:30 - 2015-07-16 12:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 20:30 - 2015-07-16 12:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-12 20:30 - 2015-07-16 12:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-12 20:30 - 2015-07-16 12:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-12 20:30 - 2015-07-16 12:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-12 20:30 - 2015-07-16 12:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-12 20:30 - 2015-07-16 12:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-12 20:30 - 2015-07-16 12:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-12 20:30 - 2015-07-16 12:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-12 20:30 - 2015-07-16 12:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-12 20:30 - 2015-07-16 12:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-12 20:30 - 2015-07-16 12:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-12 20:30 - 2015-07-16 12:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 20:30 - 2015-07-16 12:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-12 20:30 - 2015-07-16 12:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 20:30 - 2015-07-16 12:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-12 20:30 - 2015-07-16 12:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 20:30 - 2015-07-16 12:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-12 20:30 - 2015-07-16 12:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-12 20:30 - 2015-07-16 12:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-12 20:30 - 2015-07-16 12:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-12 20:30 - 2015-07-16 12:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-12 20:30 - 2015-07-16 12:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-12 20:30 - 2015-07-16 12:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 20:30 - 2015-07-16 12:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-12 20:30 - 2015-07-16 12:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-12 20:30 - 2015-07-16 12:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-12 20:30 - 2015-07-16 12:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-12 20:30 - 2015-07-16 12:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 20:30 - 2015-07-16 11:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-12 20:30 - 2015-07-16 11:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-12 20:30 - 2015-07-16 11:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-12 20:30 - 2015-07-16 11:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-12 20:30 - 2015-07-14 20:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 20:30 - 2015-07-14 20:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 20:30 - 2015-07-14 20:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-12 20:30 - 2015-07-14 20:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 20:30 - 2015-07-14 19:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-12 20:30 - 2015-07-14 19:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-12 20:30 - 2015-07-14 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-12 20:30 - 2015-07-14 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-12 20:30 - 2015-07-10 10:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 20:30 - 2015-07-10 10:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-12 20:30 - 2015-07-09 10:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 20:30 - 2015-07-09 10:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 20:30 - 2015-07-09 10:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 20:30 - 2015-07-01 13:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 20:30 - 2015-07-01 13:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 20:30 - 2015-07-01 13:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 20:30 - 2015-07-01 13:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-12 20:28 - 2015-05-09 11:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-11 07:42 - 2015-08-11 07:42 - 02870566 _____ C:\Users\swag daddy\Desktop\Constitution Committee Questions regarding P-4-F14 (6 units).pptx
2015-08-09 13:08 - 2015-08-09 13:08 - 00000000 ____D C:\Users\swag daddy\Desktop\iphone
2015-08-09 10:29 - 2015-08-09 10:29 - 00000165 _____ C:\Users\swag daddy\Desktop\~$Canada College recruiting powerpoint good one.pptx
2015-08-09 09:24 - 2015-08-09 12:30 - 00000000 ____D C:\Users\swag daddy\AppData\Local\043F316A-FA56-4773-82D5-DFA1C212D4F1.aplzod
2015-08-09 09:19 - 2015-08-27 07:54 - 00000000 ___RD C:\Users\swag daddy\iCloudDrive
2015-08-09 09:16 - 2015-08-09 09:16 - 00000000 ____D C:\Users\swag daddy\Documents\Outlook Files
2015-08-08 18:47 - 2015-08-08 18:47 - 00002371 _____ C:\Users\swag daddy\Desktop\Safe Money.lnk
2015-08-08 18:46 - 2015-08-08 18:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2015-08-08 18:46 - 2015-08-08 18:45 - 00002111 _____ C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2015-08-08 18:44 - 2015-08-27 08:08 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-08-08 18:44 - 2015-08-08 18:44 - 00000000 ____D C:\Windows\ELAMBKUP
2015-08-08 18:44 - 2015-08-08 18:44 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-08-08 18:44 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-08-08 18:43 - 2015-07-04 02:18 - 00227000 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2015-08-08 18:43 - 2015-06-30 01:05 - 00931000 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-08-08 18:43 - 2015-06-30 01:05 - 00171192 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-08-08 18:37 - 2015-08-08 18:37 - 01728112 _____ (Kaspersky Lab) C:\Users\swag daddy\Desktop\kts16.0.0.614en_8244.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-27 09:28 - 2012-04-13 20:01 - 00000948 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3500353208-2455046699-3851492630-1000UA.job
2015-08-27 09:25 - 2012-08-23 21:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-27 09:20 - 2015-06-11 12:38 - 00000688 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3500353208-2455046699-3851492630-1000.job
2015-08-27 09:16 - 2011-08-28 12:47 - 01727953 _____ C:\Windows\WindowsUpdate.log
2015-08-27 08:55 - 2011-08-30 15:21 - 00000000 ____D C:\Users\swag daddy\AppData\Roaming\Skype
