Jump to content

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


Recommended Posts

So the object it found is HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 

My computer has been acting strange, so I removed it just to be on the safe side, only for it to pop up on the scan I did after rebooting. 

I have had some trouble updating with windows for a few months (which I had been assured sometimes happened, so I brushed it off) and I have been unable to install adobe photoshop elements as well. 

 

I am very worried as my dad borrowed my laptop around christmas to try and use it to help fix my brother's laptop after it got hit with some nasty adware, and could have transferred to my laptop. 

I have attached rouge killer and malware bytes logs 

please help

RKreport0_S_04242014_160115.txt

this is what I need to see.txt

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Let me see those logs...

 

Kevin

Link to post
Share on other sites

Ok so here's the Malware bytes one:

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org
 
Database version: v2014.04.24.08
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16519
Kathy's account :: KATHY [administrator]
 
Protection: Enabled
 
4/24/2014 4:27:37 PM
MBAM-log-2014-04-24 (16-31-56).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229343
Time elapsed: 4 minute(s), 13 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BackgroundContainer (PUP.Optional.Conduit) -> Data: "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Kathy's account\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun -> No action taken.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
Here is FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2014
Ran by Kathy's account (administrator) on KATHY on 24-04-2014 16:33:47
Running from C:\Users\Kathy's account\Downloads
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nalpeiron Ltd.) C:\windows\SysWOW64\NLSSRV32.EXE
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Uniblue Systems Limited) C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 4.0\program\soffice.exe
(The Document Foundation) C:\Program Files (x86)\LibreOffice 4.0\program\soffice.bin
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\windows\system32\msiexec.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6334096 2012-08-27] (Realtek semiconductor)
HKLM\...\Run: [synLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-16] (Synaptics)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-06] (Realtek Semiconductor)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-08-10] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2014-04-14] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2014-04-14] (Lenovo(beijing) Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [bTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7818040 2013-09-19] (Motorola Solutions, Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [updateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-02] (AVAST Software)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [searchProtect] => \SearchProtect\bin\cltmng.exe
HKU\S-1-5-21-4157361729-718827960-786165339-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1826496 2014-04-21] (Valve Corporation)
HKU\S-1-5-21-4157361729-718827960-786165339-1001\...\Run: [Advanced SystemCare 6] => C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-01-15] (IObit)
HKU\S-1-5-21-4157361729-718827960-786165339-1001\...\Run: [DriverScanner] => C:\Program Files (x86)\Uniblue\DriverScanner\launcher.exe [338848 2012-07-10] (Uniblue Systems Limited)
HKU\S-1-5-21-4157361729-718827960-786165339-1001\...\Run: [backgroundContainer] => "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Kathy's account\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-4157361729-718827960-786165339-1001\...\MountPoints2: {1bf9db45-086f-11e3-be9b-b888e38aa319} - "F:\SISetup.exe" 
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
URLSearchHook: HKLM-x32 - (No Name) - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - No File
URLSearchHook: HKCU - (No Name) - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - No File
SearchScopes: HKLM - DefaultScope {2582C074-37F6-4768-8F92-C283778EFCF9} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {2582C074-37F6-4768-8F92-C283778EFCF9} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - DefaultScope {2582C074-37F6-4768-8F92-C283778EFCF9} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {2582C074-37F6-4768-8F92-C283778EFCF9} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - DefaultScope {537ABF07-3C15-4F32-B7BD-C0BE0B49AC42} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281675&CUI=UN37576550043262650&UM=2
SearchScopes: HKCU - {2582C074-37F6-4768-8F92-C283778EFCF9} URL = 
SearchScopes: HKCU - {537ABF07-3C15-4F32-B7BD-C0BE0B49AC42} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281675&CUI=UN37576550043262650&UM=2
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} -  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - No Name - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} -  No File
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {E44A1809-4D10-4AB8-B343-3326B64C7CDD} -  No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.200.1
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 - C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ []
 
Chrome: 
=======
CHR StartupUrls: "https://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Exent® AOD Gecko Plugin) - C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
CHR Extension: (Google Docs) - C:\Users\Kathy's account\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-24]
CHR Extension: (Google Drive) - C:\Users\Kathy's account\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-24]
CHR Extension: (YouTube) - C:\Users\Kathy's account\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-24]
CHR Extension: (Google Search) - C:\Users\Kathy's account\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-24]
CHR Extension: (Freemake Video Converter) - C:\Users\Kathy's account\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2013-03-25]
CHR Extension: (Google Wallet) - C:\Users\Kathy's account\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (MyHarmony Chrome Plugin) - C:\Users\Kathy's account\AppData\Local\Google\Chrome\User Data\Default\Extensions\omaonpoimgkmbllpdihbnmgphjoipdhf [2014-01-31]
CHR Extension: (Gmail) - C:\Users\Kathy's account\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-24]
CHR HKCU\...\Chrome\Extension: [kdfbddbdpnahdahmamlolacimfdbeckk] - C:\Users\Kathy's account\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx [2013-03-24]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-03-25]
CHR HKLM-x32\...\Chrome\Extension: [kdfbddbdpnahdahmamlolacimfdbeckk] - C:\Users\Kathy's account\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx [2013-03-24]
CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx [2014-01-30]
 
