Jump to content

Being redirected


Recommended Posts

I have two things happening - when I go to a webpage I sometimes get

 

http://uk.yhs4.search.yahoo.com/

 

or

 

partner18.mydomainadvisor

 

I ran malware bytes and it came up with loads of errors - I can't find the log but here is what I have found:

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 20/07/2014
Scan Time: 14:14:45
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.20.03
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Liz
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 293581
Time Elapsed: 16 min, 41 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3241689406-135872924-3266888133-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [f7cc6e33b5c6ea4ceb334611d23004fc], 
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, Quarantined, [0bb8762b95e6b38362c0893ec2404bb5], 
 
Registry Values: 1
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, Quarantined, [0bb8762b95e6b38362c0893ec2404bb5]
 
Registry Data: 1
 
Folders: 26
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\rep, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\rep, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Users\Liz\AppData\Local\SearchProtect, Quarantined, [a51e1d84f586102654220aaff21022de], 
PUP.Optional.SearchProtect.A, C:\Users\Liz\AppData\Local\SearchProtect\SearchProtect, Quarantined, [a51e1d84f586102654220aaff21022de], 
PUP.Optional.SearchProtect.A, C:\Users\Liz\AppData\Local\SearchProtect\SearchProtect\rep, Quarantined, [a51e1d84f586102654220aaff21022de], 
PUP.Optional.SearchProtect.A, C:\Users\Liz\AppData\Local\SearchProtect\SearchProtect\STG, Quarantined, [a51e1d84f586102654220aaff21022de], 
PUP.Optional.SearchProtect.A, C:\Users\Liz\AppData\Local\SearchProtect\UI, Quarantined, [a51e1d84f586102654220aaff21022de], 
PUP.Optional.SearchProtect.A, C:\Users\Liz\AppData\Local\SearchProtect\UI\rep, Quarantined, [a51e1d84f586102654220aaff21022de], 
PUP.Optional.Extutil.A, C:\Users\Liz\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, Quarantined, [952e821f7704142214c58f2c9f63a957], 
PUP.Optional.Managera.A, C:\Users\Liz\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, Quarantined, [03c02b76b2c9e94da634c7f4fc064bb5], 
 
Files: 82
PUP.Optional.SearchProtect.A, C:\Users\Liz\AppData\Local\Temp\nsm15DC.exe, Quarantined, [467db7ea9dde3afcf57aed44629f817f], 
PUP.Optional.SearchProtect.A, C:\Users\Liz\AppData\Local\Temp\nsbE1E9.exe, Quarantined, [d4ef554c8dee0630284765ccd92803fd], 
PUP.Optional.Conduit.A, C:\Users\Liz\AppData\Local\Temp\air7F50.exe, Quarantined, [7b48d3ce5c1f3ef84a51bc68c33e8a76], 
PUP.Optional.Conduit.A, C:\Users\Liz\AppData\Local\Temp\nsaA099\SpSetup.exe, Quarantined, [4d76148d4d2ec274a7b8170f5aa75da3], 
PUP.Optional.Conduit.A, C:\Windows\Temp\nsj1BE6.exe, Quarantined, [1ea5fba6b3c8e254033c4545fe03b44c], 
PUP.Optional.Conduit.A, C:\Windows\Temp\nsl9777.exe, Quarantined, [bb086f3244372b0b221d8208dd24956b], 
PUP.Optional.Conduit.A, C:\Windows\Temp\nsoC184.exe, Quarantined, [e3e0148d1467a492de614e3ccb36ae52], 
PUP.Optional.Conduit.A, C:\Windows\Temp\nsv11C8.exe, Quarantined, [b50ed4cd89f235012817aedc9a67cf31], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\EULA.txt, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js, Quarantined, [2d96c4dd83f8c86e93448d7d30d4d32d], 
PUP.Optional.SearchProtect.A, C:\Users\Liz\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat, Quarantined, [a51e1d84f586102654220aaff21022de], 
PUP.Optional.SearchProtect.A, C:\Users\Liz\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, Quarantined, [a51e1d84f586102654220aaff21022de], 
PUP.Optional.SearchProtect.A, C:\Users\Liz\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, Quarantined, [a51e1d84f586102654220aaff21022de], 
PUP.Optional.SearchProtect.A, C:\Users\Liz\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, Quarantined, [a51e1d84f586102654220aaff21022de], 
PUP.Optional.Extutil.A, C:\Users\Liz\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, Quarantined, [952e821f7704142214c58f2c9f63a957], 
PUP.Optional.Extutil.A, C:\Users\Liz\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, Quarantined, [952e821f7704142214c58f2c9f63a957], 
PUP.Optional.Extutil.A, C:\Users\Liz\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, Quarantined, [952e821f7704142214c58f2c9f63a957], 
PUP.Optional.Managera.A, C:\Users\Liz\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, Quarantined, [03c02b76b2c9e94da634c7f4fc064bb5], 
PUP.Optional.Managera.A, C:\Users\Liz\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, Quarantined, [03c02b76b2c9e94da634c7f4fc064bb5], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
I then ran TDSSkiller with nothing found.
 
I am running on Windows 8
 
What shall I do?
Link to post
Share on other sites

  • Replies 54
  • Created
  • Last Reply

Top Posters In This Topic

Hello and Welcome on board kristell ,

my Name is Machiavelli and I will assist you with your problem.

If you booted into safe mode on your computer then print my instructions!

I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:

  • Removing Malware is usually very difficult.

    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!

  • Please follow these instructions

    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!

  • Please stay in contact with me until your problem is resolved

    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.

  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware

    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!

  • Read my post completely

    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!


Please download FRST (by Farbar) from the link below and save it to your Desktop.

 

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.
Link to post
Share on other sites

Here we go:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-07-2014
Ran by Liz (administrator) on LIZLAPTOP on 20-07-2014 16:53:52
Running from C:\Users\Liz\Desktop
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Program Files (x86)\FWdriver_v\POSHXMain.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Activeris) C:\Program Files (x86)\Activeris AntiMalware\ActiverisAntiMalware.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\FWdriver_v\POSHX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Internet Helper) C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishing.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe [36352 2013-08-07] (Intel Corporation)
HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp 
HKLM\...\Run: [POSHX] => C:\Program Files (x86)\FWdriver_v\POSHX.exe [647168 2013-09-03] ()
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13648600 2013-08-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-01] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-09-23] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-18] (CyberLink Corp.)
HKLM-x32\...\Run: [internet Helper Anti-phishing] => C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishing.exe [235072 2013-05-14] (Internet Helper)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2567192 2014-06-26] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\.DEFAULT\...\Run: [AppLauncher] => C:\Program Files (x86)\Ashampoo\Ashampoo AppLauncher\AppLauncher.exe 
HKU\S-1-5-21-3241689406-135872924-3266888133-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3241689406-135872924-3266888133-1001\...\MountPoints2: {f3b85e4c-3792-11e3-827a-806e6f6e6963} - "E:\Setup.exe" 
Startup: C:\Users\Liz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKCU - {638B3B11-1664-4F33-AF74-0BC81EDEBCCF} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={8225A7CA-78ED-43F8-8271-A444A3497960}&mid=f960705dfddf47d2a13b8d1809df86c8-82c390d991341c3308bf0b6ae09b454f00da113d〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-20 11:22:33&v=18.1.0.443&pid=safeguard&sg=&sap=dsp&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll (AVG Secure Search)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
FireFox:
========
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll No File
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Liz\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
 
Chrome: 
=======
CHR HomePage: hxxp://uk.mg40.mail.yahoo.com/neo/launch?.rand=4886dpok0iood
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Docs) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-24]
CHR Extension: (Google Drive) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-24]
CHR Extension: (YouTube) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-24]
CHR Extension: (Google Search) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-24]
CHR Extension: (Bookmarks Menu) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmdedmghpoipeldijkdlcckdpempkdi [2014-04-24]
CHR Extension: (CPDD-Blossom) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlialpgnoagkdecfaggejocpfdbommon [2014-04-24]
CHR Extension: (Linkclump) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2014-04-24]
CHR Extension: (Google Wallet) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-24]
CHR Extension: (Gmail) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-24]
 
==================== Services (Whitelisted) =================
 
R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] ()
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-08] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-07-01] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-07-29] ()
R2 POSHXService; C:\Program Files (x86)\FWdriver_v\POSHXMain.exe [114688 2012-12-26] () [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1886488 2014-06-23] (Trusteer Ltd.)
S3 RoxMediaDBGame1X; C:\Program Files (x86)\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe [1095824 2012-08-02] (Corel Corporation)
R2 vToolbarUpdater18.1.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [1808408 2014-06-26] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3668208 2013-07-29] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R3 AirplaneModeHID; C:\Windows\System32\drivers\AirplaneModeHID.sys [30512 2013-09-04] (Elitegroup Computer System)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-26] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [274712 2014-05-14] (AVG Technologies CZ, s.r.o.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1385784 2013-06-27] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 H5xUSB; C:\Windows\System32\Drivers\uth5x64.sys [101632 2012-08-02] (UT)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [114632 2013-07-01] (Intel Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-07-10] (Corel Corporation)
R1 RapportCerberus_69108; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69108.sys [631128 2014-07-02] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299736 2014-06-23] (Trusteer Ltd.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [288440 2014-06-23] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358616 2014-06-23] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414296 2014-06-23] (Trusteer Ltd.)
S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-01] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-01] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-20 16:53 - 2014-07-20 16:54 - 00025856 _____ () C:\Users\Liz\Desktop\FRST.txt
2014-07-20 16:53 - 2014-07-20 16:53 - 00000000 ____D () C:\FRST
2014-07-20 16:50 - 2014-07-20 16:50 - 02089984 _____ (Farbar) C:\Users\Liz\Desktop\FRST64.exe
2014-07-20 14:48 - 2014-07-20 14:48 - 05222180 _____ (Swearware) C:\Users\Liz\Desktop\ComboFix.exe
2014-07-20 14:21 - 2014-07-20 14:21 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Liz\Downloads\tdsskiller.exe
2014-07-20 14:14 - 2014-07-20 16:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-20 14:13 - 2014-07-20 14:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Liz\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-20 14:13 - 2014-07-20 14:13 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-20 14:13 - 2014-07-20 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-20 14:13 - 2014-07-20 14:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 14:13 - 2014-07-20 14:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-20 14:13 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-20 14:13 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-20 14:13 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-19 10:55 - 2014-07-19 10:55 - 00413882 _____ () C:\Users\Liz\Downloads\govsfeb2013v2.pptx
2014-07-15 21:20 - 2014-07-15 21:20 - 03003511 _____ () C:\Users\Liz\Downloads\L1joiningconsonants.mp4
2014-07-15 21:20 - 2014-07-15 21:20 - 02448463 _____ () C:\Users\Liz\Downloads\L1Ex5-Specialoutlines.mp4
2014-07-15 21:11 - 2014-07-15 21:12 - 04659513 _____ () C:\Users\Liz\Downloads\L3-Easyjoiningtechniques.mp4
2014-07-15 21:11 - 2014-07-15 21:11 - 03972514 _____ () C:\Users\Liz\Downloads\L2-Groupings.mp4
2014-07-15 21:10 - 2014-07-15 21:10 - 02740148 _____ () C:\Users\Liz\Downloads\L3-BlendingF.mp4
2014-07-14 17:20 - 2014-04-14 04:29 - 01018880 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-07-14 17:18 - 2014-07-14 17:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-14 17:00 - 2014-06-19 02:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-14 17:00 - 2014-06-19 01:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-14 17:00 - 2014-06-19 00:46 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-14 17:00 - 2014-06-18 23:57 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-14 17:00 - 2014-06-16 23:26 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-14 17:00 - 2014-06-16 23:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-14 17:00 - 2014-06-06 15:20 - 04190720 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-14 16:59 - 2014-06-19 01:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-14 16:59 - 2014-06-19 01:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-14 16:59 - 2014-06-19 00:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-14 16:59 - 2014-06-19 00:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-14 16:59 - 2014-06-19 00:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-14 16:59 - 2014-06-19 00:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-14 16:59 - 2014-06-19 00:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-14 16:59 - 2014-06-19 00:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-14 16:59 - 2014-06-19 00:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-14 16:59 - 2014-06-19 00:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-14 16:59 - 2014-06-18 23:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-14 16:59 - 2014-06-18 23:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-14 16:59 - 2014-06-18 23:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-14 16:59 - 2014-06-18 23:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-14 16:59 - 2014-06-18 23:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-14 16:59 - 2014-06-18 23:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-14 16:59 - 2014-06-18 23:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-14 16:59 - 2014-06-18 23:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-14 16:59 - 2014-06-18 23:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-14 16:59 - 2014-06-18 23:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-14 16:59 - 2014-06-18 23:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-14 16:59 - 2014-06-18 23:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-14 16:59 - 2014-06-18 23:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-14 16:59 - 2014-05-30 04:03 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-14 16:59 - 2014-05-29 13:02 - 00565576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-07-14 16:59 - 2014-05-29 08:55 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-07-14 16:59 - 2014-05-29 07:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-07-14 16:59 - 2014-05-29 07:37 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-07-14 16:59 - 2014-05-29 06:34 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-07-14 16:59 - 2014-05-29 06:27 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-14 16:58 - 2014-06-06 14:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-14 16:58 - 2014-06-06 13:18 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-14 16:57 - 2014-06-30 23:45 - 00688128 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-14 16:57 - 2014-06-28 08:48 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-14 16:57 - 2014-06-28 08:07 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-07-14 16:57 - 2014-05-31 11:07 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-14 16:57 - 2014-05-31 11:06 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-07-14 16:57 - 2014-05-31 04:40 - 13287936 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-07-14 16:57 - 2014-05-31 04:30 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-07-14 16:57 - 2014-05-31 04:12 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-14 16:57 - 2014-05-31 04:06 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-14 16:57 - 2014-05-31 04:03 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-14 16:57 - 2014-05-31 04:01 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-14 16:57 - 2014-05-31 03:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-14 16:57 - 2014-05-31 03:54 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-14 16:57 - 2014-05-31 03:48 - 03463680 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-14 16:57 - 2014-05-31 03:37 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-07-14 16:57 - 2014-05-31 03:36 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-14 16:57 - 2014-05-31 03:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-07-14 16:57 - 2014-05-31 03:32 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-14 16:34 - 2014-07-14 16:34 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-06-26 07:44 - 2014-06-26 07:44 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-06-20 13:21 - 2014-06-20 13:21 - 00239872 _____ () C:\Users\Liz\Downloads\20 Jun 20141.jpeg
2014-06-20 13:21 - 2014-06-20 13:21 - 00239872 _____ () C:\Users\Liz\Downloads\20 Jun 20141 (1).jpeg
2014-06-20 11:23 - 2014-06-30 13:11 - 00000000 ____D () C:\Users\Liz\AppData\Local\AVG SafeGuard toolbar
2014-06-20 11:22 - 2014-06-26 07:44 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-06-20 11:22 - 2014-06-20 11:22 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-06-20 11:21 - 2014-06-26 07:44 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2014-06-20 11:21 - 2014-06-26 07:44 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-06-20 11:21 - 2014-06-20 11:22 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-06-20 11:16 - 2014-05-09 00:06 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
 
