flyclick.biz running 4 hidden iexplore.exe images in task manager

tlivingd · July 21, 2014

Hello, normally I'm pretty good at cleaning malware if it happens. My wifes computer has recently caught something nasty and I'm looking for help.
I first noticed multiple instances of iexplore.exe that made me wonder what it was from as we don't use internet explorer.

I found this closed link to start the process for help as it sounds like what could be going on.

Thanks for your help

-nate

MBAR log first attempt and scan with MBAR.

*******************************************************************************************************************

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/20/2014
Scan Time: 6:19:00 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.20.06
Rootkit Database: v2014.07.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Hank

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 319035
Time Elapsed: 35 min, 5 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (146.0.75.221 www.google-analytics.com.), Removal Failed,[477fd6cbbebd5fd7efdccb0f867e24dc]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (146.0.75.221 google-analytics.com.), Removal Failed,[9630a6fbabd0ad89b7143d9d877d17e9]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (146.0.75.221 connect.facebook.net.), Removal Failed,[e7df4d54ff7c999d13b8e7f318ec03fd]

Physical Sectors: 0
(No malicious items detected)

(end)

************************************************************************************************************

I ran a second time after using Rkill and I did clean the Hosts file and rebooted.

Rkill log

Rkill 2.6.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/20/2014 09:24:45 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\Hank\AppData\Local\Temp\20140717\ctfmon.exe (PID: 2396) [sFI]
* C:\Users\Hank\AppData\Local\Temp\20140717\ctfmon.exe (PID: 2396) [uP-HEUR]
* C:\Users\Hank\AppData\Local\Temp\20140717\ctfmon.exe (PID: 2396) [T-HEUR]
* C:\Windows\system32\DRIVERS\o2flash.exe (PID: 2476) [WD-HEUR]

4 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 07/20/2014 09:29:13 PM
Execution time: 0 hours(s), 4 minute(s), and 28 seconds(s)

***********************************************************************************************************

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/20/2014
Scan Time: 9:34:33 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.20.07
Rootkit Database: v2014.07.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Hank

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 320789
Time Elapsed: 28 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

******************************************************************************************

and RogueKiller log.

RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Hank [Admin rights]
Mode : Scan -- Date : 07/20/2014 22:37:22

¤¤¤ Bad processes : 2 ¤¤¤
[suspicious.Path] GoogleCrashHandler.exe -- C:\Users\Hank\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe[7] -> KILLED [TermProc]
[suspicious.Path] rundll32.exe -- C:\Users\Hank\AppData\Local\YckPack\icudt46.dll[-] -> UNLOADED

¤¤¤ Registry Entries : 17 ¤¤¤
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-368655912-4061742381-3321887495-1003\Software\Microsoft\Windows\CurrentVersion\Run | YckPack : regsvr32.exe C:\Users\Hank\AppData\Local\YckPack\icudt46.dll -> FOUND
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-368655912-4061742381-3321887495-1003\Software\Microsoft\Windows\CurrentVersion\Run | YckPack : regsvr32.exe C:\Users\Hank\AppData\Local\YckPack\icudt46.dll -> FOUND
[Hj.Name|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Network File Service -> FOUND
[Hj.Name|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Network File Service -> FOUND
[Hj.Name|Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Network File Service -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 75.104.96.61 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 75.104.96.61 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 75.104.96.61 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{14DDE61E-6F36-49C4-809B-29C488338F4F} | DhcpNameServer : 75.104.96.61 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{14DDE61E-6F36-49C4-809B-29C488338F4F} | DhcpNameServer : 75.104.96.61 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{14DDE61E-6F36-49C4-809B-29C488338F4F} | DhcpNameServer : 75.104.96.61 -> FOUND
[PUM.Desktop] (X64) HKEY_USERS\S-1-5-21-368655912-4061742381-3321887495-1003\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND
[PUM.Desktop] (X86) HKEY_USERS\S-1-5-21-368655912-4061742381-3321887495-1003\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop | NoChangingWallpaper : 0 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD1600BEVT-22ZCT0 +++++
--- User ---
[MBR] e4203a22cdb7c30c682caa06aa49790a
[bSP] ff0a85fc4ccc55d248bc345dfe6f58d4 : Acer MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 24578048 | Size: 100 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 24782848 | Size: 140525 MB
User = LL1 ... OK
User = LL2 ... OK

deeprybka · July 21, 2014

Hi & :welcome:

My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :excl:

My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Step 1

Please run a FRST scan. This will help us diagnose your problem.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

Start FRST with administator privileges.
Make sure the option Addition.txt is checked and press the Scan button.
When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
Please copy and paste these logs in your next reply.

tlivingd · July 22, 2014

Hello Jürgen, Thank you for your help. It is very much appriciated.

******************************************************************************************************************8

FRST readout.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by Hankins (administrator) on HANKINS-PC on 21-07-2014 20:18:13
Running from C:\Users\Hankins\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Flux Software LLC) C:\Users\Hankins\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Google Inc.) C:\Users\Hankins\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Synaptics, Inc.) C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Users\Hankins\Desktop\RogueKillerX64.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-05] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-368655912-4061742381-3321887495-1003\...\Run: [spybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-368655912-4061742381-3321887495-1003\...\Run: [f.lux] => C:\Users\Hankins\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-368655912-4061742381-3321887495-1003\...\Run: [Google Update] => C:\Users\Hankins\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-03] (Google Inc.)
HKU\S-1-5-21-368655912-4061742381-3321887495-1003\...\Run: [Nvdiai] => wscript.exe "C:\Microsoft\lib\inc\xx.js"
HKU\S-1-5-21-368655912-4061742381-3321887495-1003\...\Run: [YckPack] => regsvr32.exe C:\Users\Hankins\AppData\Local\YckPack\icudt46.dll <===== ATTENTION
HKU\S-1-5-21-368655912-4061742381-3321887495-1003\...\MountPoints2: {41ec79ab-44bf-11e3-82df-00262d57407f} - E:\LaunchU3.exe -a
HKU\S-1-5-21-368655912-4061742381-3321887495-1003\...\MountPoints2: {7c3b5c23-cdf5-11e0-84e7-00262d57407f} - E:\iStudio.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.104.96.61
Tcpip\..\Interfaces\{14DDE61E-6F36-49C4-809B-29C488338F4F}: [NameServer]8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{EA8B154C-3C44-4055-BCF5-FC9E2CFFADF5}: [NameServer]8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Hankins\AppData\Roaming\Mozilla\Firefox\Profiles\hcssiixz.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8064.0206 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Hankins\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Hankins\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Hankins\AppData\Roaming\Mozilla\Firefox\Profiles\hcssiixz.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: CostMin - C:\Users\Hankins\AppData\Roaming\Mozilla\Firefox\Profiles\hcssiixz.default\Extensions\ighiiiao@yo-.com [2014-07-20]
FF Extension: Microsoft.AnalysisServices.FiscalYearName - C:\Users\Hankins\AppData\Roaming\Mozilla\Firefox\Profiles\hcssiixz.default\Extensions\{AF4694CF-A51B-5773-F208-09D24BE4192D} [2014-07-17]
FF Extension: Adblock Plus - C:\Users\Hankins\AppData\Roaming\Mozilla\Firefox\Profiles\hcssiixz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-22]
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-05-25]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-25]

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hankins\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-06]
CHR Extension: (Adblock Plus) - C:\Users\Hankins\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-07-20]
CHR Extension: (Google Wallet) - C:\Users\Hankins\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR StartMenuInternet: Google Chrome - C:\Users\Hankins\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2009-08-11] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S2 Network File Service; C:\Users\Hankins\AppData\Local\Temp\20140717\ctfmon.exe [697344 2014-07-13] (Microsoft Corporation) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2007-02-12] (O2Micro International) [File not signed]
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [File not signed]
R2 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-27] (Synaptics, Inc.)

==================== Drivers (Whitelisted) ====================

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 O2MDRDR; C:\Windows\system32\DRIVERS\o2mdx64.sys [63264 2009-05-07] (O2Micro )
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30312 2014-07-20] ()

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-21 20:18 - 2014-07-21 20:19 - 00015179 _____ () C:\Users\Hankins\Desktop\FRST.txt
2014-07-21 20:17 - 2014-07-21 20:18 - 00000000 ____D () C:\FRST
2014-07-21 20:16 - 2014-07-21 20:16 - 02090496 _____ (Farbar) C:\Users\Hankins\Desktop\FRST64.exe
2014-07-21 16:37 - 2014-07-21 16:37 - 00000000 ____D () C:\Users\Hankins\AppData\Local\CrashDumps
2014-07-20 22:12 - 2014-07-20 22:12 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-20 22:12 - 2014-07-20 22:12 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-20 21:31 - 2014-07-20 21:31 - 00000000 ____D () C:\Windows\ERDNT
2014-07-20 21:24 - 2014-07-20 21:24 - 00000888 _____ () C:\Users\Hankins\Desktop\NTREGOPT.lnk
2014-07-20 21:24 - 2014-07-20 21:24 - 00000869 _____ () C:\Users\Hankins\Desktop\ERUNT.lnk
2014-07-20 21:24 - 2014-07-20 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-20 21:24 - 2014-07-20 21:24 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-07-20 21:22 - 2014-07-20 21:22 - 00791393 _____ (Lars Hederer ) C:\Users\Hankins\Desktop\erunt-setup.exe
2014-07-20 21:20 - 2014-07-20 21:21 - 00000000 ____D () C:\Users\Hankins\Desktop\flyclick biz problem
2014-07-20 21:07 - 2014-07-20 21:07 - 04770904 _____ () C:\Users\Hankins\Desktop\RogueKiller.exe
2014-07-20 21:04 - 2014-07-20 21:48 - 05336664 _____ () C:\Users\Hankins\Desktop\RogueKillerX64.exe
2014-07-20 20:59 - 2014-07-20 21:29 - 00002630 _____ () C:\Users\Hankins\Desktop\Rkill.txt
2014-07-20 20:59 - 2014-07-20 20:58 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Hankins\Desktop\rkill.exe
2014-07-20 20:56 - 2014-07-20 20:58 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Hankins\Downloads\iExplore.exe
2014-07-20 19:22 - 2014-07-20 23:31 - 00000000 ____D () C:\Program Files (x86)\msrtn32
2014-07-20 17:27 - 2014-07-21 16:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-20 17:27 - 2014-07-20 17:27 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-20 17:27 - 2014-07-20 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-20 17:26 - 2014-07-20 17:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 17:26 - 2014-07-20 17:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-20 17:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-20 17:26 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-20 17:26 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-20 17:22 - 2014-07-20 17:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hankins\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-20 17:01 - 2014-07-20 17:01 - 00000000 __SHD () C:\found.002
2014-07-20 16:40 - 2014-07-20 16:40 - 00000000 ____D () C:\Program Files (x86)\predm
2014-07-20 16:24 - 2014-07-20 16:24 - 00000318 _____ () C:\Users\Hankins\AppData\Roaming\aps.uninstall.scan.results
2014-07-18 11:00 - 2014-07-18 11:01 - 00027888 _____ () C:\Users\Hankins\Downloads\afr.php
2014-07-18 10:51 - 2014-07-18 10:52 - 01385112 _____ () C:\Users\Hankins\Downloads\Setup.exe
2014-07-18 10:45 - 2014-07-20 16:30 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-18 10:45 - 2014-07-18 10:45 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-07-18 10:42 - 2014-07-20 16:22 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-07-18 10:42 - 2014-07-20 16:22 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-07-18 10:40 - 2014-07-18 11:02 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-07-18 10:40 - 2014-07-18 10:42 - 00002832 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-07-18 10:40 - 2014-07-18 10:42 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-07-18 10:40 - 2014-07-18 10:42 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-07-18 10:33 - 2014-07-16 15:41 - 00573339 _____ (ClickMeIn Limited) C:\Users\Hankins\AppData\Local\AnyProtectScannerSetup.exe
2014-07-18 09:56 - 2014-07-18 09:58 - 00949504 _____ () C:\Users\Hankins\Downloads\java_installer (2).exe
2014-07-17 09:09 - 2014-07-17 09:09 - 00000012 _____ () C:\Windows\sruna.log
2014-07-17 08:54 - 2014-07-20 17:03 - 00000000 ____D () C:\Program Files (x86)\Fralimbo
2014-07-17 08:54 - 2014-07-20 16:50 - 00000866 _____ () C:\Windows\SysWOW64\InstallUtil.InstallLog
2014-07-17 08:53 - 2014-07-17 08:54 - 00000000 ____D () C:\Users\Hankins\AppData\Local\YckPack
2014-07-17 08:50 - 2014-07-17 08:50 - 00000000 __SHD () C:\Users\Hankins\AppData\Local\EmieUserList
2014-07-17 08:50 - 2014-07-17 08:50 - 00000000 __SHD () C:\Users\Hankins\AppData\Local\EmieSiteList
2014-07-17 08:48 - 2014-07-17 08:48 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-07-17 08:47 - 2014-07-20 16:32 - 00000000 ____D () C:\ProgramData\3d61b4e9f33e868d
2014-07-17 08:47 - 2014-07-17 08:47 - 00000000 ____D () C:\Users\Hankins\AppData\Local\Packages
2014-07-17 08:47 - 2014-07-17 08:47 - 00000000 ____D () C:\Microsoft__Sdk
2014-07-17 08:46 - 2014-07-20 16:41 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Hankins\AppData\Local\Torch
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Hankins\AppData\Local\globalUpdate
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Hankins\AppData\Local\Comodo
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Hankins\AppData\Local\Chromatic Browser
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Guest
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Administrator
2014-07-17 08:45 - 2014-07-20 23:32 - 00000000 ____D () C:\Program Files (x86)\explorer_0711
2014-07-17 08:45 - 2014-07-17 08:45 - 00000000 ____D () C:\Program Files (x86)\res_0711
2014-07-17 08:26 - 2014-07-20 18:11 - 00000000 ____D () C:\Users\Hankins\AppData\Roaming\serv
2014-07-17 08:26 - 2014-07-17 08:26 - 00000000 ____D () C:\ProgramData\Online
2014-07-14 19:31 - 2014-07-14 19:31 - 00277392 _____ () C:\Windows\Minidump\071414-25693-01.dmp
2014-07-14 19:31 - 2014-07-14 19:31 - 00000000 ____D () C:\Windows\Minidump
2014-07-14 19:30 - 2014-07-14 19:30 - 236457560 _____ () C:\Windows\MEMORY.DMP
2014-07-12 00:29 - 2014-06-20 15:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-12 00:29 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-12 00:29 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-12 00:29 - 2014-06-18 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-12 00:29 - 2014-06-18 20:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-12 00:29 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-12 00:29 - 2014-06-18 19:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-12 00:29 - 2014-06-18 19:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-12 00:29 - 2014-06-18 19:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-12 00:29 - 2014-06-18 19:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-12 00:29 - 2014-06-18 19:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-12 00:29 - 2014-06-18 19:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-12 00:29 - 2014-06-18 19:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-12 00:29 - 2014-06-18 19:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-12 00:29 - 2014-06-18 19:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-12 00:29 - 2014-06-18 19:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-12 00:29 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-12 00:29 - 2014-06-18 19:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-12 00:29 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-12 00:29 - 2014-06-18 18:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-12 00:29 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-12 00:29 - 2014-06-18 18:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-12 00:29 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-12 00:29 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-12 00:29 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-12 00:29 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-12 00:29 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-12 00:29 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-12 00:29 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-12 00:29 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-12 00:29 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-12 00:29 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-12 00:29 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-12 00:29 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-12 00:29 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-12 00:29 - 2014-06-18 18:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-12 00:29 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-12 00:29 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-12 00:29 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-12 00:29 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-12 00:29 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-12 00:29 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-12 00:29 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-12 00:29 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-12 00:29 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-12 00:29 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-12 00:29 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-12 00:29 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-12 00:29 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-12 00:29 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-12 00:29 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-12 00:29 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-12 00:29 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-12 00:29 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-12 00:29 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-12 00:29 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-11 22:47 - 2014-06-05 09:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-11 22:47 - 2014-05-30 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-11 22:47 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-11 22:47 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-11 22:47 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-11 22:47 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-11 22:47 - 2014-05-30 03:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-11 22:47 - 2014-05-30 03:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-11 22:47 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-11 22:47 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-11 22:47 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-11 22:47 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-11 22:47 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-11 22:47 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-11 22:47 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-11 22:46 - 2014-06-05 09:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-11 22:46 - 2014-06-05 09:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-11 22:35 - 2014-06-29 21:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-11 22:35 - 2014-06-29 21:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-11 22:35 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-11 22:35 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-11 22:35 - 2014-06-17 20:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-11 22:35 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-11 22:35 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-11 22:34 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-06 00:14 - 2014-07-06 00:14 - 00033794 _____ () C:\Users\Hankins\Downloads\Contact Request.zip
2014-07-06 00:14 - 2014-07-06 00:14 - 00028549 _____ () C:\Users\Hankins\Downloads\Copy of TAKEYA order form - CDN 2 3 14.xlsx
2014-07-05 23:38 - 2014-07-05 23:41 - 00000000 ____D () C:\Users\Hankins\Desktop\For sale 7-5-14
2014-07-05 23:34 - 2014-07-05 23:34 - 00002048 _____ () C:\Users\Public\Desktop\Intelli-studio.lnk
2014-07-05 23:34 - 2014-07-05 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAMSUNG
2014-06-27 16:13 - 2014-06-27 16:13 - 01068923 _____ () C:\Users\Hankins\Desktop\post op day 0.htm
2014-06-27 16:13 - 2014-06-27 16:13 - 00000000 ____D () C:\Users\Hankins\Desktop\post op day 0_files

