kfavara

Members

View Profile See their activity

Posts
17
Joined
May 16, 2014
Last visited
June 11, 2015

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by kfavara

Help Please

kfavara replied to kfavara's topic in Resolved Malware Removal Logs

I keep trying to upload the results and get the attached error, therefore, I am pasting results inline. Sorry for the inconvenience. Zoek.exe v5.0.0.0 Updated 04-May-2015Tool run by Ashley Favara on Thu 06/11/2015 at 7:30:39.01.Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\Ashley Favara\Downloads\zoek.exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2015-06-11-121040.log 599 bytesC:\zoek-results2015-06-11-122117.log 564 bytes ==== System Restore Info ====================== 6/11/2015 7:34:23 AM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfullyC:\Program Files\ATI Technologies deleted successfullyC:\PROGRA~3\NVIDIA deleted successfullyC:\Users\Ashley Favara\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hpqwmiex deleted successfullyHKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hpqwmiex deleted successfully ==== Batch Command(s) Run By Tool====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Coupons deletedC:\PROGRA~2\Yahoo! deletedC:\found.000 deletedC:\Users\Ashley Favara\AppData\Roaming\Yahoo! deletedC:\PROGRA~3\Yahoo! Companion deletedC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons deletedC:\Windows\SysNative\config\systemprofile\Searches deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [08/14/2014 07:53 PM][HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [01/27/2014 09:01 PM] ==== Firefox Extensions ====================== ProfilePath: C:\Users\ASHLEY~1\AppData\Roaming\Mozilla\Firefox\Profiles\nhk7u51g.default- Firefox Old Version Update Hotfix - %ProfilePath%\extensions\firefox-hotfix@mozilla.org.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== ==== Chromium Look ====================== Google Chrome Version: 43.0.2357.124 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensionsgomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[08/14/2014 07:52 PM] Bookmark Manager - Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjikAvast Online Security - Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmkiChrome Hotword Shared Module - Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg ==== Chromium Startpages ====================== C:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Preferencesreferences":{},"install_time":"13072225702834538","lastpingday":"13078479596256652","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast,searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"google":{"services":{"last_username":"ashleyfavara@gmail.com","username":"ashleyfavara@gmail.com"}},"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"6D9C71255B644EB222AA631493B0AC272DC137CE05625EC651BB0F75130C3699"},"default_search_provider":{"keyword":"A311B20A9B45209B0CB2F67504D2F67B2D0E1446CDED7AD7A791EB46224E6501","name":"F7DE5CB987FADB02E56C1B27FFA02506031746365E5BFC81F61D77F548200571","search_url":"A55406CBB2D038CB7A0633626D3F7C80337EE35BAFFE9CC60B25DC8540450565"},"default_search_provider_data":{"template_url_data":"BB37D0B35BC2D6CD3A041130461D164A109C02498AE3E82E2E2D15FCC5CF7CE5"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"A17D33C7726260006483D0EF97314D5B11FC0D9A13E0EA9B35E9AEE812C1A810","aohghmighlieiainnegkcijnfilokake":"6B077B16246AA5FD116D7224FE04A43A320306CAA95893C53E8D9B739C47869F","apdfllckaahabafndbhieahigkjlhalf":"9B6E3030EFA8022A77E7B2E1A41D58B5F81E3D237BDD29C7CFFDB7E0B2859673","bepbmhgboaologfdajaanbcjmnhjmhfn":"2E5A2411B95BB62DE66DF83D13935EE15D98A18017012FF1B5F02F7A46306E11","blpcfgokakmgnkcojhhkbfbldkacnbeo":"7723934A2400F5CD929C111AE35591EC65BD79A57315F995889C9C7708178C03","coobgpohoikkiipiblmjeljniedjpjpf":"C2121D1D951DD9A6EFA6AB24F035F421A1E9152F7BDEE6DFF504F3C377BBDA34","dnhpdliibojhegemfjheidglijccjfmc":"CFCF0EB6EA45AF33431E06106FE40C166E4082737711F53BF30F2987B1A72638","eemcgdkfndhakfknompkggombfjjjeno":"823D78B5E5102656058DCE6BE636DD1D815C645F4A106830E352DBEB8F626471","ennkphjdgehloodpbhlhldgbnhmacadg":"E8BEDCB0FDF78902451CD4A50077432F458E447DF73D82C7931A9053EC15D798","gfdkimpbcpahaombhbimeihdjnejgicl":"5DC1B7336642543017C7C7C649B775ACCDFE94FDFA421AE097DC6D07ECB09534","gmlllbghnfkpflemihljekbapjopfjik":"DCF2EBFB246CF6D54163E85138DC165670E4FD4376BA319E3D845E49084D233D","gomekmidlodglbbmalcneegieacbdmki":"1AF6DF1C3472C79C6462E3942C579114BF66F1FE04379D092D1669ABDE2A1F6B","kmendfapggjehodndflmmgagdbamhnfd":"3AF934684B0965204C8D972EC0813A7734CE974D0EAE1ACA1AFF15AFFF04DA11","lccekmodgklaepjeofjdjpbminllajkg":"9472FE671EAFBCAF998564A92BD6705C9FC2D3F8BCE846FE9922AA77C9F898EE","mfehgcgbbipciphmccgaenjidiccnmng":"CAF81F0D569B048EE6B2F3FC0DB530EBA245492AAF057F25840A40F794575A1A","mgndgikekgjfcpckkfioiadnlibdjbkf":"74C09963DE57E21ADEDF68B2A1FE34F41FD3CAC2BF62137163FEEC170D7A65EA","mhjfbmdgcfjbbpaeojofohoefgiehjai":"E14F033B84CC194FA4BA1D09358ACF9F344D03EA7569D5EFCF40D37F5B423C8E","nbpagnldghgfoolbancepceaanlmhfmd":"8CE8126A123510C761C2BD645F41F088273218CF8CF01727B2EE83E1951E7311","neajdppkdcdipfabeoofebfddakdcjhd":"F0BDB474ACDB6BA184889DC5728F94CEAA0A5857510C37BC7C47E28B8D85AEB8","nkeimhogjdpnpccoofpliimaahmaaome":"03A3D2DCCDE98F5A7C7767C49012F78A2EB2C3A04FAD040066663923DF70A502","nmmhkkegccagdldgiimedpiccmgmieda":"C05CAFC196302365FE851991B56E30FBD945F9BA3A611BF798B6875B00541E5C","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"A188461C537CD3B52F93E42108CD94B547C244AA15DE83740CE0532361D90C24","pjkljhegncpnkpknbcohdijeoejaedia":"455D8DD9CE6FB575FA583EF9F9469DFF4E577558A2DFD2579F522E950620AB58"}},"google":{"services":{"last_username":"6DE4B1DC36287D9C7F372C9A22EBF114DCEEB13083C1F831A2994CF4A8C62E78","username":"C67AD5657DF47CEA8303D853AB5316C3EBE7A3337842A18DE37A56AA034FEDDA"}},"homepage":"2BDE906A2338CD73C3B3D1722FFB4154561681AD9BF230C839776BE8B8A94D7A","homepage_is_newtabpage":"63DCF92482798CDC9A5A1BC867566020B014670AFF08D6AB4B2C17F92A80C5E2","pinned_tabs":"9AD17740960FC62C7EA363F85DB54EA39CABF900BF6B5D89F41E33752D89167F","prefs":{"preference_reset_time":"DB36F9E21F9EFF73FA90D1674FCFFB8B8C012C37D4911C87981583B85F8FFA0C"},"profile":{"reset_prompt_memento":"A8D8342678751BAB9B79C55A1B1234BC3DF412A346445106B265618A1DA856B8"},"safebrowsing":{"incidents_sent":"4AD88CFB2BFCC84D15DF9C85FDC70D92053EE78C81C7B0F2E04F29C6DDB8ACCC"},"search_provider_overrides":"CFC9926015B5DF19464077F7372BF283E97DEA73B85576927C3130CE128830E7","session":{"restore_on_startup":"9E8E19E640E33B12D8DB83C0932243436AACB4988F603E30363A5F3BB3D43B75","startup_urls":"381A27B922ADDC4BC90D7C50AD3843B445653063D96E56768572425836217DA5"},"software_reporter":{"prompt_reason":"55AD36762228BE8740EDECEEE8CED75B9F4FFF46685A146B8894DC28B30BD2B8","prompt_seed":"F89D1E5353A07FDE02D2BE5269F0717768A9C95510A440EDBE4E5B509DC7D721","prompt_version":"E1F8EC8E1962C4D798640E19A203268A17095025698916427EBE5BA232C448E4"},"sync":{"remaining_rollback_tries":"7A862D9123FFC1596D60930476E24FF96AB94AE9925D372D6E05C65BAC3D08DD"}},"super_mac":"CF32193E74BC153269DD0583E3DA8EFCDBAC7F20C20FA12370949BAF5481D8ED"},"sync":{"remaining_rollback_tries":0}} ==== Chromium Fix ====================== C:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfullyC:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfullyC:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.gradesaver.com_0.localstorage deleted successfullyC:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.gradesaver.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1356638605-569504071-3264840808-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfullyHKEY_USERS\S-1-5-21-1356638605-569504071-3264840808-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfullyHKEY_USERS\S-1-5-21-1356638605-569504071-3264840808-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfullyHKEY_USERS\S-1-5-21-1356638605-569504071-3264840808-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfullyHKEY_USERS\S-1-5-21-1356638605-569504071-3264840808-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfullyHKEY_USERS\S-1-5-21-1356638605-569504071-3264840808-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfullyHKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfullyHKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfullyHKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfullyHKEY_CLASSES_ROOT\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfullyHKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1356638605-569504071-3264840808-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.0 deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Ashley Favara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Ashley Favara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Ashley Favara\AppData\Local\Mozilla\Firefox\Profiles\nhk7u51g.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=23 folders=5 2193803 bytes) ==== Empty Temp Folders ====================== C:\Users\Ashley Favara\AppData\Local\Temp will be emptied at rebootC:\Users\Default\AppData\Local\Temp emptied successfullyC:\Users\Default User\AppData\Local\Temp emptied successfullyC:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfullyC:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfullyC:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptiedC:\Users\ASHLEY~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on Thu 06/11/2015 at 8:12:18.69 ======================
- June 11, 2015
- 8 replies
Help Please

kfavara replied to kfavara's topic in Resolved Malware Removal Logs

Please see attached. Addition.txt FRST.txt
- June 10, 2015
- 8 replies
Help Please