==================== One Month Modified Files and Folders =======
 
2014-07-20 16:54 - 2014-07-20 16:53 - 00025856 _____ () C:\Users\Liz\Desktop\FRST.txt
2014-07-20 16:53 - 2014-07-20 16:53 - 00000000 ____D () C:\FRST
2014-07-20 16:53 - 2014-04-25 11:27 - 00000000 ____D () C:\Users\Liz\AppData\Roaming\Skype
2014-07-20 16:52 - 2014-04-23 17:40 - 02092609 _____ () C:\Windows\WindowsUpdate.log
2014-07-20 16:50 - 2014-07-20 16:50 - 02089984 _____ (Farbar) C:\Users\Liz\Desktop\FRST64.exe
2014-07-20 16:50 - 2014-05-23 08:02 - 00064512 ___SH () C:\Users\Liz\Downloads\Thumbs.db
2014-07-20 16:29 - 2014-07-20 14:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-20 16:24 - 2014-06-05 11:03 - 00000570 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3241689406-135872924-3266888133-1001.job
2014-07-20 16:14 - 2014-04-24 07:59 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-20 16:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-07-20 15:00 - 2014-04-23 17:46 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3241689406-135872924-3266888133-1001
2014-07-20 14:55 - 2014-04-28 09:56 - 00004970 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for LIZLAPTOP-Liz lizlaptop
2014-07-20 14:48 - 2014-07-20 14:48 - 05222180 _____ (Swearware) C:\Users\Liz\Desktop\ComboFix.exe
2014-07-20 14:46 - 2014-04-24 08:01 - 00000000 ____D () C:\ProgramData\Internet Helper Anti-phishing
2014-07-20 14:45 - 2014-05-23 07:47 - 00003104 _____ () C:\Windows\System32\Tasks\Activeris AntiMalware_startup
2014-07-20 14:45 - 2014-04-23 17:42 - 00000000 ____D () C:\Users\Liz\Documents\Youcam
2014-07-20 14:44 - 2014-04-24 17:46 - 00000000 __RDO () C:\Users\Liz\SkyDrive
2014-07-20 14:44 - 2014-04-24 07:59 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-20 14:44 - 2014-04-24 07:59 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-20 14:36 - 2013-09-12 11:53 - 00036996 _____ () C:\Windows\PFRO.log
2014-07-20 14:36 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore
2014-07-20 14:36 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-20 14:35 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-07-20 14:21 - 2014-07-20 14:21 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Liz\Downloads\tdsskiller.exe
2014-07-20 14:20 - 2014-04-23 17:43 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1F7E1221-623B-4882-A864-9851F48A39F8}
2014-07-20 14:13 - 2014-07-20 14:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Liz\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-20 14:13 - 2014-07-20 14:13 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-20 14:13 - 2014-07-20 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-20 14:13 - 2014-07-20 14:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 14:13 - 2014-07-20 14:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-20 13:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-07-20 12:42 - 2013-08-22 15:46 - 00041076 _____ () C:\Windows\setupact.log
2014-07-20 12:35 - 2014-04-24 16:25 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-19 11:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-07-19 10:55 - 2014-07-19 10:55 - 00413882 _____ () C:\Users\Liz\Downloads\govsfeb2013v2.pptx
2014-07-19 10:55 - 2014-04-23 17:40 - 00000000 ____D () C:\Users\Liz\AppData\Local\Packages
2014-07-15 21:20 - 2014-07-15 21:20 - 03003511 _____ () C:\Users\Liz\Downloads\L1joiningconsonants.mp4
2014-07-15 21:20 - 2014-07-15 21:20 - 02448463 _____ () C:\Users\Liz\Downloads\L1Ex5-Specialoutlines.mp4
2014-07-15 21:12 - 2014-07-15 21:11 - 04659513 _____ () C:\Users\Liz\Downloads\L3-Easyjoiningtechniques.mp4
2014-07-15 21:11 - 2014-07-15 21:11 - 03972514 _____ () C:\Users\Liz\Downloads\L2-Groupings.mp4
2014-07-15 21:10 - 2014-07-15 21:10 - 02740148 _____ () C:\Users\Liz\Downloads\L3-BlendingF.mp4
2014-07-14 18:06 - 2013-08-22 15:44 - 00608688 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-14 18:02 - 2013-08-22 21:59 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-14 18:02 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2014-07-14 18:02 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-14 18:02 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-14 17:50 - 2014-06-05 11:03 - 00003568 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3241689406-135872924-3266888133-1001
2014-07-14 17:24 - 2014-04-25 11:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-14 17:24 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-14 17:22 - 2014-04-25 11:08 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-14 17:22 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-14 17:21 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\en-GB
2014-07-14 17:18 - 2014-07-14 17:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-14 16:40 - 2014-04-24 10:30 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-14 16:34 - 2014-07-14 16:34 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-07-14 16:28 - 2014-04-24 16:39 - 00000985 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-07-14 16:28 - 2014-04-24 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-02 19:35 - 2014-04-25 11:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-02 19:35 - 2014-04-25 11:27 - 00000000 ____D () C:\ProgramData\Skype
2014-07-02 12:20 - 2014-05-09 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-07-01 08:18 - 2014-05-15 18:30 - 00035328 ___SH () C:\Users\Liz\Desktop\Thumbs.db
2014-06-30 23:45 - 2014-07-14 16:57 - 00688128 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 13:11 - 2014-06-20 11:23 - 00000000 ____D () C:\Users\Liz\AppData\Local\AVG SafeGuard toolbar
2014-06-30 10:09 - 2014-04-24 07:59 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-30 10:09 - 2014-04-24 07:59 - 00003648 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-28 08:48 - 2014-07-14 16:57 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-28 08:07 - 2014-07-14 16:57 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-06-26 21:55 - 2014-05-15 08:02 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-26 21:55 - 2014-05-15 08:02 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-26 07:47 - 2013-09-12 12:40 - 00757056 _____ () C:\Windows\system32\perfh00E.dat
2014-06-26 07:47 - 2013-09-12 12:40 - 00182410 _____ () C:\Windows\system32\perfc00E.dat
2014-06-26 07:47 - 2013-09-12 12:35 - 00440860 _____ () C:\Windows\system32\perfh00B.dat
2014-06-26 07:47 - 2013-09-12 12:35 - 00086210 _____ () C:\Windows\system32\perfc00B.dat
2014-06-26 07:47 - 2013-09-12 12:00 - 02293384 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-26 07:44 - 2014-06-26 07:44 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-06-26 07:44 - 2014-06-20 11:22 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-06-26 07:44 - 2014-06-20 11:21 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2014-06-26 07:44 - 2014-06-20 11:21 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-06-23 12:15 - 2014-05-09 14:13 - 00358616 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys
2014-06-23 12:15 - 2014-05-09 14:13 - 00288440 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportHades64.sys
2014-06-20 14:01 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-06-20 14:01 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\system32\oobe
2014-06-20 13:21 - 2014-06-20 13:21 - 00239872 _____ () C:\Users\Liz\Downloads\20 Jun 20141.jpeg
2014-06-20 13:21 - 2014-06-20 13:21 - 00239872 _____ () C:\Users\Liz\Downloads\20 Jun 20141 (1).jpeg
2014-06-20 11:22 - 2014-06-20 11:22 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-06-20 11:22 - 2014-06-20 11:21 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
 
Some content of TEMP:
====================
C:\Users\Liz\AppData\Local\Temp\air8857.exe
C:\Users\Liz\AppData\Local\Temp\airD6A7.exe
C:\Users\Liz\AppData\Local\Temp\AppLauncher.exe
C:\Users\Liz\AppData\Local\Temp\ConfigurationWizard.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-19 10:47
 
==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-07-2014
Ran by Liz at 2014-07-20 16:54:44
Running from C:\Users\Liz\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
Activeris AntiMalware (HKLM-x32\...\94EAE98D-444B-4817-858C-13DB943DF4F1_Activeris_A~741EE3A2_is1) (Version: 1.0.0.1 - Activeris) <==== ATTENTION
Ashampoo GetBack Photo v.1.0.1 (HKLM-x32\...\Ashampoo GetBack Photo_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo HDD Control 2 v.2.1.0 (HKLM-x32\...\Ashampoo HDD Control 2_is1) (Version: 2.1.0 - Ashampoo GmbH & Co. KG)
Ashampoo Music Studio 4 v.4.0.1 (HKLM-x32\...\Ashampoo Music Studio 4_is1) (Version: 4.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander 10 v.10.1.3 (HKLM-x32\...\Ashampoo Photo Commander 10_is1) (Version: 10.1.3 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer 5 v.5.1.2 (HKLM-x32\...\Ashampoo Photo Optimizer 5_is1) (Version: 5.1.2 - Ashampoo GmbH & Co. KG)
Ashampoo Slideshow Studio HD 2 v.2.0.5 (HKLM-x32\...\Ashampoo Slideshow Studio HD 2_is1) (Version: 2.0.5 - Ashampoo GmbH & Co. KG)
Ashampoo Snap 5 v.5.1.5 (HKLM-x32\...\Ashampoo Snap 5_is1) (Version: 5.1.5 - Ashampoo GmbH & Co. KG)
Ashampoo UnInstaller 4 v.4.30 (HKLM-x32\...\Ashampoo UnInstaller 4_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Ashampoo Video Styler v.1.0.1 (HKLM-x32\...\Ashampoo Video Styler_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG)
Ashampoo WinOptimizer 9 v.9.04.31 (HKLM-x32\...\Ashampoo WinOptimizer 9_is1) (Version: 9.04.31 - Ashampoo GmbH & Co. KG)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4716 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4716 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.7.598 - AVG Technologies)
Citrix Authentication Manager (x32 Version: 3.0.0.47031 - Citrix Systems, Inc.) Hidden
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Citrix Receiver (HDX Flash Redirection) (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.3.0.55 - Citrix Systems, Inc.)
Citrix Receiver Inside (x32 Version: 3.3.0.17208 - Citrix Systems, Inc.) Hidden
Citrix Receiver Updater (x32 Version: 3.3.0.17207 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
Citrix Receiver(DV) (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
Citrix Receiver(USB) (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
Contents (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
Corel VideoStudio Pro Title Pack (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Corel VideoStudio Pro X6 (HKLM-x32\...\_{6688A246-F6E8-48AD-9806-8D5832E9F15D}) (Version: 16.1.0.45 - Corel Corporation)
CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Home Cinema 10 (x32 Version: 10.3025 - CyberLink Corp.) Hidden
CyberLink LabelPrint 2.5 (x32 Version: 2.5.0.5415 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3807_46074 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (x32 Version: 8.0.0.3202 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.5426.02 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy 1.5 (x32 Version: 1.5.0.3725a - CyberLink Corp.) Hidden
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.2103 - CyberLink Corp.)
CyberLink PowerRecover (Version: 5.7.0.2103 - CyberLink Corp.) Hidden
CyberLink YouCam 5 (x32 Version: 5.0.3318.0 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
FWdriver_v 1.01 (HKLM\...\{2EE535F2-3A9A-49E3-8CDA-2F4105701196}_is1) (Version: 1.01 - )
Galeria de Fotografias (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.3.0.1468 (HKCU\...\GoToMeeting) (Version: 6.3.0.1468 - CitrixOnline)
ICA (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 16.05.0000.0525 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1327.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{5586ea81-c047-4609-b47a-4bad18347b44}) (Version: 16.5.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.05.0000.0251 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
Internet Helper Anti-phishing (HKLM-x32\...\Internet Helper Anti-phishing) (Version: 1.3.1.0 - Internet Helper (Powered by Panda Security))
IPM_VS_Pro (x32 Version: 16.0 - Corel Corporation) Hidden
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4631.1002 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Rapport (x32 Version: 3.5.1307.93 - Trusteer) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30166 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7030 - Realtek Semiconductor Corp.)
Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0 - Roxio) Hidden
Roxio Game Capture HD PRO (HKLM-x32\...\{2DD84AB2-8BF4-49FA-9D62-E3F93D4F56FB}) (Version: 1.0 - Roxio)
Roxio Game Capture HD PRO (x32 Version: 1.0.135 - Roxio) Hidden
Roxio GameCAP HD PRO (x32 Version: 1.00.0000 - Roxio) Hidden
Screencast-O-Matic (HKCU\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.13.2.14 - Client Connect LTD) <==== ATTENTION
Self-service Plug-in (x32 Version: 3.3.0.27839 - Citrix Systems, Inc.) Hidden
Setup (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
Share (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
Share64 (Version: 16.0.0.106 - Corel Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.6 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.6 - SmartSound Software Inc.) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.0 - Synaptics Incorporated)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1307.93 - Trusteer)
Valokuvavalikoima (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VSClassic (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
VSHelp (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
VSPro (x32 Version: 16.0.0.106 - Corel Corporation) Hidden
Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Liven peruspaketti (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
Συλλογή φωτογραφιών (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
02-07-2014 11:19:11 Installed Rapport
14-07-2014 16:14:58 Windows Update
 
