Jump to content

Artemis is driving me mad


Recommended Posts

Hi i would really appreciate some help.  I have premium malwarebytes which keeps picking up this artemis PUP i quarantine and delete just to find it back in a couple of hours, its really driving me mad.  I have tried everything i can find including the junkware tool and hitman pro but it keeps coming back.  Its affecting use of chrome, slowing down system etc.  All help much appreciated as i don't know very much about what to do other than follow the instructions i find.

Link to post
Share on other sites

Hi & :welcome:

My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :excl:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png

Please download Farbar Recovery Scan Tool and save it to your Desktop.

(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Link to post
Share on other sites

Thank you deeprybka :) I think i am doing this right but if not please just let me know.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014
Ran by Hazel at 2014-07-28 11:45:10
Running from C:\Users\Hazel\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD AVIVO64 Codecs (Version: 12.5.100.20719 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{0CD183F1-E511-0777-1C35-DC29235885C5}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.40.0 - Conexant)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.2417 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.2126 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.2413 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4828.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.1.1 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.1.1 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)
Dell Touchpad (HKLM\...\Elantech) (Version: 11.3.5.4 - ELAN Microelectronic Corp.)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.221 - SurfRight B.V.)
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3097 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 16.1.1.0084 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}) (Version: 2.6.1210.0278 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.750 - McAfee, Inc.)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobipocket Creator 4.2 (HKLM-x32\...\{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}) (Version: 4.2.41 - Mobipocket.com)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
nurago web meter (HKLM-x32\...\39992AD7-103F-4308-8BB7-3F65F543604D) (Version: 13.1.73 - nurago)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.017 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rapport (x32 Version: 3.5.1307.76 - Trusteer) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Serif DrawPlus Starter Edition (HKLM-x32\...\{33311EA4-0ECA-4E7F-83E5-8A92CD760152}) (Version: 2.0.2.010 - Serif (Europe) Ltd)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1307.76 - Trusteer)
Valued Opinions Notify (HKLM-x32\...\{C6481CF8-13E0-45E2-9651-8644C117B684}) (Version: 1.1.0.83 - Valued Opinions)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-283331089-651184342-1534696237-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Hazel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-283331089-651184342-1534696237-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-283331089-651184342-1534696237-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-283331089-651184342-1534696237-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-283331089-651184342-1534696237-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-283331089-651184342-1534696237-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-283331089-651184342-1534696237-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-283331089-651184342-1534696237-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-283331089-651184342-1534696237-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
10-07-2014 11:46:23 Windows Update
14-07-2014 09:23:06 Windows Update
17-07-2014 10:06:40 Windows Update
20-07-2014 10:14:36 Windows Update
21-07-2014 11:35:40 Checkpoint by HitmanPro
25-07-2014 12:20:08 Windows Update
27-07-2014 19:05:46 Checkpoint by HitmanPro
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {17583079-B83E-466E-B959-8CCCA713CFB0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-05] (Google Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {5854236D-0C61-445E-8972-E0F022AE0368} - System32\Tasks\SDMsgUpdate (Local) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {59778C25-78EA-4BDD-B468-3F97654CBB08} - System32\Tasks\SDMsgUpdate (TE) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {831BB6CE-CA05-4E25-B3C8-F951F7E4B53C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-05] (Google Inc.)
Task: {9680F83C-813E-4210-A352-B55712AE393D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-10] (Microsoft Corporation)
Task: {A067C417-FFB8-44E4-9DA6-83DF87151AF2} - \DSite No Task File <==== ATTENTION
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CF6DEE10-1DB0-49FB-83EA-A97A89825520} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {ED2EEC1C-859E-4E62-B711-A0EE3780DFC4} - \DigitalSite No Task File <==== ATTENTION
Task: {F5154519-876D-41EC-99E2-85993604213E} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
Task: {F51D79A9-05A2-4CF1-A924-C49EBED3A934} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SDMsgUpdate (Local).job => C:\SMARTD~1\Messages\SDNotify.exe
Task: C:\Windows\Tasks\SDMsgUpdate (TE).job => C:\SMARTD~1\Messages\SDNotify.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-10-16 11:28 - 2013-09-25 18:51 - 03022456 _____ () C:\Program Files (x86)\nurago web meter\nurago-Reporting.exe
2013-10-16 11:28 - 2013-09-25 18:51 - 01377912 _____ () C:\Program Files (x86)\nurago web meter\nurago-Updater.exe
2013-04-30 17:54 - 2012-04-25 03:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-04-18 19:55 - 2014-04-18 19:56 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-09-08 23:34 - 2013-09-25 18:52 - 00171640 _____ () C:\Program Files (x86)\nurago web meter\nurago-TrayIcon.exe
2013-10-16 11:28 - 2013-09-25 17:40 - 00060536 _____ () C:\Program Files (x86)\nuragoLSPService\nurago-WatchDog.exe
2012-07-20 05:47 - 2012-07-20 05:47 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-09-01 09:39 - 2014-05-22 10:07 - 01404120 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2013-09-08 23:34 - 2013-07-17 11:28 - 00477304 _____ () C:\Program Files (x86)\nurago web meter\UpdateHelper.dll
2013-04-30 17:41 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-07-28 09:11 - 2014-07-28 09:11 - 00043008 _____ () c:\users\hazel\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpltksbu.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Hazel\AppData\Roaming\Dropbox\bin\libcef.dll
2014-07-16 19:39 - 2014-07-15 10:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-16 19:39 - 2014-07-15 10:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2013-04-30 17:51 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 19:34 - 2012-06-08 19:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-07-16 19:39 - 2014-07-15 10:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-16 19:39 - 2014-07-15 10:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-16 19:39 - 2014-07-15 10:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\50056038.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\50056038.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run32: => "mcui_exe"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/27/2014 06:19:37 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=36.0.1985.125;lang=;guid=C7D48BA05C6D48E18DCA528F465C9076;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\afb0fcbf-f2d9-4fc6-abc6-cbe9c6081823.dmp
 