kfavara replied to kfavara's topic in Resolved Malware Removal Logs

FRST Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-06-2015Ran by Ashley Favara (administrator) on ASHLEYFAVARA-PC on 08-06-2015 14:02:37Running from C:\Users\Ashley Favara\DownloadsLoaded Profiles: Ashley Favara (Available Profiles: Ashley Favara)Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe(SMSC) C:\Program Files\SGFX\sgfxmgr.exe(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Spotify Ltd) C:\Users\Ashley Favara\AppData\Roaming\Spotify\SpotifyWebHelper.exe(Spotify Ltd) C:\Users\Ashley Favara\AppData\Roaming\Spotify\Spotify.exe(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe() C:\Program Files\SGFX\SgfxConfig.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Spotify Ltd) C:\Users\Ashley Favara\AppData\Roaming\Spotify\Spotify.exe(Spotify Ltd) C:\Users\Ashley Favara\AppData\Roaming\Spotify\Spotify.exe(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Dropbox, Inc.) C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\Dropbox.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2095912 2010-05-14] (Synaptics Incorporated)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [sgfxConfig] => C:\Program Files\SGFX\sgfxconfig.exe [2233592 2013-03-18] ()HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-14] (AVAST Software)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\ScCertProp: wlnotify.dll [X]HKU\S-1-5-21-1356638605-569504071-3264840808-1000\...\Run: [GoogleChromeAutoLaunch_84839FF01F1313477B26258568055341] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)HKU\S-1-5-21-1356638605-569504071-3264840808-1000\...\Run: [spotify Web Helper] => C:\Users\Ashley Favara\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-05-25] (Spotify Ltd)HKU\S-1-5-21-1356638605-569504071-3264840808-1000\...\Run: [spotify] => C:\Users\Ashley Favara\AppData\Roaming\Spotify\Spotify.exe [7168568 2015-05-25] (Spotify Ltd)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-01-27]ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)Startup: C:\Users\Ashley Favara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-12]ShortcutTarget: Dropbox.lnk -> C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-08-14] (AVAST Software)ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1356638605-569504071-3264840808-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpURLSearchHook: HKU\S-1-5-21-1356638605-569504071-3264840808-1000 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-08-14] (AVAST Software)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-08-14] (AVAST Software)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28] (Yahoo! Inc)BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileToolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 4.2.2.2 FireFox:========FF ProfilePath: C:\Users\Ashley Favara\AppData\Roaming\Mozilla\Firefox\Profiles\nhk7u51g.defaultFF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-15] (Microsoft Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-11-15] (Microsoft Corporation)FF Extension: Firefox Old Version Update Hotfix - C:\Users\Ashley Favara\AppData\Roaming\Mozilla\Firefox\Profiles\nhk7u51g.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-07-28]FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-01-27]FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-02]FF HKU\S-1-5-21-1356638605-569504071-3264840808-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: =======CHR Profile: C:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-27]CHR Extension: (Google Drive) - C:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-27]CHR Extension: (YouTube) - C:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-27]CHR Extension: (Google Search) - C:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-27]CHR Extension: (Bookmark Manager) - C:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-25]CHR Extension: (Avast Online Security) - C:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-02-02]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17]CHR Extension: (Google Wallet) - C:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-27]CHR Extension: (Gmail) - C:\Users\Ashley Favara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-27]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-14] (AVAST Software)R2 HPSLPSVC; C:\Users\Ashley Favara\AppData\Local\Temp\7zS07FA\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]R2 SGFXMgr; C:\Program Files\SGFX\sgfxmgr.exe [8481280 2013-03-15] (SMSC) [File not signed]R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)S3 hpqwmiex; "C:\Users\Administrator\AppData\Roaming\Hewlett-Packard\hpqwmiex.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-14] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-14] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-14] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-14] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-12-03] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-14] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-14] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-14] ()R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-08] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)S3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)R4 Sgfxk; C:\Windows\System32\drivers\sgfxk64.sys [157432 2013-03-18] (SMSC)R0 Sgfxl; C:\Windows\System32\drivers\sgfxl64.sys [18168 2013-03-18] (SMSC) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-08 14:02 - 2015-06-08 14:03 - 00017717 _____ C:\Users\Ashley Favara\Downloads\FRST.txt2015-06-08 14:02 - 2015-06-08 14:02 - 02108928 _____ (Farbar) C:\Users\Ashley Favara\Downloads\FRST64.exe2015-06-08 14:02 - 2015-06-08 14:02 - 01147904 _____ (Farbar) C:\Users\Ashley Favara\Downloads\FRST.exe2015-06-08 14:02 - 2015-06-08 14:02 - 00000000 ____D C:\FRST2015-06-08 10:40 - 2015-06-08 13:27 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-06-08 10:39 - 2015-06-08 10:39 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Ashley Favara\Downloads\mbam-setup-2.1.6.1022.exe2015-06-08 10:39 - 2015-06-08 10:39 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Ashley Favara\Downloads\mbam-setup-2.1.6.1022 (1).exe2015-06-08 10:39 - 2015-06-08 10:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-06-08 10:39 - 2015-06-08 10:39 - 00000000 ____D C:\ProgramData\Malwarebytes2015-06-08 10:39 - 2015-06-08 10:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-06-08 10:39 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-06-08 10:39 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-06-08 10:39 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2015-05-25 18:54 - 2015-05-25 18:54 - 00000000 ____D C:\Windows\system32\appmgmt2015-05-25 18:34 - 2015-05-25 18:35 - 00266288 _____ C:\Windows\Minidump\052515-28657-01.dmp ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-08 13:43 - 2014-01-14 21:04 - 01495065 _____ C:\Windows\WindowsUpdate.log2015-06-08 13:19 - 2014-01-27 17:23 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-06-08 10:42 - 2014-02-05 00:11 - 00000000 ____D C:\Users\Ashley Favara\AppData\Roaming\Spotify2015-06-08 10:40 - 2009-07-13 23:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-06-08 10:40 - 2009-07-13 23:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-06-08 10:38 - 2014-02-05 00:12 - 00000000 ____D C:\Users\Ashley Favara\AppData\Local\Spotify2015-05-25 19:50 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache2015-05-25 19:12 - 2014-09-30 15:19 - 00000000 ___RD C:\Users\Ashley Favara\Dropbox2015-05-25 19:12 - 2014-08-17 14:42 - 00000000 ____D C:\Users\Ashley Favara\AppData\Roaming\Dropbox2015-05-25 19:11 - 2014-09-30 15:19 - 00001056 _____ C:\Users\Ashley Favara\Desktop\Dropbox.lnk2015-05-25 19:11 - 2014-08-17 14:43 - 00000000 ____D C:\Users\Ashley Favara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2015-05-25 19:04 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-05-25 19:04 - 2009-07-13 23:51 - 00051260 _____ C:\Windows\setupact.log2015-05-25 18:34 - 2015-03-31 16:09 - 490908997 _____ C:\Windows\MEMORY.DMP2015-05-25 18:34 - 2015-03-31 16:09 - 00000000 ____D C:\Windows\Minidump2015-05-25 18:31 - 2014-02-05 00:12 - 00001860 _____ C:\Users\Ashley Favara\Desktop\Spotify.lnk2015-05-25 18:31 - 2014-02-05 00:12 - 00001846 _____ C:\Users\Ashley Favara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk2015-05-25 18:22 - 2014-01-27 17:26 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-05-25 18:14 - 2014-01-27 17:23 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-05-25 18:14 - 2014-01-27 17:23 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-05-25 18:14 - 2014-01-27 17:23 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-05-25 18:11 - 2014-02-02 16:37 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update ==================== Files in the root of some directories ======= 2014-05-23 01:59 - 2015-03-01 16:27 - 5601792 _____ (FFmpeg Project) C:\Program Files\avformat-55.dll2015-02-15 12:03 - 2015-03-01 16:14 - 0421888 _____ () C:\Program Files\lame_enc.dll2014-01-27 20:59 - 2014-01-27 21:03 - 0000816 _____ () C:\ProgramData\hpzinstall.log Some files in TEMP:====================C:\Users\Ashley Favara\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyyjaq0.dllC:\Users\Ashley Favara\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exeC:\Users\Ashley Favara\AppData\Local\Temp\HPInstaller.exeC:\Users\Ashley Favara\AppData\Local\Temp\ose00000.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-08 10:33 ==================== End of log ============================ Addition Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015Ran by Ashley Favara at 2015-06-08 14:03:17Running from C:\Users\Ashley Favara\DownloadsBoot Mode: Normal========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1356638605-569504071-3264840808-500 - Administrator - Disabled)Ashley Favara (S-1-5-21-1356638605-569504071-3264840808-1000 - Administrator - Enabled) => C:\Users\Ashley FavaraGuest (S-1-5-21-1356638605-569504071-3264840808-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-1356638605-569504071-3264840808-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) HiddenAdobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)Amazon Kindle (HKU\S-1-5-21-1356638605-569504071-3264840808-1000\...\Amazon Kindle) (Version: - Amazon)AMD Catalyst Install Manager (HKLM\...\{D0A76081-22E4-5B3F-5394-1229DDF73585}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenCopy (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenCore Graphics Software (Version: 5.2.59.0297 - SMSC) HiddenCoupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) HiddenDeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenDJ_AIO_06_F2400_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) HiddenDropbox (HKU\S-1-5-21-1356638605-569504071-3264840808-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)F2400 (x32 Version: 140.0.690.000 - Hewlett-Packard) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.27.5 - Google Inc.) HiddenGPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) HiddenHP 3D DriveGuard (HKLM\...\{B1A6285F-C31A-4482-8EA0-9445E4C1DCEA}) (Version: 4.1.10.1 - Hewlett-Packard Company)HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}) (Version: 14.0 - HP)HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.17.1 - Hewlett-Packard Company)HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)HP Update (HKLM-x32\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) HiddenHPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenHPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) HiddenIntegrated Camera Driver Installer Package Ver.1.33.110.0 (HKLM-x32\...\{B0344B38-378B-47E0-BDCC-977785D24768}) (Version: 1.33.110.0 - BISON)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 16.3 - Intel)Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)Mozilla Firefox 26.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) HiddenQLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) HiddenRenesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Renesas Electronics Corporation) HiddenRICOH Media Driver (HKLM-x32\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.13.00.05 - RICOH)Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) HiddenService Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) HiddenSMSC Core Graphics Software (HKLM-x32\...\Core Graphics Software) (Version: 5.2.59.0297 - SMSC)SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) HiddenSpotify (HKU\S-1-5-21-1356638605-569504071-3264840808-1000\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)Status (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenSynaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.17.2 - Synaptics Incorporated)Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) HiddenTrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenValidity Fingerprint Driver (HKLM\...\{DD966CEF-5EA9-4BA2-B210-490FEBC27EA7}) (Version: 4.0.15.0 - Validity Sensors, Inc.)ViewSpan (HKLM\...\{6285D158-D528-4ED8-A935-BB2A402E21F2}) (Version: 2.8.1.0 - SMSC)WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) HiddenWindows Driver Package - Intel (NETwNs64) net (10/18/2010 13.4.0.9) (HKLM\...\F09FE5BEFA92C4B8272F1CB01F385D9EA34548CF) (Version: 10/18/2010 13.4.0.9 - Intel)Windows Driver Package - Intel net (10/18/2010 13.4.0.9) (HKLM\...\07D134D497B9E69E9B463F9D6217EC65A1530396) (Version: 10/18/2010 13.4.0.9 - Intel)Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1356638605-569504071-3264840808-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1356638605-569504071-3264840808-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1356638605-569504071-3264840808-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1356638605-569504071-3264840808-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1356638605-569504071-3264840808-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1356638605-569504071-3264840808-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1356638605-569504071-3264840808-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1356638605-569504071-3264840808-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1356638605-569504071-3264840808-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1356638605-569504071-3264840808-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= 04-05-2015 06:33:27 Installed TrayApp04-05-2015 06:36:01 Installed TrayApp04-05-2015 06:37:06 Installed TrayApp04-05-2015 06:53:07 Installed TrayApp25-05-2015 18:11:13 Removed AMD Catalyst Install Manager25-05-2015 18:30:57 Installed TrayApp25-05-2015 18:52:35 Installed TrayApp25-05-2015 18:54:35 Installed TrayApp25-05-2015 18:54:56 Installed TrayApp25-05-2015 18:55:11 Installed TrayApp25-05-2015 18:56:52 Installed F240025-05-2015 18:57:03 Installed F240025-05-2015 18:58:17 Removed Core Graphics Software25-05-2015 19:02:54 Installed TrayApp25-05-2015 19:06:36 Installed TrayApp25-05-2015 19:09:10 Installed TrayApp25-05-2015 19:09:52 Installed TrayApp25-05-2015 19:10:25 Installed TrayApp08-06-2015 10:33:11 Installed F240008-06-2015 10:54:05 Windows Update ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00A5A28E-4493-43E2-9690-6F96F3E35644} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exeTask: {03E219BD-B29A-4F4E-968C-527A4C6CBDC2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)Task: {0C0EE8BF-A5A6-4674-8D8E-43575F49F1B1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)Task: {1BEDD498-9681-4628-8ED3-FA0B262F8FDB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)Task: {321F4A2D-BA0C-4D50-8EE8-9F94BF967A82} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)Task: {507BCE15-675D-4272-919D-FFF9B1DF9044} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {72A7AB7D-901B-4990-8E74-20E6161C3918} - System32\Tasks\{AAD957BF-6E7E-4D00-B8F2-F8951E590DBA} => pcalua.exe -a "C:\Users\Ashley Favara\AppData\Local\Temp\Temp1_SBT-SP6C-Windows_7.zip\WIN7\setup.exe"Task: {746B3AB6-1CCA-447B-BC40-D7E91AFEFDEB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)Task: {8C6AB753-75A5-446A-85F1-55CF94011EA6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)Task: {922E5265-A08A-4522-A9AD-AAD89880F827} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2014-01-26] (Microsoft Corporation)Task: {B5759179-273A-483C-95DB-455EB188A8BA} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)Task: {C4356DC4-584C-43E0-B4DF-715587ADDF4F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)Task: {E943F7EB-1474-45CE-9E46-BFBC55BC9AA5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-14] (AVAST Software)Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2013-10-08 13:59 - 2013-01-31 04:25 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2015-01-21 15:59 - 2015-01-21 15:59 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll2012-01-10 22:12 - 2012-01-10 22:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2013-03-18 09:42 - 2013-03-18 09:42 - 02233592 _____ () C:\Program Files\SGFX\SgfxConfig.exe2014-08-14 19:52 - 2014-08-14 19:52 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll2015-05-25 18:13 - 2015-05-25 18:13 - 02948096 _____ () C:\Program Files\AVAST Software\Avast\defs\15052502\algo.dll2015-01-21 15:58 - 2015-01-21 15:58 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll2015-03-31 15:46 - 2015-05-25 18:31 - 40518200 _____ () C:\Users\Ashley Favara\AppData\Roaming\Spotify\libcef.dll2014-08-14 19:53 - 2014-08-14 19:53 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2015-05-25 18:20 - 2015-05-22 15:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll2015-05-25 18:20 - 2015-05-22 15:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll2015-03-31 15:46 - 2015-05-25 18:30 - 01365560 _____ () C:\Users\Ashley Favara\AppData\Roaming\Spotify\libglesv2.dll2015-03-31 15:46 - 2015-05-25 18:30 - 00219192 _____ () C:\Users\Ashley Favara\AppData\Roaming\Spotify\libegl.dll2015-03-31 15:46 - 2015-03-31 15:46 - 09305656 _____ () C:\Users\Ashley Favara\AppData\Roaming\Spotify\pdf.dll2015-03-31 15:46 - 2015-05-25 18:30 - 00990776 _____ () C:\Users\Ashley Favara\AppData\Roaming\Spotify\ffmpegsumo.dll2014-12-03 18:27 - 2014-12-03 18:27 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll2013-10-08 13:54 - 2010-03-03 22:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll2015-05-25 19:12 - 2015-05-25 19:12 - 00043008 _____ () c:\Users\Ashley Favara\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyyjaq0.dll2015-03-04 16:45 - 2015-03-04 16:45 - 00750080 _____ () C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\libGLESv2.dll2015-03-04 16:45 - 2015-03-04 16:45 - 00047616 _____ () C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\libEGL.dll2015-03-04 16:45 - 2015-03-04 16:45 - 00865280 _____ () C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll2015-03-04 16:45 - 2015-03-04 16:45 - 00200704 _____ () C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1356638605-569504071-3264840808-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ashley Favara\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: 8.8.8.8 - 4.2.2.2 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exeFirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exeFirewallRules: [{1A71BC65-5D9F-4CBC-A92C-CFEE3C1BA4DD}] => (Allow) C:\Users\Ashley Favara\AppData\Local\Temp\7zS07FA\hppiw.exeFirewallRules: [{FACF7FDD-D548-49AF-9C4F-314F2A394CD0}] => (Allow) C:\Users\Ashley Favara\AppData\Local\Temp\7zS07FA\hppiw.exeFirewallRules: [{7B0B4269-4785-415D-B285-709CE72BC495}] => (Allow) C:\Users\Ashley Favara\AppData\Local\Temp\7zS0CA8\hppiw.exeFirewallRules: [{E353258C-1E6E-4E08-A408-FCC62529F925}] => (Allow) C:\Users\Ashley Favara\AppData\Local\Temp\7zS0CA8\hppiw.exeFirewallRules: [{6CCCB115-4D7C-4C3B-91F1-911247AB788C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeFirewallRules: [{2039310C-3FED-4E6A-9B1B-F2A50A70252C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exeFirewallRules: [{592E9266-43A2-4227-A927-21DAA23228BF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exeFirewallRules: [{0CE3C229-CD2B-4852-BFD7-0A0050F0168C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exeFirewallRules: [{6EAAD38B-E76A-43D2-8ACF-64ADB46E32AD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exeFirewallRules: [{CE227041-95E2-4943-88B2-2AFB4D802A24}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exeFirewallRules: [{B6A200B1-A5E9-4AA5-9715-93FE2D2E014B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exeFirewallRules: [{E6A126C2-0C70-4435-ADE7-DD95826F838E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exeFirewallRules: [{672D2D8E-18D5-4891-87C9-13B3C4D5BBDA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exeFirewallRules: [{06FF8F8B-C7D0-492D-BD3D-569D001529EF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exeFirewallRules: [{36B9A465-C8EC-4DBF-A21F-B1262F939ED7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exeFirewallRules: [{B5E2F330-019F-4095-A43C-D616C148DA1F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exeFirewallRules: [{3953C054-8D0B-4AC8-9CBD-07656FF832BF}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exeFirewallRules: [{4CE7B93B-BE42-4B6F-9543-CA0B53104220}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exeFirewallRules: [{154ECA8B-A9B5-4FF0-AC2F-EE80034D665D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exeFirewallRules: [{710FB585-F0AB-4139-8032-FA855E96D2E7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exeFirewallRules: [{F1D3525A-151D-4214-98AB-F07460A8F844}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exeFirewallRules: [{1F2DD39B-6928-4886-8CB3-A38E921F30DB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exeFirewallRules: [TCP Query User{3EA28441-30A3-44F5-BB6A-F6FCCCD3375D}C:\users\ashley favara\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ashley favara\appdata\roaming\spotify\spotify.exeFirewallRules: [uDP Query User{B461DB0C-B245-4D83-97B9-4EC5D720D8A7}C:\users\ashley favara\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ashley favara\appdata\roaming\spotify\spotify.exeFirewallRules: [TCP Query User{36C792D4-E14F-461D-98E1-35B691F33596}C:\users\ashley favara\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\ashley favara\appdata\roaming\spotify\spotify.exeFirewallRules: [uDP Query User{0BEA39A0-F2F2-4E63-B151-EED86EDCD879}C:\users\ashley favara\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\ashley favara\appdata\roaming\spotify\spotify.exeFirewallRules: [{A19696B4-CB91-499E-ABCF-F92A998DA75B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exeFirewallRules: [{4BD69382-8DB8-40D1-A885-721639A63ECD}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exeFirewallRules: [{EE0C1D89-532F-465D-8199-58312F48A9B3}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exeFirewallRules: [{2A8CDC3E-8DB5-418E-A44A-ACF096CA2EB4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exeFirewallRules: [{27A40A85-015C-471C-9203-8E7D2283D683}] => (Allow) C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\Dropbox.exeFirewallRules: [{E07BE82F-00FE-41E7-8B0C-DE0C0BBBF59C}] => (Allow) C:\Users\Ashley Favara\AppData\Roaming\Dropbox\bin\Dropbox.exeFirewallRules: [TCP Query User{BC467A36-28C9-4531-BC7E-DBB968F470D2}C:\users\ashley favara\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\ashley favara\appdata\roaming\dropbox\bin\dropbox.exeFirewallRules: [uDP Query User{96EDA77C-2EB9-42D2-95B5-63F4748AFDBE}C:\users\ashley favara\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\ashley favara\appdata\roaming\dropbox\bin\dropbox.exeFirewallRules: [{C0E517D8-30F1-4EED-89BF-0D8955F72C30}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{8C95133D-688B-45C2-8B4B-2DE1F4279F11}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{59004864-BD99-49EE-989E-A21DEA850E9F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{5267CE1D-FFF1-441F-B8C3-F1464E52FBE1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{A3B7B570-FCBF-4004-9D9C-2AB02B1FB751}] => (Allow) C:\Program Files\iTunes\iTunes.exeFirewallRules: [{54D4A726-65B2-459D-8401-1C428EA42AEA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (06/08/2015 01:45:45 PM) (Source: SideBySide) (EventID: 35) (User: )Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.Component identity found in manifest does not match the identity of the component requested.Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".Please use sxstrace.exe for detailed diagnosis. Error: (06/08/2015 00:55:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 4916543 Error: (06/08/2015 00:55:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 4916543 Error: (06/08/2015 00:55:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/08/2015 00:55:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 4915529 Error: (06/08/2015 00:55:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 4915529 Error: (06/08/2015 00:55:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/08/2015 00:55:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 4914530 Error: (06/08/2015 00:55:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 4914530 Error: (06/08/2015 00:55:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second System errors:=============Error: (05/25/2015 07:04:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Ricoh xD-Picture Card Driver service failed to start due to the following error: %%1058 Error: (05/25/2015 07:04:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The rimsptsk service failed to start due to the following error: %%1058 Error: (05/25/2015 07:04:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The rimmptsk service failed to start due to the following error: %%1058 Error: (05/25/2015 06:50:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Ricoh xD-Picture Card Driver service failed to start due to the following error: %%1058 Error: (05/25/2015 06:50:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The rimsptsk service failed to start due to the following error: %%1058 Error: (05/25/2015 06:50:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The rimmptsk service failed to start due to the following error: %%1058 Error: (05/25/2015 06:49:16 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {3EB3C877-1F16-487C-9050-104DBCD66683} Error: (05/25/2015 06:45:45 PM) (Source: DCOM) (EventID: 10005) (User: )Description: 1084MSIServer{000C101C-0000-0000-C000-000000000046} Error: (05/25/2015 06:45:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (05/25/2015 06:45:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Microsoft Office:=========================Error: (06/08/2015 01:45:45 PM) (Source: SideBySide) (EventID: 35) (User: )Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"c:\program files (x86)\microsoft office\Office15\lync.exe.Manifestc:\program files (x86)\microsoft office\Office15\UccApi.DLL1 Error: (06/08/2015 00:55:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 4916543 Error: (06/08/2015 00:55:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 4916543 Error: (06/08/2015 00:55:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/08/2015 00:55:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 4915529 Error: (06/08/2015 00:55:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 4915529 Error: (06/08/2015 00:55:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/08/2015 00:55:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 4914530 Error: (06/08/2015 00:55:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 4914530 Error: (06/08/2015 00:55:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second CodeIntegrity Errors:=================================== Date: 2014-02-02 15:50:59.821 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Ashley Favara\AppData\Local\Temp\{E44BFEC1-0F6D-4F5A-9C09-76B03C6BF958}\{0DFF25A2-876E-4E5D-B97A-78BD400AE68B}\cmiainfo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-02 15:50:59.775 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Ashley Favara\AppData\Local\Temp\{E44BFEC1-0F6D-4F5A-9C09-76B03C6BF958}\{0DFF25A2-876E-4E5D-B97A-78BD400AE68B}\cmiainfo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Core i5 CPU M 520 @ 2.40GHzPercentage of memory in use: 61%Total physical RAM: 3887.43 MBAvailable physical RAM: 1513.87 MBTotal Pagefile: 7773.05 MBAvailable Pagefile: 4595.88 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:143.63 GB) (Free:81.24 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: EA255B04)Partition 1: (Active) - (Size=5.4 GB) - (Type=27)Partition 2: (Not Active) - (Size=143.6 GB) - (Type=07 NTFS) ==================== End of log ============================
- June 8, 2015
- 8 replies
Help Please

kfavara posted a topic in Resolved Malware Removal Logs

I downloaded malwarebytes and scanned. It didn't automatically save the log file so I saved results. I am not sure if this is what you need. The computer runs constantly and is so slow we can't do anything. Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 6/8/2015Scan Time: 1:27:27 PMLogfile: frst.txtAdministrator: Yes Version: 0.00.0.0000Malware Database: v2015.06.08.04Rootkit Database: v2015.06.02.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Ashley Favara Scan Type: Threat ScanResult: CompletedObjects Scanned: 342405Time Elapsed: 29 min, 51 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end)
- June 8, 2015
- 8 replies
Need Help Please