==================== One Month Modified Files and Folders =======

2014-07-21 20:19 - 2014-07-21 20:18 - 00015179 _____ () C:\Users\Hankins\Desktop\FRST.txt
2014-07-21 20:18 - 2014-07-21 20:17 - 00000000 ____D () C:\FRST
2014-07-21 20:16 - 2014-07-21 20:16 - 02090496 _____ (Farbar) C:\Users\Hankins\Desktop\FRST64.exe
2014-07-21 20:14 - 2012-01-03 21:58 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-368655912-4061742381-3321887495-1003UA.job
2014-07-21 20:13 - 2012-04-07 21:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-21 20:12 - 2010-03-10 16:00 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-21 20:12 - 2009-10-13 21:14 - 01534900 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 17:51 - 2012-04-07 21:21 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-21 17:51 - 2012-04-07 21:21 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-21 17:51 - 2011-08-10 22:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-21 16:37 - 2014-07-21 16:37 - 00000000 ____D () C:\Users\Hankins\AppData\Local\CrashDumps
2014-07-21 16:35 - 2014-07-20 17:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 15:36 - 2010-03-10 16:00 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-20 23:32 - 2014-07-17 08:45 - 00000000 ____D () C:\Program Files (x86)\explorer_0711
2014-07-20 23:31 - 2014-07-20 19:22 - 00000000 ____D () C:\Program Files (x86)\msrtn32
2014-07-20 22:12 - 2014-07-20 22:12 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-20 22:12 - 2014-07-20 22:12 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-20 21:52 - 2009-07-13 23:45 - 00017600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-20 21:52 - 2009-07-13 23:45 - 00017600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-20 21:48 - 2014-07-20 21:04 - 05336664 _____ () C:\Users\Hankins\Desktop\RogueKillerX64.exe
2014-07-20 21:31 - 2014-07-20 21:31 - 00000000 ____D () C:\Windows\ERDNT
2014-07-20 21:29 - 2014-07-20 20:59 - 00002630 _____ () C:\Users\Hankins\Desktop\Rkill.txt
2014-07-20 21:24 - 2014-07-20 21:24 - 00000888 _____ () C:\Users\Hankins\Desktop\NTREGOPT.lnk
2014-07-20 21:24 - 2014-07-20 21:24 - 00000869 _____ () C:\Users\Hankins\Desktop\ERUNT.lnk
2014-07-20 21:24 - 2014-07-20 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-20 21:24 - 2014-07-20 21:24 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-07-20 21:22 - 2014-07-20 21:22 - 00791393 _____ (Lars Hederer ) C:\Users\Hankins\Desktop\erunt-setup.exe
2014-07-20 21:21 - 2014-07-20 21:20 - 00000000 ____D () C:\Users\Hankins\Desktop\flyclick biz problem
2014-07-20 21:11 - 2011-06-18 08:30 - 00021757 _____ () C:\Windows\setupact.log
2014-07-20 21:11 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-20 21:07 - 2014-07-20 21:07 - 04770904 _____ () C:\Users\Hankins\Desktop\RogueKiller.exe
2014-07-20 20:58 - 2014-07-20 20:59 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Hankins\Desktop\rkill.exe
2014-07-20 20:58 - 2014-07-20 20:56 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Hankins\Downloads\iExplore.exe
2014-07-20 20:37 - 2012-01-03 21:58 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-368655912-4061742381-3321887495-1003Core.job
2014-07-20 20:30 - 2011-06-18 13:04 - 00181370 _____ () C:\Windows\PFRO.log
2014-07-20 18:40 - 2012-01-03 21:59 - 00002380 _____ () C:\Users\Hankins\Desktop\Google Chrome.lnk
2014-07-20 18:11 - 2014-07-17 08:26 - 00000000 ____D () C:\Users\Hankins\AppData\Roaming\serv
2014-07-20 18:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
2014-07-20 17:27 - 2014-07-20 17:27 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-20 17:27 - 2014-07-20 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-20 17:26 - 2014-07-20 17:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 17:26 - 2014-07-20 17:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-20 17:23 - 2014-07-20 17:22 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hankins\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-20 17:03 - 2014-07-17 08:54 - 00000000 ____D () C:\Program Files (x86)\Fralimbo
2014-07-20 17:03 - 2009-08-22 04:49 - 00000000 ____D () C:\Program Files\Google
2014-07-20 17:03 - 2009-08-22 04:49 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-20 17:01 - 2014-07-20 17:01 - 00000000 __SHD () C:\found.002
2014-07-20 16:50 - 2014-07-17 08:54 - 00000866 _____ () C:\Windows\SysWOW64\InstallUtil.InstallLog
2014-07-20 16:42 - 2009-11-11 15:42 - 00000000 ____D () C:\Users\Hankins\AppData\Local\Google
2014-07-20 16:42 - 2009-08-22 04:49 - 00000000 ____D () C:\ProgramData\Google
2014-07-20 16:41 - 2014-07-17 08:46 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-07-20 16:40 - 2014-07-20 16:40 - 00000000 ____D () C:\Program Files (x86)\predm
2014-07-20 16:37 - 2009-08-22 04:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-20 16:32 - 2014-07-17 08:47 - 00000000 ____D () C:\ProgramData\3d61b4e9f33e868d
2014-07-20 16:30 - 2014-07-18 10:45 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-20 16:28 - 2009-07-13 21:34 - 00000612 _____ () C:\Windows\win.ini
2014-07-20 16:24 - 2014-07-20 16:24 - 00000318 _____ () C:\Users\Hankins\AppData\Roaming\aps.uninstall.scan.results
2014-07-20 16:22 - 2014-07-18 10:42 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-07-20 16:22 - 2014-07-18 10:42 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-07-18 11:02 - 2014-07-18 10:40 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-07-18 11:01 - 2014-07-18 11:00 - 00027888 _____ () C:\Users\Hankins\Downloads\afr.php
2014-07-18 10:52 - 2014-07-18 10:51 - 01385112 _____ () C:\Users\Hankins\Downloads\Setup.exe
2014-07-18 10:47 - 2014-06-14 05:12 - 00000000 ____D () C:\Users\Hankins\Desktop\2014-06-14
2014-07-18 10:45 - 2014-07-18 10:45 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-07-18 10:45 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-18 10:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-07-18 10:42 - 2014-07-18 10:40 - 00002832 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-07-18 10:42 - 2014-07-18 10:40 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-07-18 10:42 - 2014-07-18 10:40 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-07-18 09:58 - 2014-07-18 09:56 - 00949504 _____ () C:\Users\Hankins\Downloads\java_installer (2).exe
2014-07-17 09:09 - 2014-07-17 09:09 - 00000012 _____ () C:\Windows\sruna.log
2014-07-17 08:54 - 2014-07-17 08:53 - 00000000 ____D () C:\Users\Hankins\AppData\Local\YckPack
2014-07-17 08:50 - 2014-07-17 08:50 - 00000000 __SHD () C:\Users\Hankins\AppData\Local\EmieUserList
2014-07-17 08:50 - 2014-07-17 08:50 - 00000000 __SHD () C:\Users\Hankins\AppData\Local\EmieSiteList
2014-07-17 08:48 - 2014-07-17 08:48 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-07-17 08:47 - 2014-07-17 08:47 - 00000000 ____D () C:\Users\Hankins\AppData\Local\Packages
2014-07-17 08:47 - 2014-07-17 08:47 - 00000000 ____D () C:\Microsoft__Sdk
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Hankins\AppData\Local\Torch
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Hankins\AppData\Local\globalUpdate
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Hankins\AppData\Local\Comodo
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Hankins\AppData\Local\Chromatic Browser
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Guest
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Administrator
2014-07-17 08:46 - 2009-08-22 04:33 - 00000000 ____D () C:\Intel
2014-07-17 08:45 - 2014-07-17 08:45 - 00000000 ____D () C:\Program Files (x86)\res_0711
2014-07-17 08:26 - 2014-07-17 08:26 - 00000000 ____D () C:\ProgramData\Online
2014-07-16 15:41 - 2014-07-18 10:33 - 00573339 _____ (ClickMeIn Limited) C:\Users\Hankins\AppData\Local\AnyProtectScannerSetup.exe
2014-07-14 22:29 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-07-14 22:29 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-07-14 19:31 - 2014-07-14 19:31 - 00277392 _____ () C:\Windows\Minidump\071414-25693-01.dmp
2014-07-14 19:31 - 2014-07-14 19:31 - 00000000 ____D () C:\Windows\Minidump
2014-07-14 19:31 - 2009-11-11 15:33 - 00000000 ____D () C:\Users\Hankins
2014-07-14 19:30 - 2014-07-14 19:30 - 236457560 _____ () C:\Windows\MEMORY.DMP
2014-07-12 05:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-07-12 03:34 - 2009-07-13 23:45 - 00444312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-12 03:30 - 2014-05-01 13:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-12 03:30 - 2009-08-22 05:23 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 03:30 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-12 03:30 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-12 03:11 - 2009-09-11 15:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-11 02:03 - 2013-08-11 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-11 01:59 - 2011-02-09 21:28 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-06 00:14 - 2014-07-06 00:14 - 00033794 _____ () C:\Users\Hankins\Downloads\Contact Request.zip
2014-07-06 00:14 - 2014-07-06 00:14 - 00028549 _____ () C:\Users\Hankins\Downloads\Copy of TAKEYA order form - CDN 2 3 14.xlsx
2014-07-05 23:41 - 2014-07-05 23:38 - 00000000 ____D () C:\Users\Hankins\Desktop\For sale 7-5-14
2014-07-05 23:35 - 2014-06-14 05:10 - 00000000 ____D () C:\Users\Hankins\AppData\Roaming\Intelli-studio
2014-07-05 23:34 - 2014-07-05 23:34 - 00002048 _____ () C:\Users\Public\Desktop\Intelli-studio.lnk
2014-07-05 23:34 - 2014-07-05 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAMSUNG
2014-07-05 23:21 - 2009-07-14 00:13 - 00848194 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-29 21:09 - 2014-07-11 22:35 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 21:04 - 2014-07-11 22:35 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-27 16:13 - 2014-06-27 16:13 - 01068923 _____ () C:\Users\Hankins\Desktop\post op day 0.htm
2014-06-27 16:13 - 2014-06-27 16:13 - 00000000 ____D () C:\Users\Hankins\Desktop\post op day 0_files
2014-06-24 20:32 - 2012-01-03 21:58 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-368655912-4061742381-3321887495-1003UA
2014-06-24 20:32 - 2012-01-03 21:58 - 00003494 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-368655912-4061742381-3321887495-1003Core
2014-06-24 15:31 - 2010-03-10 16:00 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-24 15:31 - 2010-03-10 16:00 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\Hankins\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Hankins\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exe
C:\Users\Hankins\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Hankins\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Hankins\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Hankins\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-20 23:16

==================== End Of Log ============================

*****************************************************************************************************************************************

ADDITION log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014
Ran by Hankins at 2014-07-21 20:20:48
Running from C:\Users\Hankins\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Acer Assist (HKLM-x32\...\Acer Assist) (Version: - Acer Incorporated)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.7.1 - Suyin Optronics Corp)
Acer Empowering Technology (HKLM-x32\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3016 - Acer Incorporated)
Acer ePower Management (HKLM-x32\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 3.0.3019 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3003 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.4.0812 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3014 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Broadcom Gigabit Integrated Controller (HKLM\...\{49F3D04B-B849-4C89-AB31-2366A004EA28}) (Version: 12.24.02 - Broadcom Corporation)
Business Contact Manager for Outlook 2007 SP2 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.07 - Piriform)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{043645C8-48EC-458F-B9BD-9C8F15CEF6F7}) (Version: - Microsoft)
Diner Dash Hometown Hero - Gourmet (HKLM-x32\...\Diner Dash Hometown Hero - Gourmet) (Version: - PlayFirst, Inc.)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
f.lux (HKCU\...\Flux) (Version: - )
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Acer Incorporated)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5.10.39 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.5.10.39 - InterVideo Inc.) Hidden
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.04 - Acer Inc.)
LibreOffice 3.3 (HKLM-x32\...\{1A97CF67-FEBB-436E-BD64-431FFEF72EB8}) (Version: 3.3.8 - LibreOffice)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 1.0.0 - AOL LLC) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6619 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6619 - NewTech Infosystems) Hidden
NTI Shadow (HKLM-x32\...\InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}) (Version: 3.7.6.56 - NewTech Infosystems)
NTI Shadow (x32 Version: 3.7.6.56 - NewTech Infosystems) Hidden
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version: - PopCap Games)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Respondus LockDown Browser (HKLM-x32\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.)
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Skype Toolbars (HKLM-x32\...\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}) (Version: 5.0.4137 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe (HKLM-x32\...\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}) (Version: 1.6.5.17120 - Synaptics Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.20.0 - Synaptics Incorporated)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{428CB7A0-1068-4CE1-8835-39C7ECD297ED}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{324703B5-6765-489D-9B9B-B082D34F882E}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{860EE8B1-0B9F-4A8A-91FE-649CD3C6754C}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{DBAC8ED2-9287-499E-AD66-590C7413C7DE}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{393B360E-62F8-463D-B914-1ECDC1359A46}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3005 - Acer Incorporated)
WildTangent Games App (Acer Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.5.36 - WildTangent)
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