==================== Hosts content: ==========================
 
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {07797D67-8125-4545-B061-2967CE9371A7} - System32\Tasks\Microsoft Office 15 Sync Maintenance for LIZLAPTOP-Liz lizlaptop => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-03] (Microsoft Corporation)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0ECFEE84-92D3-47EB-B6A9-81C93675508F} - System32\Tasks\G2MUpdateTask-S-1-5-21-3241689406-135872924-3266888133-1001 => C:\Users\Liz\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe [2014-07-14] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {0F2EA03C-14BE-40E6-B803-7CAA3B1304EA} - System32\Tasks\Dolby Selector => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-07-08] (Dolby Laboratories Inc.)
Task: {0FE9D5F6-06F9-4705-A17E-F9DCE2228E6B} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {12029000-A991-4750-B4AA-6140E349D2AB} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {15E2D016-A88C-45A7-8BB4-20C5EF7FFE55} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {22FD37E0-E660-4813-9C49-DD8855A9ADE7} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {25271023-A8F3-4D48-BEC9-A6140D03222C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3A6B43E1-7AA3-468F-8745-324618CAD450} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3DA1D3AF-C327-4660-9F72-93782EE3246D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-14] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {56BA94B8-C1DC-474B-82D7-FB0816D4BC1C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-05-20] (Microsoft Corporation)
Task: {596162DE-11B7-47EA-9872-00978CB323F9} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-01] (Synaptics Incorporated)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {981503A0-95F7-4535-B11B-C4243B5D05A3} - System32\Tasks\Activeris AntiMalware_startup => C:\Program Files (x86)\Activeris AntiMalware\ActiverisAntiMalware.exe [2014-01-23] (Activeris) <==== ATTENTION
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {AA1338D9-60F5-4450-A059-F10A8FECAE96} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-24] (Google Inc.)
Task: {C757D065-3874-496F-88DB-12CDB7EA4404} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-05-20] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6A29F34-465D-4C5E-A54A-95A6F564326F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-24] (Google Inc.)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EF99133C-A362-466F-BACC-7503379609A5} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3241689406-135872924-3266888133-1001.job => C:\Users\Liz\AppData\Local\Citrix\GoToMeeting\1468\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-10-01 14:00 - 2012-07-30 10:48 - 01518504 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
2014-04-24 10:30 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-10-01 13:50 - 2012-12-26 10:36 - 00114688 _____ () C:\Program Files (x86)\FWdriver_v\POSHXMain.exe
2014-06-26 07:44 - 2014-06-26 07:43 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
2014-07-14 16:34 - 2014-05-20 17:19 - 08892072 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-01 13:50 - 2013-09-03 20:38 - 00647168 _____ () C:\Program Files (x86)\FWdriver_v\POSHX.exe
2013-07-08 18:53 - 2013-07-08 18:53 - 00052096 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2014-06-20 11:21 - 2014-06-26 07:43 - 02567192 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2014-05-23 08:04 - 2014-05-23 08:04 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-05-09 14:13 - 2014-07-02 12:20 - 01404120 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2013-10-01 13:50 - 2013-07-24 09:23 - 00106496 _____ () C:\Program Files (x86)\FWdriver_v\KIPowerDll.dll
2014-06-26 07:44 - 2014-06-26 07:44 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\log4cplusU.dll
2013-10-01 12:58 - 2013-08-08 13:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-04-24 08:00 - 2012-09-26 15:31 - 00886272 _____ () C:\Program Files (x86)\Activeris AntiMalware\System.Data.SQLite.dll
2014-04-24 08:00 - 2014-01-23 19:04 - 01718264 _____ () C:\Program Files (x86)\Activeris AntiMalware\acrissys.dll
2014-03-23 17:04 - 2014-03-23 17:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2013-10-01 13:50 - 2013-07-11 11:41 - 00348160 _____ () C:\Program Files (x86)\FWdriver_v\SuperHealthDLL.dll
2013-10-01 13:50 - 2012-06-22 19:32 - 00266240 _____ () C:\Program Files (x86)\FWdriver_v\SuperSpeederDLL.dll
2014-04-24 10:30 - 2014-06-20 11:24 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-10-01 14:08 - 2013-08-05 08:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-06-20 11:21 - 2014-06-26 07:44 - 01640472 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\TBAPI.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Liz\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/20/2014 00:42:35 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
Error: (07/19/2014 10:49:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wfcrun32.exe, version: 13.3.0.55, time stamp: 0x50123e31
Faulting module name: ntdll.dll, version: 6.3.9600.17031, time stamp: 0x5308893d
Exception code: 0xc0000005
Fault offset: 0x00018e17
Faulting process ID: 0x15ac
Faulting application start time: 0xwfcrun32.exe0
Faulting application path: wfcrun32.exe1
Faulting module path: wfcrun32.exe2
Report ID: wfcrun32.exe3
Faulting package full name: wfcrun32.exe4
Faulting package-relative application ID: wfcrun32.exe5
 
Error: (07/15/2014 09:08:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wfcrun32.exe, version: 13.3.0.55, time stamp: 0x50123e31
Faulting module name: ntdll.dll, version: 6.3.9600.17031, time stamp: 0x5308893d
Exception code: 0xc0000005
Fault offset: 0x00018e17
Faulting process ID: 0x19ac
Faulting application start time: 0xwfcrun32.exe0
Faulting application path: wfcrun32.exe1
Faulting module path: wfcrun32.exe2
Report ID: wfcrun32.exe3
Faulting package full name: wfcrun32.exe4
Faulting package-relative application ID: wfcrun32.exe5
 
Error: (07/14/2014 05:36:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wfcrun32.exe, version: 13.3.0.55, time stamp: 0x50123e31
Faulting module name: ntdll.dll, version: 6.3.9600.17031, time stamp: 0x5308893d
Exception code: 0xc0000005
Fault offset: 0x00018e17
Faulting process ID: 0x9c4
Faulting application start time: 0xwfcrun32.exe0
Faulting application path: wfcrun32.exe1
Faulting module path: wfcrun32.exe2
Report ID: wfcrun32.exe3
Faulting package full name: wfcrun32.exe4
Faulting package-relative application ID: wfcrun32.exe5
 
Error: (07/14/2014 05:35:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wfcrun32.exe, version: 13.3.0.55, time stamp: 0x50123e31
Faulting module name: ntdll.dll, version: 6.3.9600.17031, time stamp: 0x5308893d
Exception code: 0xc0000005
Fault offset: 0x00018e17
Faulting process ID: 0x1f00
Faulting application start time: 0xwfcrun32.exe0
Faulting application path: wfcrun32.exe1
Faulting module path: wfcrun32.exe2
Report ID: wfcrun32.exe3
Faulting package full name: wfcrun32.exe4
Faulting package-relative application ID: wfcrun32.exe5
 
Error: (07/02/2014 07:35:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wfcrun32.exe, version: 13.3.0.55, time stamp: 0x50123e31
Faulting module name: ntdll.dll, version: 6.3.9600.17031, time stamp: 0x5308893d
Exception code: 0xc0000005
Fault offset: 0x00018e17
Faulting process ID: 0x1e60
Faulting application start time: 0xwfcrun32.exe0
Faulting application path: wfcrun32.exe1
Faulting module path: wfcrun32.exe2
Report ID: wfcrun32.exe3
Faulting package full name: wfcrun32.exe4
Faulting package-relative application ID: wfcrun32.exe5
 
Error: (07/01/2014 06:54:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wfcrun32.exe, version: 13.3.0.55, time stamp: 0x50123e31
Faulting module name: ntdll.dll, version: 6.3.9600.17031, time stamp: 0x5308893d
Exception code: 0xc0000005
Fault offset: 0x00018e17
Faulting process ID: 0xe30
Faulting application start time: 0xwfcrun32.exe0
Faulting application path: wfcrun32.exe1
Faulting module path: wfcrun32.exe2
Report ID: wfcrun32.exe3
Faulting package full name: wfcrun32.exe4
Faulting package-relative application ID: wfcrun32.exe5
 
Error: (07/01/2014 06:49:51 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)
 
Error: (06/30/2014 09:15:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20498 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1ca8
 
Start Time: 01cf943ac9af0d40
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exe
 
Report Id: be2ad8d1-002e-11e4-828f-5c514f3b6f3b
 
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
 
Error: (06/30/2014 09:11:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wfcrun32.exe, version: 13.3.0.55, time stamp: 0x50123e31
Faulting module name: ntdll.dll, version: 6.3.9600.17031, time stamp: 0x5308893d
Exception code: 0xc0000005
Fault offset: 0x00018e17
Faulting process ID: 0x82c
Faulting application start time: 0xwfcrun32.exe0
Faulting application path: wfcrun32.exe1
Faulting module path: wfcrun32.exe2
Report ID: wfcrun32.exe3
Faulting package full name: wfcrun32.exe4
Faulting package-relative application ID: wfcrun32.exe5
 
 
System errors:
=============
Error: (07/20/2014 02:35:22 PM) (Source: DCOM) (EventID: 10010) (User: LIZLAPTOP)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (07/19/2014 08:32:34 PM) (Source: DCOM) (EventID: 10010) (User: LIZLAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (07/19/2014 08:32:34 PM) (Source: DCOM) (EventID: 10010) (User: LIZLAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (07/19/2014 03:42:27 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.0.11.
The computer with the IP address 192.168.0.2 did not allow the name to be claimed by
this computer.
 
Error: (07/19/2014 11:01:29 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.0.11.
The computer with the IP address 192.168.0.2 did not allow the name to be claimed by
this computer.
 
Error: (07/19/2014 10:49:33 AM) (Source: DCOM) (EventID: 10010) (User: LIZLAPTOP)
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}
 
Error: (07/15/2014 09:09:25 PM) (Source: DCOM) (EventID: 10010) (User: LIZLAPTOP)
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}
 
Error: (07/14/2014 05:36:42 PM) (Source: DCOM) (EventID: 10010) (User: LIZLAPTOP)
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}
 
Error: (07/14/2014 05:36:07 PM) (Source: DCOM) (EventID: 10010) (User: LIZLAPTOP)
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}
 
Error: (07/14/2014 04:30:29 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with the following service-specific error: 
%%3758213661
 
 
Microsoft Office Sessions:
=========================
Error: (07/20/2014 00:42:35 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883
 
Error: (07/19/2014 10:49:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: wfcrun32.exe13.3.0.5550123e31ntdll.dll6.3.9600.170315308893dc000000500018e1715ac01cfa336ab12116cC:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exeC:\Windows\SYSTEM32\ntdll.dlle90b53a4-0f29-11e4-8291-5c514f3b6f3b
 
Error: (07/15/2014 09:08:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wfcrun32.exe13.3.0.5550123e31ntdll.dll6.3.9600.170315308893dc000000500018e1719ac01cfa06888616fe5C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exeC:\Windows\SYSTEM32\ntdll.dllc7776ed7-0c5b-11e4-8291-5c514f3b6f3b
 
Error: (07/14/2014 05:36:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wfcrun32.exe13.3.0.5550123e31ntdll.dll6.3.9600.170315308893dc000000500018e179c401cf9f81b691cf4fC:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exeC:\Windows\SYSTEM32\ntdll.dllf45dfb23-0b74-11e4-8290-5c514f3b6f3b
 
Error: (07/14/2014 05:35:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wfcrun32.exe13.3.0.5550123e31ntdll.dll6.3.9600.170315308893dc000000500018e171f0001cf9f81a23943d7C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exeC:\Windows\SYSTEM32\ntdll.dlle0e9cd96-0b74-11e4-8290-5c514f3b6f3b
 
Error: (07/02/2014 07:35:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wfcrun32.exe13.3.0.5550123e31ntdll.dll6.3.9600.170315308893dc000000500018e171e6001cf9624561b4ea0C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exeC:\Windows\SYSTEM32\ntdll.dll947fbea5-0217-11e4-8290-5c514f3b6f3b
 
Error: (07/01/2014 06:54:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: wfcrun32.exe13.3.0.5550123e31ntdll.dll6.3.9600.170315308893dc000000500018e17e3001cf94f0f66002dcC:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exeC:\Windows\SYSTEM32\ntdll.dll36def840-00e4-11e4-828f-5c514f3b6f3b
 
Error: (07/01/2014 06:49:51 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d
 
Error: (06/30/2014 09:15:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.204981ca801cf943ac9af0d404294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\LiveComm.exebe2ad8d1-002e-11e4-828f-5c514f3b6f3bmicrosoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
 
Error: (06/30/2014 09:11:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: wfcrun32.exe13.3.0.5550123e31ntdll.dll6.3.9600.170315308893dc000000500018e1782c01cf943ae5ee1166C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exeC:\Windows\SYSTEM32\ntdll.dll31b61278-002e-11e4-828f-5c514f3b6f3b
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 45%
Total physical RAM: 4004.02 MB
Available physical RAM: 2166.4 MB
Total Pagefile: 5476.02 MB
Available Pagefile: 3579.39 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (Boot) (Fixed) (Total:404.05 GB) (Free:345.68 GB) NTFS
Drive d: (Recover) (Fixed) (Total:59.99 GB) (Free:43.66 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
Link to post
Share on other sites