kfavara replied to kfavara's topic in Resolved Malware Removal Logs

Malware Bytes... Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 12/10/2014Scan Time: 9:39:59 PMLogfile: Administrator: Yes Version: 2.00.4.1028Malware Database: v2014.12.10.10Rootkit Database: v2014.12.08.03License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 8.1CPU: x64File System: NTFSUser: kfavara Scan Type: Threat ScanResult: CompletedObjects Scanned: 382179Time Elapsed: 8 hr, 34 min, 8 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 1PUP.Optional.Conduit.A, HKU\S-1-5-21-1512695327-3525718689-2234752887-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, , [45822a361963c076ad27d877867d45bb], Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) ESET...C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx a variant of Win32/SweetIM.L potentially unwanted applicationC:\Users\kfavara\Desktop\Free_Download_Setup.exe a variant of Win32/InstallCore.RA potentially unwanted applicationC:\Users\kfavara\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application Farbar...Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2014 03Ran by kfavara (administrator) on PC on 12-12-2014 05:56:45Running from C:\Users\kfavara\DesktopLoaded Profile: kfavara (Available profiles: kfavara & Ashleyand)Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Dropbox, Inc.) C:\Users\kfavara\AppData\Roaming\Dropbox\bin\Dropbox.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Farbar) C:\Users\kfavara\Desktop\FRST64 (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-19] (IDT, Inc.)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-07-28] (Synaptics Incorporated)HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-09] (AVAST Software)HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2013-12-12] (Cisco Systems, Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-1512695327-3525718689-2234752887-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)Startup: C:\Users\kfavara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\kfavara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\kfavara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnkShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No FileShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No FileShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No FileShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No FileShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No FileShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No FileCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1HKU\S-1-5-21-1512695327-3525718689-2234752887-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1HKU\S-1-5-21-1512695327-3525718689-2234752887-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM -> {F7F6400A-3778-42F5-8961-E21B0939D00C} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> {F7F6400A-3778-42F5-8961-E21B0939D00C} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1512695327-3525718689-2234752887-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileTcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox:========FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-16] Chrome: =======CHR StartupUrls: Default -> "hxxp://www.gmail.com/"CHR Profile: C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-11]CHR Extension: (Google Drive) - C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-11]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]CHR Extension: (YouTube) - C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-11]CHR Extension: (Google Search) - C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-11]CHR Extension: (Avast Online Security) - C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-16]CHR Extension: (Delicious Bookmarks Extension) - C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnaelnkmidnndgikjbiifihgklnocljd [2014-05-26]CHR Extension: (Google Wallet) - C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]CHR Extension: (Gmail) - C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-11]CHR HKU\S-1-5-21-1512695327-3525718689-2234752887-1001\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\kfavara\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx [Not Found]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-09]CHR HKLM-x32\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\kfavara\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-09] (AVAST Software)S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2014-11-05] (Microsoft Corporation)R2 Crypkey License; C:\WINDOWS\system32\crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.) [File not signed]R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-07-06] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-07-06] (Intel Corporation)R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [1978584 2014-08-13] (VMware, Inc.)S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-11-05] (Microsoft Corporation)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)R2 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [528600 2014-08-29] (VMware, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-09] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-09] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-09] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-09] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-09] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-09] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-09] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-09] ()S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-10] (Malwarebytes Corporation)R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-07-28] (Synaptics Incorporated)S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-12-12] (Cisco Systems, Inc.)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-12 05:56 - 2014-12-12 05:56 - 02119680 _____ (Farbar) C:\Users\kfavara\Desktop\FRST64 (1).exe2014-12-12 05:55 - 2014-12-12 05:55 - 00000429 _____ () C:\Users\kfavara\Desktop\eset.txt2014-12-11 19:43 - 2014-12-11 19:45 - 02347384 _____ (ESET) C:\Users\kfavara\Desktop\esetsmartinstaller_enu (1).exe2014-12-11 06:21 - 2014-12-11 06:21 - 02347384 _____ (ESET) C:\Users\kfavara\Desktop\esetsmartinstaller_enu.exe2014-12-11 06:21 - 2014-12-11 06:21 - 00000000 ____D () C:\Program Files (x86)\ESET2014-12-11 06:18 - 2014-12-11 06:18 - 00001218 _____ () C:\Users\kfavara\Desktop\mam.txt2014-12-10 21:37 - 2014-12-10 21:37 - 00002901 _____ () C:\Users\kfavara\Desktop\AdwCleaner[s0].txt2014-12-10 21:34 - 2014-12-10 21:34 - 00002886 _____ () C:\Users\kfavara\Desktop\AdwCleaner[R0].txt2014-12-10 21:29 - 2014-12-10 21:34 - 00000000 ____D () C:\AdwCleaner2014-12-10 21:28 - 2014-12-10 21:28 - 02166272 _____ () C:\Users\kfavara\Desktop\AdwCleaner.exe2014-12-10 21:17 - 2014-12-10 21:17 - 00000000 ____D () C:\WINDOWS\system32\appraiser2014-12-10 21:00 - 2014-12-10 21:01 - 00001734 _____ () C:\Users\kfavara\Desktop\JRT.txt2014-12-10 20:58 - 2014-11-09 20:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll2014-12-10 20:58 - 2014-11-09 19:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll2014-12-10 20:52 - 2014-12-10 20:52 - 00000000 ____D () C:\WINDOWS\ERUNT2014-12-10 20:49 - 2014-12-10 20:50 - 01707646 _____ (Thisisu) C:\Users\kfavara\Desktop\JRT.exe2014-12-09 20:27 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2014-12-09 20:27 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2014-12-09 20:27 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2014-12-09 20:27 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2014-12-09 20:27 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2014-12-09 20:27 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2014-12-09 20:27 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2014-12-09 20:27 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2014-12-09 20:27 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2014-12-09 20:27 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2014-12-09 20:27 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2014-12-09 20:25 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2014-12-09 20:24 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll2014-12-09 20:24 - 2014-11-21 20:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec2014-12-09 20:24 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll2014-12-09 20:24 - 2014-11-21 20:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll2014-12-09 20:24 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2014-12-09 20:24 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll2014-12-09 20:24 - 2014-11-21 20:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec2014-12-09 20:24 - 2014-11-21 20:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll2014-12-09 20:24 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll2014-12-09 20:24 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll2014-12-09 20:24 - 2014-11-21 19:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll2014-12-09 20:24 - 2014-11-21 19:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll2014-12-09 20:24 - 2014-11-21 19:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll2014-12-09 20:24 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2014-12-09 20:24 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2014-12-09 20:24 - 2014-11-21 19:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll2014-12-09 20:24 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2014-12-09 20:24 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll2014-12-09 20:24 - 2014-11-21 19:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll2014-12-09 20:24 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll2014-12-09 20:24 - 2014-11-21 19:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll2014-12-09 20:24 - 2014-11-21 19:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll2014-12-09 20:24 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2014-12-09 20:24 - 2014-11-21 19:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll2014-12-09 20:24 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl2014-12-09 20:24 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2014-12-09 20:24 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2014-12-09 20:23 - 2014-12-03 17:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll2014-12-09 20:23 - 2014-12-03 17:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll2014-12-09 20:23 - 2014-12-02 17:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll2014-12-09 20:23 - 2014-12-02 17:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll2014-12-09 20:23 - 2014-12-02 17:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll2014-12-09 20:23 - 2014-12-02 17:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll2014-12-09 20:23 - 2014-12-02 17:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll2014-12-09 20:23 - 2014-11-06 22:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll2014-12-09 20:23 - 2014-11-06 21:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll2014-12-09 20:23 - 2014-10-31 17:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll2014-12-09 20:23 - 2014-10-31 17:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll2014-12-09 20:23 - 2014-10-12 20:43 - 00238912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys2014-12-09 20:23 - 2014-10-12 20:43 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys2014-12-09 20:23 - 2014-10-12 20:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys2014-12-09 20:23 - 2014-10-12 20:43 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys2014-12-09 20:03 - 2014-12-09 20:03 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-12-09 19:57 - 2014-12-09 19:57 - 00000000 ____D () C:\WINDOWS\ERDNT2014-12-09 19:57 - 2014-12-09 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT2014-12-09 19:57 - 2014-12-09 19:57 - 00000000 ____D () C:\Program Files (x86)\ERUNT2014-12-09 19:56 - 2014-12-09 19:56 - 00791393 _____ (Lars Hederer ) C:\Users\kfavara\Desktop\erunt-setup.exe2014-12-09 19:55 - 2014-12-09 19:55 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\kfavara\Desktop\iExplore64.exe2014-12-09 19:54 - 2014-12-09 19:55 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\kfavara\Desktop\iExplore.exe2014-12-09 19:53 - 2014-12-09 19:55 - 00001960 _____ () C:\Users\kfavara\Desktop\Rkill.txt2014-12-09 19:53 - 2014-12-09 19:53 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\kfavara\Desktop\rkill.exe2014-12-09 19:53 - 2014-12-09 19:53 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\kfavara\Desktop\rkill64.exe2014-12-09 19:45 - 2014-12-09 19:45 - 00001980 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk2014-12-09 19:44 - 2014-12-09 19:44 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe2014-12-09 19:44 - 2014-12-09 19:44 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr2014-12-08 21:22 - 2014-12-08 21:23 - 00029360 _____ () C:\Users\kfavara\Desktop\Addition.txt2014-12-08 21:20 - 2014-12-12 05:56 - 00017742 _____ () C:\Users\kfavara\Desktop\FRST.txt2014-12-08 21:20 - 2014-12-08 21:20 - 02119680 _____ (Farbar) C:\Users\kfavara\Desktop\frst64.exe2014-11-28 21:37 - 2014-11-28 21:37 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf2014-11-26 19:07 - 2014-11-26 19:07 - 00000000 __SHD () C:\Users\kfavara\AppData\Local\EmieUserList2014-11-26 19:07 - 2014-11-26 19:07 - 00000000 __SHD () C:\Users\kfavara\AppData\Local\EmieSiteList2014-11-26 19:07 - 2014-11-26 19:07 - 00000000 __SHD () C:\Users\kfavara\AppData\Local\EmieBrowserModeList2014-11-23 20:29 - 2014-11-09 17:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll2014-11-23 20:29 - 2014-11-09 17:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll2014-11-23 20:29 - 2014-11-09 17:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll2014-11-23 20:29 - 2014-11-09 17:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll2014-11-19 04:31 - 2014-11-19 04:31 - 01217192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FM20.DLL2014-11-12 04:24 - 2014-09-27 01:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll2014-11-12 04:24 - 2014-09-26 23:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll2014-11-12 04:24 - 2014-09-26 21:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll2014-11-12 04:24 - 2014-09-26 21:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll2014-11-12 04:24 - 2014-09-26 21:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll2014-11-12 04:23 - 2014-10-12 20:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe2014-11-12 04:23 - 2014-10-10 18:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll2014-11-12 04:23 - 2014-10-10 18:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll2014-11-12 04:23 - 2014-10-08 01:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll2014-11-12 04:23 - 2014-10-08 01:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll2014-11-12 04:23 - 2014-10-08 00:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll2014-11-12 04:23 - 2014-10-07 23:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll2014-11-12 04:23 - 2014-10-07 23:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll2014-11-12 04:23 - 2014-09-21 22:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll2014-11-12 04:23 - 2014-09-21 21:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys2014-11-12 04:23 - 2014-09-21 21:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys2014-11-12 04:23 - 2014-09-21 20:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys2014-11-12 04:23 - 2014-09-18 18:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll2014-11-12 04:23 - 2014-09-02 16:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll2014-11-12 04:23 - 2014-09-02 16:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll2014-11-12 04:22 - 2014-10-07 00:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll2014-11-12 04:22 - 2014-10-07 00:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll2014-11-12 04:22 - 2014-10-07 00:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll2014-11-12 04:22 - 2014-10-07 00:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe2014-11-12 04:22 - 2014-10-07 00:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll2014-11-12 04:22 - 2014-10-06 21:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll2014-11-12 04:22 - 2014-10-06 21:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll2014-11-12 04:22 - 2014-10-06 21:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll2014-11-12 04:22 - 2014-10-06 19:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll2014-11-12 04:22 - 2014-10-06 19:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll2014-11-12 04:22 - 2014-08-22 23:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll2014-11-12 04:22 - 2014-08-22 23:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll2014-11-12 04:20 - 2014-10-30 23:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe2014-11-12 04:20 - 2014-10-30 23:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe2014-11-12 04:20 - 2014-10-30 23:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe2014-11-12 04:20 - 2014-10-30 23:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll2014-11-12 04:20 - 2014-10-30 23:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe2014-11-12 04:20 - 2014-10-30 23:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll2014-11-12 04:20 - 2014-10-30 23:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll2014-11-12 04:20 - 2014-10-30 23:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll2014-11-12 04:20 - 2014-10-30 22:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll2014-11-12 04:20 - 2014-10-30 22:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll2014-11-12 04:20 - 2014-10-30 22:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll2014-11-12 04:20 - 2014-10-30 22:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll2014-11-12 04:20 - 2014-10-30 22:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll2014-11-12 04:20 - 2014-10-30 22:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe2014-11-12 04:20 - 2014-10-30 22:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe2014-11-12 04:20 - 2014-10-30 22:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll2014-11-12 04:20 - 2014-10-30 22:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll2014-11-12 04:20 - 2014-10-30 22:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll2014-11-12 04:20 - 2014-10-30 22:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll2014-11-12 04:20 - 2014-10-30 22:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll2014-11-12 04:20 - 2014-10-30 22:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx2014-11-12 04:20 - 2014-10-30 22:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll2014-11-12 04:20 - 2014-10-30 22:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll2014-11-12 04:20 - 2014-10-30 22:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll2014-11-12 04:20 - 2014-10-30 22:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll2014-11-12 04:20 - 2014-10-30 21:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll2014-11-12 04:20 - 2014-10-30 21:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll2014-11-12 04:20 - 2014-10-30 21:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe2014-11-12 04:20 - 2014-10-30 21:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe2014-11-12 04:20 - 2014-10-30 21:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe2014-11-12 04:20 - 2014-10-30 21:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll2014-11-12 04:20 - 2014-10-30 21:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe2014-11-12 04:20 - 2014-10-30 21:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll2014-11-12 04:20 - 2014-10-30 21:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll2014-11-12 04:20 - 2014-10-30 21:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll2014-11-12 04:20 - 2014-10-30 21:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll2014-11-12 04:20 - 2014-10-30 21:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll2014-11-12 04:20 - 2014-10-30 21:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll2014-11-12 04:20 - 2014-10-30 21:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll2014-11-12 04:20 - 2014-10-30 21:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll2014-11-12 04:20 - 2014-10-30 21:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe2014-11-12 04:20 - 2014-10-30 21:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll2014-11-12 04:20 - 2014-10-30 21:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll2014-11-12 04:20 - 2014-10-30 21:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll2014-11-12 04:20 - 2014-10-30 20:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll2014-11-12 04:20 - 2014-10-30 20:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll2014-11-12 04:20 - 2014-10-30 20:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll2014-11-12 04:20 - 2014-10-30 20:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx2014-11-12 04:20 - 2014-10-30 20:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll2014-11-12 04:20 - 2014-10-30 20:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll2014-11-12 04:20 - 2014-10-30 20:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll2014-11-12 04:20 - 2014-10-30 20:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll2014-11-12 04:20 - 2014-10-30 20:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll2014-11-12 04:20 - 2014-10-22 23:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll2014-11-12 04:20 - 2014-10-22 23:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll2014-11-12 04:20 - 2014-10-18 03:55 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe2014-11-12 04:20 - 2014-10-18 02:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll2014-11-12 04:20 - 2014-10-18 02:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll2014-11-12 04:20 - 2014-10-18 01:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll2014-11-12 04:20 - 2014-10-18 00:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll2014-11-12 04:20 - 2014-10-18 00:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll2014-11-12 04:20 - 2014-10-18 00:27 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe2014-11-12 04:20 - 2014-10-18 00:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll2014-11-12 04:20 - 2014-10-18 00:23 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll2014-11-12 04:20 - 2014-10-18 00:23 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll2014-11-12 04:20 - 2014-10-18 00:21 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll2014-11-12 04:20 - 2014-10-18 00:20 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll2014-11-12 04:20 - 2014-10-18 00:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll2014-11-12 04:20 - 2014-10-18 00:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe2014-11-12 04:20 - 2014-10-18 00:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll2014-11-12 04:20 - 2014-10-18 00:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll2014-11-12 04:20 - 2014-10-17 01:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll2014-11-12 04:20 - 2014-10-17 00:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll2014-11-12 04:20 - 2014-10-09 19:58 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys2014-11-12 04:20 - 2014-10-09 19:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys2014-11-12 04:20 - 2014-10-09 19:44 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys2014-11-12 04:20 - 2014-10-08 01:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll2014-11-12 04:20 - 2014-10-08 01:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll2014-11-12 04:20 - 2014-10-08 01:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll2014-11-12 04:20 - 2014-10-08 01:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll2014-11-12 04:20 - 2014-10-08 00:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll2014-11-12 04:20 - 2014-10-08 00:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll2014-11-12 04:20 - 2014-10-08 00:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll2014-11-12 04:20 - 2014-10-08 00:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll2014-11-12 04:20 - 2014-10-08 00:17 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll2014-11-12 04:20 - 2014-10-07 23:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll2014-11-12 04:20 - 2014-10-06 21:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys2014-11-12 04:19 - 2014-09-10 00:25 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys2014-11-12 04:19 - 2014-09-07 21:07 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys2014-11-12 04:19 - 2014-09-07 21:07 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS2014-11-12 04:19 - 2014-09-07 16:08 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml2014-11-12 04:19 - 2014-09-04 16:30 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll2014-11-12 04:19 - 2014-09-04 16:21 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll2014-11-12 04:19 - 2014-09-03 21:05 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll2014-11-12 04:19 - 2014-09-03 20:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll2014-11-12 04:19 - 2014-09-03 19:01 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll2014-11-12 04:19 - 2014-09-03 18:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll2014-11-12 04:19 - 2014-08-30 18:17 - 00148800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS2014-11-12 04:19 - 2014-08-30 18:15 - 21197152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll2014-11-12 04:19 - 2014-08-30 16:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll2014-11-12 04:19 - 2014-08-30 16:05 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll2014-11-12 04:19 - 2014-08-30 15:58 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll2014-11-12 04:19 - 2014-08-30 15:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll2014-11-12 04:19 - 2014-08-30 14:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll2014-11-12 04:19 - 2014-08-30 14:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll2014-11-12 04:19 - 2014-08-27 20:55 - 07484224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe2014-11-12 04:19 - 2014-08-27 18:21 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll2014-11-12 04:19 - 2014-08-27 18:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll2014-11-12 04:19 - 2014-08-22 23:14 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll2014-11-12 04:19 - 2014-08-22 23:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll2014-11-12 04:19 - 2014-08-22 22:50 - 02714112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll2014-11-12 04:19 - 2014-08-01 18:51 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll2014-11-12 04:19 - 2014-08-01 18:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-12 05:56 - 2014-09-04 11:29 - 00000000 ____D () C:\FRST2014-12-12 05:37 - 2013-04-06 12:02 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-12-12 05:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru2014-12-12 04:42 - 2014-11-05 07:24 - 02052679 _____ () C:\WINDOWS\WindowsUpdate.log2014-12-12 02:45 - 2013-04-06 11:22 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1512695327-3525718689-2234752887-10012014-12-12 01:51 - 2013-04-06 11:15 - 00003910 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F037E7D8-B1ED-443F-8B78-3C72230D23FD}2014-12-11 23:07 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\rescache2014-12-11 20:51 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2014-12-11 20:50 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS2014-12-11 20:50 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS2014-12-11 20:50 - 2013-04-23 18:37 - 00000000 ___RD () C:\Users\kfavara\Dropbox2014-12-11 20:49 - 2013-04-23 18:34 - 00000000 ____D () C:\Users\kfavara\AppData\Roaming\Dropbox2014-12-11 20:37 - 2014-01-17 18:28 - 00008432 _____ () C:\WINDOWS\error.log2014-12-11 20:37 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-12-11 20:36 - 2014-01-17 18:28 - 00003333 _____ () C:\WINDOWS\errord.log2014-12-11 19:55 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2014-12-11 19:46 - 2013-11-10 13:45 - 00003164 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForkfavara2014-12-11 19:46 - 2013-11-10 13:45 - 00000346 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForkfavara.job2014-12-10 21:39 - 2014-04-22 05:55 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-12-10 21:36 - 2014-09-24 01:03 - 00849428 _____ () C:\WINDOWS\PFRO.log2014-12-10 21:35 - 2013-08-22 07:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI2014-12-10 21:17 - 2014-09-24 03:50 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel2014-12-10 21:17 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppCompat2014-12-10 21:16 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions2014-12-10 21:16 - 2013-04-06 11:27 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-12-10 21:08 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM2014-12-10 21:08 - 2013-08-15 19:27 - 00000000 ____D () C:\WINDOWS\system32\MRT2014-12-10 21:08 - 2013-04-09 13:12 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-12-09 20:03 - 2014-04-22 05:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-12-09 20:03 - 2014-04-22 05:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-12-09 19:45 - 2014-03-16 11:58 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys2014-12-09 19:44 - 2014-04-22 06:01 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys2014-12-09 19:44 - 2014-03-16 11:58 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys2014-12-09 19:44 - 2014-03-16 11:58 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys2014-12-09 19:44 - 2014-03-16 11:58 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys2014-12-09 19:44 - 2014-03-16 11:58 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys2014-12-09 19:44 - 2014-03-16 11:58 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys2014-12-09 19:44 - 2014-03-16 11:58 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys2014-12-09 19:44 - 2014-03-16 11:58 - 00003924 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update2014-12-09 19:39 - 2012-11-02 16:54 - 00000000 ____D () C:\ProgramData\Norton2014-12-09 19:36 - 2012-07-26 02:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP2014-12-06 10:08 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\NDF2014-12-05 17:14 - 2014-09-24 01:15 - 00958356 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2014-12-05 17:12 - 2013-08-22 08:46 - 00334194 _____ () C:\WINDOWS\setupact.log2014-11-26 15:10 - 2014-11-10 20:03 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2014-11-26 15:10 - 2014-11-10 20:03 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2014-11-21 06:14 - 2014-04-22 05:52 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-11-21 06:14 - 2014-04-22 05:52 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2014-11-21 06:14 - 2014-04-22 05:52 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2014-11-16 09:32 - 2013-04-06 12:02 - 00003884 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA2014-11-16 09:32 - 2013-04-06 12:02 - 00003648 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore2014-11-16 09:32 - 2013-04-06 12:02 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-11-15 21:27 - 2013-04-23 18:35 - 00000000 ____D () C:\Users\kfavara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-11-12 20:51 - 2013-11-22 14:51 - 00002248 ____H () C:\Users\kfavara\Documents\Default.rdp2014-11-12 20:14 - 2014-11-05 07:00 - 00000000 ____D () C:\Users\Ashleyand2014-11-12 17:16 - 2013-04-09 18:38 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1512695327-3525718689-2234752887-10042014-11-12 16:46 - 2014-11-06 21:17 - 00000000 ___RD () C:\Users\Ashleyand\OneDrive2014-11-12 13:05 - 2013-08-22 08:44 - 00503688 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2014-11-12 13:01 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-11-12 13:01 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-11-12 13:01 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows Defender2014-11-12 13:01 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender2014-11-12 04:52 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ToastData2014-11-12 04:52 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel Some content of TEMP:====================C:\Users\kfavara\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcg7ud4.dllC:\Users\kfavara\AppData\Local\Temp\Quarantine.exeC:\Users\kfavara\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-11 20:48 ==================== End Of Log ============================
- December 12, 2014
- 8 replies
Need Help Please