==================== Services (Whitelisted) =================
 
R2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [465216 2013-01-15] (IObit)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-02] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2211000 2014-03-30] (Microsoft Corporation)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-03-14] (Freemake)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-07-16] (Nitro PDF Software)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [78648 2014-03-16] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-12-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-07] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1038072 2014-03-16] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [421704 2014-03-16] (AVAST Software)
R3 aswStm; C:\windows\system32\drivers\aswStm.sys [80184 2014-03-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-02] ()
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8227216 2012-08-27] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-25] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-24 16:33 - 2014-04-24 16:34 - 00021093 _____ () C:\Users\Kathy's account\Downloads\FRST.txt
2014-04-24 16:33 - 2014-04-24 16:33 - 00000000 ____D () C:\FRST
2014-04-24 16:32 - 2014-04-24 16:32 - 02061824 _____ (Farbar) C:\Users\Kathy's account\Downloads\FRST64.exe
2014-04-24 16:25 - 2014-04-24 16:25 - 00003430 _____ () C:\windows\System32\Tasks\BackgroundContainer Startup Task
2014-04-24 16:11 - 2014-04-24 16:11 - 00002378 _____ () C:\Users\Kathy's account\Documents\this is what I need to see.txt
2014-04-24 16:09 - 2014-04-24 16:09 - 00001740 _____ () C:\Users\Kathy's account\Documents\RKreport[0]_S_04242014_160115.txt
2014-04-24 16:01 - 2014-04-24 16:01 - 00001740 _____ () C:\Users\Kathy's account\Desktop\RKreport[0]_S_04242014_160115.txt
2014-04-24 15:50 - 2014-04-24 16:01 - 00000000 ____D () C:\Users\Kathy's account\Desktop\RK_Quarantine
2014-04-24 15:50 - 2014-04-24 15:50 - 03972608 _____ () C:\Users\Kathy's account\Downloads\RogueKiller.exe
2014-04-24 11:57 - 2014-04-24 11:57 - 05773940 _____ () C:\Users\Kathy's account\audio 9.wav
2014-04-24 11:55 - 2014-04-24 11:55 - 01677416 _____ () C:\Users\Kathy's account\audio 8.wav
2014-04-24 11:54 - 2014-04-24 11:54 - 04199800 _____ () C:\Users\Kathy's account\audio7.wav
2014-04-24 11:51 - 2014-04-24 11:51 - 01420604 _____ () C:\Users\Kathy's account\audio 6.wav
2014-04-24 11:33 - 2014-04-24 11:33 - 02198060 _____ () C:\Users\Kathy's account\audio project 5.wav
2014-04-24 11:31 - 2014-04-24 11:31 - 01772460 _____ () C:\Users\Kathy's account\audio project 4.wav
2014-04-24 11:26 - 2014-04-24 11:26 - 03161876 _____ () C:\Users\Kathy's account\audio project 3.wav
2014-04-23 15:51 - 2014-04-23 15:51 - 00000000 _____ () C:\windows\setuperr.log
2014-04-23 15:51 - 2014-04-23 15:51 - 00000000 _____ () C:\windows\setupact.log
2014-04-22 14:39 - 2014-04-22 14:39 - 03915964 _____ () C:\Users\Kathy's account\audio project 2.wav
2014-04-22 13:40 - 2014-04-22 13:40 - 05064772 _____ () C:\Users\Kathy's account\UDIO PROJECT 1.wav
2014-04-21 20:50 - 2014-04-21 20:50 - 00000080 _____ () C:\Users\Kathy's account\Documents\crossovers not happening anytime soon.txt
2014-04-18 08:44 - 2014-04-18 08:44 - 00020146 _____ () C:\Users\Kathy's account\Documents\whaaaaales.odt
2014-04-17 16:43 - 2014-04-17 16:43 - 26747104 _____ (Microsoft Corporation) C:\Users\Kathy's account\Downloads\Windows-KB890830-x64-V5.11.exe
2014-04-17 16:38 - 2014-04-17 16:38 - 00000000 _____ () C:\rund1132.txt
2014-04-17 16:36 - 2014-04-17 16:38 - 00002756 _____ () C:\rundll32.txt
2014-04-17 13:28 - 2014-04-24 16:23 - 00000000 ____D () C:\Users\Kathy's account\AppData\Roaming\Audacity
2014-04-17 13:28 - 2014-04-17 13:28 - 00001030 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-04-17 13:28 - 2014-04-17 13:28 - 00001018 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-04-17 13:27 - 2014-04-17 13:27 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-04-17 13:26 - 2014-04-17 13:27 - 22180353 _____ (Audacity Team ) C:\Users\Kathy's account\Downloads\audacity-win-2.0.5.exe
2014-04-17 12:04 - 2014-04-17 12:04 - 00001101 _____ () C:\windows\system32\netcfg-170796187.txt
2014-04-17 12:03 - 2014-04-17 12:03 - 00000162 _____ () C:\windows\system32\netcfg-170794890.txt
2014-04-14 16:05 - 2014-04-14 16:04 - 00039008 _____ (Lenovo.) C:\windows\system32\Drivers\LhdX64.sys
2014-04-14 16:05 - 2014-04-14 16:04 - 00019872 _____ (Lenovo (Beijing) Limited) C:\windows\system32\LenovoSDKEmSubSystem.dll