Error: (07/27/2014 11:22:22 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (07/26/2014 08:16:38 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description: ATI EEU Client event error
 
Error: (07/26/2014 11:07:17 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=36.0.1985.125;lang=;guid=C7D48BA05C6D48E18DCA528F465C9076;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\8346ac6f-a362-4fbe-bec7-794d23a43b48.dmp
 
Error: (07/25/2014 08:39:06 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=36.0.1985.125;lang=;guid=C7D48BA05C6D48E18DCA528F465C9076;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\2db6ddd7-3f5f-4c54-916c-fffc07f06f7d.dmp
 
Error: (07/25/2014 10:29:25 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (07/24/2014 05:00:55 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description: ATI EEU Client event error
 
Error: (07/23/2014 05:26:23 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex (612) An attempt to open the file "C:\Users\Hazel\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (07/21/2014 11:03:41 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description: ATI EEU Client event error
 
Error: (07/21/2014 04:09:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3016) (User: NT AUTHORITY)
Description: Cannot update Object List value of SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance key. The first DWORD in the Data section contains the error code and the second DWORD contains the updated value.
 
 
System errors:
=============
Error: (07/27/2014 07:25:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/27/2014 07:25:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/27/2014 07:25:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CxUtilSvc service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/27/2014 11:33:57 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Intel Corporation - Storage Controller - Intel® 7 Series Chipset Family SATA AHCI Controller.
 
Error: (07/26/2014 11:58:09 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Intel Corporation - Storage Controller - Intel® 7 Series Chipset Family SATA AHCI Controller.
 
Error: (07/26/2014 09:10:52 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Intel Corporation - Storage Controller - Intel® 7 Series Chipset Family SATA AHCI Controller.
 
Error: (07/26/2014 08:24:20 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {209500FC-6B45-4693-8871-6296C4843751}
 
Error: (07/25/2014 01:21:21 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Intel Corporation - Storage Controller - Intel® 7 Series Chipset Family SATA AHCI Controller.
 
Error: (07/24/2014 11:45:20 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Intel Corporation - Storage Controller - Intel® 7 Series Chipset Family SATA AHCI Controller.
 
Error: (07/24/2014 10:21:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Intel Corporation - Storage Controller - Intel® 7 Series Chipset Family SATA AHCI Controller.
 