==================== Restore Points =========================

12-07-2014 08:02:00 Windows Update
13-07-2014 22:12:58 Windows Update
14-07-2014 23:31:17 Windows Update
15-07-2014 00:34:59 Windows Update
15-07-2014 18:46:32 Windows Update
16-07-2014 15:47:07 Windows Update
17-07-2014 12:25:22 Windows Update
20-07-2014 21:26:57 Windows Update
20-07-2014 21:33:44 Configured eSobi v2
20-07-2014 21:53:34 Removed Acrobat.com
20-07-2014 21:55:07 Windows Update
20-07-2014 22:11:25 Windows Update
20-07-2014 23:12:41 Windows Update
21-07-2014 00:25:10 Windows Update
21-07-2014 12:45:32 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2014-07-20 21:10 - 00000707 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {085A1575-09D9-4526-ADAB-31851D736E0C} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {0C8F0920-791D-49CC-B09F-D6BA40C57BDD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-10] (Google Inc.)
Task: {1A563C52-0B11-4B6E-8FDB-FAA9F61F6BDC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-368655912-4061742381-3321887495-1003Core => C:\Users\Hankins\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-03] (Google Inc.)
Task: {269F07C7-A8D2-4484-B0A2-D3F5810FB4F6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-368655912-4061742381-3321887495-1003UA => C:\Users\Hankins\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-03] (Google Inc.)
Task: {3E35CBDD-E27D-44A7-914A-F6B7424FF252} - System32\Tasks\{3020086E-1669-42B0-A6AD-9FADD82E9784} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {5DF8A8BA-ACF4-4B58-890A-75E60F63AF6C} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-07-09] (Acer)
Task: {617606C4-66DE-4AD5-9BD7-002D0345601E} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: {BE79FE70-0C5F-4DE1-B3BD-97E28D346E95} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-10] (Google Inc.)
Task: {C88B1AFE-6733-471D-A311-77317F8B17A3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-21] (Adobe Systems Incorporated)
Task: {CA68CD26-6ED2-490C-A52A-8174A398B1E7} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: {DF458964-50FC-466B-95B5-1EF029FC4462} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-368655912-4061742381-3321887495-1003Core.job => C:\Users\Hankins\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-368655912-4061742381-3321887495-1003UA.job => C:\Users\Hankins\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-03-06 18:15 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2009-09-11 15:40 - 2009-08-11 18:29 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2009-09-11 15:40 - 2009-09-11 15:40 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3016.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2009-09-11 15:40 - 2009-09-11 15:40 - 00020480 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3016.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2009-09-11 15:40 - 2009-09-11 15:40 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3016.0__3036420f80dd6947\Framework.Library.dll
2009-09-11 15:40 - 2009-09-11 15:40 - 00028672 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3016.0__672b450de5a7e94a\Framework.Host.dll
2009-09-11 15:40 - 2009-09-11 15:40 - 00016384 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3016.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-07-20 21:04 - 2014-07-20 21:48 - 05336664 _____ () C:\Users\Hankins\Desktop\RogueKillerX64.exe
2014-07-17 08:54 - 2014-07-17 08:54 - 00826880 _____ () C:\Users\Hankins\AppData\Local\YckPack\icudt46.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-05-25 12:09 - 2014-05-25 12:10 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Hankins\Downloads\faulty product (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Hankins\Downloads\faulty product.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk => C:\Windows\pss\Acer VCM.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scrybe.lnk => C:\Windows\pss\Scrybe.lnk.CommonStartup
MSCONFIG\startupreg: Acer Assist Launcher => C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AnyProtect Scanner => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: ePower_DMC => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Hankins\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/21/2014 04:36:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00535ae0
Faulting process id: 0xb6c
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3

Error: (07/21/2014 02:26:53 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (07/21/2014 07:47:44 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies - Update 'Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (07/21/2014 07:47:44 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.

Error: (07/20/2014 11:30:00 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (07/20/2014 07:25:51 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies - Update 'Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (07/20/2014 07:25:51 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.

Error: (07/20/2014 06:13:25 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies - Update 'Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (07/20/2014 06:13:25 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.

Error: (07/20/2014 06:13:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Util Fralimbo since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

System errors:
=============
Error: (07/21/2014 06:31:19 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (07/21/2014 07:47:50 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office PowerPoint 2007 (KB2596764).

Error: (07/20/2014 09:24:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The O2FLASH service terminated unexpectedly. It has done this 1 time(s).

Error: (07/20/2014 09:24:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Network File Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/20/2014 09:11:33 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:09:40 PM on ‎7/‎20/‎2014 was unexpected.

Error: (07/20/2014 08:59:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The O2FLASH service terminated unexpectedly. It has done this 1 time(s).

Error: (07/20/2014 08:59:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Network File Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/20/2014 08:34:02 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068BITS{4991D34B-80A1-4291-83B6-3328366B9097}

Error: (07/20/2014 08:31:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/20/2014 08:31:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (07/21/2014 04:36:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe6.1.7600.163854a5bc637unknown0.0.0.000000000c000000500535ae0b6c01cfa4892a0276c8C:\Windows\SysWOW64\rundll32.exeunknown0e3417d6-111f-11e4-b4ac-00262d57407f

Error: (07/21/2014 02:26:53 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (07/21/2014 07:47:44 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office 2007 Primary Interop AssembliesSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition1603(NULL)(NULL)(NULL)

Error: (07/21/2014 07:47:44 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/20/2014 11:30:00 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (07/20/2014 07:25:51 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office 2007 Primary Interop AssembliesSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition1603(NULL)(NULL)(NULL)

Error: (07/20/2014 07:25:51 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/20/2014 06:13:25 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office 2007 Primary Interop AssembliesSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition1603(NULL)(NULL)(NULL)

Error: (07/20/2014 06:13:25 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/20/2014 06:13:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Util Fralimbo since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

==================== Memory info ===========================

Percentage of memory in use: 65%
Total physical RAM: 1976.96 MB
Available physical RAM: 684.21 MB
Total Pagefile: 4808.98 MB
Available Pagefile: 2454.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:137.23 GB) (Free:68.85 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (DVDIRECT_DVD_010013F1C0) (CDROM) (Total:4.2 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: FBF6FBF6)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=137 GB) - (Type=07 NTFS)

==================== End Of Log ============================

deeprybka · July 22, 2014

Hello Jürgen, Thank you for your help. It is very much appriciated.

You are welcome!

Step 1

Please download Combofix (by sUBs) and save it to your Desktop.

Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
Start Combofix.exe and follow its instructions.
Do not use the computer while the scan is running. This may cause the program to stall.
When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
Please copy and paste the contents of this file into your next post.

Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.

tlivingd · July 22, 2014

Good day or evening Jürgen. Please see the Combofix Log. Thanks again for your assistance.

ComboFix 14-07-21.01 - Hankins 07/22/2014   8:38.1.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1977.605 [GMT -5:00]
Running from: c:\users\Hankins\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\microsoft__sdk
c:\users\Hankins\AppData\Local\AnyProtectScannerSetup.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Network File Service
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-22 to 2014-07-22 )))))))))))))))))))))))))))))))
.
.
2014-07-22 13:47 . 2014-07-22 13:47   --------   d-----w-   c:\users\Default\AppData\Local\temp
2014-07-22 13:21 . 2014-07-22 13:22   --------   d-----w-   c:\program files (x86)\msrtn32
2014-07-22 01:17 . 2014-07-22 01:22   --------   d-----w-   C:\FRST
2014-07-21 23:10 . 2014-05-02 05:56   1031560   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{82990658-5441-48EB-881A-66D0A9BA71FE}\gapaengine.dll
2014-07-21 23:10 . 2014-07-02 03:09   10924376   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5EF5F2F5-F91D-4F1C-9F3F-6A41083FBE60}\mpengine.dll
2014-07-21 21:37 . 2014-07-22 13:33   --------   d-----w-   c:\users\Hankins\AppData\Local\CrashDumps
2014-07-21 03:12 . 2014-07-21 03:12   30312   ----a-w-   c:\windows\system32\drivers\TrueSight.sys
2014-07-21 03:12 . 2014-07-21 03:12   --------   d-----w-   c:\programdata\RogueKiller
2014-07-21 02:24 . 2014-07-21 02:24   --------   d-----w-   c:\program files (x86)\ERUNT
2014-07-20 22:31 . 2014-07-02 03:09   10924376   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-07-20 22:27 . 2014-07-22 13:51   122584   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-20 22:26 . 2014-05-12 12:26   91352   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2014-07-20 22:26 . 2014-05-12 12:26   63704   ----a-w-   c:\windows\system32\drivers\mwac.sys
2014-07-20 22:26 . 2014-05-12 12:25   25816   ----a-w-   c:\windows\system32\drivers\mbam.sys
2014-07-20 22:26 . 2014-07-20 22:26   --------   d-----w-   c:\program files (x86)\Malwarebytes Anti-Malware
2014-07-20 22:26 . 2014-07-20 22:26   --------   d-----w-   c:\programdata\Malwarebytes
2014-07-20 22:01 . 2014-07-20 22:01   --------   d-----w-   C:\found.002
2014-07-20 21:40 . 2014-07-20 21:40   --------   d-----w-   c:\program files (x86)\predm
2014-07-17 13:54 . 2014-07-20 22:03   --------   d-----w-   c:\program files (x86)\Fralimbo
2014-07-17 13:53 . 2014-07-17 13:54   --------   d-----w-   c:\users\Hankins\AppData\Local\YckPack
2014-07-17 13:50 . 2014-07-17 13:50   --------   d-sh--w-   c:\users\Hankins\AppData\Local\EmieUserList
2014-07-17 13:50 . 2014-07-17 13:50   --------   d-sh--w-   c:\users\Hankins\AppData\Local\EmieSiteList
2014-07-17 13:47 . 2014-07-20 21:32   --------   d-----w-   c:\programdata\3d61b4e9f33e868d
2014-07-17 13:47 . 2014-07-17 13:47   --------   d-----w-   c:\users\Hankins\AppData\Local\Packages
2014-07-17 13:46 . 2014-07-20 21:41   --------   d-----w-   c:\program files (x86)\globalUpdate
2014-07-17 13:46 . 2014-07-17 13:46   --------   d-----w-   c:\users\Hankins\AppData\Local\globalUpdate
2014-07-17 13:46 . 2014-07-17 13:46   --------   d-----w-   c:\users\Hankins\AppData\Local\Chromatic Browser
2014-07-17 13:46 . 2014-07-17 13:46   --------   d-----w-   c:\users\Hankins\AppData\Local\Torch
2014-07-17 13:46 . 2014-07-17 13:46   --------   d-----w-   c:\users\Hankins\AppData\Local\Comodo
2014-07-17 13:46 . 2014-07-17 13:46   --------   d-----w-   c:\users\HomeGroupUser$
2014-07-17 13:46 . 2014-07-17 13:46   --------   d-----w-   c:\users\Guest
2014-07-17 13:46 . 2014-07-17 13:46   --------   d-----w-   c:\users\Administrator
2014-07-17 13:45 . 2014-07-17 13:45   --------   d-----w-   C:\microsoft
2014-07-17 13:45 . 2014-07-17 13:45   --------   d-----w-   c:\program files (x86)\res_0711
2014-07-17 13:45 . 2014-07-21 04:32   --------   d-----w-   c:\program files (x86)\explorer_0711
2014-07-17 13:44 . 2014-07-17 13:44   --------   d-----w-   c:\users\Hankins\AppData\Local\Programs
2014-07-17 13:26 . 2014-07-20 23:11   --------   d-----w-   c:\users\Hankins\AppData\Roaming\serv
2014-07-17 13:26 . 2014-07-17 13:26   --------   d-----w-   c:\programdata\Online
2014-07-12 03:47 . 2014-05-30 08:08   340992   ----a-w-   c:\windows\system32\schannel.dll
2014-07-12 03:46 . 2014-06-05 14:26   22016   ----a-w-   c:\windows\SysWow64\secur32.dll
2014-07-12 03:46 . 2014-06-05 14:25   96768   ----a-w-   c:\windows\SysWow64\sspicli.dll
2014-07-12 03:46 . 2014-06-03 10:02   1719296   ----a-w-   c:\program files\Windows Journal\NBDoc.DLL
2014-07-12 03:46 . 2014-06-03 10:02   1389568   ----a-w-   c:\program files\Windows Journal\JNWDRV.dll
2014-07-12 03:46 . 2014-06-03 10:02   1380864   ----a-w-   c:\program files\Windows Journal\JNTFiltr.dll
2014-07-12 03:46 . 2014-06-03 10:02   1354240   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-12 03:46 . 2014-06-03 09:29   936960   ----a-w-   c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-12 03:34 . 2014-05-30 06:45   497152   ----a-w-   c:\windows\system32\drivers\afd.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-21 22:51 . 2012-04-08 02:21   699056   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-21 22:51 . 2011-08-11 03:53   71344   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-11 06:59 . 2011-02-10 02:28   96441528   ----a-w-   c:\windows\system32\MRT.exe
2014-05-03 14:34 . 2009-11-14 05:23   952   --sha-w-   c:\programdata\KGyGaAvL.sys
2014-05-02 05:56 . 2012-06-13 16:37   1031560   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-25 02:34 . 2014-06-11 20:55   801280   ----a-w-   c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-11 20:55   626688   ----a-w-   c:\windows\SysWow64\usp10.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"f.lux"="c:\users\Hankins\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
"Nvdiai"="wscript.exe" [2013-10-12 141824]
"YckPack"="c:\users\Hankins\AppData\Local\YckPack\icudt46.dll" [2014-07-17 826880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2mdx64.sys [x]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdx64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe;c:\program files\Acer\Empowering Technology\Service\ETService.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 ScrybeUpdater;Scrybe Updater;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 22:51]
.
2014-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-10 21:00]
.
2014-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-10 21:00]
.
2014-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-368655912-4061742381-3321887495-1003Core.job
- c:\users\Hankins\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-04 02:58]
.
2014-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-368655912-4061742381-3321887495-1003UA.job
- c:\users\Hankins\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-04 02:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel
IE: Se&nd to OneNote
TCP: DhcpNameServer = 75.104.96.61
TCP: Interfaces\{14DDE61E-6F36-49C4-809B-29C488338F4F}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{EA8B154C-3C44-4055-BCF5-FC9E2CFFADF5}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
FF - ProfilePath - c:\users\Hankins\AppData\Roaming\Mozilla\Firefox\Profiles\hcssiixz.default\
FF - prefs.js: browser.search.selectedEngine -
FF - ExtSQL: !HIDDEN! 1970-05-29 05:35; {AF4694CF-A51B-5773-F208-09D24BE4192D}; -
FF - user.js: extensions.iminent.id - 369fe1310000000000000017c4be4c55
FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
FF - user.js: extensions.iminent.instlDay - 16268
FF - user.js: extensions.iminent.vrsn - 1.8.28.3
FF - user.js: extensions.iminent.vrsni - 1.8.28.3
FF - user.js: extensions.iminent.vrsnTs - 1.8.28.38:54
FF - user.js: extensions.iminent.prtnrId - iminent
FF - user.js: extensions.iminent.prdct - iminent
FF - user.js: extensions.iminent.aflt - orgnl
FF - user.js: extensions.iminent.smplGrp - none
FF - user.js: extensions.iminent.tlbrId - base
FF - user.js: extensions.iminent.instlRef -
FF - user.js: extensions.iminent.dfltLng -
FF - user.js: extensions.iminent.excTlbr - false
FF - user.js: extensions.iminent.ffxUnstlRst - false
FF - user.js: extensions.iminent.admin - false
FF - user.js: extensions.iminent.autoRvrt - false
FF - user.js: extensions.iminent.rvrt - false
FF - user.js: extensions.iminent.newTab - false
FF - user.js: extensions.shownSelectionUI - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
.
**************************************************************************
.
Completion time: 2014-07-22 08:57:51 - machine was rebooted
ComboFix-quarantined-files.txt 2014-07-22 13:57
.
Pre-Run: 74,848,944,128 bytes free
Post-Run: 75,243,040,768 bytes free
.
- - End Of File - - 3D8097409CA8403847F745056DAF4CEC
6FC6F9186C07BCA94E140F63BFE6E9B4

deeprybka · July 22, 2014

I first noticed multiple instances of iexplore.exe that made me wonder what it was from as we don't use internet explorer.

Hi, the reason for that was a trojan which copies itself to

C:\Microsoft__SDK\lib\include\iexploror.exe

As you can see in the Log, Combofix deleted the folder.

After our cleaning procedure, it is a good idea to change all online passwords.