2014-04-14 15:52 - 2014-04-14 15:54 - 47676792 _____ (Lenovo Group Limited ) C:\Users\Kathy's account\Downloads\em8.08.0.2.4.exe
2014-04-09 08:42 - 2014-04-18 09:05 - 00019757 _____ () C:\Users\Kathy's account\Documents\profile paper and annotated bib.odt
2014-04-08 12:20 - 2014-04-08 12:20 - 02181016 _____ () C:\Users\Kathy's account\Documents\4D project with SOUND! (1).avi
2014-04-08 12:17 - 2014-04-08 12:17 - 02181016 _____ () C:\Users\Kathy's account\Documents\4D project with SOUND!.avi
2014-04-08 10:01 - 2014-04-08 10:01 - 00000000 ____D () C:\Users\Kathy's account\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-04-08 10:01 - 2014-04-08 10:01 - 00000000 ____D () C:\Users\Kathy's account\AppData\Roaming\chc
2014-04-08 08:44 - 2014-04-08 08:45 - 144993295 _____ () C:\Users\Kathy's account\Downloads\Sequence 01_5.mov
2014-04-01 17:10 - 2014-04-01 17:10 - 13316290 _____ () C:\Users\Kathy's account\Downloads\Sequence 01_2.mov
2014-03-31 11:38 - 2014-03-31 11:38 - 68763648 _____ () C:\windows\system32\config\SOFTWARE.iobit
2014-03-31 11:38 - 2014-03-31 11:38 - 00311296 _____ () C:\windows\system32\config\DEFAULT.iobit
2014-03-31 11:38 - 2014-03-31 11:38 - 00065536 _____ () C:\windows\system32\config\SAM.iobit
2014-03-31 11:38 - 2014-03-31 11:38 - 00024576 _____ () C:\windows\system32\config\SECURITY.iobit
2014-03-28 22:20 - 2014-03-28 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom
2014-03-28 22:20 - 2014-03-28 22:20 - 00000000 ____D () C:\Users\Kathy's account\AppData\Roaming\WTablet
2014-03-28 22:20 - 2014-03-28 22:20 - 00000000 ____D () C:\Program Files\Tablet
2014-03-28 22:20 - 2014-03-28 22:20 - 00000000 ____D () C:\Program Files (x86)\TabletPlugins
2014-03-28 22:20 - 2012-12-11 13:07 - 01981312 _____ (Wacom Technology, Corp.) C:\windows\system32\Pen_Tablet.dll
2014-03-28 22:20 - 2012-12-11 13:07 - 01974144 _____ (Wacom Technology, Corp.) C:\windows\system32\Pen_Touch_Tablet.dll
2014-03-28 22:20 - 2012-12-11 13:07 - 01843584 _____ (Wacom Technology, Corp.) C:\windows\system32\Wintab32.dll
2014-03-28 22:20 - 2012-12-11 13:07 - 01840000 _____ (Wacom Technology, Corp.) C:\windows\system32\WacomMT.dll
2014-03-28 22:20 - 2012-12-11 13:07 - 01628544 _____ (Wacom Technology, Corp.) C:\windows\SysWOW64\Pen_Tablet.dll
2014-03-28 22:20 - 2012-12-11 13:07 - 01621888 _____ (Wacom Technology, Corp.) C:\windows\SysWOW64\Pen_Touch_Tablet.dll
2014-03-28 22:20 - 2012-12-11 13:07 - 01509760 _____ (Wacom Technology, Corp.) C:\windows\SysWOW64\Wintab32.dll
2014-03-28 22:20 - 2012-12-11 13:07 - 01505664 _____ (Wacom Technology, Corp.) C:\windows\SysWOW64\WacomMT.dll
2014-03-28 22:15 - 2014-03-28 22:15 - 38455200 _____ () C:\Users\Kathy's account\Downloads\PenTablet_532-1 (2).exe
2014-03-28 21:54 - 2014-03-28 21:54 - 00001274 _____ () C:\Users\Public\Desktop\PhotoshopdotcomInspirationBrowser.lnk
2014-03-28 21:54 - 2014-03-28 21:54 - 00000000 ____D () C:\Users\Kathy's account\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
2014-03-28 21:54 - 2014-03-28 21:54 - 00000000 ____D () C:\Users\Kathy's account\AppData\Roaming\PhotoshopdotcomInspirationBrowser
2014-03-28 21:54 - 2014-03-28 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-03-28 21:40 - 2014-03-28 21:46 - 00000000 ____D () C:\Users\Kathy's account\Desktop\Adobe Photoshop Elements 10
2014-03-28 21:15 - 2014-04-14 15:28 - 00000587 _____ () C:\Users\Kathy's account\Documents\squishable description.txt
2014-03-28 18:18 - 2014-03-28 18:18 - 00000000 ____D () C:\windows\softwaredistribution.bak5
2014-03-28 18:00 - 2014-03-28 18:00 - 06263015 _____ () C:\Users\Kathy's account\Downloads\Windows6.2-KB2779444-x64 (1).msu
2014-03-28 17:59 - 2014-03-28 18:00 - 06263015 _____ () C:\Users\Kathy's account\Downloads\Windows6.2-KB2779444-x64.msu
2014-03-28 17:36 - 2014-03-28 17:36 - 18126032 _____ (Adobe Systems Inc.) C:\Users\Kathy's account\Downloads\AdobeAIRInstaller.exe
2014-03-28 17:22 - 2014-03-28 17:22 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-03-28 17:13 - 2014-03-28 17:13 - 00000060 _____ () C:\Users\Kathy's account\Documents\photoshop error.txt
2014-03-28 16:55 - 2014-03-28 21:48 - 00000000 ____D () C:\Users\Kathy's account\Downloads\Photoshop_Elements_10_T1
2014-03-28 16:43 - 2014-03-28 16:54 - 1612597066 _____ () C:\Users\Kathy's account\Downloads\Photoshop_Elements_10_T1.zip
2014-03-28 15:48 - 2014-03-28 15:48 - 00000000 ____D () C:\Users\Kathy's account\AppData\Local\Intel_Corporation
2014-03-25 16:47 - 2014-03-28 18:12 - 00000000 ____D () C:\windows\softwaredistribution.bak4
 