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1

  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update

Once it has updated select Settings > Detection and Protection

Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log

Select Export > Select text file and save to the desktop

Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Link to post
Share on other sites

# AdwCleaner v3.216 - Report created 20/07/2014 at 17:46:11

# Updated 17/07/2014 by Xplode

# Operating System : Windows 8.1  (64 bits)

# Username : Liz - LIZLAPTOP

# Running from : C:\Users\Liz\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

Service Deleted : vToolbarUpdater18.1.7

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Activeris

Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar

Folder Deleted : C:\ProgramData\AVG Secure Search

Folder Deleted : C:\ProgramData\AVG Security Toolbar

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activeris AntiMalware

Folder Deleted : C:\Program Files (x86)\Activeris AntiMalware

Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar

Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Deleted : C:\Program Files\AVG SafeGuard toolbar

[!] Folder Deleted : C:\Users\Liz\AppData\Local\AVG SafeGuard toolbar

Folder Deleted : C:\Users\Liz\AppData\Local\Temp\AirInstaller

Folder Deleted : C:\Users\Liz\AppData\LocalLow\AVG SafeGuard toolbar

Folder Deleted : C:\Users\Liz\AppData\Roaming\Activeris

Folder Deleted : C:\Users\Liz\Documents\Optimizer Pro

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk

File Deleted : C:\Windows\System32\acrisnative64.exe

File Deleted : C:\Windows\System32\Tasks\Activeris AntiMalware_startup

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASMANCS

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13352EEC-8C24-45FF-8571-29FA9377D755}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C99B148-E8D5-447C-898B-9E4ABEDD9377}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63D436CD-636B-4815-8A65-9EF7069B85B0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8CE5F275-2F5E-4CE5-9213-C8BF49D7E4F9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0994774-C162-4795-8AEB-52C776216264}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C07474D6-CAE5-474D-9583-E147ACFFFAEA}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C5AA6C60-2955-4948-AFB2-5AEFEB431C13}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CDF1FAFC-29FA-427D-A21D-F78218460ECF}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E17D179F-E095-408C-8F4E-2CBF87395547}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EACF3F45-6E3A-45FF-9F0B-4829DE87F37A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\AVG SafeGuard toolbar

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Deleted : HKLM\Software\AVG SafeGuard toolbar

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Key Deleted : [x64] HKLM\SOFTWARE\AVG Secure Search

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17126

 

 

-\\ Google Chrome v36.0.1985.125

 

*************************

 

AdwCleaner[R0].txt - [7537 octets] - [20/07/2014 17:44:28]

AdwCleaner[s0].txt - [7225 octets] - [20/07/2014 17:46:11]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7285 octets] ##########

 

 

am going to move on to the next step now

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 20/07/2014

Scan Time: 17:55:17

Logfile: 

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.07.20.04

Rootkit Database: v2014.07.17.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Liz

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 293319

Time Elapsed: 14 min, 57 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

No on to the next step
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 8.1 x64

Ran by Liz on 20/07/2014 at 18:13:39.43

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 20/07/2014 at 18:23:14.66

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

now for the last step
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-07-2014

Ran by Liz (administrator) on LIZLAPTOP on 20-07-2014 18:26:29

Running from C:\Users\Liz\Desktop

Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

() C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe

() C:\Program Files (x86)\FWdriver_v\POSHXMain.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

() C:\Program Files (x86)\FWdriver_v\POSHX.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe

(Internet Helper) C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishing.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Thisisu) C:\Users\Liz\Desktop\JRT.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe [36352 2013-08-07] (Intel Corporation)

HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp 

HKLM\...\Run: [POSHX] => C:\Program Files (x86)\FWdriver_v\POSHX.exe [647168 2013-09-03] ()

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13648600 2013-08-29] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-01] (Synaptics Incorporated)

HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)

HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-09-23] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)

HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-18] (CyberLink Corp.)

HKLM-x32\...\Run: [internet Helper Anti-phishing] => C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishing.exe [235072 2013-05-14] (Internet Helper)

HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"

HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1

HKU\.DEFAULT\...\Run: [AppLauncher] => C:\Program Files (x86)\Ashampoo\Ashampoo AppLauncher\AppLauncher.exe 

HKU\S-1-5-21-3241689406-135872924-3266888133-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.)

HKU\S-1-5-21-3241689406-135872924-3266888133-1001\...\MountPoints2: {f3b85e4c-3792-11e3-827a-806e6f6e6963} - "E:\Setup.exe" 

Startup: C:\Users\Liz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)

ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKCU - {638B3B11-1664-4F33-AF74-0BC81EDEBCCF} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

 

FireFox:

========

FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Liz\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

 

Chrome: 

=======

CHR Extension: (Google Docs) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-24]

CHR Extension: (Google Drive) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-24]

CHR Extension: (YouTube) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-24]

CHR Extension: (Google Search) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-24]

CHR Extension: (Google Wallet) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-24]

CHR Extension: (Gmail) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-24]

 

==================== Services (Whitelisted) =================

 

R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] ()

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)

R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)

R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-08] (Intel Corporation)

R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-07-01] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-07-29] ()

R2 POSHXService; C:\Program Files (x86)\FWdriver_v\POSHXMain.exe [114688 2012-12-26] () [File not signed]

R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1886488 2014-06-23] (Trusteer Ltd.)

S3 RoxMediaDBGame1X; C:\Program Files (x86)\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe [1095824 2012-08-02] (Corel Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3668208 2013-07-29] (Intel® Corporation)

 

==================== Drivers (Whitelisted) ====================

 

R3 AirplaneModeHID; C:\Windows\System32\drivers\AirplaneModeHID.sys [30512 2013-09-04] (Elitegroup Computer System)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-26] (AVG Technologies)

R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [274712 2014-05-14] (AVG Technologies CZ, s.r.o.)

R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)

R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)

R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1385784 2013-06-27] (Motorola Solutions, Inc.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)

S3 H5xUSB; C:\Windows\System32\Drivers\uth5x64.sys [101632 2012-08-02] (UT)

R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [114632 2013-07-01] (Intel Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)

R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)

S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)

R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-07-10] (Corel Corporation)

R1 RapportCerberus_69108; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69108.sys [631128 2014-07-02] ()

R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299736 2014-06-23] (Trusteer Ltd.)

R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [288440 2014-06-23] (Trusteer Ltd.)

R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358616 2014-06-23] (Trusteer Ltd.)

R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414296 2014-06-23] (Trusteer Ltd.)

S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )

R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-01] (Synaptics Incorporated)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-01] (Synaptics Incorporated)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-07-20 18:25 - 2014-07-20 18:25 - 01016261 _____ (Thisisu) C:\Users\Liz\Downloads\JRT (1).exe

2014-07-20 18:23 - 2014-07-20 18:23 - 00000612 _____ () C:\Users\Liz\Desktop\JRT.txt

2014-07-20 18:13 - 2014-07-20 18:13 - 00000000 ____D () C:\Windows\ERUNT

2014-07-20 18:12 - 2014-07-20 18:12 - 01016261 _____ (Thisisu) C:\Users\Liz\Downloads\JRT.exe

2014-07-20 18:12 - 2014-07-20 18:12 - 01016261 _____ (Thisisu) C:\Users\Liz\Desktop\JRT.exe

2014-07-20 17:45 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-07-20 17:44 - 2014-07-20 17:46 - 00000000 ____D () C:\AdwCleaner

2014-07-20 17:43 - 2014-07-20 17:43 - 01354223 _____ () C:\Users\Liz\Desktop\AdwCleaner.exe

2014-07-20 16:54 - 2014-07-20 16:55 - 00033930 _____ () C:\Users\Liz\Desktop\Addition.txt

2014-07-20 16:53 - 2014-07-20 18:26 - 00023603 _____ () C:\Users\Liz\Desktop\FRST.txt

2014-07-20 16:53 - 2014-07-20 18:26 - 00000000 ____D () C:\FRST

2014-07-20 16:50 - 2014-07-20 16:50 - 02089984 _____ (Farbar) C:\Users\Liz\Desktop\FRST64.exe

2014-07-20 14:48 - 2014-07-20 14:48 - 05222180 _____ (Swearware) C:\Users\Liz\Desktop\ComboFix.exe

2014-07-20 14:21 - 2014-07-20 14:21 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Liz\Downloads\tdsskiller.exe

2014-07-20 14:14 - 2014-07-20 17:55 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-20 14:13 - 2014-07-20 14:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Liz\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-20 14:13 - 2014-07-20 14:13 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-20 14:13 - 2014-07-20 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-20 14:13 - 2014-07-20 14:13 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-20 14:13 - 2014-07-20 14:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-20 14:13 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-07-20 14:13 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-07-20 14:13 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-07-19 10:55 - 2014-07-19 10:55 - 00413882 _____ () C:\Users\Liz\Downloads\govsfeb2013v2.pptx

2014-07-15 21:20 - 2014-07-15 21:20 - 03003511 _____ () C:\Users\Liz\Downloads\L1joiningconsonants.mp4

2014-07-15 21:20 - 2014-07-15 21:20 - 02448463 _____ () C:\Users\Liz\Downloads\L1Ex5-Specialoutlines.mp4

2014-07-15 21:11 - 2014-07-15 21:12 - 04659513 _____ () C:\Users\Liz\Downloads\L3-Easyjoiningtechniques.mp4

2014-07-15 21:11 - 2014-07-15 21:11 - 03972514 _____ () C:\Users\Liz\Downloads\L2-Groupings.mp4

2014-07-15 21:10 - 2014-07-15 21:10 - 02740148 _____ () C:\Users\Liz\Downloads\L3-BlendingF.mp4

2014-07-14 17:20 - 2014-04-14 04:29 - 01018880 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-07-14 17:18 - 2014-07-14 17:18 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-07-14 17:00 - 2014-06-19 02:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-07-14 17:00 - 2014-06-19 01:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-07-14 17:00 - 2014-06-19 00:46 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-07-14 17:00 - 2014-06-18 23:57 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-07-14 17:00 - 2014-06-16 23:26 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe

2014-07-14 17:00 - 2014-06-16 23:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe

2014-07-14 17:00 - 2014-06-06 15:20 - 04190720 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-07-14 16:59 - 2014-06-19 01:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-07-14 16:59 - 2014-06-19 01:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-07-14 16:59 - 2014-06-19 00:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-07-14 16:59 - 2014-06-19 00:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-07-14 16:59 - 2014-06-19 00:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-07-14 16:59 - 2014-06-19 00:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-07-14 16:59 - 2014-06-19 00:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-07-14 16:59 - 2014-06-19 00:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-07-14 16:59 - 2014-06-19 00:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-07-14 16:59 - 2014-06-19 00:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-07-14 16:59 - 2014-06-18 23:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-07-14 16:59 - 2014-06-18 23:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-07-14 16:59 - 2014-06-18 23:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-07-14 16:59 - 2014-06-18 23:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-07-14 16:59 - 2014-06-18 23:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-07-14 16:59 - 2014-06-18 23:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-07-14 16:59 - 2014-06-18 23:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-07-14 16:59 - 2014-06-18 23:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-07-14 16:59 - 2014-06-18 23:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-07-14 16:59 - 2014-06-18 23:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-07-14 16:59 - 2014-06-18 23:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-07-14 16:59 - 2014-06-18 23:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-07-14 16:59 - 2014-06-18 23:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-07-14 16:59 - 2014-05-30 04:03 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2014-07-14 16:59 - 2014-05-29 13:02 - 00565576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2014-07-14 16:59 - 2014-05-29 08:55 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2014-07-14 16:59 - 2014-05-29 07:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2014-07-14 16:59 - 2014-05-29 07:37 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2014-07-14 16:59 - 2014-05-29 06:34 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2014-07-14 16:59 - 2014-05-29 06:27 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-07-14 16:58 - 2014-06-06 14:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-07-14 16:58 - 2014-06-06 13:18 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2014-07-14 16:57 - 2014-06-30 23:45 - 00688128 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-07-14 16:57 - 2014-06-28 08:48 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-07-14 16:57 - 2014-06-28 08:07 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-07-14 16:57 - 2014-05-31 11:07 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2014-07-14 16:57 - 2014-05-31 11:06 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll

2014-07-14 16:57 - 2014-05-31 04:40 - 13287936 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll

2014-07-14 16:57 - 2014-05-31 04:30 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll

2014-07-14 16:57 - 2014-05-31 04:12 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-07-14 16:57 - 2014-05-31 04:06 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2014-07-14 16:57 - 2014-05-31 04:03 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2014-07-14 16:57 - 2014-05-31 04:01 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-07-14 16:57 - 2014-05-31 03:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2014-07-14 16:57 - 2014-05-31 03:54 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2014-07-14 16:57 - 2014-05-31 03:48 - 03463680 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2014-07-14 16:57 - 2014-05-31 03:37 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll

2014-07-14 16:57 - 2014-05-31 03:36 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll

2014-07-14 16:57 - 2014-05-31 03:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll

2014-07-14 16:57 - 2014-05-31 03:32 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll

2014-07-14 16:34 - 2014-07-14 16:34 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe

2014-06-20 13:21 - 2014-06-20 13:21 - 00239872 _____ () C:\Users\Liz\Downloads\20 Jun 20141.jpeg

2014-06-20 13:21 - 2014-06-20 13:21 - 00239872 _____ () C:\Users\Liz\Downloads\20 Jun 20141 (1).jpeg

2014-06-20 11:23 - 2014-07-20 17:47 - 00000000 ____D () C:\Users\Liz\AppData\Local\AVG SafeGuard toolbar

2014-06-20 11:22 - 2014-06-26 07:44 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys

2014-06-20 11:16 - 2014-05-09 00:06 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys

 

==================== One Month Modified Files and Folders =======

 