 
Microsoft Office Sessions:
=========================
Error: (07/27/2014 06:19:37 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=36.0.1985.125;lang=;guid=C7D48BA05C6D48E18DCA528F465C9076;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\afb0fcbf-f2d9-4fc6-abc6-cbe9c6081823.dmp
 
Error: (07/27/2014 11:22:22 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (07/26/2014 08:16:38 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description: 
 
Error: (07/26/2014 11:07:17 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=36.0.1985.125;lang=;guid=C7D48BA05C6D48E18DCA528F465C9076;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\8346ac6f-a362-4fbe-bec7-794d23a43b48.dmp
 
Error: (07/25/2014 08:39:06 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=36.0.1985.125;lang=;guid=C7D48BA05C6D48E18DCA528F465C9076;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\2db6ddd7-3f5f-4c54-916c-fffc07f06f7d.dmp
 
Error: (07/25/2014 10:29:25 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (07/24/2014 05:00:55 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description: 
 
Error: (07/23/2014 05:26:23 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhostex612C:\Users\Hazel\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.
 
Error: (07/21/2014 11:03:41 PM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description: 
 
Error: (07/21/2014 04:09:16 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3016) (User: NT AUTHORITY)
Description: Object ListSYSTEM\CurrentControlSet\Services\WmiApRpl\Performance8050000000E0E0000
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-09-24 16:20:50.560
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\igdumd64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-24 16:20:50.528
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\igdumd64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-24 16:20:50.513
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\igdumd64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-24 16:20:50.497
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\igdumd64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-24 16:20:50.476
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\igdumd64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-24 16:20:50.453
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\igdumd64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-24 16:20:50.430
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\igdumd64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-24 16:20:50.408
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\igdumd64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-24 16:20:14.338
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\igdumd64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-24 16:20:14.307
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\igdumd64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 38%
Total physical RAM: 8061.27 MB
Available physical RAM: 4951.98 MB
Total Pagefile: 10403.28 MB
Available Pagefile: 6269.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.71 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:916.01 GB) (Free:857.56 GB) NTFS
Drive f: (NIKON D3100) (Removable) (Total:7.45 GB) (Free:4.23 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: E06C1F8A)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Hazel (administrator) on LAPPYDO on 28-07-2014 11:43:34
Running from C:\Users\Hazel\Downloads
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\nurago web meter\nurago-Reporting.exe
() C:\Program Files (x86)\nurago web meter\nurago-Updater.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files\mcafee\msm\McSmtFwk.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\nurago web meter\nurago-TrayIcon.exe
(Dropbox, Inc.) C:\Users\Hazel\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
() C:\Program Files (x86)\nuragoLSPService\nurago-WatchDog.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2774864 2013-01-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-02-01] (Dell Inc.)
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" 
HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp 
HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-07-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [bDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179928 2013-01-03] (cyberlink)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-08-06] (McAfee, Inc.)
HKLM-x32\...\Run: [nurago-WatchDog] => C:\Program Files (x86)\nuragoLSPService\nurago-WatchDog.exe [60536 2013-09-25] ()
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-08-06] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-283331089-651184342-1534696237-1001\...\Run: [GoogleChromeAutoLaunch_03A4F751659AFE497E098F8544F7FE2D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\nurago-TrayIcon.lnk
ShortcutTarget: nurago-TrayIcon.lnk -> C:\Program Files (x86)\nurago web meter\nurago-TrayIcon.exe ()
Startup: C:\Users\Hazel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Hazel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {8BCD8718-4378-4D60-9097-E67CF8D23DBE} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {8BCD8718-4378-4D60-9097-E67CF8D23DBE} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKCU - {8BCD8718-4378-4D60-9097-E67CF8D23DBE} URL = 
BHO: nurago web meter -> {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} -> C:\Program Files (x86)\nurago web meter\x64\Gacela2.dll (nurago)
BHO-x32: nurago web meter -> {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} -> C:\Program Files (x86)\nurago web meter\Gacela2.dll (nurago)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - nurago web meter - {5F6E2508-41C4-4D4B-8AC3-D7ED6E4EB2AE} - C:\Program Files (x86)\nurago web meter\x64\Gacela2.dll (nurago)
Toolbar: HKLM-x32 - nurago web meter - {5F6E2508-41C4-4D4B-8AC3-D7ED6E4EB2AE} - C:\Program Files (x86)\nurago web meter\Gacela2.dll (nurago)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\nuragoLSPService.DLL [316024] (nurago)
Winsock: Catalog9 02 C:\Windows\SysWOW64\nuragoLSPService.DLL [316024] (nurago)
Winsock: Catalog9 03 C:\Windows\SysWOW64\nuragoLSPService.DLL [316024] (nurago)
Winsock: Catalog9 04 C:\Windows\SysWOW64\nuragoLSPService.DLL [316024] (nurago)
Winsock: Catalog9 16 C:\Windows\SysWOW64\nuragoLSPService.DLL [316024] (nurago)
Winsock: Catalog9-x64 01 C:\Windows\system32\nuragoLSPService64.DLL [383608] (nurago)
Winsock: Catalog9-x64 02 C:\Windows\system32\nuragoLSPService64.DLL [383608] (nurago)
Winsock: Catalog9-x64 03 C:\Windows\system32\nuragoLSPService64.DLL [383608] (nurago)
Winsock: Catalog9-x64 04 C:\Windows\system32\nuragoLSPService64.DLL [383608] (nurago)
Winsock: Catalog9-x64 16 C:\Windows\system32\nuragoLSPService64.DLL [383608] (nurago)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [gacela2@nurago.com] - C:\Program Files (x86)\nurago web meter
FF Extension: nurago web meter - C:\Program Files (x86)\nurago web meter [2013-09-08]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-04-30]
 