==================== One Month Modified Files and Folders =======
 
2014-04-24 16:34 - 2014-04-24 16:33 - 00021093 _____ () C:\Users\Kathy's account\Downloads\FRST.txt
2014-04-24 16:33 - 2014-04-24 16:33 - 00000000 ____D () C:\FRST
2014-04-24 16:32 - 2014-04-24 16:32 - 02061824 _____ (Farbar) C:\Users\Kathy's account\Downloads\FRST64.exe
2014-04-24 16:31 - 2012-10-04 09:21 - 01928893 _____ () C:\windows\WindowsUpdate.log
2014-04-24 16:30 - 2012-07-26 03:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-24 16:25 - 2014-04-24 16:25 - 00003430 _____ () C:\windows\System32\Tasks\BackgroundContainer Startup Task
2014-04-24 16:25 - 2013-03-25 20:16 - 00000372 _____ () C:\windows\Tasks\DriverScanner.job
2014-04-24 16:25 - 2013-02-24 17:49 - 00000924 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-24 16:24 - 2012-07-26 03:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-24 16:23 - 2014-04-17 13:28 - 00000000 ____D () C:\Users\Kathy's account\AppData\Roaming\Audacity
2014-04-24 16:11 - 2014-04-24 16:11 - 00002378 _____ () C:\Users\Kathy's account\Documents\this is what I need to see.txt
2014-04-24 16:11 - 2013-03-13 18:28 - 00627200 ___SH () C:\Users\Kathy's account\Documents\Thumbs.db
2014-04-24 16:09 - 2014-04-24 16:09 - 00001740 _____ () C:\Users\Kathy's account\Documents\RKreport[0]_S_04242014_160115.txt
2014-04-24 16:01 - 2014-04-24 16:01 - 00001740 _____ () C:\Users\Kathy's account\Desktop\RKreport[0]_S_04242014_160115.txt
2014-04-24 16:01 - 2014-04-24 15:50 - 00000000 ____D () C:\Users\Kathy's account\Desktop\RK_Quarantine
2014-04-24 16:00 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\sru
2014-04-24 15:58 - 2013-02-24 17:00 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-24 15:50 - 2014-04-24 15:50 - 03972608 _____ () C:\Users\Kathy's account\Downloads\RogueKiller.exe
2014-04-24 15:39 - 2013-02-24 17:49 - 00000928 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-24 11:57 - 2014-04-24 11:57 - 05773940 _____ () C:\Users\Kathy's account\audio 9.wav
2014-04-24 11:57 - 2013-02-24 16:50 - 00000000 ____D () C:\Users\Kathy's account
2014-04-24 11:55 - 2014-04-24 11:55 - 01677416 _____ () C:\Users\Kathy's account\audio 8.wav
2014-04-24 11:54 - 2014-04-24 11:54 - 04199800 _____ () C:\Users\Kathy's account\audio7.wav
2014-04-24 11:51 - 2014-04-24 11:51 - 01420604 _____ () C:\Users\Kathy's account\audio 6.wav
2014-04-24 11:33 - 2014-04-24 11:33 - 02198060 _____ () C:\Users\Kathy's account\audio project 5.wav
2014-04-24 11:31 - 2014-04-24 11:31 - 01772460 _____ () C:\Users\Kathy's account\audio project 4.wav
2014-04-24 11:26 - 2014-04-24 11:26 - 03161876 _____ () C:\Users\Kathy's account\audio project 3.wav
2014-04-23 15:51 - 2014-04-23 15:51 - 00000000 _____ () C:\windows\setuperr.log
2014-04-23 15:51 - 2014-04-23 15:51 - 00000000 _____ () C:\windows\setupact.log
2014-04-23 15:27 - 2012-07-26 01:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-04-23 15:25 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-04-22 18:54 - 2013-09-20 17:53 - 00000000 ____D () C:\windows\Minidump
2014-04-22 17:09 - 2013-02-24 16:56 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4157361729-718827960-786165339-1001
2014-04-22 14:39 - 2014-04-22 14:39 - 03915964 _____ () C:\Users\Kathy's account\audio project 2.wav
2014-04-22 13:40 - 2014-04-22 13:40 - 05064772 _____ () C:\Users\Kathy's account\UDIO PROJECT 1.wav
2014-04-22 12:21 - 2013-09-20 18:47 - 00111616 ___SH () C:\Users\Kathy's account\Desktop\Thumbs.db
2014-04-21 20:50 - 2014-04-21 20:50 - 00000080 _____ () C:\Users\Kathy's account\Documents\crossovers not happening anytime soon.txt
2014-04-18 14:59 - 2013-09-20 18:49 - 00007614 _____ () C:\WirelessDiagLog.csv
2014-04-18 09:05 - 2014-04-09 08:42 - 00019757 _____ () C:\Users\Kathy's account\Documents\profile paper and annotated bib.odt
2014-04-18 08:44 - 2014-04-18 08:44 - 00020146 _____ () C:\Users\Kathy's account\Documents\whaaaaales.odt
2014-04-17 18:13 - 2012-10-04 08:45 - 00000000 ____D () C:\Intel
2014-04-17 16:43 - 2014-04-17 16:43 - 26747104 _____ (Microsoft Corporation) C:\Users\Kathy's account\Downloads\Windows-KB890830-x64-V5.11.exe
2014-04-17 16:38 - 2014-04-17 16:38 - 00000000 _____ () C:\rund1132.txt
2014-04-17 16:38 - 2014-04-17 16:36 - 00002756 _____ () C:\rundll32.txt
2014-04-17 13:28 - 2014-04-17 13:28 - 00001030 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-04-17 13:28 - 2014-04-17 13:28 - 00001018 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-04-17 13:27 - 2014-04-17 13:27 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-04-17 13:27 - 2014-04-17 13:26 - 22180353 _____ (Audacity Team ) C:\Users\Kathy's account\Downloads\audacity-win-2.0.5.exe
2014-04-17 12:04 - 2014-04-17 12:04 - 00001101 _____ () C:\windows\system32\netcfg-170796187.txt
2014-04-17 12:04 - 2013-11-21 11:29 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-17 12:04 - 2012-10-04 08:43 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-04-17 12:03 - 2014-04-17 12:03 - 00000162 _____ () C:\windows\system32\netcfg-170794890.txt