2014-07-20 18:26 - 2014-07-20 16:53 - 00023603 _____ () C:\Users\Liz\Desktop\FRST.txt

2014-07-20 18:26 - 2014-07-20 16:53 - 00000000 ____D () C:\FRST

2014-07-20 18:25 - 2014-07-20 18:25 - 01016261 _____ (Thisisu) C:\Users\Liz\Downloads\JRT (1).exe

2014-07-20 18:24 - 2014-06-05 11:03 - 00000570 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3241689406-135872924-3266888133-1001.job

2014-07-20 18:23 - 2014-07-20 18:23 - 00000612 _____ () C:\Users\Liz\Desktop\JRT.txt

2014-07-20 18:23 - 2014-04-23 17:46 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3241689406-135872924-3266888133-1001

2014-07-20 18:22 - 2014-04-25 11:27 - 00000000 ____D () C:\Users\Liz\AppData\Roaming\Skype

2014-07-20 18:14 - 2014-04-24 07:59 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-20 18:13 - 2014-07-20 18:13 - 00000000 ____D () C:\Windows\ERUNT

2014-07-20 18:12 - 2014-07-20 18:12 - 01016261 _____ (Thisisu) C:\Users\Liz\Downloads\JRT.exe

2014-07-20 18:12 - 2014-07-20 18:12 - 01016261 _____ (Thisisu) C:\Users\Liz\Desktop\JRT.exe

2014-07-20 18:10 - 2014-04-23 17:40 - 01068089 _____ () C:\Windows\WindowsUpdate.log

2014-07-20 18:03 - 2014-04-28 09:56 - 00004970 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for LIZLAPTOP-Liz lizlaptop

2014-07-20 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru

2014-07-20 17:55 - 2014-07-20 14:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-20 17:54 - 2014-04-24 08:01 - 00000000 ____D () C:\ProgramData\Internet Helper Anti-phishing

2014-07-20 17:53 - 2014-04-23 17:42 - 00000000 ____D () C:\Users\Liz\Documents\Youcam

2014-07-20 17:52 - 2014-04-24 17:46 - 00000000 __RDO () C:\Users\Liz\SkyDrive

2014-07-20 17:52 - 2014-04-24 07:59 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-07-20 17:52 - 2014-04-24 07:59 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-20 17:47 - 2014-06-20 11:23 - 00000000 ____D () C:\Users\Liz\AppData\Local\AVG SafeGuard toolbar

2014-07-20 17:47 - 2013-09-12 11:53 - 00038048 _____ () C:\Windows\PFRO.log

2014-07-20 17:47 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-07-20 17:46 - 2014-07-20 17:44 - 00000000 ____D () C:\AdwCleaner

2014-07-20 17:46 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI

2014-07-20 17:43 - 2014-07-20 17:43 - 01354223 _____ () C:\Users\Liz\Desktop\AdwCleaner.exe

2014-07-20 16:55 - 2014-07-20 16:54 - 00033930 _____ () C:\Users\Liz\Desktop\Addition.txt

2014-07-20 16:50 - 2014-07-20 16:50 - 02089984 _____ (Farbar) C:\Users\Liz\Desktop\FRST64.exe

2014-07-20 16:50 - 2014-05-23 08:02 - 00064512 ___SH () C:\Users\Liz\Downloads\Thumbs.db

2014-07-20 14:48 - 2014-07-20 14:48 - 05222180 _____ (Swearware) C:\Users\Liz\Desktop\ComboFix.exe

2014-07-20 14:36 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore

2014-07-20 14:21 - 2014-07-20 14:21 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Liz\Downloads\tdsskiller.exe

2014-07-20 14:20 - 2014-04-23 17:43 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1F7E1221-623B-4882-A864-9851F48A39F8}

2014-07-20 14:13 - 2014-07-20 14:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Liz\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-20 14:13 - 2014-07-20 14:13 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-20 14:13 - 2014-07-20 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-20 14:13 - 2014-07-20 14:13 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-20 14:13 - 2014-07-20 14:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-20 13:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness

2014-07-20 12:42 - 2013-08-22 15:46 - 00041076 _____ () C:\Windows\setupact.log

2014-07-20 12:35 - 2014-04-24 16:25 - 00000000 ____D () C:\ProgramData\MFAData

2014-07-19 11:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache

2014-07-19 10:55 - 2014-07-19 10:55 - 00413882 _____ () C:\Users\Liz\Downloads\govsfeb2013v2.pptx

2014-07-19 10:55 - 2014-04-23 17:40 - 00000000 ____D () C:\Users\Liz\AppData\Local\Packages

2014-07-15 21:20 - 2014-07-15 21:20 - 03003511 _____ () C:\Users\Liz\Downloads\L1joiningconsonants.mp4

2014-07-15 21:20 - 2014-07-15 21:20 - 02448463 _____ () C:\Users\Liz\Downloads\L1Ex5-Specialoutlines.mp4

2014-07-15 21:12 - 2014-07-15 21:11 - 04659513 _____ () C:\Users\Liz\Downloads\L3-Easyjoiningtechniques.mp4

2014-07-15 21:11 - 2014-07-15 21:11 - 03972514 _____ () C:\Users\Liz\Downloads\L2-Groupings.mp4

2014-07-15 21:10 - 2014-07-15 21:10 - 02740148 _____ () C:\Users\Liz\Downloads\L3-BlendingF.mp4

2014-07-14 18:06 - 2013-08-22 15:44 - 00608688 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-07-14 18:02 - 2013-08-22 21:59 - 00000000 ____D () C:\Program Files\Windows Journal

2014-07-14 18:02 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData

2014-07-14 18:02 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-07-14 18:02 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-07-14 17:50 - 2014-06-05 11:03 - 00003568 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3241689406-135872924-3266888133-1001

2014-07-14 17:24 - 2014-04-25 11:08 - 00000000 ____D () C:\Windows\system32\MRT

2014-07-14 17:24 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp

2014-07-14 17:22 - 2014-04-25 11:08 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-07-14 17:22 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM

2014-07-14 17:21 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\en-GB

2014-07-14 17:18 - 2014-07-14 17:18 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-07-14 16:40 - 2014-04-24 10:30 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2014-07-14 16:34 - 2014-07-14 16:34 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe

2014-07-14 16:28 - 2014-04-24 16:39 - 00000985 _____ () C:\Users\Public\Desktop\AVG 2014.lnk

2014-07-14 16:28 - 2014-04-24 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2014-07-02 19:35 - 2014-04-25 11:27 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-07-02 19:35 - 2014-04-25 11:27 - 00000000 ____D () C:\ProgramData\Skype

2014-07-02 12:20 - 2014-05-09 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection

2014-07-01 08:18 - 2014-05-15 18:30 - 00035328 ___SH () C:\Users\Liz\Desktop\Thumbs.db

2014-06-30 23:45 - 2014-07-14 16:57 - 00688128 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-06-30 10:09 - 2014-04-24 07:59 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-06-30 10:09 - 2014-04-24 07:59 - 00003648 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-06-28 08:48 - 2014-07-14 16:57 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-06-28 08:07 - 2014-07-14 16:57 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-06-26 21:55 - 2014-05-15 08:02 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-06-26 21:55 - 2014-05-15 08:02 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-06-26 07:47 - 2013-09-12 12:40 - 00757056 _____ () C:\Windows\system32\perfh00E.dat

2014-06-26 07:47 - 2013-09-12 12:40 - 00182410 _____ () C:\Windows\system32\perfc00E.dat

2014-06-26 07:47 - 2013-09-12 12:35 - 00440860 _____ () C:\Windows\system32\perfh00B.dat

2014-06-26 07:47 - 2013-09-12 12:35 - 00086210 _____ () C:\Windows\system32\perfc00B.dat

2014-06-26 07:47 - 2013-09-12 12:00 - 02293384 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-06-26 07:44 - 2014-06-20 11:22 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys

2014-06-23 12:15 - 2014-05-09 14:13 - 00358616 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys

2014-06-23 12:15 - 2014-05-09 14:13 - 00288440 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportHades64.sys

2014-06-20 14:01 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel

2014-06-20 14:01 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\system32\oobe

2014-06-20 13:21 - 2014-06-20 13:21 - 00239872 _____ () C:\Users\Liz\Downloads\20 Jun 20141.jpeg

2014-06-20 13:21 - 2014-06-20 13:21 - 00239872 _____ () C:\Users\Liz\Downloads\20 Jun 20141 (1).jpeg

 

Some content of TEMP:

====================

C:\Users\Liz\AppData\Local\Temp\air8857.exe

C:\Users\Liz\AppData\Local\Temp\airD6A7.exe

C:\Users\Liz\AppData\Local\Temp\AppLauncher.exe

C:\Users\Liz\AppData\Local\Temp\ConfigurationWizard.exe

C:\Users\Liz\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-07-19 10:47

 

==================== End Of Log ============================

 

 

ok - that's all done awaiting your next instructions.

can I also take this opportunity to thank you for your swift help and advice.
Link to post
Share on other sites

Step 1: FRST Fix

  • Please download the attached fixlist.txt file and save it to the same location as FRST

    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please disable your AntiVirus before doing these steps!

  • If you have Win Vista / Win 7 / Win 8 please start IE as Administrator!
  • This will only work for Internet Explorer or FireFox
  • Please download ESET Online Scanner from here
  • How to do this?
    • Visit this website here
    • You will see a screen like this:

e922iil8.png

  • Click Run ESET Online Scanner

    4e3svhbd.png

  • A Window will open (see above) - please click on the link
  • A window will pop up - please download the file to your Desktop
  • When the download has finished please run the program (for Win Vista/ Win7 / Win 8 User please run it as Administrator)

    p35jbmyy.png

  • Tick the box next to YES, I accept the Terms of Use then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.

    p3b9meru.png

  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Then click on Start
  • virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • After the scan is finished please click on Finish
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-07-2014

Ran by Liz at 2014-07-20 18:47:22 Run:1

Running from C:\Users\Liz\Desktop

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1

HKU\S-1-5-21-3241689406-135872924-3266888133-1001\...\MountPoints2: {f3b85e4c-3792-11e3-827a-806e6f6e6963} - "E:\Setup.exe" 

SearchScopes: HKLM-x32 - DefaultScope value is missing.

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

2014-07-20 17:47 - 2014-06-20 11:23 - 00000000 ____D () C:\Users\Liz\AppData\Local\AVG SafeGuard toolbar

C:\Users\Liz\AppData\Local\Temp\air8857.exe

C:\Users\Liz\AppData\Local\Temp\airD6A7.exe

C:\Users\Liz\AppData\Local\Temp\AppLauncher.exe

C:\Users\Liz\AppData\Local\Temp\ConfigurationWizard.exe

C:\Users\Liz\AppData\Local\Temp\Quarantine.exe

*****************

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ConfirmFileDelete => value deleted successfully.

'HKU\S-1-5-21-3241689406-135872924-3266888133-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3b85e4c-3792-11e3-827a-806e6f6e6963}' => Key deleted successfully.

'HKCR\CLSID\{f3b85e4c-3792-11e3-827a-806e6f6e6963}'=> Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

'HKCR\PROTOCOLS\Filter\application/x-ica' => Key deleted successfully.

'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.

'HKCR\PROTOCOLS\Filter\application/x-ica; charset=euc-jp' => Key deleted successfully.

'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.

'HKCR\PROTOCOLS\Filter\application/x-ica; charset=ISO-8859-1' => Key deleted successfully.

'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.

'HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS936' => Key deleted successfully.

'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.

'HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS949' => Key deleted successfully.

'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.

'HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS950' => Key deleted successfully.

'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.

'HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF-8' => Key deleted successfully.

'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.

'HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF8' => Key deleted successfully.

'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.

'HKCR\PROTOCOLS\Filter\application/x-ica;charset=euc-jp' => Key deleted successfully.

'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.

'HKCR\PROTOCOLS\Filter\application/x-ica;charset=ISO-8859-1' => Key deleted successfully.

'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.

'HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS936' => Key deleted successfully.

'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.

'HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS949' => Key deleted successfully.

'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.

'HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS950' => Key deleted successfully.

'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.

'HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF-8' => Key deleted successfully.

'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.

'HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF8' => Key deleted successfully.

'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.

'HKCR\PROTOCOLS\Filter\ica' => Key deleted successfully.

'HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}'=> Key not found.

C:\Users\Liz\AppData\Local\AVG SafeGuard toolbar => Moved successfully.

C:\Users\Liz\AppData\Local\Temp\air8857.exe => Moved successfully.

C:\Users\Liz\AppData\Local\Temp\airD6A7.exe => Moved successfully.

C:\Users\Liz\AppData\Local\Temp\AppLauncher.exe => Moved successfully.

C:\Users\Liz\AppData\Local\Temp\ConfigurationWizard.exe => Moved successfully.

"C:\Users\Liz\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.

 

==== End of Fixlog ====

moving on to next step

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-07-2014

Ran by Liz (administrator) on LIZLAPTOP on 20-07-2014 18:49:50

Running from C:\Users\Liz\Desktop

Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

() C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe

() C:\Program Files (x86)\FWdriver_v\POSHXMain.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

() C:\Program Files (x86)\FWdriver_v\POSHX.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe

(Internet Helper) C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishing.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe [36352 2013-08-07] (Intel Corporation)

HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp 

HKLM\...\Run: [POSHX] => C:\Program Files (x86)\FWdriver_v\POSHX.exe [647168 2013-09-03] ()

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13648600 2013-08-29] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-01] (Synaptics Incorporated)

HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)

HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-09-23] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-11] (CyberLink Corp.)

HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-18] (CyberLink Corp.)