kfavara replied to kfavara's topic in Resolved Malware Removal Logs

JRT... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.4.0 (11.29.2014:1)OS: Windows 8.1 x64Ran by kfavara on Wed 12/10/2014 at 20:52:24.20~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT3291325Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT3298573Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3291325Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3298573Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"Successfully deleted: [Registry Key] "hkey_current_user\software\pip" ~~~ Files Successfully deleted: [File] "C:\Users\kfavara\appdata\local\google\chrome\user data\default\local storage\http_www.ask.com_0.localstorage"Successfully deleted: [File] "C:\Users\kfavara\appdata\local\google\chrome\user data\default\local storage\http_www.ask.com_0.localstorage-journal" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\apn"Successfully deleted: [Folder] "C:\Users\kfavara\appdata\local\conduit"Successfully deleted: [Folder] "C:\Users\kfavara\appdata\local\cre"Successfully deleted: [Folder] "C:\Users\kfavara\appdata\locallow\conduit"Successfully deleted: [Folder] "C:\Program Files (x86)\conduit" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 12/10/2014 at 21:00:12.68End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Adwarecleaner[R0] # AdwCleaner v4.105 - Report created 10/12/2014 at 21:29:33# Updated 08/12/2014 by Xplode# Database : 2014-12-08.2 [Live]# Operating System : Windows 8.1 (64 bits)# Username : kfavara - PC# Running from : C:\Users\kfavara\Desktop\AdwCleaner.exe# Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Users\Ashleyand\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorageFile Found : C:\Users\Ashleyand\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journalFolder Found : C:\SearchProtectFolder Found : C:\Users\Ashleyand\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmkFolder Found : C:\Users\Ashleyand\AppData\LocalLow\Conduit ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AppDataLow\Software\ConduitKey Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Found : HKCU\Software\AppDataLow\Software\SmartbarKey Found : HKCU\Software\AppDataLow\Software\SmartBarKey Found : HKCU\Software\Google\Chrome\Extensions\gipmblamjgodbimgeafaiegdpfbaeiheKey Found : HKCU\Software\IMKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}Key Found : [x64] HKCU\Software\IMKey Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Found : HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}Key Found : HKLM\SOFTWARE\ConduitKey Found : HKLM\SOFTWARE\Google\Chrome\Extensions\gipmblamjgodbimgeafaiegdpfbaeiheKey Found : HKLM\SOFTWARE\PIPKey Found : HKLM\SOFTWARE\SweetIMKey Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}] ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Google Chrome v39.0.2171.71 [C:\Users\Ashleyand\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}[C:\Users\Ashleyand\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://www.ask.com/web?q={searchTerms}[C:\Users\Ashleyand\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&locale=en_US&gct=sb&qsrc=2869 ************************* AdwCleaner[R0].txt - [2738 octets] - [10/12/2014 21:29:33] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2798 octets] ########## Adwarecleaner[s0] # AdwCleaner v4.105 - Report created 10/12/2014 at 21:34:52# Updated 08/12/2014 by Xplode# Database : 2014-12-08.2 [Live]# Operating System : Windows 8.1 (64 bits)# Username : kfavara - PC# Running from : C:\Users\kfavara\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\SearchProtectFolder Deleted : C:\Users\Ashleyand\AppData\LocalLow\ConduitFolder Deleted : C:\Users\Ashleyand\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmkFile Deleted : C:\Users\Ashleyand\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorageFile Deleted : C:\Users\Ashleyand\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Google\Chrome\Extensions\gipmblamjgodbimgeafaiegdpfbaeiheKey Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gipmblamjgodbimgeafaiegdpfbaeiheKey Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}Key Deleted : HKCU\Software\IMKey Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Deleted : HKCU\Software\AppDataLow\Software\SmartBarKey Deleted : HKLM\SOFTWARE\ConduitKey Deleted : HKLM\SOFTWARE\PIPKey Deleted : HKLM\SOFTWARE\SweetIM ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Google Chrome v39.0.2171.71 [C:\Users\Ashleyand\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}[C:\Users\Ashleyand\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}[C:\Users\Ashleyand\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&locale=en_US&gct=sb&qsrc=2869 ************************* AdwCleaner[R0].txt - [2886 octets] - [10/12/2014 21:29:33]AdwCleaner[s0].txt - [2757 octets] - [10/12/2014 21:34:52] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2817 octets] ##########
- December 12, 2014
- 8 replies
Need Help Please

kfavara replied to kfavara's topic in Resolved Malware Removal Logs

I have uninstalled Norton and updated Avast. You sent the quote about uTorrent, etc. I checked for both of those and don't have them. I have never intentionally installed anything like that. If I have it, it came from a virus. I have no illegal software. I tried the rkill from both links. It ran but never closed the box so I wasn't sure if it ran correctly. Here is the log file... Rkill 2.6.8 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2014 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 12/09/2014 07:55:34 PM in x64 mode.Windows Version: Windows 8.1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 * Windows Firewall Disabled [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = dword:00000000 It stops and stays open at this point. Malware Scan... Malwarebytes Anti-Malwarewww.malwarebytes.org Update, 12/9/2014 7:58:54 PM, SYSTEM, PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, Update, 12/9/2014 7:58:58 PM, SYSTEM, PC, Manual, Rootkit Database, 2014.8.21.1, 2014.12.8.3, Update, 12/9/2014 8:00:41 PM, SYSTEM, PC, Manual, Malware Database, 2014.9.7.8, 2014.12.10.1, Update, 12/9/2014 8:02:31 PM, SYSTEM, PC, Manual, program, 2.0.2.1012, 2.0.4.1028, Update, 12/9/2014 8:03:33 PM, SYSTEM, PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, Update, 12/9/2014 8:03:33 PM, SYSTEM, PC, Manual, Rootkit Database, 2014.11.18.1, 2014.12.8.3, Update, 12/9/2014 8:04:54 PM, SYSTEM, PC, Manual, Malware Database, 2014.11.20.6, 2014.12.10.1, (end)
- December 10, 2014
- 8 replies
Need Help Please

kfavara replied to kfavara's topic in Resolved Malware Removal Logs

Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-12-2014Ran by kfavara at 2014-12-08 21:22:18Running from C:\Users\kfavara\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05152 - Cisco Systems, Inc.)Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05152 - Cisco Systems, Inc.) HiddenCoffeeCup Free FTP (HKLM-x32\...\{66F43DBE-6D46-4BCE-831D-0D4C13639BE8}) (Version: 4.5.20 - CoffeeCup Software Inc.)CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDropbox (HKU\S-1-5-21-1512695327-3525718689-2234752887-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)Evernote v. 5.0.3 (HKLM-x32\...\{32D39568-3B77-11E3-88CE-00163E98E7D0}) (Version: 5.0.3.1614 - Evernote Corp.)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenHP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)HP Documentation (HKLM-x32\...\{DD27F8B0-BFDE-4188-89A0-BBF389FC367E}) (Version: 1.2.0.0 - Hewlett-Packard)HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.9.1002 - Intel Corporation)Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)Microsoft ASP.Net Web Frameworks 5.0 Security Update (KB2992080) (HKLM-x32\...\{3EC4A844-24F2-46DA-AEFB-FC3080C1BDB9}) (Version: 5.0.20821 - Microsoft Corporation)Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenMSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) HiddenNorton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.5 - Notepad++ Team)Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) HiddenPhoto Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenPhoto Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) HiddenPrerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)SharePoint Client Components (Version: 15.0.4481.1505 - Microsoft Corporation) HiddenswMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenSynaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)VMware Horizon Client (HKLM\...\{417E585F-77D0-4B0E-8C39-B1069491D56A}) (Version: 3.1.0.21879 - VMware, Inc.)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1512695327-3525718689-2234752887-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\kfavara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1512695327-3525718689-2234752887-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kfavara\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1512695327-3525718689-2234752887-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kfavara\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1512695327-3525718689-2234752887-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kfavara\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1512695327-3525718689-2234752887-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kfavara\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1512695327-3525718689-2234752887-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kfavara\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1512695327-3525718689-2234752887-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kfavara\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1512695327-3525718689-2234752887-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kfavara\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1512695327-3525718689-2234752887-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kfavara\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 24-11-2014 00:30:33 Scheduled Checkpoint29-11-2014 16:56:39 Windows Update29-11-2014 16:58:12 Windows Modules Installer07-12-2014 01:06:57 Scheduled Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2014-08-17 07:52 - 2014-11-12 20:27 - 00000798 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {11759258-328F-4382-B85C-8BB778BBE921} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)Task: {21BD8EBB-8EE6-44C1-8C2F-55121BB510D3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-06] (Google Inc.)Task: {4DE62AFA-17AF-4CAC-BD90-1FE6AB7EB352} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)Task: {5E01F5DA-F707-4F0B-807B-A173C8D81CB4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-12] (Microsoft Corporation)Task: {8912C658-404E-45E5-A556-B8AB15A0FEF5} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.)Task: {A50EC625-C77C-4233-AD83-6DD0972C8BD5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-06] (Google Inc.)Task: {BA9292C5-7927-418C-B048-863A3DC342FA} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)Task: {BF3F17A2-57BE-4AFC-854F-5D7B48358A5D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-25] (AVAST Software)Task: {C6CBBFEE-299D-4C24-B7FD-D7A48A45B2C2} - System32\Tasks\HPCeeScheduleForkfavara => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)Task: {C75861BD-E7F8-41B1-8734-4E65EBE99505} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {DE43A6F5-7865-48F9-8BBF-5AFD1AC0F2BE} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-28] (Synaptics Incorporated)Task: {E8B2D985-591A-464A-8CFC-681287AC109C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\HPCeeScheduleForkfavara.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exeTask: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Loaded Modules (whitelisted) ============= 2013-05-06 14:50 - 2012-09-12 14:33 - 00087152 _____ () C:\WINDOWS\System32\cpwmon64.dll2012-10-12 18:22 - 2012-10-12 18:22 - 00120224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll2012-10-12 18:22 - 2012-10-12 18:22 - 00048544 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll2012-10-12 18:22 - 2012-10-12 18:22 - 00180224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll2013-12-12 16:36 - 2013-12-12 16:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll2014-08-25 19:17 - 2014-08-25 19:17 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll2014-12-06 10:05 - 2014-12-06 10:05 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14120600\algo.dll2014-12-08 14:20 - 2014-12-08 14:20 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14120801\algo.dll2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2014-08-25 19:17 - 2014-08-25 19:17 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2014-11-26 14:40 - 2014-11-25 00:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll2014-11-26 14:40 - 2014-11-25 00:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll2014-11-26 14:40 - 2014-11-25 00:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll2014-11-26 14:40 - 2014-11-25 00:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll2014-12-06 10:12 - 2014-12-06 10:12 - 00043008 _____ () c:\users\kfavara\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdokslu.dll2013-08-23 13:01 - 2013-08-23 13:01 - 25100288 _____ () C:\Users\kfavara\AppData\Roaming\Dropbox\bin\libcef.dll2013-09-26 12:50 - 2013-09-26 12:50 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll2013-09-26 12:49 - 2013-09-26 12:49 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll2012-11-02 16:14 - 2013-07-06 13:26 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Ashleyand\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"HKU\S-1-5-21-1512695327-3525718689-2234752887-1001\...\StartupApproved\Run: => "GoogleDriveSync"HKU\S-1-5-21-1512695327-3525718689-2234752887-1001\...\StartupApproved\Run: => "Akamai NetSession Interface" ========================= Accounts: ========================== Administrator (S-1-5-21-1512695327-3525718689-2234752887-500 - Administrator - Disabled)Ashleyand (S-1-5-21-1512695327-3525718689-2234752887-1004 - Limited - Enabled) => C:\Users\AshleyandGuest (S-1-5-21-1512695327-3525718689-2234752887-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-1512695327-3525718689-2234752887-1011 - Limited - Enabled)kfavara (S-1-5-21-1512695327-3525718689-2234752887-1001 - Administrator - Enabled) => C:\Users\kfavara ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: Cisco SystemsService: vpnvaProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (12/06/2014 10:33:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1125 Error: (12/06/2014 10:33:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1125 Error: (12/06/2014 10:33:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/06/2014 10:14:47 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: IAStorDataMgrSvc.exe, version: 11.5.9.1002, time stamp: 0x5065e128Faulting module name: IAStorUtil.ni.dll, version: 11.5.9.1002, time stamp: 0x5065e124Exception code: 0xc0000005Fault offset: 0x0002f3fdFaulting process id: 0x1758Faulting application start time: 0xIAStorDataMgrSvc.exe0Faulting application path: IAStorDataMgrSvc.exe1Faulting module path: IAStorDataMgrSvc.exe2Report Id: IAStorDataMgrSvc.exe3Faulting package full name: IAStorDataMgrSvc.exe4Faulting package-relative application ID: IAStorDataMgrSvc.exe5 Error: (12/06/2014 10:14:45 AM) (Source: .NET Runtime) (EventID: 1026) (User: )Description: Application: IAStorDataMgrSvc.exeFramework Version: v4.0.30319Description: The process was terminated due to an unhandled exception.Exception Info: System.NullReferenceExceptionStack: at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges() at IAStorUtil.SystemDataModelListener.LoadSavedSystemState() at IAStorDataMgr.EventRelay.<Start>b__0(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (12/06/2014 10:08:35 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: IAStorDataMgrSvc.exe, version: 11.5.9.1002, time stamp: 0x5065e128Faulting module name: IAStorUtil.ni.dll, version: 11.5.9.1002, time stamp: 0x5065e124Exception code: 0xc0000005Fault offset: 0x0002f3fdFaulting process id: 0x16d8Faulting application start time: 0xIAStorDataMgrSvc.exe0Faulting application path: IAStorDataMgrSvc.exe1Faulting module path: IAStorDataMgrSvc.exe2Report Id: IAStorDataMgrSvc.exe3Faulting package full name: IAStorDataMgrSvc.exe4Faulting package-relative application ID: IAStorDataMgrSvc.exe5 Error: (12/06/2014 10:08:31 AM) (Source: .NET Runtime) (EventID: 1026) (User: )Description: Application: IAStorDataMgrSvc.exeFramework Version: v4.0.30319Description: The process was terminated due to an unhandled exception.Exception Info: System.NullReferenceExceptionStack: at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges() at IAStorUtil.SystemDataModelListener.LoadSavedSystemState() at IAStorDataMgr.EventRelay.<Start>b__0(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (12/06/2014 10:02:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 26319203 Error: (12/06/2014 10:02:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 26319203 Error: (12/06/2014 10:02:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second System errors:=============Error: (12/08/2014 05:21:09 AM) (Source: DCOM) (EventID: 10010) (User: pc)Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (12/08/2014 05:20:39 AM) (Source: DCOM) (EventID: 10010) (User: pc)Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (12/07/2014 05:36:28 AM) (Source: DCOM) (EventID: 10010) (User: pc)Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (12/07/2014 05:35:57 AM) (Source: DCOM) (EventID: 10010) (User: pc)Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (12/06/2014 10:26:28 AM) (Source: DCOM) (EventID: 10010) (User: pc)Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (12/06/2014 10:25:57 AM) (Source: DCOM) (EventID: 10010) (User: pc)Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (12/06/2014 10:14:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s). Error: (12/06/2014 10:08:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s). Error: (12/05/2014 09:35:50 PM) (Source: DCOM) (EventID: 10010) (User: pc)Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (12/05/2014 09:25:10 PM) (Source: DCOM) (EventID: 10010) (User: pc)Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Microsoft Office Sessions:=========================Error: (12/06/2014 10:33:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1125 Error: (12/06/2014 10:33:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1125 Error: (12/06/2014 10:33:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/06/2014 10:14:47 AM) (Source: Application Error) (EventID: 1000) (User: )Description: IAStorDataMgrSvc.exe11.5.9.10025065e128IAStorUtil.ni.dll11.5.9.10025065e124c00000050002f3fd175801d0116f96fd4420C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorUtil\5b8e0d2e85868aaa70b5c692fd5ad6e3\IAStorUtil.ni.dllff16da18-7d62-11e4-bed6-38eaa7f2d1b6 Error: (12/06/2014 10:14:45 AM) (Source: .NET Runtime) (EventID: 1026) (User: )Description: Application: IAStorDataMgrSvc.exeFramework Version: v4.0.30319Description: The process was terminated due to an unhandled exception.Exception Info: System.NullReferenceExceptionStack: at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges() at IAStorUtil.SystemDataModelListener.LoadSavedSystemState() at IAStorDataMgr.EventRelay.<Start>b__0(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (12/06/2014 10:08:35 AM) (Source: Application Error) (EventID: 1000) (User: )Description: IAStorDataMgrSvc.exe11.5.9.10025065e128IAStorUtil.ni.dll11.5.9.10025065e124c00000050002f3fd16d801d0116ec988b82dC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorUtil\5b8e0d2e85868aaa70b5c692fd5ad6e3\IAStorUtil.ni.dll20e97907-7d62-11e4-bed5-38eaa7f2d1b6 Error: (12/06/2014 10:08:31 AM) (Source: .NET Runtime) (EventID: 1026) (User: )Description: Application: IAStorDataMgrSvc.exeFramework Version: v4.0.30319Description: The process was terminated due to an unhandled exception.Exception Info: System.NullReferenceExceptionStack: at IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges() at IAStorUtil.SystemDataModelListener.LoadSavedSystemState() at IAStorDataMgr.EventRelay.<Start>b__0(System.Object) at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() at System.Threading.ThreadPoolWorkQueue.Dispatch() at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (12/06/2014 10:02:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 26319203 Error: (12/06/2014 10:02:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 26319203 Error: (12/06/2014 10:02:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second ==================== Memory info =========================== Processor: Intel® Core i3-2375M CPU @ 1.50GHzPercentage of memory in use: 53%Total physical RAM: 3986.28 MBAvailable physical RAM: 1862.3 MBTotal Pagefile: 4690.28 MBAvailable Pagefile: 2351.71 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:439.87 GB) (Free:380.84 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (RECOVERY) (Fixed) (Total:24.68 GB) (Free:2.98 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 465.8 GB) (Disk ID: 399B474B) Partition: GPT Partition Type. ==================== End Of Log ============================
- December 9, 2014
- 8 replies
Need Help Please