2014-04-14 20:23 - 2013-03-21 20:17 - 04166656 ___SH () C:\Users\Kathy's account\Downloads\Thumbs.db
2014-04-14 16:04 - 2014-04-14 16:05 - 00039008 _____ (Lenovo.) C:\windows\system32\Drivers\LhdX64.sys
2014-04-14 16:04 - 2014-04-14 16:05 - 00019872 _____ (Lenovo (Beijing) Limited) C:\windows\system32\LenovoSDKEmSubSystem.dll
2014-04-14 15:54 - 2014-04-14 15:52 - 47676792 _____ (Lenovo Group Limited ) C:\Users\Kathy's account\Downloads\em8.08.0.2.4.exe
2014-04-14 15:28 - 2014-03-28 21:15 - 00000587 _____ () C:\Users\Kathy's account\Documents\squishable description.txt
2014-04-11 15:40 - 2013-02-24 17:50 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-11 15:19 - 2013-03-09 00:50 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-04-11 15:06 - 2013-03-20 06:55 - 00478912 _____ () C:\windows\system32\FNTCACHE.DAT
2014-04-09 08:51 - 2013-07-15 13:23 - 00000000 ____D () C:\windows\system32\MRT
2014-04-08 12:20 - 2014-04-08 12:20 - 02181016 _____ () C:\Users\Kathy's account\Documents\4D project with SOUND! (1).avi
2014-04-08 12:17 - 2014-04-08 12:17 - 02181016 _____ () C:\Users\Kathy's account\Documents\4D project with SOUND!.avi
2014-04-08 10:01 - 2014-04-08 10:01 - 00000000 ____D () C:\Users\Kathy's account\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-04-08 10:01 - 2014-04-08 10:01 - 00000000 ____D () C:\Users\Kathy's account\AppData\Roaming\chc
2014-04-08 09:33 - 2013-02-24 17:49 - 00003900 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-08 09:33 - 2013-02-24 17:49 - 00003664 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-08 08:45 - 2014-04-08 08:44 - 144993295 _____ () C:\Users\Kathy's account\Downloads\Sequence 01_5.mov
2014-04-01 17:10 - 2014-04-01 17:10 - 13316290 _____ () C:\Users\Kathy's account\Downloads\Sequence 01_2.mov
2014-04-01 11:40 - 2013-09-20 13:14 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-01 11:40 - 2013-09-20 13:14 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-03-31 11:38 - 2014-03-31 11:38 - 68763648 _____ () C:\windows\system32\config\SOFTWARE.iobit
2014-03-31 11:38 - 2014-03-31 11:38 - 00311296 _____ () C:\windows\system32\config\DEFAULT.iobit
2014-03-31 11:38 - 2014-03-31 11:38 - 00065536 _____ () C:\windows\system32\config\SAM.iobit
2014-03-31 11:38 - 2014-03-31 11:38 - 00024576 _____ () C:\windows\system32\config\SECURITY.iobit
2014-03-31 03:51 - 2013-02-25 08:35 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-28 22:20 - 2014-03-28 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom
2014-03-28 22:20 - 2014-03-28 22:20 - 00000000 ____D () C:\Users\Kathy's account\AppData\Roaming\WTablet
2014-03-28 22:20 - 2014-03-28 22:20 - 00000000 ____D () C:\Program Files\Tablet
2014-03-28 22:20 - 2014-03-28 22:20 - 00000000 ____D () C:\Program Files (x86)\TabletPlugins
2014-03-28 22:20 - 2013-09-20 13:13 - 00000000 ____D () C:\Program Files\TabletPlugins
2014-03-28 22:15 - 2014-03-28 22:15 - 38455200 _____ () C:\Users\Kathy's account\Downloads\PenTablet_532-1 (2).exe
2014-03-28 22:15 - 2013-09-20 13:14 - 00000000 ____D () C:\Users\Kathy's account\AppData\Roaming\Wacom
2014-03-28 21:54 - 2014-03-28 21:54 - 00001274 _____ () C:\Users\Public\Desktop\PhotoshopdotcomInspirationBrowser.lnk
2014-03-28 21:54 - 2014-03-28 21:54 - 00000000 ____D () C:\Users\Kathy's account\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
2014-03-28 21:54 - 2014-03-28 21:54 - 00000000 ____D () C:\Users\Kathy's account\AppData\Roaming\PhotoshopdotcomInspirationBrowser
2014-03-28 21:54 - 2014-03-28 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-03-28 21:48 - 2014-03-28 16:55 - 00000000 ____D () C:\Users\Kathy's account\Downloads\Photoshop_Elements_10_T1
2014-03-28 21:46 - 2014-03-28 21:40 - 00000000 ____D () C:\Users\Kathy's account\Desktop\Adobe Photoshop Elements 10
2014-03-28 18:18 - 2014-03-28 18:18 - 00000000 ____D () C:\windows\softwaredistribution.bak5
2014-03-28 18:12 - 2014-03-25 16:47 - 00000000 ____D () C:\windows\softwaredistribution.bak4
2014-03-28 18:01 - 2013-05-12 17:39 - 00000000 ____D () C:\ProgramData\tmp
2014-03-28 18:00 - 2014-03-28 18:00 - 06263015 _____ () C:\Users\Kathy's account\Downloads\Windows6.2-KB2779444-x64 (1).msu
2014-03-28 18:00 - 2014-03-28 17:59 - 06263015 _____ () C:\Users\Kathy's account\Downloads\Windows6.2-KB2779444-x64.msu
2014-03-28 17:52 - 2013-09-20 13:14 - 00000000 ____D () C:\Users\Kathy's account\AppData\Local\Adobe
2014-03-28 17:36 - 2014-03-28 17:36 - 18126032 _____ (Adobe Systems Inc.) C:\Users\Kathy's account\Downloads\AdobeAIRInstaller.exe
2014-03-28 17:22 - 2014-03-28 17:22 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-03-28 17:13 - 2014-03-28 17:13 - 00000060 _____ () C:\Users\Kathy's account\Documents\photoshop error.txt
2014-03-28 16:54 - 2014-03-28 16:43 - 1612597066 _____ () C:\Users\Kathy's account\Downloads\Photoshop_Elements_10_T1.zip
2014-03-28 16:31 - 2012-07-26 04:12 - 00000000 ____D () C:\windows\system32\NDF
2014-03-28 15:48 - 2014-03-28 15:48 - 00000000 ____D () C:\Users\Kathy's account\AppData\Local\Intel_Corporation
2014-03-25 12:31 - 2014-01-16 13:16 - 00010032 _____ () C:\Users\Kathy's account\Documents\notes.txt
 