Let's do a final check up:

Step 1

Scan with Malwarebytes Antimalware

Please update the database by clicking on the "Update Now" button.
Following the update and click "Settings" and go to "Detection and Protection"
Make sure "Scan for Rootkits" is checked.
Click on Dashboard, then click on Scan Now to start the scan.
(If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)
A window with an option to view the detailed log will appear. Click on "View Detailed Log".
After viewing the results, please click on the "Copy to Clipboard" button and then OK.
Return to our forum. Paste your log into your next reply.

Step 2

Please download the ESET Online Scanner and save it to your Desktop.

Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
Start esetsmartinstaller_enu.exe with administartor privileges.
Select the option Yes, I accept the Terms of Use and click on Start.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Click on Start. The virus signature database will begin to download. This may take some time.
When completed the Online Scan will begin automatically.
Note: This scan might take a long time! Please be patient.
When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
Now click on Finish
A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!

Step 3

Start FRST with administator privileges.

Make sure the following option is checked:
Press the Scan button.
When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
Please copy and paste these logs in your next reply.

tlivingd · July 22, 2014

Doh. Between your last posting and my last posting. The following popped up from Malwarebytes
Trojan.FakeMS

path c:\prgram files (x86)\msrtn32\rthdcpd.exe

I'll continue with your previous instruction to keep us moving forward.

deeprybka · July 22, 2014

OK, please post up the Malwarebytes-Log before you start ESET ...

tlivingd · July 22, 2014

You caught me just in time. What's strange is that it didn't find it when I forced it to run.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/22/2014
Scan Time: 9:54:34 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.22.03
Rootkit Database: v2014.07.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Hankins

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 318712
Time Elapsed: 19 min, 33 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

deeprybka · July 22, 2014

OK, please run ESET now...

tlivingd · July 23, 2014

Please see the scan log of ESET. I did not continue with FRST. Please advise next step.

Thank you.

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6addccc76e856748b49791266cc765c1
# engine=19298
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-23 01:29:05
# local_time=2014-07-22 08:29:05 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 8459514 100148555 0 0
# scanned=192517
# found=10
# cleaned=0
# scan_time=13598
sh=E8D78C1DC7A7D677F56020493BFF84C291FEDF2E ft=1 fh=c71c0011af92e66d vn="Win32/Farfli.AYO trojan" ac=I fn="C:\microsoft\lib\inc\nvdia.ocx"
sh=C4FF3E1B26E92CC20006C4D271F80A63D3B6AE77 ft=1 fh=de4d6bd325494ff0 vn="Win32/Farfli.AYO trojan" ac=I fn="C:\Program Files (x86)\res_0711\res_0711.exe"
sh=D3FDD6E1F0D74D45FBB3DFC9256ABECAA8810660 ft=1 fh=6353ddcf988ff65d vn="a variant of Win32/SoftPulse.H potentially unwanted application" ac=I fn="C:\Users\Hankins\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000001"
sh=E3588352E4AC8ACFC7027B9EC7A7328E5C36448B ft=1 fh=fe11dc164f651fb0 vn="a variant of Win32/Packed.Themida.AAJ trojan" ac=I fn="C:\Users\Hankins\AppData\Local\YckPack\icudt46.dll"
sh=8352BF40043AEFA131ED0DB5F67DF4E43B88DB6C ft=1 fh=c71c00114bcbf8dc vn="a variant of Win32/TrojanDownloader.Agent.AQS trojan" ac=I fn="C:\Users\Hankins\AppData\Roaming\serv\hosts.exe"
sh=478666D8DB6FDF9D3881556CCA5399A453EA887A ft=1 fh=7a029034ce9fc6ec vn="Win32/AdWare.Linkular.AH application" ac=I fn="C:\Users\Hankins\AppData\Roaming\serv\Iminent.exe"
sh=1DBC00F302A606FA5C25720DE8A81B904B181903 ft=1 fh=c642461cdc292a8b vn="a variant of Win32/AdWare.EoRezo.AU application" ac=I fn="C:\Users\Hankins\AppData\Roaming\serv\setup_fst_us.exe"
sh=5E995767B1F4C446EA700CB1987E43084221DCCF ft=1 fh=58ea9ac2f53c42ec vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Hankins\Downloads\CuteWriter.exe"
sh=9C9D0947FC669017C27ECBAA640A0AEF15409D4A ft=1 fh=49e729812fd49fb6 vn="a variant of Win32/SquareNet.A potentially unwanted application" ac=I fn="C:\Users\Hankins\Downloads\java_installer (2).exe"
sh=C3FDEA841368069CC75BC6DB5FF313A703B1DBD2 ft=1 fh=464939d4988ff65d vn="a variant of Win32/SoftPulse.H potentially unwanted application" ac=I fn="C:\Users\Hankins\Downloads\Setup.exe"

deeprybka · July 23, 2014

Hi,
please upload this file to virustotal.com and post the URL with the results.

C:\Program Files (x86)\res_0711\res_0711.exe

tlivingd · July 23, 2014

The URL for the inspection from Virustotal.com

https://www.virustotal.com/en/file/ccd0d1d99c98466206352f1fae17beded1d0245a61d4fa598275123f993b063e/analysis/

Thanks again for your help.

deeprybka · July 24, 2014

Hi,

please upload again and select reanalyse...

tlivingd · July 24, 2014

https://www.virustotal.com/en/file/ccd0d1d99c98466206352f1fae17beded1d0245a61d4fa598275123f993b063e/analysis/1406201670/

Here you go. Looks like it could have been a shiny new one?

tlivingd · July 24, 2014

https://www.virustotal.com/en/file/ccd0d1d99c98466206352f1fae17beded1d0245a61d4fa598275123f993b063e/analysis/1406201670/

deeprybka · July 24, 2014

Hi,

you did a good job!

Reason for the upload was, that I don't think the file is "clean"...

http://www.herdprotect.com/res_0711.exe-c4ff3e1b26e92cc20006c4d271f80a63d3b6ae77.aspx

Please run now FRST like described above.

tlivingd · July 24, 2014

FRST results:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014
Ran by Hankins (administrator) on HANKINS-PC on 24-07-2014 09:50:47
Running from C:\Users\Hankins\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Users\Hankins\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Hankins\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-05] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-368655912-4061742381-3321887495-1003\...\Run: [spybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-368655912-4061742381-3321887495-1003\...\Run: [f.lux] => C:\Users\Hankins\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-368655912-4061742381-3321887495-1003\...\Run: [Nvdiai] => wscript.exe "C:\Microsoft\lib\inc\xx.js"
HKU\S-1-5-21-368655912-4061742381-3321887495-1003\...\Run: [YckPack] => regsvr32.exe C:\Users\Hankins\AppData\Local\YckPack\icudt46.dll <===== ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.104.96.61
Tcpip\..\Interfaces\{14DDE61E-6F36-49C4-809B-29C488338F4F}: [NameServer]8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{EA8B154C-3C44-4055-BCF5-FC9E2CFFADF5}: [NameServer]8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Hankins\AppData\Roaming\Mozilla\Firefox\Profiles\hcssiixz.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8064.0206 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Hankins\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Hankins\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Hankins\AppData\Roaming\Mozilla\Firefox\Profiles\hcssiixz.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: CostMin - C:\Users\Hankins\AppData\Roaming\Mozilla\Firefox\Profiles\hcssiixz.default\Extensions\ighiiiao@yo-.com [2014-07-20]
FF Extension: Microsoft.AnalysisServices.FiscalYearName - C:\Users\Hankins\AppData\Roaming\Mozilla\Firefox\Profiles\hcssiixz.default\Extensions\{AF4694CF-A51B-5773-F208-09D24BE4192D} [2014-07-17]
FF Extension: Adblock Plus - C:\Users\Hankins\AppData\Roaming\Mozilla\Firefox\Profiles\hcssiixz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-22]
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-05-25]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-25]

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hankins\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-06]
CHR Extension: (Adblock Plus) - C:\Users\Hankins\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-07-20]
CHR Extension: (Google Wallet) - C:\Users\Hankins\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR StartMenuInternet: Google Chrome - C:\Users\Hankins\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2009-08-11] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2007-02-12] (O2Micro International) [File not signed]
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [File not signed]
S2 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-27] (Synaptics, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 O2MDRDR; C:\Windows\system32\DRIVERS\o2mdx64.sys [63264 2009-05-07] (O2Micro )
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30312 2014-07-20] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-24 09:50 - 2014-07-24 09:50 - 00000000 ____D () C:\Users\Hankins\Desktop\FRST-OlderVersion
2014-07-22 15:59 - 2014-07-22 16:00 - 00014072 _____ () C:\Users\Hankins\Desktop\Heidi's Bach itemized updated72214.xlsx
2014-07-22 10:21 - 2014-07-22 10:21 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-22 10:15 - 2014-07-22 10:15 - 02347384 _____ (ESET) C:\Users\Hankins\Desktop\esetsmartinstaller_enu.exe
2014-07-22 08:57 - 2014-07-22 08:57 - 00020547 _____ () C:\ComboFix.txt
2014-07-22 08:35 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-22 08:35 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-22 08:35 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-22 08:35 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-22 08:35 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-22 08:35 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-22 08:35 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-22 08:35 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-22 08:28 - 2014-07-22 08:57 - 00000000 ____D () C:\Qoobox
2014-07-22 08:23 - 2014-07-22 08:23 - 05562504 ____R (Swearware) C:\Users\Hankins\Desktop\ComboFix.exe
2014-07-22 08:21 - 2014-07-22 09:40 - 00000000 ____D () C:\Program Files (x86)\msrtn32
2014-07-21 20:20 - 2014-07-21 20:22 - 00040635 _____ () C:\Users\Hankins\Desktop\Addition.txt
2014-07-21 20:18 - 2014-07-24 09:51 - 00014597 _____ () C:\Users\Hankins\Desktop\FRST.txt
2014-07-21 20:17 - 2014-07-24 09:50 - 00000000 ____D () C:\FRST
2014-07-21 20:16 - 2014-07-24 09:50 - 02093568 _____ (Farbar) C:\Users\Hankins\Desktop\FRST64.exe
2014-07-21 16:37 - 2014-07-22 08:33 - 00000000 ____D () C:\Users\Hankins\AppData\Local\CrashDumps
2014-07-20 22:12 - 2014-07-20 22:12 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-20 22:12 - 2014-07-20 22:12 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-20 21:31 - 2014-07-22 08:54 - 00000000 ____D () C:\Windows\ERDNT
2014-07-20 21:24 - 2014-07-20 21:24 - 00000888 _____ () C:\Users\Hankins\Desktop\NTREGOPT.lnk
2014-07-20 21:24 - 2014-07-20 21:24 - 00000869 _____ () C:\Users\Hankins\Desktop\ERUNT.lnk
2014-07-20 21:24 - 2014-07-20 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-20 21:24 - 2014-07-20 21:24 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-07-20 21:22 - 2014-07-20 21:22 - 00791393 _____ (Lars Hederer ) C:\Users\Hankins\Desktop\erunt-setup.exe
2014-07-20 21:20 - 2014-07-20 21:21 - 00000000 ____D () C:\Users\Hankins\Desktop\flyclick biz problem
2014-07-20 21:07 - 2014-07-20 21:07 - 04770904 _____ () C:\Users\Hankins\Desktop\RogueKiller.exe
2014-07-20 21:04 - 2014-07-20 21:48 - 05336664 _____ () C:\Users\Hankins\Desktop\RogueKillerX64.exe
2014-07-20 20:59 - 2014-07-20 21:29 - 00002630 _____ () C:\Users\Hankins\Desktop\Rkill.txt
2014-07-20 20:59 - 2014-07-20 20:58 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Hankins\Desktop\rkill.exe
2014-07-20 20:56 - 2014-07-20 20:58 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Hankins\Downloads\iExplore.exe
2014-07-20 17:27 - 2014-07-23 10:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-20 17:27 - 2014-07-20 17:27 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-20 17:27 - 2014-07-20 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-20 17:26 - 2014-07-20 17:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 17:26 - 2014-07-20 17:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-20 17:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-20 17:26 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-20 17:26 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-20 17:22 - 2014-07-20 17:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hankins\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-20 17:01 - 2014-07-20 17:01 - 00000000 ____D () C:\found.002
2014-07-20 16:40 - 2014-07-20 16:40 - 00000000 ____D () C:\Program Files (x86)\predm
2014-07-20 16:24 - 2014-07-20 16:24 - 00000318 _____ () C:\Users\Hankins\AppData\Roaming\aps.uninstall.scan.results
2014-07-18 11:00 - 2014-07-18 11:01 - 00027888 _____ () C:\Users\Hankins\Downloads\afr.php
2014-07-18 10:51 - 2014-07-18 10:52 - 01385112 _____ () C:\Users\Hankins\Downloads\Setup.exe
2014-07-18 10:45 - 2014-07-20 16:30 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-18 10:45 - 2014-07-18 10:45 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-07-18 09:56 - 2014-07-18 09:58 - 00949504 _____ () C:\Users\Hankins\Downloads\java_installer (2).exe
2014-07-17 09:09 - 2014-07-17 09:09 - 00000012 _____ () C:\Windows\sruna.log
2014-07-17 08:54 - 2014-07-20 17:03 - 00000000 ____D () C:\Program Files (x86)\Fralimbo
2014-07-17 08:54 - 2014-07-20 16:50 - 00000866 _____ () C:\Windows\SysWOW64\InstallUtil.InstallLog
2014-07-17 08:53 - 2014-07-17 08:54 - 00000000 ____D () C:\Users\Hankins\AppData\Local\YckPack
2014-07-17 08:50 - 2014-07-17 08:50 - 00000000 __SHD () C:\Users\Hankins\AppData\Local\EmieUserList
2014-07-17 08:50 - 2014-07-17 08:50 - 00000000 __SHD () C:\Users\Hankins\AppData\Local\EmieSiteList
2014-07-17 08:48 - 2014-07-17 08:48 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-07-17 08:47 - 2014-07-20 16:32 - 00000000 ____D () C:\ProgramData\3d61b4e9f33e868d
2014-07-17 08:47 - 2014-07-17 08:47 - 00000000 ____D () C:\Users\Hankins\AppData\Local\Packages
2014-07-17 08:46 - 2014-07-20 16:41 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Hankins\AppData\Local\Torch
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Hankins\AppData\Local\globalUpdate
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Hankins\AppData\Local\Comodo
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Hankins\AppData\Local\Chromatic Browser
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Guest
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Administrator
2014-07-17 08:45 - 2014-07-20 23:32 - 00000000 ____D () C:\Program Files (x86)\explorer_0711
2014-07-17 08:45 - 2014-07-17 08:45 - 00000000 ____D () C:\Program Files (x86)\res_0711
2014-07-17 08:26 - 2014-07-20 18:11 - 00000000 ____D () C:\Users\Hankins\AppData\Roaming\serv
2014-07-17 08:26 - 2014-07-17 08:26 - 00000000 ____D () C:\ProgramData\Online
2014-07-14 19:31 - 2014-07-14 19:31 - 00277392 _____ () C:\Windows\Minidump\071414-25693-01.dmp
2014-07-14 19:31 - 2014-07-14 19:31 - 00000000 ____D () C:\Windows\Minidump
2014-07-14 19:30 - 2014-07-14 19:30 - 236457560 _____ () C:\Windows\MEMORY.DMP
2014-07-12 00:29 - 2014-06-20 15:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-12 00:29 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-12 00:29 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-12 00:29 - 2014-06-18 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-12 00:29 - 2014-06-18 20:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-12 00:29 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-12 00:29 - 2014-06-18 19:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-12 00:29 - 2014-06-18 19:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-12 00:29 - 2014-06-18 19:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-12 00:29 - 2014-06-18 19:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-12 00:29 - 2014-06-18 19:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-12 00:29 - 2014-06-18 19:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-12 00:29 - 2014-06-18 19:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-12 00:29 - 2014-06-18 19:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-12 00:29 - 2014-06-18 19:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-12 00:29 - 2014-06-18 19:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-12 00:29 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-12 00:29 - 2014-06-18 19:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-12 00:29 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-12 00:29 - 2014-06-18 18:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-12 00:29 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-12 00:29 - 2014-06-18 18:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-12 00:29 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-12 00:29 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-12 00:29 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-12 00:29 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-12 00:29 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-12 00:29 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-12 00:29 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-12 00:29 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-12 00:29 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-12 00:29 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-12 00:29 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-12 00:29 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-12 00:29 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-12 00:29 - 2014-06-18 18:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-12 00:29 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-12 00:29 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-12 00:29 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-12 00:29 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-12 00:29 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-12 00:29 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-12 00:29 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-12 00:29 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-12 00:29 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-12 00:29 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-12 00:29 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-12 00:29 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-12 00:29 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-12 00:29 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-12 00:29 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-12 00:29 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-12 00:29 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-12 00:29 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-12 00:29 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-12 00:29 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-11 22:47 - 2014-06-05 09:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-11 22:47 - 2014-05-30 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-11 22:47 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-11 22:47 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-11 22:47 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-11 22:47 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-11 22:47 - 2014-05-30 03:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-11 22:47 - 2014-05-30 03:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-11 22:47 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-11 22:47 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-11 22:47 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-11 22:47 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-11 22:47 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-11 22:47 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-11 22:47 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-11 22:46 - 2014-06-05 09:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-11 22:46 - 2014-06-05 09:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-11 22:35 - 2014-06-29 21:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-11 22:35 - 2014-06-29 21:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-11 22:35 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-11 22:35 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-11 22:35 - 2014-06-17 20:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-11 22:35 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-11 22:35 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-11 22:34 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-06 00:14 - 2014-07-06 00:14 - 00033794 _____ () C:\Users\Hankins\Downloads\Contact Request.zip
2014-07-06 00:14 - 2014-07-06 00:14 - 00028549 _____ () C:\Users\Hankins\Downloads\Copy of TAKEYA order form - CDN 2 3 14.xlsx
2014-07-05 23:38 - 2014-07-05 23:41 - 00000000 ____D () C:\Users\Hankins\Desktop\For sale 7-5-14
2014-07-05 23:34 - 2014-07-05 23:34 - 00002048 _____ () C:\Users\Public\Desktop\Intelli-studio.lnk
2014-07-05 23:34 - 2014-07-05 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAMSUNG
2014-06-27 16:13 - 2014-06-27 16:13 - 01068923 _____ () C:\Users\Hankins\Desktop\post op day 0.htm
2014-06-27 16:13 - 2014-06-27 16:13 - 00000000 ____D () C:\Users\Hankins\Desktop\post op day 0_files