2015-08-27 08:52 - 2015-07-21 08:42 - 00000938 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3500353208-2455046699-3851492630-1000UA.job
2015-08-27 08:52 - 2015-07-21 08:42 - 00000886 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3500353208-2455046699-3851492630-1000Core.job
2015-08-27 08:37 - 2014-04-09 11:55 - 00000592 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3500353208-2455046699-3851492630-1000.job
2015-08-27 08:27 - 2012-10-07 20:36 - 00000000 ____D C:\Users\swag daddy\Downloads\music3
2015-08-27 08:07 - 2009-07-13 21:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-27 08:07 - 2009-07-13 21:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-27 07:55 - 2013-08-26 23:10 - 00000000 ____D C:\Users\swag daddy\AppData\Roaming\Spotify
2015-08-27 07:55 - 2012-03-04 18:42 - 00000000 ___RD C:\Users\swag daddy\Dropbox
2015-08-27 07:55 - 2012-03-04 18:39 - 00000000 ____D C:\Users\swag daddy\AppData\Roaming\Dropbox
2015-08-27 07:54 - 2013-11-15 13:40 - 00000000 ___RD C:\Users\swag daddy\Google Drive
2015-08-27 07:52 - 2012-12-28 10:02 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-27 07:52 - 2011-08-28 15:00 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-27 07:52 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-27 07:52 - 2009-07-13 21:51 - 00074614 _____ C:\Windows\setupact.log
2015-08-27 07:51 - 2012-05-07 08:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-26 21:25 - 2012-08-23 21:57 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-26 21:25 - 2012-08-06 09:33 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-26 21:25 - 2012-08-06 09:33 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-26 21:03 - 2012-10-05 17:29 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-26 21:02 - 2014-12-26 23:59 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-08-25 20:45 - 2011-08-30 20:56 - 00500364 _____ C:\Windows\PFRO.log
2015-08-25 20:38 - 2009-07-13 20:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-08-25 20:38 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-08-24 20:41 - 2012-04-13 20:06 - 00000000 ____D C:\ProgramData\Yahoo!
2015-08-24 20:41 - 2012-04-13 20:04 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-08-24 19:53 - 2012-12-07 18:58 - 00000000 ____D C:\Users\swag daddy\AppData\Local\K7 Computing
2015-08-24 19:53 - 2012-12-07 18:57 - 00000000 ____D C:\ProgramData\K7 Computing
2015-08-24 19:52 - 2015-04-13 21:03 - 00000142 _____ C:\Windows\K7TSUsrInfo.dat
2015-08-23 21:02 - 2009-07-13 19:34 - 00000215 _____ C:\Windows\system.ini
2015-08-22 21:22 - 2011-08-30 15:33 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-19 10:26 - 2013-06-23 15:36 - 00001973 _____ C:\Users\Public\Desktop\Canon My Printer.lnk
2015-08-19 00:11 - 2011-08-28 13:04 - 00000000 ____D C:\Users\swag daddy
2015-08-18 23:09 - 2012-10-02 18:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-18 21:36 - 2012-04-13 20:01 - 00000926 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3500353208-2455046699-3851492630-1000Core.job
2015-08-18 09:00 - 2013-10-19 17:13 - 00002042 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-08-18 09:00 - 2013-10-19 17:13 - 00002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-08-18 09:00 - 2013-10-19 17:13 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-08-18 09:00 - 2013-10-19 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-08-13 21:26 - 2009-07-13 22:13 - 00786460 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-13 21:21 - 2012-05-14 18:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 21:21 - 2012-05-14 18:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-13 21:21 - 2009-07-13 21:45 - 00425808 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-13 21:18 - 2014-12-12 17:32 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-13 21:18 - 2014-05-10 13:29 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-13 21:01 - 2009-07-13 19:34 - 00000478 _____ C:\Windows\win.ini
2015-08-13 20:59 - 2012-05-14 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 20:49 - 2013-08-13 10:38 - 00000000 ____D C:\Windows\system32\MRT
2015-08-13 20:31 - 2011-08-29 20:47 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-12 20:08 - 2011-08-30 15:21 - 00000000 ____D C:\ProgramData\Skype
2015-08-12 20:07 - 2012-09-20 06:33 - 00000000 ____D C:\Users\swag daddy\AppData\Local\Akamai
2015-08-12 20:04 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-08-11 07:52 - 2015-07-10 06:39 - 00000000 ____D C:\$Windows.~BT
2015-08-10 17:57 - 2011-08-28 13:40 - 00000000 ____D C:\Windows\Panther
2015-08-10 17:17 - 2015-06-11 12:38 - 00003732 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-3500353208-2455046699-3851492630-1000
2015-08-10 17:17 - 2014-04-09 11:55 - 00003636 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3500353208-2455046699-3851492630-1000
2015-08-09 13:26 - 2012-06-09 14:29 - 00000000 ____D C:\Users\swag daddy\AppData\Local\Apple
2015-08-09 11:23 - 2012-12-28 10:02 - 00002259 _____ C:\Users\swag daddy\Desktop\Google Chrome.lnk
2015-08-09 09:19 - 2014-12-26 23:01 - 00000000 ____D C:\Users\swag daddy\AppData\Local\Apple Inc
2015-08-09 08:44 - 2012-10-05 17:31 - 00000000 ____D C:\Users\swag daddy\AppData\Local\Apple Computer
2015-08-08 21:59 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
 
==================== Files in the root of some directories =======
 
2011-12-06 10:23 - 2011-12-15 09:48 - 0007597 _____ () C:\Users\swag daddy\AppData\Local\Resmon.ResmonCfg
2012-03-07 10:27 - 2012-03-07 10:27 - 0017408 _____ () C:\Users\swag daddy\AppData\Local\WebpageIcons.db
2012-09-05 08:29 - 2012-09-05 08:29 - 0000160 _____ () C:\ProgramData\-0fdpgCiV0pOdGL
2012-09-05 08:29 - 2012-09-05 08:29 - 0000184 _____ () C:\ProgramData\-0fdpgCiV0pOdGLr
2012-09-05 08:29 - 2012-09-05 08:29 - 0000368 _____ () C:\ProgramData\0fdpgCiV0pOdGL
2015-04-13 21:09 - 2015-04-15 14:53 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Some files in TEMP:
====================
C:\Users\swag daddy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6vmw3n.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-12 21:51
 
==================== End of FRST.txt ============================
 
 
 
My computer is running fast !!! super fast and no pop ups or any errors you are amazing brotha ! 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users