Some content of TEMP:
====================
C:\Users\Kathy's account\AppData\Local\Temp\ntdll_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-17 12:32
 
==================== End Of Log ============================
 
aaaand here is the addition log
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-04-2014
Ran by Kathy's account at 2014-04-24 16:34:28
Running from C:\Users\Kathy's account\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (x32 Version: 3.07 - Adobe Systems Incorporated) Hidden
Advanced SystemCare 6 (HKLM-x32\...\Advanced SystemCare 6_is1) (Version: 6.1 - IObit)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Autodesk SketchBook Express 6.2 (HKLM-x32\...\{34CBACD3-040E-43D6-86C1-9FBE44B180BF}) (Version: 6.2.0000 - Autodesk)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software)
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version:  - )
Color Efex Pro 3.0 Wacom Edition 6 (HKLM-x32\...\Color Efex Pro 3.0 Wacom Edition 6 Stand-Alone) (Version: 3.1.1.1 - Nik Software, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
entrusted Toolbar (HKLM-x32\...\entrusted Toolbar) (Version: 6.11.2.6 - entrusted) <==== ATTENTION
Freemake Video Converter version 4.0.0 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.0.0 - Ellora Assets Corporation)
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.80.00 - Exent Technologies)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Harmony Browser Plug-in (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 2.0 - Logitech)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{89478C31-5CE8-461A-9084-9A0AF059F84F}) (Version: 15.5.0.0344 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Intelligent Touchpad (HKLM-x32\...\{DD7D6D84-93AB-48CA-A759-94324E341CBA}) (Version: 2.00.0012.0723 - Lenovo)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.8400.10182 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version:  - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4331.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
LibreOffice 4.0.2.2 (HKLM-x32\...\{1062AD6C-80F4-4BC6-AB7C-A28892B497B8}) (Version: 4.0.2.2 - The Document Foundation)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4605.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Nitro Pro 7 (HKLM\...\{72D264E5-0C44-42DF-820B-621303E5C183}) (Version: 7.4.1.21 - Nitro PDF Software)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
NOOK Study (HKLM-x32\...\NOOK Study) (Version: 2.1.2.28770 - Barnesandnoble.com)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4605.1003 - Microsoft Corporation) Hidden
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.0.9 - Lenovo)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
PSE10 STI Installer (HKLM-x32\...\{11D08055-939C-432b-98C3-E072478A0CD7}) (Version: 10.0 - Adobe Systems Incorporated)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39029 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Uniblue DriverScanner (HKLM-x32\...\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1) (Version: 4.0.9.10 - Uniblue Systems Ltd)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.2-1 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
08-04-2014 12:43:59 Windows Update
11-04-2014 18:58:55 Windows Update
14-04-2014 20:04:30 Installed Energy Management
17-04-2014 16:03:41 Intel® PROSet/Wireless Software
21-04-2014 04:30:09 Windows Update
24-04-2014 16:18:22 Windows Update
 