HKLM-x32\...\Run: [internet Helper Anti-phishing] => C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishing.exe [235072 2013-05-14] (Internet Helper)

HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"

HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\.DEFAULT\...\Run: [AppLauncher] => C:\Program Files (x86)\Ashampoo\Ashampoo AppLauncher\AppLauncher.exe 

HKU\S-1-5-21-3241689406-135872924-3266888133-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21445248 2014-05-08] (Skype Technologies S.A.)

Startup: C:\Users\Liz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)

ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB

SearchScopes: HKCU - {638B3B11-1664-4F33-AF74-0BC81EDEBCCF} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

 

FireFox:

========

FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Liz\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

 

Chrome: 

=======

CHR Extension: (Google Docs) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-24]

CHR Extension: (Google Drive) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-24]

CHR Extension: (YouTube) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-24]

CHR Extension: (Google Search) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-24]

CHR Extension: (Google Wallet) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-24]

CHR Extension: (Gmail) - C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-24]

 

==================== Services (Whitelisted) =================

 

R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] ()

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)

R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [74712 2013-03-11] (CyberLink)

R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [316376 2013-03-11] (CyberLink)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-08] (Intel Corporation)

R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-07-01] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-07-29] ()

R2 POSHXService; C:\Program Files (x86)\FWdriver_v\POSHXMain.exe [114688 2012-12-26] () [File not signed]

R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1886488 2014-06-23] (Trusteer Ltd.)

S3 RoxMediaDBGame1X; C:\Program Files (x86)\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe [1095824 2012-08-02] (Corel Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3668208 2013-07-29] (Intel® Corporation)

 

==================== Drivers (Whitelisted) ====================

 

R3 AirplaneModeHID; C:\Windows\System32\drivers\AirplaneModeHID.sys [30512 2013-09-04] (Elitegroup Computer System)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-26] (AVG Technologies)

R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [274712 2014-05-14] (AVG Technologies CZ, s.r.o.)

R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)

R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)

R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1385784 2013-06-27] (Motorola Solutions, Inc.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)

S3 H5xUSB; C:\Windows\System32\Drivers\uth5x64.sys [101632 2012-08-02] (UT)

R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [114632 2013-07-01] (Intel Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)

R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)

S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)

R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-07-10] (Corel Corporation)

R1 RapportCerberus_69108; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69108.sys [631128 2014-07-02] ()

R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299736 2014-06-23] (Trusteer Ltd.)

R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [288440 2014-06-23] (Trusteer Ltd.)

R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358616 2014-06-23] (Trusteer Ltd.)

R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414296 2014-06-23] (Trusteer Ltd.)

S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-07-31] (Realtek Semiconductor Corporation                           )

R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-01] (Synaptics Incorporated)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-01] (Synaptics Incorporated)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-07-20 18:25 - 2014-07-20 18:25 - 01016261 _____ (Thisisu) C:\Users\Liz\Downloads\JRT (1).exe

2014-07-20 18:23 - 2014-07-20 18:23 - 00000612 _____ () C:\Users\Liz\Desktop\JRT.txt

2014-07-20 18:13 - 2014-07-20 18:13 - 00000000 ____D () C:\Windows\ERUNT

2014-07-20 18:12 - 2014-07-20 18:12 - 01016261 _____ (Thisisu) C:\Users\Liz\Downloads\JRT.exe

2014-07-20 18:12 - 2014-07-20 18:12 - 01016261 _____ (Thisisu) C:\Users\Liz\Desktop\JRT.exe

2014-07-20 17:45 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-07-20 17:44 - 2014-07-20 17:46 - 00000000 ____D () C:\AdwCleaner

2014-07-20 17:43 - 2014-07-20 17:43 - 01354223 _____ () C:\Users\Liz\Desktop\AdwCleaner.exe

2014-07-20 16:54 - 2014-07-20 16:55 - 00033930 _____ () C:\Users\Liz\Desktop\Addition.txt

2014-07-20 16:53 - 2014-07-20 18:50 - 00018986 _____ () C:\Users\Liz\Desktop\FRST.txt

2014-07-20 16:53 - 2014-07-20 18:49 - 00000000 ____D () C:\FRST

2014-07-20 16:50 - 2014-07-20 16:50 - 02089984 _____ (Farbar) C:\Users\Liz\Desktop\FRST64.exe

2014-07-20 14:48 - 2014-07-20 14:48 - 05222180 _____ (Swearware) C:\Users\Liz\Desktop\ComboFix.exe

2014-07-20 14:21 - 2014-07-20 14:21 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Liz\Downloads\tdsskiller.exe

2014-07-20 14:14 - 2014-07-20 17:55 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-20 14:13 - 2014-07-20 14:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Liz\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-20 14:13 - 2014-07-20 14:13 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-20 14:13 - 2014-07-20 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-20 14:13 - 2014-07-20 14:13 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-20 14:13 - 2014-07-20 14:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-20 14:13 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-07-20 14:13 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-07-20 14:13 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-07-19 10:55 - 2014-07-19 10:55 - 00413882 _____ () C:\Users\Liz\Downloads\govsfeb2013v2.pptx

2014-07-15 21:20 - 2014-07-15 21:20 - 03003511 _____ () C:\Users\Liz\Downloads\L1joiningconsonants.mp4

2014-07-15 21:20 - 2014-07-15 21:20 - 02448463 _____ () C:\Users\Liz\Downloads\L1Ex5-Specialoutlines.mp4

2014-07-15 21:11 - 2014-07-15 21:12 - 04659513 _____ () C:\Users\Liz\Downloads\L3-Easyjoiningtechniques.mp4

2014-07-15 21:11 - 2014-07-15 21:11 - 03972514 _____ () C:\Users\Liz\Downloads\L2-Groupings.mp4

2014-07-15 21:10 - 2014-07-15 21:10 - 02740148 _____ () C:\Users\Liz\Downloads\L3-BlendingF.mp4

2014-07-14 17:20 - 2014-04-14 04:29 - 01018880 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-07-14 17:18 - 2014-07-14 17:18 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-07-14 17:00 - 2014-06-19 02:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-07-14 17:00 - 2014-06-19 01:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-07-14 17:00 - 2014-06-19 00:46 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-07-14 17:00 - 2014-06-18 23:57 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-07-14 17:00 - 2014-06-16 23:26 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe

2014-07-14 17:00 - 2014-06-16 23:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe

2014-07-14 17:00 - 2014-06-06 15:20 - 04190720 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-07-14 16:59 - 2014-06-19 01:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-07-14 16:59 - 2014-06-19 01:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-07-14 16:59 - 2014-06-19 00:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-07-14 16:59 - 2014-06-19 00:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-07-14 16:59 - 2014-06-19 00:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-07-14 16:59 - 2014-06-19 00:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-07-14 16:59 - 2014-06-19 00:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-07-14 16:59 - 2014-06-19 00:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-07-14 16:59 - 2014-06-19 00:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-07-14 16:59 - 2014-06-19 00:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-07-14 16:59 - 2014-06-18 23:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-07-14 16:59 - 2014-06-18 23:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-07-14 16:59 - 2014-06-18 23:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-07-14 16:59 - 2014-06-18 23:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-07-14 16:59 - 2014-06-18 23:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-07-14 16:59 - 2014-06-18 23:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-07-14 16:59 - 2014-06-18 23:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-07-14 16:59 - 2014-06-18 23:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-07-14 16:59 - 2014-06-18 23:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-07-14 16:59 - 2014-06-18 23:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-07-14 16:59 - 2014-06-18 23:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-07-14 16:59 - 2014-06-18 23:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-07-14 16:59 - 2014-06-18 23:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-07-14 16:59 - 2014-05-30 04:03 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2014-07-14 16:59 - 2014-05-29 13:02 - 00565576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2014-07-14 16:59 - 2014-05-29 08:55 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2014-07-14 16:59 - 2014-05-29 07:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2014-07-14 16:59 - 2014-05-29 07:37 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2014-07-14 16:59 - 2014-05-29 06:34 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2014-07-14 16:59 - 2014-05-29 06:27 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-07-14 16:58 - 2014-06-06 14:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-07-14 16:58 - 2014-06-06 13:18 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2014-07-14 16:57 - 2014-06-30 23:45 - 00688128 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-07-14 16:57 - 2014-06-28 08:48 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-07-14 16:57 - 2014-06-28 08:07 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-07-14 16:57 - 2014-05-31 11:07 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2014-07-14 16:57 - 2014-05-31 11:06 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll

2014-07-14 16:57 - 2014-05-31 04:40 - 13287936 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll

2014-07-14 16:57 - 2014-05-31 04:30 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll

2014-07-14 16:57 - 2014-05-31 04:12 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-07-14 16:57 - 2014-05-31 04:06 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2014-07-14 16:57 - 2014-05-31 04:03 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2014-07-14 16:57 - 2014-05-31 04:01 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-07-14 16:57 - 2014-05-31 03:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2014-07-14 16:57 - 2014-05-31 03:54 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2014-07-14 16:57 - 2014-05-31 03:48 - 03463680 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2014-07-14 16:57 - 2014-05-31 03:37 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll

2014-07-14 16:57 - 2014-05-31 03:36 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll

2014-07-14 16:57 - 2014-05-31 03:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll

2014-07-14 16:57 - 2014-05-31 03:32 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll

2014-07-14 16:34 - 2014-07-14 16:34 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe

2014-06-20 13:21 - 2014-06-20 13:21 - 00239872 _____ () C:\Users\Liz\Downloads\20 Jun 20141.jpeg

2014-06-20 13:21 - 2014-06-20 13:21 - 00239872 _____ () C:\Users\Liz\Downloads\20 Jun 20141 (1).jpeg

2014-06-20 11:22 - 2014-06-26 07:44 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys

2014-06-20 11:16 - 2014-05-09 00:06 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys

 

==================== One Month Modified Files and Folders =======

 

2014-07-20 18:50 - 2014-07-20 16:53 - 00018986 _____ () C:\Users\Liz\Desktop\FRST.txt

2014-07-20 18:49 - 2014-07-20 16:53 - 00000000 ____D () C:\FRST

2014-07-20 18:47 - 2014-04-25 11:27 - 00000000 ____D () C:\Users\Liz\AppData\Roaming\Skype

2014-07-20 18:41 - 2014-05-15 18:30 - 00035328 ___SH () C:\Users\Liz\Desktop\Thumbs.db

2014-07-20 18:25 - 2014-07-20 18:25 - 01016261 _____ (Thisisu) C:\Users\Liz\Downloads\JRT (1).exe

2014-07-20 18:24 - 2014-06-05 11:03 - 00000570 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3241689406-135872924-3266888133-1001.job

2014-07-20 18:23 - 2014-07-20 18:23 - 00000612 _____ () C:\Users\Liz\Desktop\JRT.txt

2014-07-20 18:23 - 2014-04-23 17:46 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3241689406-135872924-3266888133-1001

2014-07-20 18:14 - 2014-04-24 07:59 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-20 18:13 - 2014-07-20 18:13 - 00000000 ____D () C:\Windows\ERUNT

2014-07-20 18:12 - 2014-07-20 18:12 - 01016261 _____ (Thisisu) C:\Users\Liz\Downloads\JRT.exe

2014-07-20 18:12 - 2014-07-20 18:12 - 01016261 _____ (Thisisu) C:\Users\Liz\Desktop\JRT.exe

2014-07-20 18:10 - 2014-04-23 17:40 - 01068089 _____ () C:\Windows\WindowsUpdate.log

2014-07-20 18:03 - 2014-04-28 09:56 - 00004970 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for LIZLAPTOP-Liz lizlaptop

2014-07-20 18:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru

2014-07-20 17:55 - 2014-07-20 14:14 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-20 17:54 - 2014-04-24 08:01 - 00000000 ____D () C:\ProgramData\Internet Helper Anti-phishing

2014-07-20 17:53 - 2014-04-23 17:42 - 00000000 ____D () C:\Users\Liz\Documents\Youcam

2014-07-20 17:52 - 2014-04-24 17:46 - 00000000 __RDO () C:\Users\Liz\SkyDrive

2014-07-20 17:52 - 2014-04-24 07:59 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-07-20 17:52 - 2014-04-24 07:59 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-20 17:47 - 2013-09-12 11:53 - 00038048 _____ () C:\Windows\PFRO.log

2014-07-20 17:47 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-07-20 17:46 - 2014-07-20 17:44 - 00000000 ____D () C:\AdwCleaner

2014-07-20 17:46 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI

2014-07-20 17:43 - 2014-07-20 17:43 - 01354223 _____ () C:\Users\Liz\Desktop\AdwCleaner.exe

2014-07-20 16:55 - 2014-07-20 16:54 - 00033930 _____ () C:\Users\Liz\Desktop\Addition.txt

2014-07-20 16:50 - 2014-07-20 16:50 - 02089984 _____ (Farbar) C:\Users\Liz\Desktop\FRST64.exe

2014-07-20 16:50 - 2014-05-23 08:02 - 00064512 ___SH () C:\Users\Liz\Downloads\Thumbs.db

2014-07-20 14:48 - 2014-07-20 14:48 - 05222180 _____ (Swearware) C:\Users\Liz\Desktop\ComboFix.exe

2014-07-20 14:36 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore

2014-07-20 14:21 - 2014-07-20 14:21 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Liz\Downloads\tdsskiller.exe

2014-07-20 14:20 - 2014-04-23 17:43 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1F7E1221-623B-4882-A864-9851F48A39F8}

2014-07-20 14:13 - 2014-07-20 14:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Liz\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-20 14:13 - 2014-07-20 14:13 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-20 14:13 - 2014-07-20 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-20 14:13 - 2014-07-20 14:13 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-20 14:13 - 2014-07-20 14:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-20 13:12 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness

2014-07-20 12:42 - 2013-08-22 15:46 - 00041076 _____ () C:\Windows\setupact.log

2014-07-20 12:35 - 2014-04-24 16:25 - 00000000 ____D () C:\ProgramData\MFAData

2014-07-19 11:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache

2014-07-19 10:55 - 2014-07-19 10:55 - 00413882 _____ () C:\Users\Liz\Downloads\govsfeb2013v2.pptx