kfavara posted a topic in Resolved Malware Removal Logs

My computer continually dings that a virus is being quarantined. I try to keep it shut down unless I'm using it so I do not get infected. But, I know there is something activating the download. I will post the name as soon as I see it again. The computer also runs very slow. Frst.txt..... Addition.txt will be in another post as it was too long to post them together.... Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-12-2014Ran by kfavara (administrator) on PC on 08-12-2014 21:20:27Running from C:\Users\kfavara\DesktopLoaded Profile: kfavara (Available profiles: kfavara & Ashleyand)Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Dropbox, Inc.) C:\Users\kfavara\AppData\Roaming\Dropbox\bin\Dropbox.exe(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\nacl64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\nacl64.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coNatHst.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-19] (IDT, Inc.)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-07-28] (Synaptics Incorporated)HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-25] (AVAST Software)HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2013-12-12] (Cisco Systems, Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-1512695327-3525718689-2234752887-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)Startup: C:\Users\kfavara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\kfavara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\kfavara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnkShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No FileShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No FileShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No FileShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No FileShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No FileShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No FileCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1HKU\S-1-5-21-1512695327-3525718689-2234752887-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1HKU\S-1-5-21-1512695327-3525718689-2234752887-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM -> {F7F6400A-3778-42F5-8961-E21B0939D00C} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM-x32 -> DefaultScope {3BFB0943-46CA-406D-B495-92D55E2E404F} URL = SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> {F7F6400A-3778-42F5-8961-E21B0939D00C} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKU\S-1-5-21-1512695327-3525718689-2234752887-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileToolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)Toolbar: HKU\S-1-5-21-1512695327-3525718689-2234752887-1001 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No FileTcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox:========FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFFFF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-10-16]FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgnFF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-12-06]FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-16] Chrome: =======CHR StartupUrls: Default -> "hxxp://www.gmail.com/"CHR Profile: C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-11]CHR Extension: (Google Drive) - C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-11]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]CHR Extension: (YouTube) - C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-11]CHR Extension: (Google Search) - C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-11]CHR Extension: (Avast Online Security) - C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-16]CHR Extension: (Norton Security Toolbar) - C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-06-11]CHR Extension: (Delicious Bookmarks Extension) - C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnaelnkmidnndgikjbiifihgklnocljd [2014-05-26]CHR Extension: (Google Wallet) - C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]CHR Extension: (Gmail) - C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-11]CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No PathCHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-06]CHR HKU\S-1-5-21-1512695327-3525718689-2234752887-1001\...\Chrome\Extension: [gipmblamjgodbimgeafaiegdpfbaeihe] - C:\Users\kfavara\AppData\Local\CRE\gipmblamjgodbimgeafaiegdpfbaeihe.crx [2013-07-18]CHR HKU\S-1-5-21-1512695327-3525718689-2234752887-1001\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\kfavara\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx [2013-05-06]CHR HKLM-x32\...\Chrome\Extension: [gipmblamjgodbimgeafaiegdpfbaeihe] - C:\Users\kfavara\AppData\Local\CRE\gipmblamjgodbimgeafaiegdpfbaeihe.crx [2013-07-18]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-25]CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No PathCHR HKLM-x32\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\kfavara\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx [2013-05-06]CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-06] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-25] (AVAST Software)S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2014-11-05] (Microsoft Corporation)R2 Crypkey License; C:\WINDOWS\system32\crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.) [File not signed]R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-07-06] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-07-06] (Intel Corporation)R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [1978584 2014-08-13] (VMware, Inc.)S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-11-05] (Microsoft Corporation)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)R2 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [528600 2014-08-29] (VMware, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-25] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-25] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-25] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-25] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-23] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-25] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-25] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-25] ()R3 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141203.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)R3 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-10] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-10] (Symantec Corporation)R3 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20141208.001\IDSvia64.sys [637656 2014-11-23] (Symantec Corporation)R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141208.001\ENG64.SYS [129752 2014-08-23] (Symantec Corporation)R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141208.001\EX64.SYS [2137304 2014-08-23] (Symantec Corporation)R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-07-28] (Synaptics Incorporated)R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)R3 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)R3 SymDS; C:\Windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)R3 SymEFA; C:\Windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)S0 SymELAM; C:\Windows\System32\drivers\N360x64\1506000.020\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-10-16] (Symantec Corporation)R3 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-12-12] (Cisco Systems, Inc.)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-08 21:20 - 2014-12-08 21:21 - 00023150 _____ () C:\Users\kfavara\Desktop\FRST.txt2014-12-08 21:20 - 2014-12-08 21:20 - 02119680 _____ (Farbar) C:\Users\kfavara\Desktop\frst64.exe2014-11-28 21:37 - 2014-11-28 21:37 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf2014-11-26 19:07 - 2014-11-26 19:07 - 00000000 __SHD () C:\Users\kfavara\AppData\Local\EmieUserList2014-11-26 19:07 - 2014-11-26 19:07 - 00000000 __SHD () C:\Users\kfavara\AppData\Local\EmieSiteList2014-11-26 19:07 - 2014-11-26 19:07 - 00000000 __SHD () C:\Users\kfavara\AppData\Local\EmieBrowserModeList2014-11-23 20:29 - 2014-11-09 17:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll2014-11-23 20:29 - 2014-11-09 17:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll2014-11-23 20:29 - 2014-11-09 17:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll2014-11-23 20:29 - 2014-11-09 17:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll2014-11-12 04:24 - 2014-09-27 01:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll2014-11-12 04:24 - 2014-09-26 23:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll2014-11-12 04:24 - 2014-09-26 21:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll2014-11-12 04:24 - 2014-09-26 21:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll2014-11-12 04:24 - 2014-09-26 21:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll2014-11-12 04:23 - 2014-10-12 20:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe2014-11-12 04:23 - 2014-10-10 18:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll2014-11-12 04:23 - 2014-10-10 18:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll2014-11-12 04:23 - 2014-10-08 01:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll2014-11-12 04:23 - 2014-10-08 01:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll2014-11-12 04:23 - 2014-10-08 00:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll2014-11-12 04:23 - 2014-10-07 23:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll2014-11-12 04:23 - 2014-10-07 23:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll2014-11-12 04:23 - 2014-09-21 22:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll2014-11-12 04:23 - 2014-09-21 21:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys2014-11-12 04:23 - 2014-09-21 21:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys2014-11-12 04:23 - 2014-09-21 20:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys2014-11-12 04:23 - 2014-09-18 18:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll2014-11-12 04:23 - 2014-09-02 16:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll2014-11-12 04:23 - 2014-09-02 16:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll2014-11-12 04:22 - 2014-10-30 23:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2014-11-12 04:22 - 2014-10-30 21:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2014-11-12 04:22 - 2014-10-07 00:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll2014-11-12 04:22 - 2014-10-07 00:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll2014-11-12 04:22 - 2014-10-07 00:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll2014-11-12 04:22 - 2014-10-07 00:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe2014-11-12 04:22 - 2014-10-07 00:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll2014-11-12 04:22 - 2014-10-06 21:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll2014-11-12 04:22 - 2014-10-06 21:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll2014-11-12 04:22 - 2014-10-06 21:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll2014-11-12 04:22 - 2014-10-06 19:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll2014-11-12 04:22 - 2014-10-06 19:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll2014-11-12 04:22 - 2014-08-22 23:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll2014-11-12 04:22 - 2014-08-22 23:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll2014-11-12 04:21 - 2014-10-30 21:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2014-11-12 04:21 - 2014-10-30 20:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2014-11-12 04:20 - 2014-11-04 17:38 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll2014-11-12 04:20 - 2014-11-03 18:10 - 00304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll2014-11-12 04:20 - 2014-10-30 23:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe2014-11-12 04:20 - 2014-10-30 23:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe2014-11-12 04:20 - 2014-10-30 23:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe2014-11-12 04:20 - 2014-10-30 23:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll2014-11-12 04:20 - 2014-10-30 23:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe2014-11-12 04:20 - 2014-10-30 23:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll2014-11-12 04:20 - 2014-10-30 23:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll2014-11-12 04:20 - 2014-10-30 23:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll2014-11-12 04:20 - 2014-10-30 23:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll2014-11-12 04:20 - 2014-10-30 23:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2014-11-12 04:20 - 2014-10-30 23:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec2014-11-12 04:20 - 2014-10-30 23:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll2014-11-12 04:20 - 2014-10-30 22:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll2014-11-12 04:20 - 2014-10-30 22:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll2014-11-12 04:20 - 2014-10-30 22:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll2014-11-12 04:20 - 2014-10-30 22:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll2014-11-12 04:20 - 2014-10-30 22:53 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll2014-11-12 04:20 - 2014-10-30 22:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll2014-11-12 04:20 - 2014-10-30 22:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll2014-11-12 04:20 - 2014-10-30 22:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe2014-11-12 04:20 - 2014-10-30 22:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe2014-11-12 04:20 - 2014-10-30 22:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2014-11-12 04:20 - 2014-10-30 22:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll2014-11-12 04:20 - 2014-10-30 22:49 - 00537088 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll2014-11-12 04:20 - 2014-10-30 22:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll2014-11-12 04:20 - 2014-10-30 22:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll2014-11-12 04:20 - 2014-10-30 22:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll2014-11-12 04:20 - 2014-10-30 22:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll2014-11-12 04:20 - 2014-10-30 22:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx2014-11-12 04:20 - 2014-10-30 22:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll2014-11-12 04:20 - 2014-10-30 22:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll2014-11-12 04:20 - 2014-10-30 22:24 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll2014-11-12 04:20 - 2014-10-30 22:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2014-11-12 04:20 - 2014-10-30 22:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll2014-11-12 04:20 - 2014-10-30 22:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll2014-11-12 04:20 - 2014-10-30 22:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll2014-11-12 04:20 - 2014-10-30 22:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll2014-11-12 04:20 - 2014-10-30 22:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll2014-11-12 04:20 - 2014-10-30 22:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll2014-11-12 04:20 - 2014-10-30 22:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll2014-11-12 04:20 - 2014-10-30 22:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2014-11-12 04:20 - 2014-10-30 22:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2014-11-12 04:20 - 2014-10-30 22:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2014-11-12 04:20 - 2014-10-30 21:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2014-11-12 04:20 - 2014-10-30 21:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll2014-11-12 04:20 - 2014-10-30 21:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll2014-11-12 04:20 - 2014-10-30 21:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2014-11-12 04:20 - 2014-10-30 21:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe2014-11-12 04:20 - 2014-10-30 21:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe2014-11-12 04:20 - 2014-10-30 21:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe2014-11-12 04:20 - 2014-10-30 21:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll2014-11-12 04:20 - 2014-10-30 21:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe2014-11-12 04:20 - 2014-10-30 21:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll2014-11-12 04:20 - 2014-10-30 21:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll2014-11-12 04:20 - 2014-10-30 21:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll2014-11-12 04:20 - 2014-10-30 21:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec2014-11-12 04:20 - 2014-10-30 21:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll2014-11-12 04:20 - 2014-10-30 21:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll2014-11-12 04:20 - 2014-10-30 21:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2014-11-12 04:20 - 2014-10-30 21:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2014-11-12 04:20 - 2014-10-30 21:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll2014-11-12 04:20 - 2014-10-30 21:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll2014-11-12 04:20 - 2014-10-30 21:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll2014-11-12 04:20 - 2014-10-30 21:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll2014-11-12 04:20 - 2014-10-30 21:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll2014-11-12 04:20 - 2014-10-30 21:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll2014-11-12 04:20 - 2014-10-30 21:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe2014-11-12 04:20 - 2014-10-30 21:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll2014-11-12 04:20 - 2014-10-30 21:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll2014-11-12 04:20 - 2014-10-30 21:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll2014-11-12 04:20 - 2014-10-30 20:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll2014-11-12 04:20 - 2014-10-30 20:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll2014-11-12 04:20 - 2014-10-30 20:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll2014-11-12 04:20 - 2014-10-30 20:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx2014-11-12 04:20 - 2014-10-30 20:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll2014-11-12 04:20 - 2014-10-30 20:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll2014-11-12 04:20 - 2014-10-30 20:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll2014-11-12 04:20 - 2014-10-30 20:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll2014-11-12 04:20 - 2014-10-30 20:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll2014-11-12 04:20 - 2014-10-30 20:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll2014-11-12 04:20 - 2014-10-30 20:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2014-11-12 04:20 - 2014-10-30 20:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll2014-11-12 04:20 - 2014-10-30 20:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll2014-11-12 04:20 - 2014-10-30 20:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2014-11-12 04:20 - 2014-10-30 20:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll2014-11-12 04:20 - 2014-10-30 20:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl2014-11-12 04:20 - 2014-10-30 20:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll2014-11-12 04:20 - 2014-10-30 20:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll2014-11-12 04:20 - 2014-10-30 20:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2014-11-12 04:20 - 2014-10-30 20:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2014-11-12 04:20 - 2014-10-30 20:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2014-11-12 04:20 - 2014-10-22 23:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll2014-11-12 04:20 - 2014-10-22 23:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll2014-11-12 04:20 - 2014-10-18 03:55 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe2014-11-12 04:20 - 2014-10-18 02:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll2014-11-12 04:20 - 2014-10-18 02:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll2014-11-12 04:20 - 2014-10-18 01:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll2014-11-12 04:20 - 2014-10-18 00:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll2014-11-12 04:20 - 2014-10-18 00:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll2014-11-12 04:20 - 2014-10-18 00:27 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe2014-11-12 04:20 - 2014-10-18 00:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll2014-11-12 04:20 - 2014-10-18 00:23 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll2014-11-12 04:20 - 2014-10-18 00:23 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll2014-11-12 04:20 - 2014-10-18 00:21 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll2014-11-12 04:20 - 2014-10-18 00:20 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll2014-11-12 04:20 - 2014-10-18 00:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll2014-11-12 04:20 - 2014-10-18 00:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe2014-11-12 04:20 - 2014-10-18 00:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll2014-11-12 04:20 - 2014-10-18 00:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll2014-11-12 04:20 - 2014-10-17 01:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll2014-11-12 04:20 - 2014-10-17 00:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll2014-11-12 04:20 - 2014-10-09 19:58 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys2014-11-12 04:20 - 2014-10-09 19:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys2014-11-12 04:20 - 2014-10-09 19:44 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys2014-11-12 04:20 - 2014-10-08 01:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll2014-11-12 04:20 - 2014-10-08 01:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll2014-11-12 04:20 - 2014-10-08 01:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll2014-11-12 04:20 - 2014-10-08 01:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll2014-11-12 04:20 - 2014-10-08 00:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll2014-11-12 04:20 - 2014-10-08 00:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll2014-11-12 04:20 - 2014-10-08 00:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll2014-11-12 04:20 - 2014-10-08 00:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll2014-11-12 04:20 - 2014-10-08 00:17 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll2014-11-12 04:20 - 2014-10-07 23:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll2014-11-12 04:20 - 2014-10-06 21:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys2014-11-12 04:19 - 2014-09-10 00:25 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys2014-11-12 04:19 - 2014-09-07 21:07 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys2014-11-12 04:19 - 2014-09-07 21:07 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS2014-11-12 04:19 - 2014-09-07 16:08 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml2014-11-12 04:19 - 2014-09-04 16:30 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll2014-11-12 04:19 - 2014-09-04 16:21 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll2014-11-12 04:19 - 2014-09-03 21:05 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll2014-11-12 04:19 - 2014-09-03 20:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll2014-11-12 04:19 - 2014-09-03 19:01 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll2014-11-12 04:19 - 2014-09-03 18:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll2014-11-12 04:19 - 2014-08-30 18:17 - 00148800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS2014-11-12 04:19 - 2014-08-30 18:15 - 21197152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll2014-11-12 04:19 - 2014-08-30 16:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll2014-11-12 04:19 - 2014-08-30 16:05 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll2014-11-12 04:19 - 2014-08-30 15:58 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll2014-11-12 04:19 - 2014-08-30 15:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll2014-11-12 04:19 - 2014-08-30 14:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll2014-11-12 04:19 - 2014-08-30 14:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll2014-11-12 04:19 - 2014-08-27 20:55 - 07484224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe2014-11-12 04:19 - 2014-08-27 18:21 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll2014-11-12 04:19 - 2014-08-27 18:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll2014-11-12 04:19 - 2014-08-22 23:14 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll2014-11-12 04:19 - 2014-08-22 23:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll2014-11-12 04:19 - 2014-08-22 22:50 - 02714112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll2014-11-12 04:19 - 2014-08-01 18:51 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll2014-11-12 04:19 - 2014-08-01 18:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll2014-11-10 20:03 - 2014-11-20 14:51 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2014-11-10 20:03 - 2014-11-20 14:51 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2014-11-10 07:16 - 2014-08-14 18:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys2014-11-10 06:53 - 2014-07-15 12:16 - 03048880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe2014-11-10 06:53 - 2014-07-15 02:29 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll2014-11-10 06:53 - 2014-07-15 02:22 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll2014-11-10 06:53 - 2014-07-15 02:03 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll2014-11-10 06:50 - 2014-06-09 16:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe2014-11-10 06:50 - 2014-06-09 16:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe2014-11-10 06:49 - 2014-05-02 23:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll2014-11-10 06:49 - 2014-05-02 23:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll2014-11-10 06:49 - 2014-05-02 23:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll2014-11-10 06:49 - 2014-05-02 23:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll2014-11-10 06:49 - 2014-05-02 22:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll2014-11-10 06:49 - 2014-05-02 22:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll2014-11-10 06:49 - 2014-05-02 22:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll2014-11-10 06:49 - 2014-05-02 17:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat2014-11-10 06:49 - 2014-04-30 00:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys2014-11-10 06:49 - 2014-04-30 00:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys2014-11-10 06:49 - 2014-04-30 00:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys2014-11-10 06:49 - 2014-04-30 00:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys2014-11-10 06:49 - 2014-04-29 23:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe2014-11-10 06:49 - 2014-04-29 22:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe2014-11-10 06:49 - 2014-04-29 22:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll2014-11-10 06:49 - 2014-04-29 22:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll2014-11-10 06:49 - 2014-04-29 22:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll2014-11-10 06:49 - 2014-04-29 22:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll2014-11-10 06:49 - 2014-04-29 22:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL2014-11-10 06:49 - 2014-04-29 21:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL2014-11-10 06:49 - 2014-04-29 21:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll2014-11-10 06:49 - 2014-04-29 21:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll2014-11-10 06:49 - 2014-04-29 21:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll2014-11-10 06:49 - 2014-04-29 21:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll2014-11-10 06:49 - 2014-04-29 21:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll2014-11-10 06:49 - 2014-04-28 16:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll2014-11-10 06:49 - 2014-04-26 10:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll2014-11-10 06:49 - 2014-04-14 03:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll2014-11-10 06:49 - 2014-04-14 02:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll2014-11-10 06:49 - 2014-04-13 23:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll2014-11-10 06:47 - 2014-08-23 01:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe2014-11-10 06:47 - 2014-08-23 01:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe2014-11-10 06:47 - 2014-08-23 00:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll2014-11-10 06:47 - 2014-08-22 23:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll2014-11-10 06:47 - 2014-08-22 22:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll2014-11-10 06:47 - 2014-08-15 22:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll2014-11-10 06:47 - 2014-08-15 22:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll2014-11-10 06:47 - 2014-08-15 21:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll2014-11-10 06:47 - 2014-08-15 21:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll2014-11-10 06:47 - 2014-08-15 21:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll2014-11-10 06:47 - 2014-08-15 19:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll2014-11-10 06:47 - 2014-08-15 19:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll2014-11-10 06:47 - 2014-08-15 18:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll2014-11-10 06:47 - 2014-08-15 18:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll2014-11-10 06:47 - 2014-08-15 18:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll2014-11-10 06:47 - 2014-08-15 18:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll2014-11-10 06:47 - 2014-08-15 18:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll2014-11-10 06:47 - 2014-08-15 18:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll2014-11-10 06:47 - 2014-08-15 18:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll2014-11-10 06:47 - 2014-08-15 18:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll2014-11-10 06:47 - 2014-08-15 18:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-11-10 06:47 - 2014-08-15 18:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll2014-11-10 06:47 - 2014-08-15 18:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll2014-11-10 06:47 - 2014-08-15 18:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll2014-11-10 06:47 - 2014-08-15 18:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2014-11-10 06:47 - 2014-08-15 18:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll2014-11-10 06:47 - 2014-08-15 18:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll2014-11-10 06:47 - 2014-08-15 18:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll2014-11-10 06:47 - 2014-08-15 18:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll2014-11-10 06:47 - 2014-08-15 18:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll2014-11-10 06:47 - 2014-08-15 18:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll2014-11-10 06:47 - 2014-08-15 18:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll2014-11-10 06:47 - 2014-08-15 18:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe2014-11-10 06:47 - 2014-08-15 18:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll2014-11-10 06:47 - 2014-08-15 18:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll2014-11-10 06:46 - 2014-08-01 18:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll2014-11-10 06:46 - 2014-07-09 22:08 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\lockscreencn.dll2014-11-10 06:46 - 2014-06-01 20:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll2014-11-10 06:46 - 2014-05-31 00:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys2014-11-10 06:46 - 2014-05-31 00:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys2014-11-10 06:46 - 2014-05-30 22:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe2014-11-10 06:46 - 2014-05-30 22:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll2014-11-10 06:46 - 2014-05-30 22:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll2014-11-10 06:46 - 2014-05-27 03:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll2014-11-10 06:46 - 2014-05-27 03:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll2014-11-10 06:42 - 2014-07-23 21:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll2014-11-10 06:42 - 2014-07-23 21:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll2014-11-10 06:40 - 2014-07-11 22:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-08 21:21 - 2013-04-23 18:37 - 00000000 ___RD () C:\Users\kfavara\Dropbox2014-12-08 21:20 - 2014-09-04 11:29 - 00000000 ____D () C:\FRST2014-12-08 21:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru2014-12-08 20:37 - 2013-04-06 12:02 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-12-08 20:13 - 2014-11-05 07:24 - 01070326 _____ () C:\WINDOWS\WindowsUpdate.log2014-12-08 19:10 - 2013-04-06 11:15 - 00003910 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F037E7D8-B1ED-443F-8B78-3C72230D23FD}2014-12-06 10:13 - 2013-04-23 18:34 - 00000000 ____D () C:\Users\kfavara\AppData\Roaming\Dropbox2014-12-06 10:11 - 2014-03-16 11:58 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update2014-12-06 10:10 - 2014-01-17 18:28 - 00007812 _____ () C:\WINDOWS\error.log2014-12-06 10:09 - 2014-09-24 01:03 - 00015800 _____ () C:\WINDOWS\PFRO.log2014-12-06 10:09 - 2014-01-17 18:28 - 00003193 _____ () C:\WINDOWS\errord.log2014-12-06 10:09 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-12-06 10:09 - 2013-08-22 07:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI2014-12-06 10:08 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\NDF2014-12-06 10:06 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM2014-12-05 19:46 - 2013-11-10 13:45 - 00003164 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForkfavara2014-12-05 19:46 - 2013-11-10 13:45 - 00000346 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForkfavara.job2014-12-05 17:14 - 2014-09-24 01:15 - 00958356 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2014-12-05 17:14 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2014-12-05 17:12 - 2013-08-22 08:46 - 00334194 _____ () C:\WINDOWS\setupact.log2014-12-04 20:29 - 2013-04-06 11:22 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1512695327-3525718689-2234752887-10012014-11-29 10:59 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2014-11-23 19:18 - 2014-03-16 11:58 - 01041168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys2014-11-16 09:32 - 2013-04-06 12:02 - 00003884 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA2014-11-16 09:32 - 2013-04-06 12:02 - 00003648 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore2014-11-16 09:32 - 2013-04-06 12:02 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-11-15 21:27 - 2013-04-23 18:35 - 00000000 ____D () C:\Users\kfavara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-11-12 20:51 - 2013-11-22 14:51 - 00002248 ____H () C:\Users\kfavara\Documents\Default.rdp2014-11-12 20:14 - 2014-11-05 07:00 - 00000000 ____D () C:\Users\Ashleyand2014-11-12 17:16 - 2013-04-09 18:38 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1512695327-3525718689-2234752887-10042014-11-12 16:46 - 2014-11-06 21:17 - 00000000 ___RD () C:\Users\Ashleyand\OneDrive2014-11-12 13:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\rescache2014-11-12 13:05 - 2013-08-22 08:44 - 00503688 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2014-11-12 13:01 - 2014-09-24 03:50 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel2014-11-12 13:01 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-11-12 13:01 - 2013-08-22 09:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-11-12 13:01 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files\Windows Defender2014-11-12 13:01 - 2013-08-22 09:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender2014-11-12 12:57 - 2013-04-06 11:27 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-11-12 12:37 - 2013-08-15 19:27 - 00000000 ____D () C:\WINDOWS\system32\MRT2014-11-12 12:37 - 2013-04-09 13:12 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-11-12 04:52 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ToastData2014-11-12 04:52 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel2014-11-10 21:40 - 2013-04-29 18:27 - 03664896 ___SH () C:\Users\kfavara\Desktop\Thumbs.db2014-11-10 20:01 - 2014-11-02 18:20 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense2014-11-10 19:58 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\WinStore2014-11-10 19:57 - 2014-11-05 07:00 - 00000000 ____D () C:\Users\kfavara2014-11-10 07:57 - 2013-04-06 11:13 - 00000000 ____D () C:\Users\kfavara\AppData\Local\Packages2014-11-10 07:28 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\restore2014-11-09 19:31 - 2012-07-26 02:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports2014-11-09 19:20 - 2013-04-09 18:31 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5FE0554C-C29C-47DB-9925-5995B1D0F8B7}2014-11-09 19:17 - 2014-11-05 08:48 - 00000000 ___DC () C:\WINDOWS\Panther Some content of TEMP:====================C:\Users\kfavara\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdokslu.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-06 10:25 ==================== End Of Log ============================
- December 9, 2014
- 8 replies
Virus Help