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-24 09:51 - 2014-07-21 20:18 - 00014597 _____ () C:\Users\Hankins\Desktop\FRST.txt
2014-07-24 09:51 - 2009-10-13 21:14 - 01059347 _____ () C:\Windows\WindowsUpdate.log
2014-07-24 09:50 - 2014-07-24 09:50 - 00000000 ____D () C:\Users\Hankins\Desktop\FRST-OlderVersion
2014-07-24 09:50 - 2014-07-21 20:17 - 00000000 ____D () C:\FRST
2014-07-24 09:50 - 2014-07-21 20:16 - 02093568 _____ (Farbar) C:\Users\Hankins\Desktop\FRST64.exe
2014-07-24 09:37 - 2012-01-03 21:58 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-368655912-4061742381-3321887495-1003UA.job
2014-07-24 09:36 - 2010-03-10 16:00 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-24 09:32 - 2012-04-07 21:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-24 06:43 - 2009-07-13 23:45 - 00017600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-24 06:43 - 2009-07-13 23:45 - 00017600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-24 06:33 - 2012-01-03 21:58 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-368655912-4061742381-3321887495-1003Core.job
2014-07-23 17:19 - 2010-03-10 16:00 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-23 10:43 - 2014-07-20 17:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-22 19:09 - 2011-06-18 08:30 - 00021981 _____ () C:\Windows\setupact.log
2014-07-22 16:00 - 2014-07-22 15:59 - 00014072 _____ () C:\Users\Hankins\Desktop\Heidi's Bach itemized updated72214.xlsx
2014-07-22 15:49 - 2014-05-13 11:24 - 00014073 _____ () C:\Users\Hankins\Downloads\Heidi's Bach itemized updated.xlsx
2014-07-22 10:21 - 2014-07-22 10:21 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-22 10:15 - 2014-07-22 10:15 - 02347384 _____ (ESET) C:\Users\Hankins\Desktop\esetsmartinstaller_enu.exe
2014-07-22 09:40 - 2014-07-22 08:21 - 00000000 ____D () C:\Program Files (x86)\msrtn32
2014-07-22 08:57 - 2014-07-22 08:57 - 00020547 _____ () C:\ComboFix.txt
2014-07-22 08:57 - 2014-07-22 08:28 - 00000000 ____D () C:\Qoobox
2014-07-22 08:57 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-07-22 08:54 - 2014-07-20 21:31 - 00000000 ____D () C:\Windows\ERDNT
2014-07-22 08:50 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-22 08:49 - 2011-06-18 13:04 - 00183712 _____ () C:\Windows\PFRO.log
2014-07-22 08:49 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-22 08:48 - 2009-07-13 21:34 - 85983232 _____ () C:\Windows\system32\config\software.bak
2014-07-22 08:48 - 2009-07-13 21:34 - 16777216 _____ () C:\Windows\system32\config\system.bak
2014-07-22 08:48 - 2009-07-13 21:34 - 00524288 _____ () C:\Windows\system32\config\default.bak
2014-07-22 08:48 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-07-22 08:48 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-07-22 08:33 - 2014-07-21 16:37 - 00000000 ____D () C:\Users\Hankins\AppData\Local\CrashDumps
2014-07-22 08:23 - 2014-07-22 08:23 - 05562504 ____R (Swearware) C:\Users\Hankins\Desktop\ComboFix.exe
2014-07-21 20:22 - 2014-07-21 20:20 - 00040635 _____ () C:\Users\Hankins\Desktop\Addition.txt
2014-07-21 17:51 - 2012-04-07 21:21 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-21 17:51 - 2012-04-07 21:21 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-21 17:51 - 2011-08-10 22:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-20 23:32 - 2014-07-17 08:45 - 00000000 ____D () C:\Program Files (x86)\explorer_0711
2014-07-20 22:12 - 2014-07-20 22:12 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-20 22:12 - 2014-07-20 22:12 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-20 21:48 - 2014-07-20 21:04 - 05336664 _____ () C:\Users\Hankins\Desktop\RogueKillerX64.exe
2014-07-20 21:29 - 2014-07-20 20:59 - 00002630 _____ () C:\Users\Hankins\Desktop\Rkill.txt
2014-07-20 21:24 - 2014-07-20 21:24 - 00000888 _____ () C:\Users\Hankins\Desktop\NTREGOPT.lnk
2014-07-20 21:24 - 2014-07-20 21:24 - 00000869 _____ () C:\Users\Hankins\Desktop\ERUNT.lnk
2014-07-20 21:24 - 2014-07-20 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-20 21:24 - 2014-07-20 21:24 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-07-20 21:22 - 2014-07-20 21:22 - 00791393 _____ (Lars Hederer ) C:\Users\Hankins\Desktop\erunt-setup.exe
2014-07-20 21:21 - 2014-07-20 21:20 - 00000000 ____D () C:\Users\Hankins\Desktop\flyclick biz problem
2014-07-20 21:07 - 2014-07-20 21:07 - 04770904 _____ () C:\Users\Hankins\Desktop\RogueKiller.exe
2014-07-20 20:58 - 2014-07-20 20:59 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Hankins\Desktop\rkill.exe
2014-07-20 20:58 - 2014-07-20 20:56 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Hankins\Downloads\iExplore.exe
2014-07-20 18:40 - 2012-01-03 21:59 - 00002380 _____ () C:\Users\Hankins\Desktop\Google Chrome.lnk
2014-07-20 18:11 - 2014-07-17 08:26 - 00000000 ____D () C:\Users\Hankins\AppData\Roaming\serv
2014-07-20 18:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
2014-07-20 17:27 - 2014-07-20 17:27 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-20 17:27 - 2014-07-20 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-20 17:26 - 2014-07-20 17:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 17:26 - 2014-07-20 17:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-20 17:23 - 2014-07-20 17:22 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hankins\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-20 17:03 - 2014-07-17 08:54 - 00000000 ____D () C:\Program Files (x86)\Fralimbo
2014-07-20 17:03 - 2009-08-22 04:49 - 00000000 ____D () C:\Program Files\Google
2014-07-20 17:03 - 2009-08-22 04:49 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-20 17:01 - 2014-07-20 17:01 - 00000000 ____D () C:\found.002
2014-07-20 16:50 - 2014-07-17 08:54 - 00000866 _____ () C:\Windows\SysWOW64\InstallUtil.InstallLog
2014-07-20 16:42 - 2009-11-11 15:42 - 00000000 ____D () C:\Users\Hankins\AppData\Local\Google
2014-07-20 16:42 - 2009-08-22 04:49 - 00000000 ____D () C:\ProgramData\Google
2014-07-20 16:41 - 2014-07-17 08:46 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-07-20 16:40 - 2014-07-20 16:40 - 00000000 ____D () C:\Program Files (x86)\predm
2014-07-20 16:37 - 2009-08-22 04:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-20 16:32 - 2014-07-17 08:47 - 00000000 ____D () C:\ProgramData\3d61b4e9f33e868d
2014-07-20 16:30 - 2014-07-18 10:45 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-07-20 16:28 - 2009-07-13 21:34 - 00000612 _____ () C:\Windows\win.ini
2014-07-20 16:24 - 2014-07-20 16:24 - 00000318 _____ () C:\Users\Hankins\AppData\Roaming\aps.uninstall.scan.results
2014-07-18 11:01 - 2014-07-18 11:00 - 00027888 _____ () C:\Users\Hankins\Downloads\afr.php
2014-07-18 10:52 - 2014-07-18 10:51 - 01385112 _____ () C:\Users\Hankins\Downloads\Setup.exe
2014-07-18 10:47 - 2014-06-14 05:12 - 00000000 ____D () C:\Users\Hankins\Desktop\2014-06-14
2014-07-18 10:45 - 2014-07-18 10:45 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-07-18 10:45 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-18 10:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-07-18 09:58 - 2014-07-18 09:56 - 00949504 _____ () C:\Users\Hankins\Downloads\java_installer (2).exe
2014-07-17 09:09 - 2014-07-17 09:09 - 00000012 _____ () C:\Windows\sruna.log
2014-07-17 08:54 - 2014-07-17 08:53 - 00000000 ____D () C:\Users\Hankins\AppData\Local\YckPack
2014-07-17 08:50 - 2014-07-17 08:50 - 00000000 __SHD () C:\Users\Hankins\AppData\Local\EmieUserList
2014-07-17 08:50 - 2014-07-17 08:50 - 00000000 __SHD () C:\Users\Hankins\AppData\Local\EmieSiteList
2014-07-17 08:48 - 2014-07-17 08:48 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-07-17 08:47 - 2014-07-17 08:47 - 00000000 ____D () C:\Users\Hankins\AppData\Local\Packages
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Hankins\AppData\Local\Torch
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Hankins\AppData\Local\globalUpdate
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Hankins\AppData\Local\Comodo
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Hankins\AppData\Local\Chromatic Browser
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Guest
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Administrator
2014-07-17 08:46 - 2009-08-22 04:33 - 00000000 ____D () C:\Intel
2014-07-17 08:45 - 2014-07-17 08:45 - 00000000 ____D () C:\Program Files (x86)\res_0711
2014-07-17 08:26 - 2014-07-17 08:26 - 00000000 ____D () C:\ProgramData\Online
2014-07-14 22:29 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-07-14 22:29 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-07-14 19:31 - 2014-07-14 19:31 - 00277392 _____ () C:\Windows\Minidump\071414-25693-01.dmp
2014-07-14 19:31 - 2014-07-14 19:31 - 00000000 ____D () C:\Windows\Minidump
2014-07-14 19:31 - 2009-11-11 15:33 - 00000000 ____D () C:\Users\Hankins
2014-07-14 19:30 - 2014-07-14 19:30 - 236457560 _____ () C:\Windows\MEMORY.DMP
2014-07-12 05:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-07-12 03:34 - 2009-07-13 23:45 - 00444312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-12 03:30 - 2014-05-01 13:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-12 03:30 - 2009-08-22 05:23 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 03:30 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-12 03:30 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-12 03:11 - 2009-09-11 15:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-11 02:03 - 2013-08-11 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-11 01:59 - 2011-02-09 21:28 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-06 00:14 - 2014-07-06 00:14 - 00033794 _____ () C:\Users\Hankins\Downloads\Contact Request.zip
2014-07-06 00:14 - 2014-07-06 00:14 - 00028549 _____ () C:\Users\Hankins\Downloads\Copy of TAKEYA order form - CDN 2 3 14.xlsx
2014-07-05 23:41 - 2014-07-05 23:38 - 00000000 ____D () C:\Users\Hankins\Desktop\For sale 7-5-14
2014-07-05 23:35 - 2014-06-14 05:10 - 00000000 ____D () C:\Users\Hankins\AppData\Roaming\Intelli-studio
2014-07-05 23:34 - 2014-07-05 23:34 - 00002048 _____ () C:\Users\Public\Desktop\Intelli-studio.lnk
2014-07-05 23:34 - 2014-07-05 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAMSUNG
2014-07-05 23:21 - 2009-07-14 00:13 - 00848194 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-29 21:09 - 2014-07-11 22:35 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 21:04 - 2014-07-11 22:35 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-27 16:13 - 2014-06-27 16:13 - 01068923 _____ () C:\Users\Hankins\Desktop\post op day 0.htm
2014-06-27 16:13 - 2014-06-27 16:13 - 00000000 ____D () C:\Users\Hankins\Desktop\post op day 0_files
2014-06-24 20:32 - 2012-01-03 21:58 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-368655912-4061742381-3321887495-1003UA
2014-06-24 20:32 - 2012-01-03 21:58 - 00003494 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-368655912-4061742381-3321887495-1003Core
2014-06-24 15:31 - 2010-03-10 16:00 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-24 15:31 - 2010-03-10 16:00 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-20 23:16

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2014
Ran by Hankins at 2014-07-24 09:52:14
Running from C:\Users\Hankins\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Assist (HKLM-x32\...\Acer Assist) (Version: - Acer Incorporated)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.7.1 - Suyin Optronics Corp)
Acer Empowering Technology (HKLM-x32\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3016 - Acer Incorporated)
Acer ePower Management (HKLM-x32\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 3.0.3019 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3003 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.4.0812 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3014 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Broadcom Gigabit Integrated Controller (HKLM\...\{49F3D04B-B849-4C89-AB31-2366A004EA28}) (Version: 12.24.02 - Broadcom Corporation)
Business Contact Manager for Outlook 2007 SP2 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.07 - Piriform)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{043645C8-48EC-458F-B9BD-9C8F15CEF6F7}) (Version: - Microsoft)
Diner Dash Hometown Hero - Gourmet (HKLM-x32\...\Diner Dash Hometown Hero - Gourmet) (Version: - PlayFirst, Inc.)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
f.lux (HKCU\...\Flux) (Version: - )
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Acer Incorporated)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5.10.39 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.5.10.39 - InterVideo Inc.) Hidden
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.04 - Acer Inc.)
LibreOffice 3.3 (HKLM-x32\...\{1A97CF67-FEBB-436E-BD64-431FFEF72EB8}) (Version: 3.3.8 - LibreOffice)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 1.0.0 - AOL LLC) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6619 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6619 - NewTech Infosystems) Hidden
NTI Shadow (HKLM-x32\...\InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}) (Version: 3.7.6.56 - NewTech Infosystems)
NTI Shadow (x32 Version: 3.7.6.56 - NewTech Infosystems) Hidden
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version: - PopCap Games)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Respondus LockDown Browser (HKLM-x32\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.)
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Skype Toolbars (HKLM-x32\...\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}) (Version: 5.0.4137 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe (HKLM-x32\...\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}) (Version: 1.6.5.17120 - Synaptics Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.20.0 - Synaptics Incorporated)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{428CB7A0-1068-4CE1-8835-39C7ECD297ED}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{324703B5-6765-489D-9B9B-B082D34F882E}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{860EE8B1-0B9F-4A8A-91FE-649CD3C6754C}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{DBAC8ED2-9287-499E-AD66-590C7413C7DE}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{393B360E-62F8-463D-B914-1ECDC1359A46}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3005 - Acer Incorporated)
WildTangent Games App (Acer Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.5.36 - WildTangent)
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