2014-07-19 10:55 - 2014-04-23 17:40 - 00000000 ____D () C:\Users\Liz\AppData\Local\Packages

2014-07-15 21:20 - 2014-07-15 21:20 - 03003511 _____ () C:\Users\Liz\Downloads\L1joiningconsonants.mp4

2014-07-15 21:20 - 2014-07-15 21:20 - 02448463 _____ () C:\Users\Liz\Downloads\L1Ex5-Specialoutlines.mp4

2014-07-15 21:12 - 2014-07-15 21:11 - 04659513 _____ () C:\Users\Liz\Downloads\L3-Easyjoiningtechniques.mp4

2014-07-15 21:11 - 2014-07-15 21:11 - 03972514 _____ () C:\Users\Liz\Downloads\L2-Groupings.mp4

2014-07-15 21:10 - 2014-07-15 21:10 - 02740148 _____ () C:\Users\Liz\Downloads\L3-BlendingF.mp4

2014-07-14 18:06 - 2013-08-22 15:44 - 00608688 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-07-14 18:02 - 2013-08-22 21:59 - 00000000 ____D () C:\Program Files\Windows Journal

2014-07-14 18:02 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData

2014-07-14 18:02 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-07-14 18:02 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-07-14 17:50 - 2014-06-05 11:03 - 00003568 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3241689406-135872924-3266888133-1001

2014-07-14 17:24 - 2014-04-25 11:08 - 00000000 ____D () C:\Windows\system32\MRT

2014-07-14 17:24 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp

2014-07-14 17:22 - 2014-04-25 11:08 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-07-14 17:22 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM

2014-07-14 17:21 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\en-GB

2014-07-14 17:18 - 2014-07-14 17:18 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-07-14 16:40 - 2014-04-24 10:30 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2014-07-14 16:34 - 2014-07-14 16:34 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe

2014-07-14 16:28 - 2014-04-24 16:39 - 00000985 _____ () C:\Users\Public\Desktop\AVG 2014.lnk

2014-07-14 16:28 - 2014-04-24 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2014-07-02 19:35 - 2014-04-25 11:27 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-07-02 19:35 - 2014-04-25 11:27 - 00000000 ____D () C:\ProgramData\Skype

2014-07-02 12:20 - 2014-05-09 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection

2014-06-30 23:45 - 2014-07-14 16:57 - 00688128 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-06-30 10:09 - 2014-04-24 07:59 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-06-30 10:09 - 2014-04-24 07:59 - 00003648 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-06-28 08:48 - 2014-07-14 16:57 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-06-28 08:07 - 2014-07-14 16:57 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-06-26 21:55 - 2014-05-15 08:02 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-06-26 21:55 - 2014-05-15 08:02 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-06-26 07:47 - 2013-09-12 12:40 - 00757056 _____ () C:\Windows\system32\perfh00E.dat

2014-06-26 07:47 - 2013-09-12 12:40 - 00182410 _____ () C:\Windows\system32\perfc00E.dat

2014-06-26 07:47 - 2013-09-12 12:35 - 00440860 _____ () C:\Windows\system32\perfh00B.dat

2014-06-26 07:47 - 2013-09-12 12:35 - 00086210 _____ () C:\Windows\system32\perfc00B.dat

2014-06-26 07:47 - 2013-09-12 12:00 - 02293384 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-06-26 07:44 - 2014-06-20 11:22 - 00050464 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys

2014-06-23 12:15 - 2014-05-09 14:13 - 00358616 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys

2014-06-23 12:15 - 2014-05-09 14:13 - 00288440 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportHades64.sys

2014-06-20 14:01 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel

2014-06-20 14:01 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\system32\oobe

2014-06-20 13:21 - 2014-06-20 13:21 - 00239872 _____ () C:\Users\Liz\Downloads\20 Jun 20141.jpeg

2014-06-20 13:21 - 2014-06-20 13:21 - 00239872 _____ () C:\Users\Liz\Downloads\20 Jun 20141 (1).jpeg

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-07-19 10:47

 

==================== End Of Log ============================

 

now for ESET
Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=0

# product=EOS

# version=8

# IEXPLORE.EXE=11.00.9600.16384 (winblue_rtm.130821-1623)

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=18e04c75f55e65448126445323534343

# engine=0

# end=stopped

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-07-20 06:05:43

# local_time=2014-07-20 07:05:43 (+0000, GMT Summer Time)

# country="United Kingdom"

# lang=1033

# osver=6.3.9600 NT 

# compatibility_mode_1='AVG AntiVirus Free Edition 2014'

# compatibility_mode=1051 16777213 100 100 23437 93009927 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 100 94 5654289 10263064 0 0

# scanned=0

# found=0

# cleaned=0

# scan_time=15

# product=EOS

# version=8

# IEXPLORE.EXE=11.00.9600.16384 (winblue_rtm.130821-1623)

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=18e04c75f55e65448126445323534343

# engine=19265

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2014-07-20 08:00:10

# local_time=2014-07-20 09:00:10 (+0000, GMT Summer Time)

# country="United Kingdom"

# lang=1033

# osver=6.3.9600 NT 

# compatibility_mode_1='AVG AntiVirus Free Edition 2014'

# compatibility_mode=1051 16777213 100 100 30304 93016794 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 100 94 5661156 10269931 0 0

# scanned=261667

# found=5

# cleaned=0

# scan_time=5802

sh=19030FA4598FC2FEC25ED5E8E53DE570588B4639 ft=1 fh=2b1981409da2edb8 vn="a variant of MSIL/AdvancedSystemProtector.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Activeris AntiMalware\ActiverisAntiMalware.exe.vir"

sh=2B37D6209E64E4528A7051F31361CFFFABA2CCAC ft=1 fh=c85c188bc384ebae vn="a variant of MSIL/AdvancedSystemProtector.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Liz\AppData\Local\Temp\air8857.exe.xBAD"

sh=2B37D6209E64E4528A7051F31361CFFFABA2CCAC ft=1 fh=c85c188bc384ebae vn="a variant of MSIL/AdvancedSystemProtector.A potentially unwanted application" ac=I fn="C:\Users\Liz\AppData\Local\Microsoft\Windows\INetCache\IE\FT09SSMD\Installer_socialads[1].exe"

sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R potentially unwanted application" ac=I fn="C:\Users\Liz\AppData\Local\Microsoft\Windows\INetCache\IE\FT09SSMD\sp-downloaderB[1].exe"

sh=FEC19241949864DE766A2D193BC81E3366E379E4 ft=1 fh=ac6e9bcd558de938 vn="Win32/Conduit.SearchProtect.Q potentially unwanted application" ac=I fn="C:\Users\Liz\AppData\Local\Microsoft\Windows\INetCache\IE\WB4PFT5F\SPSetup[1].exe"

 

 

I  will be back online tomorrow for further instructions - thank you again for all of your help.
Link to post
Share on other sites

It seems ok -I had to redownload the citrix receiver so that I could get in to my work platform - fingers crossed it will be ok.

 

My son's computer seems to have the same issue - should I post a separate thread for that one so that we can see what it going on? He is a teenager who is constantly playing games etc., so I dread to think what may be on his computer.... he tries to delete his history so I can't see what he has been up to!!  He has loads of pop ups and when I ran the malware scan on his yesterday he had those PUP items too! 

Link to post
Share on other sites

  • Please download the attached fixlist.txt file and save it to the same location as FRST
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
We can look at your son's computer after you have done this FRST Fix.

fixlist.txt

Link to post
Share on other sites

post too long so have attached txt file

 

 

I have noticed this morning that the same problem was happening - when trying to load a new webpage I had partner18.mydomainadvisor in the bottom left where it usually says "connecting to...." but that was before I ran the above process.

 

I am losing internet connection an awful lot too - don't know if that is part of it?

 


Fixlog.txt

Link to post
Share on other sites

Let's take a look at it with a "harder" tool.

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

Please download Combofix from one of the following locations:

Download Mirror #1

Download Mirror #2

Download Mirror #3

Note: You must save this directly to your Desktop.

  • Save any open documents, then close any open programs.
  • Disable all anti-virus and anti-malware software to prevent them inhibiting Combofix in any way. If you are unsure how to do this, see THIS
  • Double-click on combofix.exe then follow the on screen prompts
  • When Combofix finishes, it will open the log. Please Copy (Ctrl + C) and Paste (Ctrl + V) all of this text into your next post.
If, for whatever reason, the log does not open, it can be found in this location: C:\combofix.txt
Link to post
Share on other sites

Sorry :S I have the feeling that FRST overlooks some entries, so I'm using OTL now.

Please download OTL (by OldTimer) (if you haven't already) from the link below and save it to your Desktop.

Download Mirror #1

  • Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the customFix.png.pagespeed.ce.jU5V4w6MU1.pn box in OTL. To do that:
    • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

    netsvcs

    BASESERVICES

    %SYSTEMDRIVE%\*.exe

    /md5start

    services.*

    explorer.exe

    winlogon.exe

    Userinit.exe

    svchost.exe

    qmgr.dll

    mpsvc.dll

    winsock.*

    rpcss.dll

    /md5stop

    dir "%systemdrive%\*" /S /A:L /C

    CREATERESTOREPOINT

  • Open otlicon.png on the desktop. To do that:
    • XP users: Double click on the OTL icon.
    • Vista / 7 Users: Right click on the icon and click Run as Administrator)
  • Make sure all other windows are closed.
    • You will see a console like the one below:

      OTL_Main_Tutorial.gif

      • Click the box beside Scan All Users at the top of the console
      • If you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
      • Make sure the Output box at the top is set to Standard Output.
      • Check the boxes beside LOP Check and Purity Check.
      • Make sure that Use Safe List is checked under Extra Registry.
      • Place the mouse pointer inside the customFix.png.pagespeed.ce.jU5V4w6MU1.pn box, right click and click Paste. This will put the above script inside OTL
      • Click the runscanbutton.png.pagespeed.ce.KPQ_c3iHh button. Do not change any settings unless otherwise told to do so.
      • Let the scan run uninterrupted.
      • When the scan completes, it will open OTL.Txt on the desktop.
      • Please copy the contents of these files and paste it into your reply. To do that:
        • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
        • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
      • Please do the same for the Extras.txt
Link to post
Share on other sites

  • Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:

    :Commands[CREATERESTOREPOINT]:OTLIE - HKU\S-1-5-21-3241689406-135872924-3266888133-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1O4 - HKLM..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" File not foundO4 - HKU\.DEFAULT..\Run: [AppLauncher] C:\Program Files (x86)\Ashampoo\Ashampoo AppLauncher\AppLauncher.exe File not foundO4 - HKU\S-1-5-18..\Run: [AppLauncher] C:\Program Files (x86)\Ashampoo\Ashampoo AppLauncher\AppLauncher.exe File not foundO9:[b]64bit:[/b] - Extra Button: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-154513-44482-14/4 File not foundO9:[b]64bit:[/b] - Extra 'Tools' menuitem : eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-154513-44482-14/4 File not foundO13[b]64bit:[/b] - gopher Prefix: missingO13 - gopher Prefix: missingO18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Filter\application/x-ica - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value foundO18:[b]64bit:[/b] - Protocol\Filter\ica - No CLSID value foundO21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.[2013/10/01 13:23:38 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl@Alternate Data Stream - 220 bytes -> C:\Users\Liz\SkyDrive:ms-properties@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720:Commands[EMPTYTEMP]
  • Click the Run Fix button.
  • After your computer has rebooted, run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.
Link to post
Share on other sites

Hi there - thank you for still helping and being so quick with your responses.... here's the log

 

OTL logfile created on: 21/07/2014 18:39:32 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Liz\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.91 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 50.95% Memory free
5.35 Gb Paging File | 3.36 Gb Available in Paging File | 62.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 404.05 Gb Total Space | 349.80 Gb Free Space | 86.57% Space Free | Partition Type: NTFS
Drive D: | 59.99 Gb Total Space | 43.66 Gb Free Space | 72.77% Space Free | Partition Type: NTFS
 