kfavara replied to kfavara's topic in Resolved Malware Removal Logs

Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02 Ran by kfavara at 2014-09-04 12:31:22 Running from C:\Users\kfavara\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.7.0.1530 - Adobe Systems Incorporated) Hidden Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.) Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team) avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05152 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05152 - Cisco Systems, Inc.) Hidden CoffeeCup Free FTP (HKLM-x32\...\{66F43DBE-6D46-4BCE-831D-0D4C13639BE8}) (Version: 4.5.20 - CoffeeCup Software Inc.) CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version: - Microsoft) Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.) Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company) Evernote v. 4.6.6 (HKLM-x32\...\{6146B9DC-C33D-11E2-BDE1-984BE15F174E}) (Version: 4.6.6.8360 - Evernote Corp.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.) Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company) HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard) HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company) HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden HP Documentation (HKLM-x32\...\{DD27F8B0-BFDE-4188-89A0-BBF389FC367E}) (Version: 1.2.0.0 - Hewlett-Packard) HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company) HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company) HP Recovery Manager (x32 Version: 8.00 - Hewlett-Packard) Hidden HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard) HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard) HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2857 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.9.1002 - Intel Corporation) Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.) Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle) Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Exchange Web Services Managed API 2.0 (x32 Version: 15.0.516.14 - Microsoft Corporation) Hidden Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation) Microsoft Help Viewer 2.1 (x32 Version: 2.1.21005 - Microsoft Corporation) Hidden Microsoft Identity Extensions (Version: 2.0.1459.0 - Microsoft Corporation) Hidden Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden Norton 360 (HKLM-x32\...\N360) (Version: 21.5.0.19 - Symantec Corporation) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.5 - Notepad++ Team) Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden SharePoint Client Components (Version: 15.0.4481.1505 - Microsoft Corporation) Hidden swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated) Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft) VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN) Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1512695327-3525718689-2234752887-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\kfavara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1512695327-3525718689-2234752887-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kfavara\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1512695327-3525718689-2234752887-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kfavara\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1512695327-3525718689-2234752887-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kfavara\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1512695327-3525718689-2234752887-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kfavara\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1512695327-3525718689-2234752887-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kfavara\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1512695327-3525718689-2234752887-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kfavara\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1512695327-3525718689-2234752887-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kfavara\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1512695327-3525718689-2234752887-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\kfavara\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 17-08-2014 00:55:13 Installed iTunes 23-08-2014 23:31:42 Windows Update 26-08-2014 01:15:50 avast! antivirus system restore point 02-09-2014 02:54:31 Scheduled Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2014-08-17 08:52 - 2014-08-17 08:52 - 00000831 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {21BD8EBB-8EE6-44C1-8C2F-55121BB510D3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-06] (Google Inc.) Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {45E59F7D-C645-4EC7-A4FA-D616ADCB7DC9} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\WSCStub.exe [2014-07-31] (Symantec Corporation) Task: {8912C658-404E-45E5-A556-B8AB15A0FEF5} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.) Task: {9B5A40E3-A30F-4644-827B-7EA22AC1A5CE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-16] (Microsoft Corporation) Task: {A50EC625-C77C-4233-AD83-6DD0972C8BD5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-06] (Google Inc.) Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {BF3F17A2-57BE-4AFC-854F-5D7B48358A5D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-25] (AVAST Software) Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {C6CBBFEE-299D-4C24-B7FD-D7A48A45B2C2} - System32\Tasks\HPCeeScheduleForkfavara => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {DE43A6F5-7865-48F9-8BBF-5AFD1AC0F2BE} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-28] (Synaptics Incorporated) Task: {E8B2D985-591A-464A-8CFC-681287AC109C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe Task: {EB2704B7-1B9F-4D54-908A-EFBB9D055ACF} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {F6153BA2-6FD8-4A78-A160-F542D4EE7821} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\SymErr.exe [2014-01-30] (Symantec Corporation) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForkfavara.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2013-05-06 15:50 - 2012-09-12 15:33 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll 2012-10-12 19:22 - 2012-10-12 19:22 - 00120224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll 2012-10-12 19:22 - 2012-10-12 19:22 - 00048544 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll 2012-10-12 19:22 - 2012-10-12 19:22 - 00180224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll 2013-12-12 17:36 - 2013-12-12 17:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2014-08-25 20:17 - 2014-08-25 20:17 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll 2014-09-04 11:47 - 2014-09-04 11:47 - 02844672 _____ () C:\Program Files\AVAST Software\Avast\defs\14090401\algo.dll 2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-08-25 20:17 - 2014-08-25 20:17 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-09-04 12:19 - 2014-09-04 12:19 - 00043008 _____ () c:\users\kfavara\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpn0m_zi.dll 2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\kfavara\AppData\Roaming\Dropbox\bin\libcef.dll 2012-09-08 13:16 - 2012-09-08 13:16 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll 2012-09-08 13:16 - 2012-09-08 13:16 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll 2014-02-15 04:07 - 2014-02-15 04:07 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\320194a176e3bbf61e7de127228824e8\PSIClient.ni.dll 2012-11-02 17:14 - 2013-07-06 14:26 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll 2014-08-16 19:07 - 2014-08-06 22:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll 2014-08-16 19:07 - 2014-08-06 22:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll 2014-08-16 19:07 - 2014-08-06 22:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll 2014-08-16 19:07 - 2014-08-06 22:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll 2014-08-16 19:07 - 2014-08-06 22:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows" HKCU\...\StartupApproved\Run: => "GoogleDriveSync" HKCU\...\StartupApproved\Run: => "Akamai NetSession Interface" ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (09/01/2014 08:50:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4614094 Error: (09/01/2014 08:50:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4614094 Error: (09/01/2014 08:50:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/01/2014 07:33:30 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1157 Error: (09/01/2014 07:33:30 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1157 Error: (09/01/2014 07:33:30 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/25/2014 08:40:41 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (08/17/2014 02:09:58 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4953 Error: (08/17/2014 02:09:58 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4953 Error: (08/17/2014 02:09:58 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (09/04/2014 00:17:24 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY) Description: 0xc000014d0 Error: (09/01/2014 09:04:45 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY) Description: 0xc000014d0 Error: (09/01/2014 09:05:12 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 7:26:05 PM on ‎9/‎1/‎2014 was unexpected. Error: (09/01/2014 08:51:57 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service. Error: (09/01/2014 08:51:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service. Error: (09/01/2014 08:50:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service. Error: (09/01/2014 07:28:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The HP Connected Remote Service service failed to start due to the following error: %%1053 Error: (09/01/2014 07:28:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the HP Connected Remote Service service to connect. Error: (09/01/2014 07:25:17 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY) Description: 0xc000014d0 Error: (08/25/2014 08:42:05 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY) Description: 0xc000014d0 Microsoft Office Sessions: ========================= Error: (09/01/2014 08:50:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4614094 Error: (09/01/2014 08:50:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4614094 Error: (09/01/2014 08:50:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/01/2014 07:33:30 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1157 Error: (09/01/2014 07:33:30 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1157 Error: (09/01/2014 07:33:30 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/25/2014 08:40:41 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (08/17/2014 02:09:58 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4953 Error: (08/17/2014 02:09:58 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4953 Error: (08/17/2014 02:09:58 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second ==================== Memory info =========================== Processor: Intel® Core i3-2375M CPU @ 1.50GHz Percentage of memory in use: 46% Total physical RAM: 3986.27 MB Available physical RAM: 2141.91 MB Total Pagefile: 7570.27 MB Available Pagefile: 5600.78 MB Total Virtual: 8192 MB Available Virtual: 8191.78 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:440.31 GB) (Free:374.66 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:24.68 GB) (Free:2.98 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 399B474B) Partition: GPT Partition Type. ==================== End Of Log ============================ malware log xml file <?xml version="1.0" encoding="UTF-16"?> -<mbam-log>-<header><date>2014/09/04 11:46:38 -0500</date><logfile>mbam-log-2014-09-04 (11-45-42).xml</logfile><isadmin>yes</isadmin></header>-<engine><version>2.00.2.1012</version><malware-database>v2014.09.04.06</malware-database><rootkit-database>v2014.08.21.01</rootkit-database><license>free</license><file-protection>disabled</file-protection><web-protection>disabled</web-protection><self-protection>disabled</self-protection></engine>-<system><osversion>Windows 8</osversion><arch>x64</arch><username>kfavara</username><filesys>NTFS</filesys></system>-<summary><type>threat</type><result>completed</result><objects>355430</objects><time>1493</time><processes>0</processes><modules>0</modules><keys>1</keys><values>0</values><datas>0</datas><folders>49</folders><files>156</files><sectors>0</sectors></summary>-<options><memory>enabled</memory><startup>enabled</startup><filesystem>enabled</filesystem><archives>enabled</archives><rootkits>disabled</rootkits><deeprootkit>disabled</deeprootkit><heuristics>enabled</heuristics><pup>enabled</pup><pum>enabled</pum></options>-<items>-<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}</path><vendor>PUP.Optional.SweetPacks.A</vendor><action>success</action><hash>1591a742c4b77eb8fbf3873051b10af6</hash></key>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\CacheIcons</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\AddedAppDialog</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\DefualtImages</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\DetectedAppDialog</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\EngineFirstTimeDialog</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\NewSearchProtectorDialog</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\NewSearchProtectorDialog\images</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\SearchProtectorBubbleDialog</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\SearchProtectorBubbleDialog\images</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\SearchProtectorDialog</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\SearchProtectorDialog\Images</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\SearchProtectorRetakeoverDialog</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\SearchProtectorRetakeoverDialog\Images</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\ToolbarFirstTimeDialog</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\ToolbarFirstTimeDialog\images</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\ToolbarUntrustedAppsApprovalDialog</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\UninstallDialog</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\UntrustedAddedAppDialog</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\UntrustedAppApprovalDialog</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\UntrustedAppPendingDialog</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\EmailNotifier</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\ExternalComponent</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Logs</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\MyStuffApps</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\plugins</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\RadioPlayer</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Repository</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Repository\conduit_CT3298573_CT3298573</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Repository\conduit_CT3298573_CT3298573\AppsMetaData</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Repository\conduit_CT3298573_CT3298573\DynamicDialogs</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Repository\conduit_CT3298573_CT3298573\ToolbarHiddenSettings</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Repository\conduit_CT3298573_CT3298573\ToolbarLogin</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Repository\conduit_CT3298573_CT3298573\ToolbarSettings</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\SearchInNewTab</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></folder>-<folder><path>C:\Users\kfavara\AppData\LocalLow\MixiDJ_V37</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>c7df45a4b7c488ae5dc0ab20b84af40c</hash></folder>-<folder><path>C:\Users\kfavara\AppData\LocalLow\MixiDJ_V37\Logs</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>c7df45a4b7c488ae5dc0ab20b84af40c</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></folder>-<folder><path>C:\Users\kfavara\AppData\LocalLow\PriceGong</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>05a19d4c86f55cda361c17b42ad8af51</hash></folder>-<folder><path>C:\Users\kfavara\AppData\LocalLow\PriceGong\Data</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>05a19d4c86f55cda361c17b42ad8af51</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\SweetIM</path><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><hash>a9fd3eab413a2313d6b292392dd556aa</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\SweetIM\Toolbars</path><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><hash>a9fd3eab413a2313d6b292392dd556aa</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer</path><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><hash>a9fd3eab413a2313d6b292392dd556aa</hash></folder>-<folder><path>C:\Users\Ashleyand\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache</path><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><hash>a9fd3eab413a2313d6b292392dd556aa</hash></folder>-<file><path>C:\Users\kfavara\Desktop\FileOpenerSetup.exe</path><vendor>PUP.Optional.InstallCore</vendor><action>success</action><hash>8b1b27c22457ef47534c6b6942c238c8</hash></file>-<file><path>C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>4d598e5b621973c3bb1635d628db8878</hash></file>-<file><path>C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>1a8c93566714ab8b8e43f813996afc04</hash></file>-<file><path>C:\Users\Ashleyand\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage</path><vendor>PUP.Optional.Superfish.A</vendor><action>success</action><hash>a501edfc166542f41114997321e21ae6</hash></file>-<file><path>C:\Users\Ashleyand\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal</path><vendor>PUP.Optional.Superfish.A</vendor><action>success</action><hash>86200ddc2d4ed75f56cf52ba3ac943bd</hash></file>-<file><path>C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.wajam.com_0.localstorage</path><vendor>PUP.Optional.Wajam.A</vendor><action>success</action><hash>c8dead3cfc7f8da911c439d4788bd52b</hash></file>-<file><path>C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.wajam.com_0.localstorage-journal</path><vendor>PUP.Optional.Wajam.A</vendor><action>success</action><hash>ced805e4e3986bcb12c3818cbd46d12f</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\hk64tbMixi.dll</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\hktbMixi.dll</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\ldrtbMixi.dll</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\tbMix1.dll</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\tbMixi.dll</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\ThirdPartyComponents.xml</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\toolbar.cfg</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\RoundedCornersIE9.css</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\DialogsAPI.js</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\excanvas.js</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\generalDialogStyle.css</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\PIE.htc</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\RoundedCorners.css</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\settings.js</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\version.txt</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\AddedAppDialog\app-added.js</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\AddedAppDialog\main.html</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\DefualtImages\icon.png</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\DetectedAppDialog\app-2go.js</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\DetectedAppDialog\main.html</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\EngineFirstTimeDialog\EngineFirstTimeDialog.js</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\EngineFirstTimeDialog\main.html</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\EngineFirstTimeDialog\right-click.gif</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\NewSearchProtectorDialog\main.html</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\NewSearchProtectorDialog\SearchProtector.css</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\NewSearchProtectorDialog\SearchProtector.js</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\NewSearchProtectorDialog\images\ok-button.png</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\NewSearchProtectorDialog\images\separation-line.png</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\NewSearchProtectorDialog\images\warning.png</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\SearchProtectorBubbleDialog\bubble.css</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\SearchProtectorBubbleDialog\bubble.js</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\SearchProtectorBubbleDialog\main.html</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\SearchProtectorBubbleDialog\images\information.png</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\SearchProtectorBubbleDialog\images\x-default-LTR.png</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\SearchProtectorBubbleDialog\images\x-default-RTL.png</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-LTR.png</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-RTL.png</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\SearchProtectorDialog\main.html</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\SearchProtectorDialog\SearchProtector.css</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\SearchProtectorDialog\SearchProtector.js</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\SearchProtectorDialog\Images\info.png</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\SearchProtectorDialog\Images\ok-on.png</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\SearchProtectorDialog\Images\ok.png</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\SearchProtectorRetakeoverDialog\main.html</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.css</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.js</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.jpg</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.png</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\SearchProtectorRetakeoverDialog\Images\info.png</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\SearchProtectorRetakeoverDialog\Images\ok-on.png</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\SearchProtectorRetakeoverDialog\Images\ok.png</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\ToolbarFirstTimeDialog\main.html</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.css</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.js</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\ToolbarFirstTimeDialog\images\app-store-icon.png</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\ToolbarFirstTimeDialog\images\arrow.png</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\ToolbarFirstTimeDialog\images\divider.png</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\ToolbarFirstTimeDialog\images\emailNotifier.gif</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\ToolbarFirstTimeDialog\images\facebook.png</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\ToolbarFirstTimeDialog\images\radio.GIF</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\ToolbarFirstTimeDialog\images\Thumbs.db</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\ToolbarFirstTimeDialog\images\truste_welcome.GIF</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\ToolbarFirstTimeDialog\images\weather.GIF</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\ToolbarUntrustedAppsApprovalDialog\main.html</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\ToolbarUntrustedAppsApprovalDialog\ToolbarUntrustedAppsApprovalDialog.js</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\UntrustedAddedAppDialog\main.html</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\UntrustedAddedAppDialog\UT-app-dialog-added.js</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\UntrustedAppApprovalDialog\main.html</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\UntrustedAppApprovalDialog\UT-app-dialog-needs-your-approval.js</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\UntrustedAppPendingDialog\main.html</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Dialogs\UntrustedAppPendingDialog\UT-app-dialog-is-waiting.js</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\manifest.xml</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGong_16.png</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\RadioPlayer\IP_Stations_Media_List.xml</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\RadioPlayer\Predefined_Media_List.xml</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Repository\conduit_CT3298573_CT3298573\AppsMetaData\data.bck.txt</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Repository\conduit_CT3298573_CT3298573\AppsMetaData\data.txt</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Repository\conduit_CT3298573_CT3298573\DynamicDialogs\data.txt</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Repository\conduit_CT3298573_CT3298573\ToolbarHiddenSettings\data.txt</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Repository\conduit_CT3298573_CT3298573\ToolbarLogin\data.bck.txt</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Repository\conduit_CT3298573_CT3298573\ToolbarLogin\data.txt</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Repository\conduit_CT3298573_CT3298573\ToolbarSettings\data.bck.txt</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\MixiDJ_V37\Repository\conduit_CT3298573_CT3298573\ToolbarSettings\data.txt</path><vendor>PUP.Optional.MixiDJToolbar.A</vendor><action>success</action><hash>d1d55792b3c82a0cc459f2d9689a0000</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data\1.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data\2229.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data\4048.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data\450.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data\9576.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data\a.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data\b.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data\c.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data\d.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data\e.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data\f.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data\g.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data\h.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data\i.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data\j.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data\k.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data\l.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data\m.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data\n.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data\o.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data\p.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data\q.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data\r.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data\s.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data\t.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data\u.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data\v.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data\w.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data\wlu.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data\x.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data\y.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\PriceGong\Data\z.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>1b8bb039f685c76f1042eae1867cf010</hash></file>-<file><path>C:\Users\kfavara\AppData\LocalLow\PriceGong\Data\1.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>05a19d4c86f55cda361c17b42ad8af51</hash></file>-<file><path>C:\Users\kfavara\AppData\LocalLow\PriceGong\Data\a.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>05a19d4c86f55cda361c17b42ad8af51</hash></file>-<file><path>C:\Users\kfavara\AppData\LocalLow\PriceGong\Data\b.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>05a19d4c86f55cda361c17b42ad8af51</hash></file>-<file><path>C:\Users\kfavara\AppData\LocalLow\PriceGong\Data\c.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>05a19d4c86f55cda361c17b42ad8af51</hash></file>-<file><path>C:\Users\kfavara\AppData\LocalLow\PriceGong\Data\d.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>05a19d4c86f55cda361c17b42ad8af51</hash></file>-<file><path>C:\Users\kfavara\AppData\LocalLow\PriceGong\Data\e.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>05a19d4c86f55cda361c17b42ad8af51</hash></file>-<file><path>C:\Users\kfavara\AppData\LocalLow\PriceGong\Data\f.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>05a19d4c86f55cda361c17b42ad8af51</hash></file>-<file><path>C:\Users\kfavara\AppData\LocalLow\PriceGong\Data\g.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>05a19d4c86f55cda361c17b42ad8af51</hash></file>-<file><path>C:\Users\kfavara\AppData\LocalLow\PriceGong\Data\h.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>05a19d4c86f55cda361c17b42ad8af51</hash></file>-<file><path>C:\Users\kfavara\AppData\LocalLow\PriceGong\Data\i.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>05a19d4c86f55cda361c17b42ad8af51</hash></file>-<file><path>C:\Users\kfavara\AppData\LocalLow\PriceGong\Data\j.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>05a19d4c86f55cda361c17b42ad8af51</hash></file>-<file><path>C:\Users\kfavara\AppData\LocalLow\PriceGong\Data\k.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>05a19d4c86f55cda361c17b42ad8af51</hash></file>-<file><path>C:\Users\kfavara\AppData\LocalLow\PriceGong\Data\l.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>05a19d4c86f55cda361c17b42ad8af51</hash></file>-<file><path>C:\Users\kfavara\AppData\LocalLow\PriceGong\Data\m.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>05a19d4c86f55cda361c17b42ad8af51</hash></file>-<file><path>C:\Users\kfavara\AppData\LocalLow\PriceGong\Data\n.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>05a19d4c86f55cda361c17b42ad8af51</hash></file>-<file><path>C:\Users\kfavara\AppData\LocalLow\PriceGong\Data\o.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>05a19d4c86f55cda361c17b42ad8af51</hash></file>-<file><path>C:\Users\kfavara\AppData\LocalLow\PriceGong\Data\p.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>05a19d4c86f55cda361c17b42ad8af51</hash></file>-<file><path>C:\Users\kfavara\AppData\LocalLow\PriceGong\Data\q.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>05a19d4c86f55cda361c17b42ad8af51</hash></file>-<file><path>C:\Users\kfavara\AppData\LocalLow\PriceGong\Data\r.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>05a19d4c86f55cda361c17b42ad8af51</hash></file>-<file><path>C:\Users\kfavara\AppData\LocalLow\PriceGong\Data\s.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>05a19d4c86f55cda361c17b42ad8af51</hash></file>-<file><path>C:\Users\kfavara\AppData\LocalLow\PriceGong\Data\t.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>05a19d4c86f55cda361c17b42ad8af51</hash></file>-<file><path>C:\Users\kfavara\AppData\LocalLow\PriceGong\Data\u.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>05a19d4c86f55cda361c17b42ad8af51</hash></file>-<file><path>C:\Users\kfavara\AppData\LocalLow\PriceGong\Data\v.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>05a19d4c86f55cda361c17b42ad8af51</hash></file>-<file><path>C:\Users\kfavara\AppData\LocalLow\PriceGong\Data\w.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>05a19d4c86f55cda361c17b42ad8af51</hash></file>-<file><path>C:\Users\kfavara\AppData\LocalLow\PriceGong\Data\wlu.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>05a19d4c86f55cda361c17b42ad8af51</hash></file>-<file><path>C:\Users\kfavara\AppData\LocalLow\PriceGong\Data\x.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>05a19d4c86f55cda361c17b42ad8af51</hash></file>-<file><path>C:\Users\kfavara\AppData\LocalLow\PriceGong\Data\y.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>05a19d4c86f55cda361c17b42ad8af51</hash></file>-<file><path>C:\Users\kfavara\AppData\LocalLow\PriceGong\Data\z.txt</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>05a19d4c86f55cda361c17b42ad8af51</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache\27638b112811943e97ec5efb691d6916.toolbar48.xml</path><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><hash>a9fd3eab413a2313d6b292392dd556aa</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache\8d03c0783b1e34c2b403cee25e4f3d73.options_remote44b_no_fb.html</path><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><hash>a9fd3eab413a2313d6b292392dd556aa</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache\ccbd8b558f1d599e360b3dc00c89e1b1.facebook2.png</path><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><hash>a9fd3eab413a2313d6b292392dd556aa</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache\d7663980840977888075cdf06da9e63d.facebook2_hover.png</path><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><hash>a9fd3eab413a2313d6b292392dd556aa</hash></file>-<file><path>C:\Users\Ashleyand\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache\dda5971490977d5465f836a12522f1a1.games3.png</path><vendor>PUP.Optional.SweetIM.A</vendor><action>success</action><hash>a9fd3eab413a2313d6b292392dd556aa</hash></file></items></mbam-log>
- September 4, 2014
- 3 replies
Virus Help