==================== Hosts content: ==========================
 
2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {47C23D9A-7C0B-4F9B-BB89-02C1D373C6A5} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-16] (Synaptics Incorporated)
Task: {75525370-D588-4200-933A-D9C1B82CFADA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-24] (Google Inc.)
Task: {7DD8D977-B402-48F7-A56C-019B1C2C457D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-16] (AVAST Software)
Task: {825481CF-5876-496F-BC37-53C3814165E4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-03-30] (Microsoft Corporation)
Task: {A292096A-6168-435B-A3EC-7243B3E752EA} - System32\Tasks\DriverScanner => C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2012-07-10] (Uniblue Systems Limited)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\windows\system32\dism.exe [2012-07-25] (Microsoft Corporation)
Task: {BA50301C-646F-4796-8FE8-B220474B39B6} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Kathy's account\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D0A55EDA-6DB0-4122-9273-EFAE3AF3390E} - System32\Tasks\ASC6_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe [2013-01-15] (IObit)
Task: {D6FAF146-A394-4BDA-96C9-2EF0AF1ED5FA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-24] (Google Inc.)
Task: {DC8B7396-CF29-45A0-9EE4-AFCC3E117A33} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-04-11] (Microsoft Corporation)
Task: {E0D33109-1873-404E-9A43-FD5BF7F63687} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2014-03-25] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {FF467F3A-4959-4DD5-87D8-A47D771A5E45} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: C:\windows\Tasks\DriverScanner.job => C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-04-11 15:16 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-04-11 15:16 - 2014-03-25 13:21 - 00629928 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-04-11 15:18 - 2014-04-11 15:18 - 08884904 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-07-16 03:49 - 2012-07-16 03:49 - 00108040 _____ () C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NPShellExtension64.dll
2013-02-24 17:54 - 2013-01-15 22:59 - 00161088 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCExtMenu_64.dll
2014-03-28 22:20 - 2012-12-11 13:07 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2014-04-24 10:47 - 2014-04-24 03:38 - 02215936 _____ () C:\Program Files\AVAST Software\Avast\defs\14042400\algo.dll
2013-02-24 17:54 - 2013-01-15 22:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\madExcept_.bpl
2013-02-24 17:54 - 2013-01-15 22:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\madBasic_.bpl
2013-02-24 17:54 - 2013-01-15 22:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\madDisAsm_.bpl
2013-02-24 17:54 - 2013-01-15 22:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 6\webres.dll
2013-03-26 22:53 - 2013-03-26 22:53 - 01005744 _____ () C:\Program Files (x86)\LibreOffice 4.0\program\libxml2.dll
2013-03-26 22:53 - 2013-03-26 22:53 - 00175280 _____ () C:\Program Files (x86)\LibreOffice 4.0\program\libxslt.dll
2013-03-26 22:53 - 2013-03-26 22:53 - 00077488 _____ () C:\Program Files (x86)\LibreOffice 4.0\program\python3.dll
2013-03-26 05:52 - 2013-03-26 05:52 - 00049152 _____ () C:\Program Files (x86)\LibreOffice 4.0\program\python-core-3.3.0\lib\_socket.pyd
2013-03-26 22:53 - 2013-03-26 22:53 - 00102064 _____ () C:\Program Files (x86)\LibreOffice 4.0\program\librdf.dll
2013-03-26 22:53 - 2013-03-26 22:53 - 00289968 _____ () C:\Program Files (x86)\LibreOffice 4.0\program\raptor.dll
2013-03-26 22:53 - 2013-03-26 22:53 - 00158384 _____ () C:\Program Files (x86)\LibreOffice 4.0\program\rasqal.dll
2014-04-11 15:40 - 2014-04-01 21:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-11 15:40 - 2014-04-01 21:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-11 15:40 - 2014-04-01 21:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-11 15:40 - 2014-04-01 21:57 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-11 15:40 - 2014-04-01 21:58 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-11 15:40 - 2014-04-01 21:57 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
2014-04-11 15:40 - 2014-04-01 21:58 - 13691720 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
2012-10-04 08:52 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Windows:nlsPreferences
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: WAN Miniport (IPv6)
Description: WAN Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: UMDF HID minidriver Device
Description: UMDF HID minidriver Device
Class Guid: {177b1d2a-679c-4093-98bf-fd6999695d3b}
Manufacturer: Lenovo
Service: mshidumdf
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
Name: UMDF HID minidriver Device
Description: UMDF HID minidriver Device
Class Guid: {177b1d2a-679c-4093-98bf-fd6999695d3b}
Manufacturer: Lenovo
Service: mshidumdf
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/24/2014 10:13:20 AM) (Source: Office 2013 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (04/24/2014 09:08:35 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
 
Error: (04/23/2014 04:39:53 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/23/2014 04:39:53 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/23/2014 04:39:53 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/23/2014 04:39:53 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/23/2014 04:38:14 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/23/2014 04:38:14 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/23/2014 04:38:14 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/23/2014 04:38:14 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (04/24/2014 04:23:51 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (04/24/2014 03:18:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800703f1: Update for Windows 8 for x64-based Systems (KB2822241).
 