==================== Custom CLSID entries: ==========================

(Only entries are listed that could be exploited by malware. If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-368655912-4061742381-3321887495-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Hankins\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-368655912-4061742381-3321887495-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Hankins\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-368655912-4061742381-3321887495-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Hankins\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-368655912-4061742381-3321887495-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Hankins\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

20-07-2014 21:53:34 Removed Acrobat.com
20-07-2014 21:55:07 Windows Update
20-07-2014 22:11:25 Windows Update
20-07-2014 23:12:41 Windows Update
21-07-2014 00:25:10 Windows Update
21-07-2014 12:45:32 Windows Update
22-07-2014 01:36:08 Windows Update
23-07-2014 15:42:35 Windows Update
24-07-2014 11:33:00 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-07-22 08:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {085A1575-09D9-4526-ADAB-31851D736E0C} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {0C8F0920-791D-49CC-B09F-D6BA40C57BDD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-10] (Google Inc.)
Task: {1A563C52-0B11-4B6E-8FDB-FAA9F61F6BDC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-368655912-4061742381-3321887495-1003Core => C:\Users\Hankins\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-03] (Google Inc.)
Task: {269F07C7-A8D2-4484-B0A2-D3F5810FB4F6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-368655912-4061742381-3321887495-1003UA => C:\Users\Hankins\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-03] (Google Inc.)
Task: {3E35CBDD-E27D-44A7-914A-F6B7424FF252} - System32\Tasks\{3020086E-1669-42B0-A6AD-9FADD82E9784} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {5DF8A8BA-ACF4-4B58-890A-75E60F63AF6C} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-07-09] (Acer)
Task: {BE79FE70-0C5F-4DE1-B3BD-97E28D346E95} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-10] (Google Inc.)
Task: {C88B1AFE-6733-471D-A311-77317F8B17A3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-21] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-368655912-4061742381-3321887495-1003Core.job => C:\Users\Hankins\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-368655912-4061742381-3321887495-1003UA.job => C:\Users\Hankins\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-03-06 18:15 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2009-09-11 15:40 - 2009-08-11 18:29 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2009-09-11 15:40 - 2009-09-11 15:40 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3016.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2009-09-11 15:40 - 2009-09-11 15:40 - 00020480 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3016.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2009-09-11 15:40 - 2009-09-11 15:40 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3016.0__3036420f80dd6947\Framework.Library.dll
2009-09-11 15:40 - 2009-09-11 15:40 - 00028672 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3016.0__672b450de5a7e94a\Framework.Host.dll
2009-09-11 15:40 - 2009-09-11 15:40 - 00016384 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3016.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-05-25 12:09 - 2014-05-25 12:10 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Hankins\Downloads\faulty product (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Hankins\Downloads\faulty product.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk => C:\Windows\pss\Acer VCM.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scrybe.lnk => C:\Windows\pss\Scrybe.lnk.CommonStartup
MSCONFIG\startupreg: Acer Assist Launcher => C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AnyProtect Scanner => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: ePower_DMC => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Hankins\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/24/2014 06:33:43 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies - Update 'Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (07/24/2014 06:33:43 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.

Error: (07/23/2014 05:55:49 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (07/23/2014 05:53:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/23/2014 11:22:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 29.0.1.5239 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 858

Start Time: 01cfa5b5318c8272

Termination Time: 18630

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 2c3fb1d0-1285-11e4-88db-00262d57407f

Error: (07/23/2014 10:47:02 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies - Update 'Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (07/23/2014 10:47:02 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.

Error: (07/23/2014 10:42:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ScrybeUpdater.exe, version: 1.0.13.0, time stamp: 0x4cfe6fd7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00081001
Faulting process id: 0x640
Faulting application start time: 0xScrybeUpdater.exe0
Faulting application path: ScrybeUpdater.exe1
Faulting module path: ScrybeUpdater.exe2
Report Id: ScrybeUpdater.exe3

Error: (07/22/2014 08:30:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/22/2014 00:15:33 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

System errors:
=============
Error: (07/24/2014 06:36:53 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office PowerPoint 2007 (KB2596764).

Error: (07/23/2014 11:19:55 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (07/23/2014 10:47:10 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office PowerPoint 2007 (KB2596764).

Error: (07/23/2014 10:42:24 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Scrybe Updater service terminated unexpectedly. It has done this 1 time(s).

Error: (07/23/2014 10:41:42 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (07/22/2014 07:09:18 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{14DDE61E-6F36-49C4-809B-29C488338F4F} because another computer on the network has the same name. The server could not start.

Error: (07/22/2014 07:08:42 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (07/22/2014 07:08:42 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ETService service.

Error: (07/22/2014 02:48:35 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (07/22/2014 02:48:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error:
%%1053

Microsoft Office Sessions:
=========================
Error: (07/24/2014 06:33:43 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office 2007 Primary Interop AssembliesSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition1603(NULL)(NULL)(NULL)

Error: (07/24/2014 06:33:43 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/23/2014 05:55:49 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (07/23/2014 05:53:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (07/23/2014 11:22:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe29.0.1.523985801cfa5b5318c827218630C:\Program Files (x86)\Mozilla Firefox\firefox.exe2c3fb1d0-1285-11e4-88db-00262d57407f

Error: (07/23/2014 10:47:02 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office 2007 Primary Interop AssembliesSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition1603(NULL)(NULL)(NULL)

Error: (07/23/2014 10:47:02 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/23/2014 10:42:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ScrybeUpdater.exe1.0.13.04cfe6fd7unknown0.0.0.000000000c00000050008100164001cfa5b3d6a98633C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exeunknowne538655b-127f-11e4-88db-00262d57407f

Error: (07/22/2014 08:30:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (07/22/2014 00:15:33 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

CodeIntegrity Errors:
===================================
Date: 2014-07-22 08:46:51.604
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-22 08:46:50.949
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 49%
Total physical RAM: 1976.96 MB
Available physical RAM: 990 MB
Total Pagefile: 5243.18 MB
Available Pagefile: 3233.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:137.23 GB) (Free:69.1 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (DVDIRECT_DVD_010013F1C0) (CDROM) (Total:4.2 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: FBF6FBF6)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=137 GB) - (Type=07 NTFS)

==================== End Of Log ============================

deeprybka · July 24, 2014

OK,

Step 1

Please download the attached fixlist and save it in the same directory as FRST.

Start FRST with Administrator privileges.
Press the Fix button.
When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
Please copy and paste its contents in your next reply.

fixlist.txt

After reboot:

Step 2

Please run a FRST scan. This will help us diagnose your problem.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

Start FRST with administator privileges.
Make sure the option Addition.txt is checked and press the Scan button.
When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
Please copy and paste these logs in your next reply.

tlivingd · July 24, 2014

Hello ran into a problem running FRST with fixlist.txt on my desktop.

AutoIt Error

Line 4238 (File "c:\users\hankins\desktop\frst64.exe"):

Error: Variable used without being declared.

deeprybka · July 24, 2014

Hi,

please download the new fixlist and try it again.

tlivingd · July 24, 2014

Hello, hopefully we're near the end

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014
Ran by Hankins (administrator) on HANKINS-PC on 24-07-2014 11:13:42
Running from C:\Users\Hankins\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Flux Software LLC) C:\Users\Hankins\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Synaptics, Inc.) C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-05] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-368655912-4061742381-3321887495-1003\...\Run: [spybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-368655912-4061742381-3321887495-1003\...\Run: [f.lux] => C:\Users\Hankins\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Plug-In -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.104.96.61
Tcpip\..\Interfaces\{14DDE61E-6F36-49C4-809B-29C488338F4F}: [NameServer]8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{EA8B154C-3C44-4055-BCF5-FC9E2CFFADF5}: [NameServer]8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Hankins\AppData\Roaming\Mozilla\Firefox\Profiles\hcssiixz.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8064.0206 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Hankins\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Hankins\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Hankins\AppData\Roaming\Mozilla\Firefox\Profiles\hcssiixz.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Hankins\AppData\Roaming\Mozilla\Firefox\Profiles\hcssiixz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-22]
FF Extension: Skype extension - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-05-25]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-25]

Chrome:
=======
CHR HomePage:
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hankins\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-06]
CHR Extension: (Adblock Plus) - C:\Users\Hankins\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-07-20]
CHR Extension: (Google Wallet) - C:\Users\Hankins\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR StartMenuInternet: Google Chrome - C:\Users\Hankins\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2009-08-11] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2007-02-12] (O2Micro International) [File not signed]
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [File not signed]
R2 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-27] (Synaptics, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 O2MDRDR; C:\Windows\system32\DRIVERS\o2mdx64.sys [63264 2009-05-07] (O2Micro )
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30312 2014-07-20] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-24 10:40 - 2014-07-24 10:41 - 00000259 _____ () C:\Users\Hankins\Desktop\index.php
2014-07-24 09:50 - 2014-07-24 09:50 - 00000000 ____D () C:\Users\Hankins\Desktop\FRST-OlderVersion
2014-07-22 15:59 - 2014-07-22 16:00 - 00014072 _____ () C:\Users\Hankins\Desktop\Heidi's Bach itemized updated72214.xlsx
2014-07-22 10:21 - 2014-07-22 10:21 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-22 10:15 - 2014-07-22 10:15 - 02347384 _____ (ESET) C:\Users\Hankins\Desktop\esetsmartinstaller_enu.exe
2014-07-22 08:57 - 2014-07-22 08:57 - 00020547 _____ () C:\ComboFix.txt
2014-07-22 08:35 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-22 08:35 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-22 08:35 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-22 08:35 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-22 08:35 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-22 08:35 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-22 08:35 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-22 08:35 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-22 08:28 - 2014-07-22 08:57 - 00000000 ____D () C:\Qoobox
2014-07-22 08:23 - 2014-07-22 08:23 - 05562504 ____R (Swearware) C:\Users\Hankins\Desktop\ComboFix.exe
2014-07-22 08:21 - 2014-07-22 09:40 - 00000000 ____D () C:\Program Files (x86)\msrtn32
2014-07-21 20:20 - 2014-07-24 09:52 - 00043567 _____ () C:\Users\Hankins\Desktop\Addition.txt
2014-07-21 20:18 - 2014-07-24 11:14 - 00013893 _____ () C:\Users\Hankins\Desktop\FRST.txt
2014-07-21 20:17 - 2014-07-24 11:13 - 00000000 ____D () C:\FRST
2014-07-21 20:16 - 2014-07-24 09:50 - 02093568 _____ (Farbar) C:\Users\Hankins\Desktop\FRST64.exe
2014-07-21 16:37 - 2014-07-22 08:33 - 00000000 ____D () C:\Users\Hankins\AppData\Local\CrashDumps
2014-07-20 22:12 - 2014-07-20 22:12 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-20 22:12 - 2014-07-20 22:12 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-20 21:31 - 2014-07-22 08:54 - 00000000 ____D () C:\Windows\ERDNT
2014-07-20 21:24 - 2014-07-20 21:24 - 00000888 _____ () C:\Users\Hankins\Desktop\NTREGOPT.lnk
2014-07-20 21:24 - 2014-07-20 21:24 - 00000869 _____ () C:\Users\Hankins\Desktop\ERUNT.lnk
2014-07-20 21:24 - 2014-07-20 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-20 21:24 - 2014-07-20 21:24 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-07-20 21:22 - 2014-07-20 21:22 - 00791393 _____ (Lars Hederer ) C:\Users\Hankins\Desktop\erunt-setup.exe
2014-07-20 21:20 - 2014-07-20 21:21 - 00000000 ____D () C:\Users\Hankins\Desktop\flyclick biz problem
2014-07-20 21:07 - 2014-07-20 21:07 - 04770904 _____ () C:\Users\Hankins\Desktop\RogueKiller.exe
2014-07-20 21:04 - 2014-07-20 21:48 - 05336664 _____ () C:\Users\Hankins\Desktop\RogueKillerX64.exe
2014-07-20 20:59 - 2014-07-20 21:29 - 00002630 _____ () C:\Users\Hankins\Desktop\Rkill.txt
2014-07-20 20:59 - 2014-07-20 20:58 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Hankins\Desktop\rkill.exe
2014-07-20 20:56 - 2014-07-20 20:58 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Hankins\Downloads\iExplore.exe
2014-07-20 17:27 - 2014-07-24 11:10 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-20 17:27 - 2014-07-20 17:27 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-20 17:27 - 2014-07-20 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-20 17:26 - 2014-07-20 17:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 17:26 - 2014-07-20 17:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-20 17:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-20 17:26 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-20 17:26 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-20 17:22 - 2014-07-20 17:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hankins\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-20 17:01 - 2014-07-20 17:01 - 00000000 ____D () C:\found.002
2014-07-20 16:40 - 2014-07-20 16:40 - 00000000 ____D () C:\Program Files (x86)\predm
2014-07-20 16:24 - 2014-07-20 16:24 - 00000318 _____ () C:\Users\Hankins\AppData\Roaming\aps.uninstall.scan.results
2014-07-18 11:00 - 2014-07-18 11:01 - 00027888 _____ () C:\Users\Hankins\Downloads\afr.php
2014-07-18 10:51 - 2014-07-18 10:52 - 01385112 _____ () C:\Users\Hankins\Downloads\Setup.exe
2014-07-18 10:45 - 2014-07-24 11:09 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-07-18 10:45 - 2014-07-18 10:45 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-07-18 09:56 - 2014-07-18 09:58 - 00949504 _____ () C:\Users\Hankins\Downloads\java_installer (2).exe
2014-07-17 09:09 - 2014-07-17 09:09 - 00000012 _____ () C:\Windows\sruna.log
2014-07-17 08:54 - 2014-07-20 17:03 - 00000000 ____D () C:\Program Files (x86)\Fralimbo
2014-07-17 08:54 - 2014-07-20 16:50 - 00000866 _____ () C:\Windows\SysWOW64\InstallUtil.InstallLog
2014-07-17 08:50 - 2014-07-17 08:50 - 00000000 __SHD () C:\Users\Hankins\AppData\Local\EmieUserList
2014-07-17 08:50 - 2014-07-17 08:50 - 00000000 __SHD () C:\Users\Hankins\AppData\Local\EmieSiteList
2014-07-17 08:48 - 2014-07-17 08:48 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-07-17 08:47 - 2014-07-20 16:32 - 00000000 ____D () C:\ProgramData\3d61b4e9f33e868d
2014-07-17 08:47 - 2014-07-17 08:47 - 00000000 ____D () C:\Users\Hankins\AppData\Local\Packages
2014-07-17 08:46 - 2014-07-20 16:41 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Hankins\AppData\Local\Torch
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Hankins\AppData\Local\globalUpdate
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Hankins\AppData\Local\Comodo
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Hankins\AppData\Local\Chromatic Browser
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Guest
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Administrator
2014-07-17 08:45 - 2014-07-20 23:32 - 00000000 ____D () C:\Program Files (x86)\explorer_0711
2014-07-17 08:26 - 2014-07-17 08:26 - 00000000 ____D () C:\ProgramData\Online
2014-07-14 19:31 - 2014-07-14 19:31 - 00277392 _____ () C:\Windows\Minidump\071414-25693-01.dmp
2014-07-14 19:31 - 2014-07-14 19:31 - 00000000 ____D () C:\Windows\Minidump
2014-07-14 19:30 - 2014-07-14 19:30 - 236457560 _____ () C:\Windows\MEMORY.DMP
2014-07-12 00:29 - 2014-06-20 15:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-12 00:29 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-12 00:29 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-12 00:29 - 2014-06-18 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-12 00:29 - 2014-06-18 20:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-12 00:29 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-12 00:29 - 2014-06-18 19:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-12 00:29 - 2014-06-18 19:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-12 00:29 - 2014-06-18 19:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-12 00:29 - 2014-06-18 19:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-12 00:29 - 2014-06-18 19:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-12 00:29 - 2014-06-18 19:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-12 00:29 - 2014-06-18 19:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-12 00:29 - 2014-06-18 19:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-12 00:29 - 2014-06-18 19:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-12 00:29 - 2014-06-18 19:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-12 00:29 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-12 00:29 - 2014-06-18 19:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-12 00:29 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-12 00:29 - 2014-06-18 18:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-12 00:29 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-12 00:29 - 2014-06-18 18:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-12 00:29 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-12 00:29 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-12 00:29 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-12 00:29 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-12 00:29 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-12 00:29 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-12 00:29 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-12 00:29 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-12 00:29 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-12 00:29 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-12 00:29 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-12 00:29 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-12 00:29 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-12 00:29 - 2014-06-18 18:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-12 00:29 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-12 00:29 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-12 00:29 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-12 00:29 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-12 00:29 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-12 00:29 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-12 00:29 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-12 00:29 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-12 00:29 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-12 00:29 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-12 00:29 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-12 00:29 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-12 00:29 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-12 00:29 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-12 00:29 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-12 00:29 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-12 00:29 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-12 00:29 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-12 00:29 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-12 00:29 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-11 22:47 - 2014-06-05 09:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-11 22:47 - 2014-05-30 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-11 22:47 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-11 22:47 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-11 22:47 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-11 22:47 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-11 22:47 - 2014-05-30 03:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-11 22:47 - 2014-05-30 03:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-11 22:47 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-11 22:47 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-11 22:47 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-11 22:47 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-11 22:47 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-11 22:47 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-11 22:47 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-11 22:46 - 2014-06-05 09:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-11 22:46 - 2014-06-05 09:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-11 22:35 - 2014-06-29 21:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-11 22:35 - 2014-06-29 21:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-11 22:35 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-11 22:35 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-11 22:35 - 2014-06-17 20:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-11 22:35 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-11 22:35 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-11 22:34 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-06 00:14 - 2014-07-06 00:14 - 00033794 _____ () C:\Users\Hankins\Downloads\Contact Request.zip
2014-07-06 00:14 - 2014-07-06 00:14 - 00028549 _____ () C:\Users\Hankins\Downloads\Copy of TAKEYA order form - CDN 2 3 14.xlsx
2014-07-05 23:38 - 2014-07-05 23:41 - 00000000 ____D () C:\Users\Hankins\Desktop\For sale 7-5-14
2014-07-05 23:34 - 2014-07-05 23:34 - 00002048 _____ () C:\Users\Public\Desktop\Intelli-studio.lnk
2014-07-05 23:34 - 2014-07-05 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAMSUNG
2014-06-27 16:13 - 2014-06-27 16:13 - 01068923 _____ () C:\Users\Hankins\Desktop\post op day 0.htm
2014-06-27 16:13 - 2014-06-27 16:13 - 00000000 ____D () C:\Users\Hankins\Desktop\post op day 0_files