kfavara posted a topic in Resolved Malware Removal Logs

You have helped me on a different computer. I am hoping you can help me again. Farbar.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02Ran by kfavara (administrator) on PC on 04-09-2014 12:29:55Running from C:\Users\kfavara\DesktopPlatform: Windows 8 (X64) OS Language: English (United States)Internet Explorer Version 10Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\n360.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\n360.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Dropbox, Inc.) C:\Users\kfavara\AppData\Roaming\Dropbox\bin\Dropbox.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Farbar) C:\Users\kfavara\Desktop\frst64 (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.)HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-25] (AVAST Software)HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2013-12-12] (Cisco Systems, Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-1512695327-3525718689-2234752887-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)HKU\S-1-5-21-1512695327-3525718689-2234752887-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\kfavara\AppData\Local\Akamai\netsession_win.exe"Startup: C:\Users\kfavara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\kfavara\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\kfavara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnkShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No FileShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No FileShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No FileShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\buShell.dll (Symantec Corporation)ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No FileShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No FileShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJSSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJSSearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKLM - {F7F6400A-3778-42F5-8961-E21B0939D00C} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM-x32 - DefaultScope {3BFB0943-46CA-406D-B495-92D55E2E404F} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJSSearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKLM-x32 - {F7F6400A-3778-42F5-8961-E21B0939D00C} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\IPS\IPSBHO.DLL (Symantec Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.5.0.19\coIEPlg.dll (Symantec Corporation)Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileToolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\coIEPlg.dll (Symantec Corporation)Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No FileTcpip\Parameters: [DhcpNameServer] 10.101.254.13 10.101.254.34 10.101.254.134 10.101.254.113 FireFox:========FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFFFF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-10-16]FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgnFF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-09-04]FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-16] Chrome: =======CHR StartupUrls: Default -> "hxxp://www.gmail.com/"CHR Profile: C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-11]CHR Extension: (Google Drive) - C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-11]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]CHR Extension: (YouTube) - C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-11]CHR Extension: (Google Search) - C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-11]CHR Extension: (avast! Online Security) - C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-16]CHR Extension: (Norton Security Toolbar) - C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-06-11]CHR Extension: (Delicious Bookmarks Extension) - C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnaelnkmidnndgikjbiifihgklnocljd [2014-05-26]CHR Extension: (Google Wallet) - C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]CHR Extension: (Gmail) - C:\Users\kfavara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-11]CHR HKCU\...\Chrome\Extension: [gipmblamjgodbimgeafaiegdpfbaeihe] - C:\Users\kfavara\AppData\Local\CRE\gipmblamjgodbimgeafaiegdpfbaeihe.crx [2013-07-18]CHR HKCU\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\kfavara\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx [2013-05-06]CHR HKLM-x32\...\Chrome\Extension: [gipmblamjgodbimgeafaiegdpfbaeihe] - C:\Users\kfavara\AppData\Local\CRE\gipmblamjgodbimgeafaiegdpfbaeihe.crx [2013-07-18]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-25]CHR HKLM-x32\...\Chrome\Extension: [mfchmfgdaabgdjbcaophikcobddojjoe] - C:\Users\kfavara\AppData\Local\CRE\mfchmfgdaabgdjbcaophikcobddojjoe.crx [2013-05-06]CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\Exts\Chrome.crx [2014-08-12]CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-25] (AVAST Software)S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2012-07-25] (Microsoft Corporation)R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.) [File not signed]R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-07-06] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-07-06] (Intel Corporation)S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.5.0.19\N360.exe [265040 2014-07-31] (Symantec Corporation)S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-25] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-25] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-25] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-25] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-25] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-25] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-25] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-25] ()R3 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140821.007\BHDrvx64.sys [1588016 2014-08-18] (Symantec Corporation)R3 ccSet_N360; C:\Windows\system32\drivers\N360x64\1505000.013\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-11] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-11] (Symantec Corporation)R3 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140903.001\IDSvia64.sys [633560 2014-09-01] (Symantec Corporation)R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140903.022\ENG64.SYS [129752 2014-08-23] (Symantec Corporation)R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140903.022\EX64.SYS [2137304 2014-08-23] (Symantec Corporation)R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)S3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation)S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-07-28] (Synaptics Incorporated)R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1505000.013\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)R3 SRTSPX; C:\Windows\system32\drivers\N360x64\1505000.013\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)R3 SymDS; C:\Windows\system32\drivers\N360x64\1505000.013\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)R3 SymEFA; C:\Windows\system32\drivers\N360x64\1505000.013\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)S0 SymELAM; C:\Windows\System32\drivers\N360x64\1505000.013\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-10-16] (Symantec Corporation)R3 SymIRON; C:\Windows\system32\drivers\N360x64\1505000.013\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)R3 SymNetS; C:\Windows\System32\Drivers\N360x64\1505000.013\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-12-12] (Cisco Systems, Inc.)R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-04 12:29 - 2014-09-04 12:30 - 00022768 _____ () C:\Users\kfavara\Desktop\FRST.txt2014-09-04 12:29 - 2014-09-04 12:29 - 02104832 _____ (Farbar) C:\Users\kfavara\Desktop\frst64 (1).exe2014-09-04 12:29 - 2014-09-04 12:29 - 00000000 ____D () C:\FRST2014-09-04 12:27 - 2014-09-04 12:27 - 01096704 _____ (Farbar) C:\Users\kfavara\Desktop\frst.exe2014-09-04 12:16 - 2014-09-04 12:16 - 02104832 _____ (Farbar) C:\Users\kfavara\Desktop\FRST64.exe2014-09-04 11:44 - 2014-09-04 11:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\kfavara\Desktop\mbam-setup-2.0.2.1012.exe2014-09-01 22:07 - 2014-09-01 22:07 - 00001812 _____ () C:\Users\kfavara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk2014-08-28 19:46 - 2014-08-23 01:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-08-28 19:46 - 2014-07-15 18:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll2014-08-28 19:46 - 2014-07-11 21:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll2014-08-25 20:40 - 2014-08-25 20:40 - 02618366 _____ () C:\Users\kfavara\Desktop\ntsignservicewebpictures.zip2014-08-25 20:18 - 2014-08-25 20:18 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk2014-08-25 20:17 - 2014-08-25 20:17 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-08-23 18:41 - 2014-08-23 18:42 - 00014621 _____ () C:\Users\kfavara\Desktop\BN00546a.PES2014-08-23 18:34 - 2014-05-19 21:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2014-08-23 18:34 - 2014-05-19 18:45 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2014-08-23 18:34 - 2014-05-19 18:24 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll2014-08-23 18:34 - 2014-05-19 18:24 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll2014-08-23 18:34 - 2014-05-19 18:24 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll2014-08-23 18:33 - 2014-05-19 18:45 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2014-08-23 18:33 - 2014-05-19 18:24 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2014-08-23 18:33 - 2014-05-19 18:24 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2014-08-23 18:33 - 2014-05-19 18:24 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2014-08-23 18:32 - 2014-05-14 17:43 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2014-08-23 18:32 - 2014-05-14 17:43 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2014-08-23 18:32 - 2014-05-14 17:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2014-08-23 18:32 - 2014-05-14 17:42 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2014-08-17 09:15 - 2014-08-17 09:15 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-08-17 09:15 - 2014-08-17 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-08-17 09:15 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys2014-08-17 09:14 - 2014-08-17 09:15 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-08-17 09:14 - 2014-08-17 09:15 - 00000000 ____D () C:\Program Files\iTunes2014-08-17 09:14 - 2014-08-17 09:15 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-08-17 09:14 - 2014-08-17 09:14 - 00000000 ____D () C:\Program Files\iPod2014-08-17 09:13 - 2014-08-17 09:13 - 00000000 ____D () C:\Program Files\Bonjour2014-08-17 09:13 - 2014-08-17 09:13 - 00000000 ____D () C:\Program Files (x86)\Bonjour2014-08-17 09:07 - 2014-08-17 09:07 - 00862064 _____ ( ) C:\Users\kfavara\Desktop\iTunes_Setup.exe2014-08-16 19:57 - 2014-08-16 19:57 - 00000000 ____D () C:\Users\kfavara\AppData\Roaming\Apple Computer2014-08-16 19:57 - 2014-08-16 19:57 - 00000000 ____D () C:\Users\kfavara\AppData\Local\Apple Computer2014-08-16 19:56 - 2014-08-16 19:56 - 00000000 ____D () C:\ProgramData\Apple Computer2014-08-16 19:55 - 2014-08-16 19:55 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk2014-08-16 19:55 - 2014-08-16 19:55 - 00000000 ____D () C:\Users\kfavara\AppData\Local\Apple2014-08-16 19:55 - 2014-08-16 19:55 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update2014-08-16 19:54 - 2014-08-16 19:54 - 00000000 ____D () C:\Program Files\Common Files\Apple2014-08-16 19:23 - 2014-08-16 19:23 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 3602014-08-16 18:52 - 2014-07-15 17:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys2014-08-16 18:49 - 2014-06-10 17:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe2014-08-16 18:49 - 2014-06-10 17:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe2014-08-16 18:46 - 2014-06-12 20:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys2014-08-16 18:46 - 2014-06-12 20:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll2014-08-16 18:45 - 2014-07-24 07:11 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-08-16 18:45 - 2014-07-24 07:10 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-08-16 18:45 - 2014-07-24 07:10 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-08-16 18:45 - 2014-07-24 07:10 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll2014-08-16 18:45 - 2014-07-24 07:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll2014-08-16 18:45 - 2014-07-24 07:09 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-08-16 18:45 - 2014-07-24 07:09 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-08-16 18:45 - 2014-07-24 07:09 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-08-16 18:45 - 2014-07-24 07:09 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-08-16 18:45 - 2014-07-24 07:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-08-16 18:45 - 2014-07-24 07:09 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-08-16 18:45 - 2014-07-24 07:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-08-16 18:45 - 2014-07-24 07:09 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-08-16 18:45 - 2014-07-24 07:09 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-08-16 18:45 - 2014-07-24 07:09 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-08-16 18:45 - 2014-07-24 07:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-08-16 18:45 - 2014-07-24 07:09 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll2014-08-16 18:45 - 2014-07-24 07:09 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-08-16 18:45 - 2014-07-24 07:09 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-08-16 18:45 - 2014-07-24 07:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-08-16 18:45 - 2014-07-24 07:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-08-16 18:45 - 2014-07-24 05:52 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-08-16 18:45 - 2014-07-24 05:52 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-08-16 18:45 - 2014-07-24 05:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll2014-08-16 18:45 - 2014-07-24 05:51 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-08-16 18:45 - 2014-07-24 05:51 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-08-16 18:45 - 2014-07-24 05:51 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-08-16 18:45 - 2014-07-24 05:51 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-08-16 18:45 - 2014-07-24 05:51 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-08-16 18:45 - 2014-07-24 05:51 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2014-08-16 18:45 - 2014-07-24 05:51 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-08-16 18:45 - 2014-07-24 05:51 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-08-16 18:45 - 2014-07-24 05:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-08-16 18:45 - 2014-07-24 05:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-08-16 18:45 - 2014-07-24 05:51 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-08-16 18:45 - 2014-07-24 05:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2014-08-16 18:45 - 2014-07-24 05:51 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-08-16 18:45 - 2014-07-24 05:51 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-08-16 18:45 - 2014-07-24 05:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-08-16 18:45 - 2014-07-24 05:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-08-16 18:45 - 2014-07-24 05:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-08-16 18:45 - 2014-07-24 05:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-08-16 18:45 - 2014-07-24 03:03 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll2014-08-16 18:45 - 2014-06-19 18:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll2014-08-16 18:45 - 2014-06-19 17:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll2014-08-16 18:44 - 2014-08-07 01:33 - 00712192 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-08-16 18:44 - 2014-08-06 22:09 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-08-16 18:44 - 2014-06-05 12:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe2014-08-16 18:44 - 2014-06-05 12:30 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll2014-08-16 18:44 - 2014-06-05 12:29 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-08-16 18:44 - 2014-06-05 12:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll2014-08-16 18:44 - 2014-06-05 12:28 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll2014-08-16 18:44 - 2014-06-05 12:28 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll2014-08-16 18:44 - 2014-06-05 08:12 - 08857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll2014-08-16 18:44 - 2014-06-05 08:11 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2014-08-16 18:44 - 2014-06-05 08:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll2014-08-16 18:44 - 2014-06-05 08:10 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2014-08-16 18:44 - 2014-06-05 08:10 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll2014-08-16 18:44 - 2014-05-28 23:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys2014-08-16 18:44 - 2014-05-07 20:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys2014-08-16 18:40 - 2014-08-16 18:42 - 113492816 _____ (Apple Inc.) C:\Users\kfavara\Desktop\iTunes64Setup.