Computer Name: LIZLAPTOP | User Name: Liz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/21 16:23:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Liz\Desktop\OTL.exe
PRC - [2014/07/15 10:24:50 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/06/27 15:20:18 | 003,241,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2014/06/23 12:15:28 | 002,640,152 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2014/06/23 12:15:28 | 001,886,488 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2014/06/17 16:18:02 | 005,179,408 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2014/06/17 16:11:46 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2014/06/03 09:38:32 | 000,449,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
PRC - [2014/05/28 09:37:43 | 000,195,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
PRC - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2013/10/01 19:09:06 | 000,928,136 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2013/10/01 19:08:24 | 000,153,992 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
PRC - [2013/10/01 19:08:04 | 000,395,656 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2013/10/01 15:29:04 | 001,505,608 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
PRC - [2013/09/18 02:42:05 | 000,267,224 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
PRC - [2013/09/03 20:38:46 | 000,647,168 | ---- | M] () -- C:\Program Files (x86)\FWdriver_v\POSHX.exe
PRC - [2013/08/09 13:53:42 | 000,054,152 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
PRC - [2013/08/08 13:25:18 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2013/08/08 13:25:16 | 000,131,544 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2013/08/08 13:25:12 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
PRC - [2013/08/07 14:24:00 | 000,015,720 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2013/08/05 08:49:42 | 000,111,576 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2013/07/04 16:07:26 | 001,157,496 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2013/06/25 09:12:32 | 001,132,920 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2013/05/14 19:18:02 | 000,235,072 | ---- | M] (Internet Helper) -- C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishing.exe
PRC - [2013/03/11 11:35:46 | 000,316,376 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
PRC - [2013/03/11 11:35:36 | 000,074,712 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
PRC - [2013/03/11 11:13:00 | 000,095,192 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2012/12/26 10:36:24 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\FWdriver_v\POSHXMain.exe
PRC - [2012/07/30 10:48:16 | 001,518,504 | ---- | M] () -- C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/07/15 10:24:48 | 000,353,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppgooglenaclpluginchrome.dll
MOD - [2014/07/15 10:24:44 | 008,537,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
MOD - [2014/07/15 10:24:38 | 000,718,664 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
MOD - [2014/07/15 10:24:36 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
MOD - [2014/07/15 10:24:35 | 001,732,936 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
MOD - [2014/07/02 12:20:49 | 001,404,120 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2014/06/20 11:24:50 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll
MOD - [2014/04/30 13:34:48 | 007,802,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\77bc1a994f64193efc124c297b93fdb7\System.Xml.ni.dll
MOD - [2014/04/30 13:34:37 | 012,856,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\635558b506364815e8348217e86fdf99\System.Windows.Forms.ni.dll
MOD - [2014/04/30 13:34:23 | 019,566,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\4c3126aec3364546e4ade89c24c4e742\System.ServiceModel.ni.dll
MOD - [2014/04/30 13:33:53 | 002,804,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\183eaaded316165bfbd32a991e4e8c8a\System.Runtime.Serialization.ni.dll
MOD - [2014/04/30 13:33:45 | 001,635,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ddb52221ad0200b7c2e0a308e47d5c7c\System.Drawing.ni.dll
MOD - [2014/04/30 13:33:35 | 000,968,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c5bf2f5c3e13726b3984a900221e1778\System.Configuration.ni.dll
MOD - [2014/04/30 13:32:45 | 006,951,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\c1194e56644c7688e7eb0f68a57dcc30\System.Core.ni.dll
MOD - [2014/04/30 13:32:36 | 010,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\c24d08cc4e93fc4f6f15a637b00a2721\System.ni.dll
MOD - [2014/03/23 17:04:20 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2014/01/27 12:52:41 | 017,395,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c90ef9a73ea0044641d31b19023aad61\mscorlib.ni.dll
MOD - [2013/08/05 15:48:08 | 000,016,856 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2013/08/05 08:49:47 | 000,627,672 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/06/19 03:56:34 | 002,356,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/06/15 15:55:58 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/04/06 12:20:36 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/04/03 03:51:48 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/03/24 03:31:14 | 000,347,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/03/24 03:31:14 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/03/14 07:26:25 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/03/08 06:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/03/06 08:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/02/22 16:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/02/22 10:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/02/22 10:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/02/22 10:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/02/22 10:25:14 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/02/22 10:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/12/10 08:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/11/23 05:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/08/22 13:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 12:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 12:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 12:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 12:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 12:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 11:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 11:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 10:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 10:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 10:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 10:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 10:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 10:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 10:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 10:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013/08/07 14:24:00 | 000,015,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV:64bit: - [2013/07/29 14:37:48 | 003,668,208 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2013/07/29 14:37:26 | 000,284,912 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2013/07/29 14:37:10 | 000,631,024 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2013/07/29 14:36:38 | 000,154,864 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2013/05/11 17:45:54 | 000,822,232 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013/05/11 17:45:38 | 000,733,696 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2014/06/27 15:20:18 | 003,241,488 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/06/23 12:15:28 | 001,886,488 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2014/06/17 16:11:46 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014/03/14 07:10:16 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/20 20:47:54 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/08/22 13:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/22 04:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/22 03:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/08/08 13:25:18 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/08/08 13:25:16 | 000,131,544 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2013/08/08 13:25:12 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2013/07/04 16:07:26 | 001,157,496 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2013/07/01 11:43:24 | 000,157,128 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe -- (Intel®
SRV - [2013/06/25 09:12:32 | 001,132,920 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2013/03/11 11:35:46 | 000,316,376 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 10 MS Service)
SRV - [2013/03/11 11:35:36 | 000,074,712 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 10 MS Monitor Service)
SRV - [2012/12/26 10:36:24 | 000,114,688 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\FWdriver_v\POSHXMain.exe -- (POSHXService)
SRV - [2012/08/02 11:56:54 | 001,095,824 | ---- | M] (Corel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe -- (RoxMediaDBGame1X)
SRV - [2012/07/30 10:48:16 | 001,518,504 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe -- (AHDDC2)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/06/26 07:44:00 | 000,050,464 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2014/06/23 12:15:40 | 000,288,440 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportHades64.sys -- (RapportHades64)
DRV:64bit: - [2014/06/23 12:15:38 | 000,358,616 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2014/06/17 16:21:34 | 000,235,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014/06/17 16:07:12 | 000,328,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014/06/17 16:06:24 | 000,190,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014/06/17 16:06:22 | 000,242,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014/06/17 16:06:22 | 000,153,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014/06/17 16:06:20 | 000,123,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014/06/17 16:06:06 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2014/05/14 21:09:08 | 000,274,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgwfpa.sys -- (Avgwfpa)
DRV:64bit: - [2014/05/01 14:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/04/01 07:23:41 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/03/24 03:30:57 | 000,257,880 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/03/24 03:30:57 | 000,123,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/03/24 03:27:03 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/03/20 04:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/03/13 13:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/03/08 21:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/03/08 21:35:45 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/02/22 17:00:25 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/02/22 16:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/02/22 16:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/02/22 16:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/02/22 16:49:47 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/02/22 16:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/02/22 13:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013/12/04 19:41:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013/11/11 03:48:41 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013/11/01 12:39:53 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/10/26 02:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/10/05 16:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/09/25 22:52:42 | 003,589,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwbw02.sys -- (NETwNb64)
DRV:64bit: - [2013/09/24 07:10:34 | 000,097,768 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2013/09/16 17:21:52 | 000,449,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/09/16 17:17:28 | 004,177,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/09/14 15:06:57 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/09/04 16:35:06 | 000,020,496 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\avgboota.sys -- (Avgboota)
DRV:64bit: - [2013/09/04 15:49:28 | 000,030,512 | ---- | M] (Elitegroup Computer System) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AirplaneModeHID.sys -- (AirplaneModeHID)
DRV:64bit: - [2013/08/27 14:13:22 | 000,264,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2013/08/22 23:51:12 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013/08/22 23:51:12 | 000,026,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013/08/22 21:59:40 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/08/22 21:59:34 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/08/22 21:59:34 | 000,009,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
DRV:64bit: - [2013/08/22 14:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 14:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 13:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 13:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 13:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 13:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 13:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 13:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 13:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 13:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 13:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 13:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 13:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 13:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 13:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 13:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 13:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 13:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 13:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 13:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 13:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 13:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 13:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 13:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 13:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 13:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 13:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 13:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 13:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 12:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2013/08/22 12:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 12:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 12:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 12:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 12:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 12:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 12:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 12:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 12:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 12:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 12:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 12:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 12:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 12:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 12:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 12:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 12:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 12:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 12:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 12:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 12:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 12:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 09:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/15 14:28:42 | 000,830,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/08/13 00:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/10 01:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/08/08 13:25:14 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013/08/07 14:23:46 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/08/01 19:57:42 | 000,524,016 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/08/01 19:57:42 | 000,034,544 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/08/01 19:57:40 | 000,030,448 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2013/07/31 19:25:45 | 001,975,000 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTWlanU.sys -- (RtlWlanu)
DRV:64bit: - [2013/07/30 19:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/29 04:01:36 | 000,165,344 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2013/07/25 20:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/07/01 11:43:30 | 000,114,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibtusb.sys -- (ibtusb)
DRV:64bit: - [2013/06/27 00:27:30 | 001,385,784 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2013/06/18 15:45:43 | 004,649,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwew02.sys -- (NETwNe64)
DRV:64bit: - [2013/04/23 15:50:24 | 000,132,920 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2013/03/05 12:01:42 | 000,091,712 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2013/03/05 07:22:20 | 000,041,408 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2012/08/02 11:18:08 | 000,101,632 | ---- | M] (UT) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uth5x64.sys -- (H5xUSB)
DRV:64bit: - [2012/07/10 03:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2014/07/02 12:20:48 | 000,631,128 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69108.sys -- (RapportCerberus_69108)
DRV - [2014/06/23 12:15:38 | 000,414,296 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2014/06/23 12:15:38 | 000,299,736 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\..\SearchScopes\{638B3B11-1664-4F33-AF74-0BC81EDEBCCF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Liz\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
 
 
 
========== Chrome  ==========
 
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_1\
CHR - Extension: Google Drive = C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Google Wallet = C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\Liz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2013/08/22 14:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll (Microsoft Corporation)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [POSHX] C:\Program Files (x86)\FWdriver_v\POSHX.exe ()
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [internet Helper Anti-phishing] C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishing.exe (Internet Helper)
O4 - HKLM..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
O4 - HKLM..\Run: [Redirector] C:\Program Files (x86)\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [YouCam Service] C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Liz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-154513-44482-14/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-154513-44482-14/4 File not found
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E8A1B37-EAC4-4C2D-8069-140587060826}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/21 18:30:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/07/21 16:23:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Liz\Desktop\OTL.exe
[2014/07/21 07:52:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Citrix
[2014/07/21 07:50:14 | 000,000,000 | ---D | C] -- C:\Users\Liz\AppData\Roaming\Download Manager
[2014/07/20 19:02:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/07/20 18:58:25 | 000,000,000 | -HSD | C] -- C:\Users\Liz\AppData\Local\EmieUserList
[2014/07/20 18:58:25 | 000,000,000 | -HSD | C] -- C:\Users\Liz\AppData\Local\EmieSiteList
[2014/07/20 18:13:34 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/07/20 18:12:37 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Liz\Desktop\JRT.exe
[2014/07/20 17:45:10 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/07/20 17:44:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/07/20 16:53:16 | 000,000,000 | ---D | C] -- C:\FRST
[2014/07/20 16:50:08 | 002,089,984 | ---- | C] (Farbar) -- C:\Users\Liz\Desktop\FRST64.exe
[2014/07/20 14:48:01 | 005,222,180 | ---- | C] (Swearware) -- C:\Users\Liz\Desktop\ComboFix.exe
[2014/07/20 14:14:12 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/20 14:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/07/20 14:13:51 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/07/20 14:13:51 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/07/20 14:13:51 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/07/20 14:13:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/07/20 14:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/07/14 17:18:53 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/07/02 19:35:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/21 18:39:16 | 000,000,000 | -H-- | M] () -- C:\ProgramData\DP45977C.lfl
[2014/07/21 18:38:22 | 000,002,207 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/07/21 18:38:20 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/21 18:35:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/21 18:33:34 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/07/21 18:33:32 | 3358,818,304 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/21 17:24:00 | 000,000,570 | ---- | M] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-3241689406-135872924-3266888133-1001.job
[2014/07/21 17:14:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/21 16:23:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Liz\Desktop\OTL.exe
[2014/07/20 18:41:20 | 000,000,203 | ---- | M] () -- C:\Users\Liz\Desktop\txt.gif
[2014/07/20 18:12:26 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Liz\Desktop\JRT.exe
[2014/07/20 17:55:17 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/20 17:43:25 | 001,354,223 | ---- | M] () -- C:\Users\Liz\Desktop\AdwCleaner.exe
[2014/07/20 16:50:16 | 002,089,984 | ---- | M] (Farbar) -- C:\Users\Liz\Desktop\FRST64.exe
[2014/07/20 14:48:08 | 005,222,180 | ---- | M] (Swearware) -- C:\Users\Liz\Desktop\ComboFix.exe
[2014/07/20 14:13:56 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/14 18:06:29 | 000,608,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/07/14 16:28:55 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/06/26 07:47:30 | 002,293,384 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/26 07:47:30 | 000,757,056 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2014/06/26 07:47:30 | 000,736,970 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/26 07:47:30 | 000,440,860 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat
[2014/06/26 07:47:30 | 000,182,410 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2014/06/26 07:47:30 | 000,140,352 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/26 07:47:30 | 000,086,210 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat
[2014/06/26 07:44:00 | 000,050,464 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2014/06/23 12:15:40 | 000,288,440 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportHades64.sys
[2014/06/23 12:15:38 | 000,358,616 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
 
========== Files Created - No Company Name ==========
 
[2014/07/21 18:39:16 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014/07/20 18:41:20 | 000,000,203 | ---- | C] () -- C:\Users\Liz\Desktop\txt.gif
[2014/07/20 17:43:19 | 001,354,223 | ---- | C] () -- C:\Users\Liz\Desktop\AdwCleaner.exe
[2014/07/20 14:13:56 | 000,001,118 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/02 16:53:37 | 000,000,110 | ---- | C] () -- C:\Windows\wininit.ini
[2014/04/30 10:13:41 | 000,002,255 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini
[2014/04/25 10:24:05 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/10/01 13:00:36 | 012,497,646 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/09/16 17:17:04 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2013/09/16 17:16:52 | 000,180,736 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/09/16 17:16:48 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013/08/22 16:36:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2013/08/22 16:36:42 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2013/08/22 15:46:23 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2013/08/22 08:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2013/08/22 04:32:36 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2013/08/22 00:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013/08/22 00:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2013/05/11 17:17:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2014/04/24 08:25:44 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/04/06 17:31:39 | 021,268,952 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/04/06 16:22:20 | 018,755,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 10:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 03:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 10:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/04/24 16:39:23 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\AVG2014
[2014/04/24 08:10:47 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\ICAClient
[2014/04/24 16:39:03 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\TuneUp Software
[2014/05/02 17:07:35 | 000,000,000 | ---D | M] -- C:\Users\Liz\AppData\Roaming\Ulead Systems
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 237 bytes -> C:\Users\Liz\SkyDrive:ms-properties
 
< End of report >
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.