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-24 11:14 - 2014-07-21 20:18 - 00013893 _____ () C:\Users\Hankins\Desktop\FRST.txt
2014-07-24 11:13 - 2014-07-21 20:17 - 00000000 ____D () C:\FRST
2014-07-24 11:13 - 2009-10-13 21:14 - 01145691 _____ () C:\Windows\WindowsUpdate.log
2014-07-24 11:10 - 2014-07-20 17:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-24 11:09 - 2014-07-18 10:45 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-07-24 11:09 - 2011-06-18 08:30 - 00022037 _____ () C:\Windows\setupact.log
2014-07-24 11:09 - 2010-03-10 16:00 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-24 11:09 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-24 11:07 - 2013-09-25 23:04 - 00006658 _____ () C:\Users\Hankins\Downloads\faulty product.eml
2014-07-24 11:07 - 2013-09-25 23:04 - 00006658 _____ () C:\Users\Hankins\Downloads\faulty product (1).eml
2014-07-24 11:07 - 2013-09-25 23:04 - 00000000 ____D () C:\TEMP
2014-07-24 11:07 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-24 10:41 - 2014-07-24 10:40 - 00000259 _____ () C:\Users\Hankins\Desktop\index.php
2014-07-24 10:37 - 2012-01-03 21:58 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-368655912-4061742381-3321887495-1003UA.job
2014-07-24 10:36 - 2010-03-10 16:00 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-24 10:32 - 2012-04-07 21:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-24 09:52 - 2014-07-21 20:20 - 00043567 _____ () C:\Users\Hankins\Desktop\Addition.txt
2014-07-24 09:50 - 2014-07-24 09:50 - 00000000 ____D () C:\Users\Hankins\Desktop\FRST-OlderVersion
2014-07-24 09:50 - 2014-07-21 20:16 - 02093568 _____ (Farbar) C:\Users\Hankins\Desktop\FRST64.exe
2014-07-24 06:43 - 2009-07-13 23:45 - 00017600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-24 06:43 - 2009-07-13 23:45 - 00017600 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-24 06:33 - 2012-01-03 21:58 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-368655912-4061742381-3321887495-1003Core.job
2014-07-22 16:00 - 2014-07-22 15:59 - 00014072 _____ () C:\Users\Hankins\Desktop\Heidi's Bach itemized updated72214.xlsx
2014-07-22 15:49 - 2014-05-13 11:24 - 00014073 _____ () C:\Users\Hankins\Downloads\Heidi's Bach itemized updated.xlsx
2014-07-22 10:21 - 2014-07-22 10:21 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-22 10:15 - 2014-07-22 10:15 - 02347384 _____ (ESET) C:\Users\Hankins\Desktop\esetsmartinstaller_enu.exe
2014-07-22 09:40 - 2014-07-22 08:21 - 00000000 ____D () C:\Program Files (x86)\msrtn32
2014-07-22 08:57 - 2014-07-22 08:57 - 00020547 _____ () C:\ComboFix.txt
2014-07-22 08:57 - 2014-07-22 08:28 - 00000000 ____D () C:\Qoobox
2014-07-22 08:57 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-07-22 08:54 - 2014-07-20 21:31 - 00000000 ____D () C:\Windows\ERDNT
2014-07-22 08:50 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-22 08:49 - 2011-06-18 13:04 - 00183712 _____ () C:\Windows\PFRO.log
2014-07-22 08:48 - 2009-07-13 21:34 - 85983232 _____ () C:\Windows\system32\config\software.bak
2014-07-22 08:48 - 2009-07-13 21:34 - 16777216 _____ () C:\Windows\system32\config\system.bak
2014-07-22 08:48 - 2009-07-13 21:34 - 00524288 _____ () C:\Windows\system32\config\default.bak
2014-07-22 08:48 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-07-22 08:48 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-07-22 08:33 - 2014-07-21 16:37 - 00000000 ____D () C:\Users\Hankins\AppData\Local\CrashDumps
2014-07-22 08:23 - 2014-07-22 08:23 - 05562504 ____R (Swearware) C:\Users\Hankins\Desktop\ComboFix.exe
2014-07-21 17:51 - 2012-04-07 21:21 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-21 17:51 - 2012-04-07 21:21 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-21 17:51 - 2011-08-10 22:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-20 23:32 - 2014-07-17 08:45 - 00000000 ____D () C:\Program Files (x86)\explorer_0711
2014-07-20 22:12 - 2014-07-20 22:12 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-20 22:12 - 2014-07-20 22:12 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-20 21:48 - 2014-07-20 21:04 - 05336664 _____ () C:\Users\Hankins\Desktop\RogueKillerX64.exe
2014-07-20 21:29 - 2014-07-20 20:59 - 00002630 _____ () C:\Users\Hankins\Desktop\Rkill.txt
2014-07-20 21:24 - 2014-07-20 21:24 - 00000888 _____ () C:\Users\Hankins\Desktop\NTREGOPT.lnk
2014-07-20 21:24 - 2014-07-20 21:24 - 00000869 _____ () C:\Users\Hankins\Desktop\ERUNT.lnk
2014-07-20 21:24 - 2014-07-20 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-07-20 21:24 - 2014-07-20 21:24 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-07-20 21:22 - 2014-07-20 21:22 - 00791393 _____ (Lars Hederer ) C:\Users\Hankins\Desktop\erunt-setup.exe
2014-07-20 21:21 - 2014-07-20 21:20 - 00000000 ____D () C:\Users\Hankins\Desktop\flyclick biz problem
2014-07-20 21:07 - 2014-07-20 21:07 - 04770904 _____ () C:\Users\Hankins\Desktop\RogueKiller.exe
2014-07-20 20:58 - 2014-07-20 20:59 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Hankins\Desktop\rkill.exe
2014-07-20 20:58 - 2014-07-20 20:56 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\Hankins\Downloads\iExplore.exe
2014-07-20 18:40 - 2012-01-03 21:59 - 00002380 _____ () C:\Users\Hankins\Desktop\Google Chrome.lnk
2014-07-20 18:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
2014-07-20 17:27 - 2014-07-20 17:27 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-20 17:27 - 2014-07-20 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-20 17:26 - 2014-07-20 17:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-20 17:26 - 2014-07-20 17:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-20 17:23 - 2014-07-20 17:22 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hankins\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-20 17:03 - 2014-07-17 08:54 - 00000000 ____D () C:\Program Files (x86)\Fralimbo
2014-07-20 17:03 - 2009-08-22 04:49 - 00000000 ____D () C:\Program Files\Google
2014-07-20 17:03 - 2009-08-22 04:49 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-20 17:01 - 2014-07-20 17:01 - 00000000 ____D () C:\found.002
2014-07-20 16:50 - 2014-07-17 08:54 - 00000866 _____ () C:\Windows\SysWOW64\InstallUtil.InstallLog
2014-07-20 16:42 - 2009-11-11 15:42 - 00000000 ____D () C:\Users\Hankins\AppData\Local\Google
2014-07-20 16:42 - 2009-08-22 04:49 - 00000000 ____D () C:\ProgramData\Google
2014-07-20 16:41 - 2014-07-17 08:46 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-07-20 16:40 - 2014-07-20 16:40 - 00000000 ____D () C:\Program Files (x86)\predm
2014-07-20 16:37 - 2009-08-22 04:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-20 16:32 - 2014-07-17 08:47 - 00000000 ____D () C:\ProgramData\3d61b4e9f33e868d
2014-07-20 16:28 - 2009-07-13 21:34 - 00000612 _____ () C:\Windows\win.ini
2014-07-20 16:24 - 2014-07-20 16:24 - 00000318 _____ () C:\Users\Hankins\AppData\Roaming\aps.uninstall.scan.results
2014-07-18 11:01 - 2014-07-18 11:00 - 00027888 _____ () C:\Users\Hankins\Downloads\afr.php
2014-07-18 10:52 - 2014-07-18 10:51 - 01385112 _____ () C:\Users\Hankins\Downloads\Setup.exe
2014-07-18 10:47 - 2014-06-14 05:12 - 00000000 ____D () C:\Users\Hankins\Desktop\2014-06-14
2014-07-18 10:45 - 2014-07-18 10:45 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-07-18 10:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-07-18 09:58 - 2014-07-18 09:56 - 00949504 _____ () C:\Users\Hankins\Downloads\java_installer (2).exe
2014-07-17 09:09 - 2014-07-17 09:09 - 00000012 _____ () C:\Windows\sruna.log
2014-07-17 08:50 - 2014-07-17 08:50 - 00000000 __SHD () C:\Users\Hankins\AppData\Local\EmieUserList
2014-07-17 08:50 - 2014-07-17 08:50 - 00000000 __SHD () C:\Users\Hankins\AppData\Local\EmieSiteList
2014-07-17 08:48 - 2014-07-17 08:48 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-07-17 08:47 - 2014-07-17 08:47 - 00000000 ____D () C:\Users\Hankins\AppData\Local\Packages
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Hankins\AppData\Local\Torch
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Hankins\AppData\Local\globalUpdate
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Hankins\AppData\Local\Comodo
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Hankins\AppData\Local\Chromatic Browser
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Guest
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-07-17 08:46 - 2014-07-17 08:46 - 00000000 ____D () C:\Users\Administrator
2014-07-17 08:46 - 2009-08-22 04:33 - 00000000 ____D () C:\Intel
2014-07-17 08:26 - 2014-07-17 08:26 - 00000000 ____D () C:\ProgramData\Online
2014-07-14 22:29 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-07-14 22:29 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-07-14 19:31 - 2014-07-14 19:31 - 00277392 _____ () C:\Windows\Minidump\071414-25693-01.dmp
2014-07-14 19:31 - 2014-07-14 19:31 - 00000000 ____D () C:\Windows\Minidump
2014-07-14 19:31 - 2009-11-11 15:33 - 00000000 ____D () C:\Users\Hankins
2014-07-14 19:30 - 2014-07-14 19:30 - 236457560 _____ () C:\Windows\MEMORY.DMP
2014-07-12 05:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-07-12 03:34 - 2009-07-13 23:45 - 00444312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-12 03:30 - 2014-05-01 13:38 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-12 03:30 - 2009-08-22 05:23 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 03:30 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-12 03:30 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-12 03:11 - 2009-09-11 15:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-11 02:03 - 2013-08-11 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-11 01:59 - 2011-02-09 21:28 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-06 00:14 - 2014-07-06 00:14 - 00033794 _____ () C:\Users\Hankins\Downloads\Contact Request.zip
2014-07-06 00:14 - 2014-07-06 00:14 - 00028549 _____ () C:\Users\Hankins\Downloads\Copy of TAKEYA order form - CDN 2 3 14.xlsx
2014-07-05 23:41 - 2014-07-05 23:38 - 00000000 ____D () C:\Users\Hankins\Desktop\For sale 7-5-14
2014-07-05 23:35 - 2014-06-14 05:10 - 00000000 ____D () C:\Users\Hankins\AppData\Roaming\Intelli-studio
2014-07-05 23:34 - 2014-07-05 23:34 - 00002048 _____ () C:\Users\Public\Desktop\Intelli-studio.lnk
2014-07-05 23:34 - 2014-07-05 23:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAMSUNG
2014-07-05 23:21 - 2009-07-14 00:13 - 00848194 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-29 21:09 - 2014-07-11 22:35 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 21:04 - 2014-07-11 22:35 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-27 16:13 - 2014-06-27 16:13 - 01068923 _____ () C:\Users\Hankins\Desktop\post op day 0.htm
2014-06-27 16:13 - 2014-06-27 16:13 - 00000000 ____D () C:\Users\Hankins\Desktop\post op day 0_files
2014-06-24 20:32 - 2012-01-03 21:58 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-368655912-4061742381-3321887495-1003UA
2014-06-24 20:32 - 2012-01-03 21:58 - 00003494 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-368655912-4061742381-3321887495-1003Core
2014-06-24 15:31 - 2010-03-10 16:00 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-24 15:31 - 2010-03-10 16:00 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-20 23:16