Error: (04/24/2014 00:23:23 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (04/24/2014 00:23:23 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (04/24/2014 00:19:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800703f1: Update for Windows 8 for x64-based Systems (KB2822241).
 
Error: (04/24/2014 11:07:41 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (04/24/2014 11:08:04 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:47:41 AM on ‎4/‎24/‎2014 was unexpected.
 
Error: (04/23/2014 04:13:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800703f1: Update for Windows 8 for x64-based Systems (KB2822241).
 
Error: (04/23/2014 03:51:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 8 for x64-based Systems (KB2802618).
 
Error: (04/23/2014 03:27:42 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0
 
 
Microsoft Office Sessions:
=========================
Error: (04/24/2014 10:13:20 AM) (Source: Office 2013 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073415161
 
Error: (04/24/2014 09:08:35 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
 
Error: (04/23/2014 04:39:53 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKEngine.dll
 
Error: (04/23/2014 04:39:53 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdFS.dll
 
Error: (04/23/2014 04:39:53 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdDefrag.dll
 
Error: (04/23/2014 04:39:53 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdCaps.dll
 
Error: (04/23/2014 04:38:14 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKEngine.dll
 
Error: (04/23/2014 04:38:14 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdFS.dll
 
Error: (04/23/2014 04:38:14 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdDefrag.dll
 
Error: (04/23/2014 04:38:14 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdCaps.dll
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-04-24 12:03:11.642
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-24 12:03:11.599
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-24 12:03:11.409
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-24 12:03:11.352
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-24 11:09:30.976
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-24 11:09:30.913
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-24 11:09:30.490
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-24 11:09:30.100
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-24 10:57:16.254
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-24 10:57:16.203
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 45%
Total physical RAM: 5999.52 MB
Available physical RAM: 3270.95 MB
Total Pagefile: 12143.52 MB
Available Pagefile: 8895.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:651.3 GB) (Free:588.71 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.94 GB) NTFS
Drive e: (SHERLOCK) (CDROM) (Total:7.59 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 699 GB) (Disk ID: AB44D2AA)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
Link to post
Share on other sites

I strongly recommend that you UNinstall anything related to  IOBit or Advanced System Care, do that at your earliest concvenience....

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log....

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt.

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Let me see those logs. also give an update on any remaining issues or concerns....

 

Kevin....

 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-04-2014

Ran by Kathy's account at 2014-04-24 17:38:34 Run:2

Running from C:\Users\Kathy's account\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

HKU\.DEFAULT\...\Run: [searchProtect] => \SearchProtect\bin\cltmng.exe

HKU\S-1-5-21-4157361729-718827960-786165339-1001\...\Run: [backgroundContainer] => "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Kathy's account\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION

C:\Users\Kathy's account\AppData\Local\Conduit

HKU\S-1-5-21-4157361729-718827960-786165339-1001\...\MountPoints2: {1bf9db45-086f-11e3-be9b-b888e38aa319} - "F:\SISetup.exe" 

SearchScopes: HKCU - DefaultScope {537ABF07-3C15-4F32-B7BD-C0BE0B49AC42} URL = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281675&CUI=UN37576550043262650&UM=2

SearchScopes: HKCU - {2582C074-37F6-4768-8F92-C283778EFCF9} URL = 

SearchScopes: HKCU - {537ABF07-3C15-4F32-B7BD-C0BE0B49AC42} URL = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281675&CUI=UN37576550043262650&UM=2

C:\Users\Kathy's account\AppData\Local\Temp\ntdll_dump.dll

Task: {BA50301C-646F-4796-8FE8-B220474B39B6} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Kathy's account\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION

AlternateDataStreams: C:\Windows:nlsPreferences

End

*****************

 

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect => Value not found.

HKU\S-1-5-21-4157361729-718827960-786165339-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BackgroundContainer => Value not found.

"C:\Users\Kathy's account\AppData\Local\Conduit" => File/Directory not found.

HKU\S-1-5-21-4157361729-718827960-786165339-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bf9db45-086f-11e3-be9b-b888e38aa319} => Key deleted successfully.

HKCR\CLSID\{1bf9db45-086f-11e3-be9b-b888e38aa319} => Key deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2582C074-37F6-4768-8F92-C283778EFCF9} => Key deleted successfully.

HKCR\CLSID\{2582C074-37F6-4768-8F92-C283778EFCF9} => Key deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{537ABF07-3C15-4F32-B7BD-C0BE0B49AC42} => Key deleted successfully.

HKCR\CLSID\{537ABF07-3C15-4F32-B7BD-C0BE0B49AC42} => Key deleted successfully.

C:\Users\Kathy's account\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BA50301C-646F-4796-8FE8-B220474B39B6} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA50301C-646F-4796-8FE8-B220474B39B6} => Key deleted successfully.

C:\Windows\System32\Tasks\BackgroundContainer Startup Task => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task => Key deleted successfully.

C:\Windows => ":nlsPreferences" ADS removed successfully.

 

==== End of Fixlog ====

 


Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.04.24.09

 

Windows 8 x64 NTFS

Internet Explorer 10.0.9200.16519

Kathy's account :: KATHY [administrator]

 

Protection: Enabled

 

4/24/2014 5:43:12 PM

mbam-log-2014-04-24 (17-43-12).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 229699

Time elapsed: 1 minute(s), 46 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.