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-04 12:30 - 2014-09-04 12:29 - 00022768 _____ () C:\Users\kfavara\Desktop\FRST.txt2014-09-04 12:29 - 2014-09-04 12:29 - 02104832 _____ (Farbar) C:\Users\kfavara\Desktop\frst64 (1).exe2014-09-04 12:29 - 2014-09-04 12:29 - 00000000 ____D () C:\FRST2014-09-04 12:27 - 2014-09-04 12:27 - 01096704 _____ (Farbar) C:\Users\kfavara\Desktop\frst.exe2014-09-04 12:19 - 2013-04-23 19:37 - 00000000 ___RD () C:\Users\kfavara\Dropbox2014-09-04 12:19 - 2013-04-23 19:34 - 00000000 ____D () C:\Users\kfavara\AppData\Roaming\Dropbox2014-09-04 12:19 - 2013-04-06 13:02 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-09-04 12:17 - 2014-01-17 19:28 - 00005084 _____ () C:\Windows\error.log2014-09-04 12:17 - 2014-01-17 19:28 - 00002549 _____ () C:\Windows\errord.log2014-09-04 12:17 - 2012-08-03 17:23 - 01091444 _____ () C:\Windows\PFRO.log2014-09-04 12:17 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-09-04 12:17 - 2012-07-26 00:26 - 00524288 ___SH () C:\Windows\system32\config\BBI2014-09-04 12:16 - 2014-09-04 12:16 - 02104832 _____ (Farbar) C:\Users\kfavara\Desktop\FRST64.exe2014-09-04 12:00 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru2014-09-04 11:56 - 2013-04-06 13:02 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-09-04 11:53 - 2013-04-06 12:12 - 01118174 _____ () C:\Windows\WindowsUpdate.log2014-09-04 11:46 - 2014-04-22 06:55 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-09-04 11:45 - 2014-04-22 06:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-09-04 11:45 - 2014-04-22 06:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-09-04 11:44 - 2014-09-04 11:44 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\kfavara\Desktop\mbam-setup-2.0.2.1012.exe2014-09-04 11:42 - 2013-04-07 20:59 - 00559104 _____ () C:\Users\kfavara\AppData\Roaming\SharedSettings.ccs2014-09-02 21:41 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\rescache2014-09-01 22:07 - 2014-09-01 22:07 - 00001812 _____ () C:\Users\kfavara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk2014-09-01 21:06 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM2014-09-01 19:32 - 2014-03-16 12:58 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2014-09-01 19:26 - 2014-07-23 20:36 - 00444544 _____ () C:\Windows\system32\FNTCACHE.DAT2014-09-01 19:26 - 2013-11-10 14:45 - 00000346 _____ () C:\Windows\Tasks\HPCeeScheduleForkfavara.job2014-09-01 19:24 - 2012-07-26 02:59 - 00000000 ____D () C:\Windows\CbsTemp2014-08-28 20:05 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent2014-08-28 19:46 - 2013-11-10 14:45 - 00003164 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForkfavara2014-08-28 19:46 - 2013-04-06 12:12 - 00000000 ____D () C:\Users\kfavara2014-08-25 21:23 - 2013-11-22 15:51 - 00002206 ____H () C:\Users\kfavara\Documents\Default.rdp2014-08-25 20:50 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\FxsTmp2014-08-25 20:40 - 2014-08-25 20:40 - 02618366 _____ () C:\Users\kfavara\Desktop\ntsignservicewebpictures.zip2014-08-25 20:18 - 2014-08-25 20:18 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk2014-08-25 20:18 - 2014-03-16 12:58 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys2014-08-25 20:17 - 2014-08-25 20:17 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-08-25 20:17 - 2014-04-22 07:01 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys2014-08-25 20:17 - 2014-03-16 12:58 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys2014-08-25 20:17 - 2014-03-16 12:58 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2014-08-25 20:17 - 2014-03-16 12:58 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys2014-08-25 20:17 - 2014-03-16 12:58 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys2014-08-25 20:17 - 2014-03-16 12:58 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys2014-08-25 20:17 - 2014-03-16 12:58 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2014-08-25 20:17 - 2014-03-16 12:58 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys2014-08-23 19:00 - 2013-04-07 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive2014-08-23 18:46 - 2012-07-26 02:28 - 00942994 _____ () C:\Windows\system32\PerfStringBackup.INI2014-08-23 18:42 - 2014-08-23 18:41 - 00014621 _____ () C:\Users\kfavara\Desktop\BN00546a.PES2014-08-23 01:47 - 2014-08-28 19:46 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-08-19 20:04 - 2012-07-26 03:12 - 00000000 ___HD () C:\Windows\ELAMBKUP2014-08-17 09:15 - 2014-08-17 09:15 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-08-17 09:15 - 2014-08-17 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-08-17 09:15 - 2014-08-17 09:14 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-08-17 09:15 - 2014-08-17 09:14 - 00000000 ____D () C:\Program Files\iTunes2014-08-17 09:15 - 2014-08-17 09:14 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-08-17 09:14 - 2014-08-17 09:14 - 00000000 ____D () C:\Program Files\iPod2014-08-17 09:13 - 2014-08-17 09:13 - 00000000 ____D () C:\Program Files\Bonjour2014-08-17 09:13 - 2014-08-17 09:13 - 00000000 ____D () C:\Program Files (x86)\Bonjour2014-08-17 09:13 - 2013-04-06 12:22 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1512695327-3525718689-2234752887-10012014-08-17 09:07 - 2014-08-17 09:07 - 00862064 _____ ( ) C:\Users\kfavara\Desktop\iTunes_Setup.exe2014-08-16 21:09 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared2014-08-16 19:57 - 2014-08-16 19:57 - 00000000 ____D () C:\Users\kfavara\AppData\Roaming\Apple Computer2014-08-16 19:57 - 2014-08-16 19:57 - 00000000 ____D () C:\Users\kfavara\AppData\Local\Apple Computer2014-08-16 19:56 - 2014-08-16 19:56 - 00000000 ____D () C:\ProgramData\Apple Computer2014-08-16 19:55 - 2014-08-16 19:55 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk2014-08-16 19:55 - 2014-08-16 19:55 - 00000000 ____D () C:\Users\kfavara\AppData\Local\Apple2014-08-16 19:55 - 2014-08-16 19:55 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update2014-08-16 19:55 - 2012-11-02 17:19 - 00000000 ____D () C:\ProgramData\Apple2014-08-16 19:54 - 2014-08-16 19:54 - 00000000 ____D () C:\Program Files\Common Files\Apple2014-08-16 19:53 - 2013-04-23 19:35 - 00000000 ____D () C:\Users\kfavara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-08-16 19:23 - 2014-08-16 19:23 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 3602014-08-16 19:17 - 2013-10-16 21:55 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration2014-08-16 19:17 - 2013-10-16 21:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 3602014-08-16 19:17 - 2013-10-16 21:53 - 00000000 ____D () C:\Windows\system32\Drivers\N360x642014-08-16 19:12 - 2014-07-14 18:34 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-08-16 19:12 - 2013-04-06 12:27 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-08-16 19:12 - 2012-07-26 03:12 - 00000000 ___RD () C:\Windows\ToastData2014-08-16 19:11 - 2013-08-15 20:27 - 00000000 ____D () C:\Windows\system32\MRT2014-08-16 19:05 - 2013-04-09 14:12 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-08-16 18:42 - 2014-08-16 18:40 - 113492816 _____ (Apple Inc.) C:\Users\kfavara\Desktop\iTunes64Setup.exe2014-08-13 22:00 - 2012-10-26 21:27 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support2014-08-13 22:00 - 2012-10-26 21:25 - 00000000 ____D () C:\ProgramData\Hewlett-Packard2014-08-13 22:00 - 2012-10-26 21:12 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard2014-08-13 21:57 - 2014-06-28 22:03 - 00000023 _____ () C:\Windows\ODBCINST.INI2014-08-07 01:33 - 2014-08-16 18:44 - 00712192 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-08-06 22:09 - 2014-08-16 18:44 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll Some content of TEMP:====================C:\Users\kfavara\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpn0m_zi.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-01 21:17 ==================== End Of Log ============================
- September 4, 2014
- 3 replies
I need help cleaning

kfavara replied to kfavara's topic in Resolved Malware Removal Logs

Even after all of this and the clean scans, every time I restart the computer. I get a popup that Wondershare Helper Compact from Wondershare Corporation is trying to install something. I say No every time, but is there a way to clean this so that it does not attempt to install every time? Thanks again!!
- May 22, 2014
- 10 replies
I need help cleaning

kfavara replied to kfavara's topic in Resolved Malware Removal Logs

I have sent the two malware logs in their own posts. The following is the original AdwCleaner. The Sophos came up clean # AdwCleaner v3.210 - Report created 20/05/2014 at 09:50:19 # Updated 19/05/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : JT - JT-HP # Running from : C:\Users\JT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FJJX8LNI\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\END File Found : C:\Program Files (x86)\Mozilla Firefox\user.js File Found : C:\Users\JT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage File Found : C:\Users\JT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal File Found : C:\Users\JT\AppData\Local\Temp\Uninstall.exe File Found : C:\Users\JT\AppData\Roaming\BabMaint.exe File Found : C:\Users\JT\AppData\Roaming\Mozilla\Firefox\Profiles\f6avo039.default\searchplugins\appbario9-customized-web-search.xml File Found : C:\Users\JT\AppData\Roaming\Mozilla\Firefox\Profiles\f6avo039.default\searchplugins\browsemngr.xml File Found : C:\Users\JT\AppData\Roaming\Mozilla\Firefox\Profiles\f6avo039.default\searchplugins\safesearch.xml File Found : C:\Users\JT\AppData\Roaming\Mozilla\Firefox\Profiles\f6avo039.default\user.js File Found : C:\Windows\System32\Tasks\BitGuard File Found : C:\Windows\System32\Tasks\Re-Markable_wd File Found : C:\Windows\Tasks\Re-Markable_wd.job Folder Found : C:\Program Files (x86)\Common Files\Spigot Folder Found : C:\Program Files (x86)\Playbryte Folder Found : C:\ProgramData\apn Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\Tarma Installer Folder Found : C:\Users\JT\AppData\Local\SearchProtect Folder Found : C:\Users\JT\AppData\Local\Temp\pccustubinstaller Folder Found : C:\Users\JT\AppData\LocalLow\BabylonToolbar Folder Found : C:\Users\JT\AppData\LocalLow\Playbryte Folder Found : C:\Users\JT\AppData\Roaming\BabSolution Folder Found : C:\Users\JT\AppData\Roaming\Babylon Folder Found : C:\Users\JT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard Folder Found : C:\Users\JT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager Folder Found : C:\Users\JT\AppData\Roaming\Mozilla\Firefox\Profiles\f6avo039.default\Smartbar Folder Found : C:\Users\JT\AppData\Roaming\pccustubinstaller Folder Found : C:\Windows\SysWOW64\Browser Manager ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\96d9d8e03fed17 Key Found : HKCU\Software\AppDataLow\Software\Search Settings Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\BabSolution Key Found : HKCU\Software\BrowserMngr Key Found : HKCU\Software\filescout Key Found : HKCU\Software\installedbrowserextensions Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{91607FA7-3C2F-4F90-93E3-D5337A6B0AC2} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKCU\Software\Softonic Key Found : [x64] HKCU\Software\BabSolution Key Found : [x64] HKCU\Software\BrowserMngr Key Found : [x64] HKCU\Software\filescout Key Found : [x64] HKCU\Software\installedbrowserextensions Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{91607FA7-3C2F-4F90-93E3-D5337A6B0AC2} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Found : [x64] HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\96d9d8e03fed17 Key Found : HKLM\Software\Babylon Key Found : HKLM\Software\BrowserMngr Key Found : HKLM\SOFTWARE\Classes\*\shell\filescout Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Found : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4} Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939} Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Key Found : HKLM\Software\DataMngr Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_mixvibes-cross-dj_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_mixvibes-cross-dj_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Playbryte Key Found : HKLM\Software\Playbryte Key Found : HKLM\Software\SearchProtect Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Found : [x64] HKLM\SOFTWARE\Tarma Installer Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [browserMngrDefaultScope] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}] ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17041 Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://search.babylon.com/?affID=110795&tt=120812_bandext_3312_8&babsrc=NT_ss&mntrId=b071d31f000000000000844bf514ee5a -\\ Mozilla Firefox v14.0.1 (en-US) [ File : C:\Users\JT\AppData\Roaming\Mozilla\Firefox\Profiles\f6avo039.default\prefs.js ] Line Found : user_pref("browser.search.order.1", "Search the web (Babylon)"); -\\ Google Chrome v34.0.1847.137 [ File : C:\Users\JT\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found [search Provider] : hxxp://search.babylon.com/?q={searchTerms}&babsrc=NT_ss&s=web&rlz=0&as=0&ac=0%2C373 Found [search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms} Found [search Provider] : hxxp://www.ask.com/web?q={searchTerms} Found [search Provider] : hxxp://feed.snapdo.com/?publisher=AirInstallerND&dpid=AirInstallerNDCH&co=US&userid=d13021a6-538f-186c-11ef-6ae5a91696ab&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM} ************************* AdwCleaner[R0].txt - [9795 octets] - [20/05/2014 09:50:19] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [9855 octets] ##########
- May 22, 2014
- 10 replies
I need help cleaning

kfavara replied to kfavara's topic in Resolved Malware Removal Logs

Malwarebytes Anti-Rootkit BETA 1.07.0.1009 www.malwarebytes.org Database version: v2013.10.02.12 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.17107 JT :: JT-HP [administrator] 5/22/2014 8:44:48 AM mbar-log-2014-05-22 (08-44-48).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 231921 Time elapsed: 54 minute(s), 14 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end)
- May 22, 2014
- 10 replies
I need help cleaning

kfavara replied to kfavara's topic in Resolved Malware Removal Logs

--------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17107 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED CPU speed: 2.494000 GHz Memory total: 8478064640, free: 6557728768 ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.17107 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED CPU speed: 2.494000 GHz Memory total: 8478064640, free: 6558957568 ======================================= Initializing... Done! Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 84CA151B Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 407552 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 409600 Numsec = 1419763712 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1420173312 Numsec = 44763136 Partition 3 type is Other (0xc) Partition is NOT ACTIVE. Partition starts at LBA: 1464936448 Numsec = 208896 Disk Size: 750156374016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)... Done! Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removal finished
- May 22, 2014
- 10 replies
I need help cleaning

kfavara replied to kfavara's topic in Resolved Malware Removal Logs

I had uninstalled uTorrent and all other applications before sending the original email (although after running the tools initially). uTorrent remains off my computer but PCTechHotline continued to return. All of the attached directions ran smoothly until the last scanner. It locked up at 9% and never finished. I waited about an hour for it to move forward so I have no log for that. Thank you so much for your time and effort. I am attaching all log files as requested. The AdwCleaner created an S1 and R1 so I attached both. They were 1 min apart in creation time and I could have run it twice. The Rogue Killer, I was unsure. I am attaching both that look like they could be log files. I hope you can get what you need. Thanks again! Fixlog.txt AdwCleanerS1.txt AdwCleanerR1.txt JRT.txt RKreport0_S_05162014_055230.txt Rkill.txt
- May 22, 2014
- 10 replies
I need help cleaning

kfavara posted a topic in Resolved Malware Removal Logs

The infection began with the installation of uTorrent. PCTechHotline was installed and I have been unable to remove it. I ran the Farbar scan and it created First and Addition. I removed all software that I thought should not be installed (and some that needed to be there... like the wireless adapter driver. Ha). I reran the Farbar scan. The latest First is attached but I do not think it created a new Addition file. Please help. I tried to go through all the steps without input, but I was unsuccessful. Thanks!! FRST.txt Addition.txt
- May 16, 2014
- 10 replies

Sign In

kfavara

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by kfavara

Help Please

Help Please

Help Please

Help Please

Need Help Please

Need Help Please

Need Help Please

Need Help Please

Need Help Please

Virus Help

Virus Help

I need help cleaning

I need help cleaning

I need help cleaning

I need help cleaning

I need help cleaning

I need help cleaning

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information