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2014
Ran by Hankins at 2014-07-24 11:15:17
Running from C:\Users\Hankins\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Assist (HKLM-x32\...\Acer Assist) (Version: - Acer Incorporated)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.7.1 - Suyin Optronics Corp)
Acer Empowering Technology (HKLM-x32\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3016 - Acer Incorporated)
Acer ePower Management (HKLM-x32\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 3.0.3019 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3003 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.4.0812 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3014 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3000 - Acer Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Broadcom Gigabit Integrated Controller (HKLM\...\{49F3D04B-B849-4C89-AB31-2366A004EA28}) (Version: 12.24.02 - Broadcom Corporation)
Business Contact Manager for Outlook 2007 SP2 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.07 - Piriform)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{043645C8-48EC-458F-B9BD-9C8F15CEF6F7}) (Version: - Microsoft)
Diner Dash Hometown Hero - Gourmet (HKLM-x32\...\Diner Dash Hometown Hero - Gourmet) (Version: - PlayFirst, Inc.)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
f.lux (HKCU\...\Flux) (Version: - )
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Acer Incorporated)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5.10.39 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.5.10.39 - InterVideo Inc.) Hidden
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.04 - Acer Inc.)
LibreOffice 3.3 (HKLM-x32\...\{1A97CF67-FEBB-436E-BD64-431FFEF72EB8}) (Version: 3.3.8 - LibreOffice)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 1.0.0 - AOL LLC) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6619 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6619 - NewTech Infosystems) Hidden
NTI Shadow (HKLM-x32\...\InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}) (Version: 3.7.6.56 - NewTech Infosystems)
NTI Shadow (x32 Version: 3.7.6.56 - NewTech Infosystems) Hidden
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version: - PopCap Games)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Respondus LockDown Browser (HKLM-x32\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.)
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Skype Toolbars (HKLM-x32\...\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}) (Version: 5.0.4137 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe (HKLM-x32\...\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}) (Version: 1.6.5.17120 - Synaptics Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.20.0 - Synaptics Incorporated)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{428CB7A0-1068-4CE1-8835-39C7ECD297ED}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{324703B5-6765-489D-9B9B-B082D34F882E}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{860EE8B1-0B9F-4A8A-91FE-649CD3C6754C}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{DBAC8ED2-9287-499E-AD66-590C7413C7DE}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{393B360E-62F8-463D-B914-1ECDC1359A46}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3005 - Acer Incorporated)
WildTangent Games App (Acer Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.5.36 - WildTangent)
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

==================== Custom CLSID entries: ==========================

(Only entries are listed that could be exploited by malware. If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-368655912-4061742381-3321887495-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Hankins\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-368655912-4061742381-3321887495-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Hankins\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-368655912-4061742381-3321887495-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Hankins\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-368655912-4061742381-3321887495-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Hankins\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

20-07-2014 21:53:34 Removed Acrobat.com
20-07-2014 21:55:07 Windows Update
20-07-2014 22:11:25 Windows Update
20-07-2014 23:12:41 Windows Update
21-07-2014 00:25:10 Windows Update
21-07-2014 12:45:32 Windows Update
22-07-2014 01:36:08 Windows Update
23-07-2014 15:42:35 Windows Update
24-07-2014 11:33:00 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-07-22 08:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {085A1575-09D9-4526-ADAB-31851D736E0C} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {0C8F0920-791D-49CC-B09F-D6BA40C57BDD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-10] (Google Inc.)
Task: {1A563C52-0B11-4B6E-8FDB-FAA9F61F6BDC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-368655912-4061742381-3321887495-1003Core => C:\Users\Hankins\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-03] (Google Inc.)
Task: {269F07C7-A8D2-4484-B0A2-D3F5810FB4F6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-368655912-4061742381-3321887495-1003UA => C:\Users\Hankins\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-03] (Google Inc.)
Task: {3E35CBDD-E27D-44A7-914A-F6B7424FF252} - System32\Tasks\{3020086E-1669-42B0-A6AD-9FADD82E9784} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {5DF8A8BA-ACF4-4B58-890A-75E60F63AF6C} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-07-09] (Acer)
Task: {BE79FE70-0C5F-4DE1-B3BD-97E28D346E95} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-03-10] (Google Inc.)
Task: {C88B1AFE-6733-471D-A311-77317F8B17A3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-21] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-368655912-4061742381-3321887495-1003Core.job => C:\Users\Hankins\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-368655912-4061742381-3321887495-1003UA.job => C:\Users\Hankins\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-03-06 18:15 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2009-09-11 15:40 - 2009-08-11 18:29 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2009-09-11 15:40 - 2009-09-11 15:40 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3016.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2009-09-11 15:40 - 2009-09-11 15:40 - 00020480 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3016.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2009-09-11 15:40 - 2009-09-11 15:40 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3016.0__3036420f80dd6947\Framework.Library.dll
2009-09-11 15:40 - 2009-09-11 15:40 - 00028672 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3016.0__672b450de5a7e94a\Framework.Host.dll
2009-09-11 15:40 - 2009-09-11 15:40 - 00016384 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3016.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-05-25 12:09 - 2014-05-25 12:10 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Hankins\Downloads\faulty product (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Hankins\Downloads\faulty product.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk => C:\Windows\pss\Acer VCM.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scrybe.lnk => C:\Windows\pss\Scrybe.lnk.CommonStartup
MSCONFIG\startupreg: Acer Assist Launcher => C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AnyProtect Scanner => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: ePower_DMC => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Hankins\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/24/2014 11:15:29 AM) (Source: MsiInstaller) (EventID: 1043) (User: NT AUTHORITY)
Description: Failed to end a Windows Installer transaction {DA54F80E-261C-41A2-A855-549A144F2F59}. Error 1603 occurred while ending the transaction.

Error: (07/24/2014 11:07:44 AM) (Source: MsiInstaller) (EventID: 1043) (User: NT AUTHORITY)
Description: Failed to end a Windows Installer transaction {DA54F80E-261C-41A2-A855-549A144F2F59}. Error 1603 occurred while ending the transaction.

Error: (07/24/2014 06:33:43 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies - Update 'Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (07/24/2014 06:33:43 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.

Error: (07/23/2014 05:55:49 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (07/23/2014 05:53:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/23/2014 11:22:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 29.0.1.5239 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 858

Start Time: 01cfa5b5318c8272

Termination Time: 18630

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 2c3fb1d0-1285-11e4-88db-00262d57407f

Error: (07/23/2014 10:47:02 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies - Update 'Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (07/23/2014 10:47:02 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.

Error: (07/23/2014 10:42:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ScrybeUpdater.exe, version: 1.0.13.0, time stamp: 0x4cfe6fd7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00081001
Faulting process id: 0x640
Faulting application start time: 0xScrybeUpdater.exe0
Faulting application path: ScrybeUpdater.exe1
Faulting module path: ScrybeUpdater.exe2
Report Id: ScrybeUpdater.exe3

System errors:
=============
Error: (07/24/2014 06:36:53 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office PowerPoint 2007 (KB2596764).

Error: (07/23/2014 11:19:55 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (07/23/2014 10:47:10 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office PowerPoint 2007 (KB2596764).

Error: (07/23/2014 10:42:24 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Scrybe Updater service terminated unexpectedly. It has done this 1 time(s).

Error: (07/23/2014 10:41:42 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (07/22/2014 07:09:18 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{14DDE61E-6F36-49C4-809B-29C488338F4F} because another computer on the network has the same name. The server could not start.

Error: (07/22/2014 07:08:42 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (07/22/2014 07:08:42 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ETService service.

Error: (07/22/2014 02:48:35 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (07/22/2014 02:48:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error:
%%1053

Microsoft Office Sessions:
=========================
Error: (07/24/2014 11:15:29 AM) (Source: MsiInstaller) (EventID: 1043) (User: NT AUTHORITY)
Description: {DA54F80E-261C-41A2-A855-549A144F2F59}1603(NULL)(NULL)(NULL)(NULL)

Error: (07/24/2014 11:07:44 AM) (Source: MsiInstaller) (EventID: 1043) (User: NT AUTHORITY)
Description: {DA54F80E-261C-41A2-A855-549A144F2F59}1603(NULL)(NULL)(NULL)(NULL)

Error: (07/24/2014 06:33:43 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office 2007 Primary Interop AssembliesSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition1603(NULL)(NULL)(NULL)

Error: (07/24/2014 06:33:43 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/23/2014 05:55:49 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (07/23/2014 05:53:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (07/23/2014 11:22:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe29.0.1.523985801cfa5b5318c827218630C:\Program Files (x86)\Mozilla Firefox\firefox.exe2c3fb1d0-1285-11e4-88db-00262d57407f

Error: (07/23/2014 10:47:02 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office 2007 Primary Interop AssembliesSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition1603(NULL)(NULL)(NULL)

Error: (07/23/2014 10:47:02 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/23/2014 10:42:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ScrybeUpdater.exe1.0.13.04cfe6fd7unknown0.0.0.000000000c00000050008100164001cfa5b3d6a98633C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exeunknowne538655b-127f-11e4-88db-00262d57407f

CodeIntegrity Errors:
===================================
Date: 2014-07-22 08:46:51.604
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-22 08:46:50.949
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 63%
Total physical RAM: 1976.96 MB
Available physical RAM: 714.26 MB
Total Pagefile: 3953.92 MB
Available Pagefile: 2168.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:137.23 GB) (Free:70.4 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (DVDIRECT_DVD_010013F1C0) (CDROM) (Total:4.2 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: FBF6FBF6)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=137 GB) - (Type=07 NTFS)

==================== End Of Log ============================

deeprybka · July 24, 2014

Hello, hopefully we're near the end

Why?

The Fixlog.txt is missing...

tlivingd · July 24, 2014

OOPS

here ya go.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-07-2014
Ran by Hankins at 2014-07-24 11:07:39 Run:3
Running from C:\Users\Hankins\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-368655912-4061742381-3321887495-1003\...\Run: [Nvdiai] => wscript.exe "C:\Microsoft\lib\inc\xx.js"
HKU\S-1-5-21-368655912-4061742381-3321887495-1003\...\Run: [YckPack] => regsvr32.exe C:\Users\Hankins\AppData\Local\YckPack\icudt46.dll <===== ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
FF Extension: Microsoft.AnalysisServices.FiscalYearName - C:\Users\Hankins\AppData\Roaming\Mozilla\Firefox\Profiles\hcssiixz.default\Extensions\{AF4694CF-A51B-5773-F208-09D24BE4192D} [2014-07-17]
C:\Users\Hankins\AppData\Roaming\Mozilla\Firefox\Profiles\hcssiixz.default\Extensions\{AF4694CF-A51B-5773-F208-09D24BE4192D}
FF Extension: CostMin - C:\Users\Hankins\AppData\Roaming\Mozilla\Firefox\Profiles\hcssiixz.default\Extensions\ighiiiao@yo-.com [2014-07-20]
C:\Users\Hankins\AppData\Roaming\Mozilla\Firefox\Profiles\hcssiixz.default\Extensions\ighiiiao@yo-.com
AlternateDataStreams: C:\Users\Hankins\Downloads\faulty product (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Hankins\Downloads\faulty product.eml:OECustomProperty
C:\microsoft\lib\inc
C:\Program Files (x86)\res_0711
C:\Users\Hankins\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000001
C:\Users\Hankins\AppData\Local\YckPack\
C:\Users\Hankins\AppData\Roaming\serv\
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Reboot:

*****************

HKU\S-1-5-21-368655912-4061742381-3321887495-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Nvdiai => value deleted successfully.
HKU\S-1-5-21-368655912-4061742381-3321887495-1003\Software\Microsoft\Windows\CurrentVersion\Run\\YckPack => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Users\Hankins\AppData\Roaming\Mozilla\Firefox\Profiles\hcssiixz.default\Extensions\{AF4694CF-A51B-5773-F208-09D24BE4192D} => Moved successfully.
"C:\Users\Hankins\AppData\Roaming\Mozilla\Firefox\Profiles\hcssiixz.default\Extensions\{AF4694CF-A51B-5773-F208-09D24BE4192D}" => File/Directory not found.
C:\Users\Hankins\AppData\Roaming\Mozilla\Firefox\Profiles\hcssiixz.default\Extensions\ighiiiao@yo-.com => Moved successfully.
"C:\Users\Hankins\AppData\Roaming\Mozilla\Firefox\Profiles\hcssiixz.default\Extensions\ighiiiao@yo-.com" => File/Directory not found.
C:\Users\Hankins\Downloads\faulty product (1).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Hankins\Downloads\faulty product.eml => ":OECustomProperty" ADS removed successfully.
C:\microsoft\lib\inc => Moved successfully.
C:\Program Files (x86)\res_0711 => Moved successfully.
C:\Users\Hankins\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000001 => Moved successfully.
C:\Users\Hankins\AppData\Local\YckPack => Moved successfully.
C:\Users\Hankins\AppData\Roaming\serv => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

The system needed a reboot.

==== End of Fixlog ====

tlivingd · July 24, 2014

OOPS

here ya go.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-07-2014
Ran by Hankins at 2014-07-24 11:07:39 Run:3
Running from C:\Users\Hankins\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-21-368655912-4061742381-3321887495-1003\...\Run: [Nvdiai] => wscript.exe "C:\Microsoft\lib\inc\xx.js"
HKU\S-1-5-21-368655912-4061742381-3321887495-1003\...\Run: [YckPack] => regsvr32.exe C:\Users\Hankins\AppData\Local\YckPack\icudt46.dll <===== ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
FF Extension: Microsoft.AnalysisServices.FiscalYearName - C:\Users\Hankins\AppData\Roaming\Mozilla\Firefox\Profiles\hcssiixz.default\Extensions\{AF4694CF-A51B-5773-F208-09D24BE4192D} [2014-07-17]
C:\Users\Hankins\AppData\Roaming\Mozilla\Firefox\Profiles\hcssiixz.default\Extensions\{AF4694CF-A51B-5773-F208-09D24BE4192D}
FF Extension: CostMin - C:\Users\Hankins\AppData\Roaming\Mozilla\Firefox\Profiles\hcssiixz.default\Extensions\ighiiiao@yo-.com [2014-07-20]
C:\Users\Hankins\AppData\Roaming\Mozilla\Firefox\Profiles\hcssiixz.default\Extensions\ighiiiao@yo-.com
AlternateDataStreams: C:\Users\Hankins\Downloads\faulty product (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Hankins\Downloads\faulty product.eml:OECustomProperty
C:\microsoft\lib\inc
C:\Program Files (x86)\res_0711
C:\Users\Hankins\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000001
C:\Users\Hankins\AppData\Local\YckPack\
C:\Users\Hankins\AppData\Roaming\serv\
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Reboot:
*****************
HKU\S-1-5-21-368655912-4061742381-3321887495-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Nvdiai => value deleted successfully.
HKU\S-1-5-21-368655912-4061742381-3321887495-1003\Software\Microsoft\Windows\CurrentVersion\Run\\YckPack => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Users\Hankins\AppData\Roaming\Mozilla\Firefox\Profiles\hcssiixz.default\Extensions\{AF4694CF-A51B-5773-F208-09D24BE4192D} => Moved successfully.
"C:\Users\Hankins\AppData\Roaming\Mozilla\Firefox\Profiles\hcssiixz.default\Extensions\{AF4694CF-A51B-5773-F208-09D24BE4192D}" => File/Directory not found.
C:\Users\Hankins\AppData\Roaming\Mozilla\Firefox\Profiles\hcssiixz.default\Extensions\ighiiiao@yo-.com => Moved successfully.
"C:\Users\Hankins\AppData\Roaming\Mozilla\Firefox\Profiles\hcssiixz.default\Extensions\ighiiiao@yo-.com" => File/Directory not found.
C:\Users\Hankins\Downloads\faulty product (1).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Hankins\Downloads\faulty product.eml => ":OECustomProperty" ADS removed successfully.
C:\microsoft\lib\inc => Moved successfully.
C:\Program Files (x86)\res_0711 => Moved successfully.
C:\Users\Hankins\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000001 => Moved successfully.
C:\Users\Hankins\AppData\Local\YckPack => Moved successfully.
C:\Users\Hankins\AppData\Roaming\serv => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
The system needed a reboot.
==== End of Fixlog ====

Why?
The Fixlog.txt is missing...

You've been very pleasant and helpful. That I don't want to end. But I think you know what I mean.

-Nate

flyclick.biz running 4 hidden iexplore.exe images in task manager

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information