Chrome: 
=======
CHR HomePage: hxxp://aartemis.com/?type=hp&ts=1384618028&from=cor&uid=ST1000LM024XHN-M101MBB_S2WZJA0D353854353854
CHR StartupUrls: "https://www.google.co.uk/"
CHR Extension: (Google Docs) - C:\Users\Hazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-05]
CHR Extension: (Google Drive) - C:\Users\Hazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-12]
CHR Extension: (YouTube) - C:\Users\Hazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-05]
CHR Extension: (Google Search) - C:\Users\Hazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-05]
CHR Extension: (Multiple Account Checker for Gmail™) - C:\Users\Hazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnimhgelcnggigekhdjlifjpndgmnglm [2014-03-23]
CHR Extension: (Facebook news) - C:\Users\Hazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\edoadhjjfgeniilpmnoaddaihjkkhheb [2014-03-23]
CHR Extension: (Invite All (for Facebook)) - C:\Users\Hazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopekjehpibhfpjjcokfmhcaeiclddih [2013-12-28]
CHR Extension: (Swagbucks Extension) - C:\Users\Hazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2014-04-15]
CHR Extension: (Pin It Button) - C:\Users\Hazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2013-12-13]
CHR Extension: (nurago web meter) - C:\Users\Hazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\igkejcihojcegdmifcnlkhmnelneogef [2013-09-09]
CHR Extension: (Select all FB) - C:\Users\Hazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfpcloingkingimcaedjnppconpcjoan [2014-07-19]
CHR Extension: (Qmee) - C:\Users\Hazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbaanpgkpkoamihninlcegnjclcpibde [2013-12-20]
CHR Extension: (Google Wallet) - C:\Users\Hazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Click here to Select all friends) - C:\Users\Hazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pefbbnblngelpldjnnihgincocdpcgdn [2014-03-23]
CHR Extension: (Gmail) - C:\Users\Hazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-05]
CHR HKCU\...\Chrome\Extension: [apjkpjchfbckhjhokinlgdbmibpbbjak] - C:\Users\Hazel\AppData\Local\CRE\apjkpjchfbckhjhokinlgdbmibpbbjak.crx [2013-06-05]
CHR HKLM-x32\...\Chrome\Extension: [igkejcihojcegdmifcnlkhmnelneogef] - C:\Program Files (x86)\nurago web meter\Chrome Extension\extension.crx [2013-09-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [245888 2013-01-03] (CyberLink)
S2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2012-08-07] (Conexant Systems, Inc.)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
S2 EventService; C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe [31744 2013-03-12] () [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-07-27] (SurfRight B.V.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-08-06] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-08-05] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 nurago-Reporting-Service; C:\Program Files (x86)\nurago web meter\nurago-Reporting.exe [3022456 2013-09-25] ()
R2 nurago-Update-Service; C:\Program Files (x86)\nurago web meter\nurago-Updater.exe [1377912 2013-09-25] ()
S2 nuragoLSPService; C:\Program Files (x86)\nuragoLSPService\nuragoLSPService.exe [3302520 2013-09-25] (nurago)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1882392 2014-05-03] (Trusteer Ltd.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915408 2013-10-10] (SoftThinks SAS)
S2 TransferService; C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe [31232 2013-03-12] (Microsoft) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-10] (Advanced Micro Devices, Inc.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [377040 2013-07-09] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [95984 2013-07-09] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
R1 RapportCerberus_68261; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_68261.sys [631096 2014-05-22] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299512 2014-05-03] (Trusteer Ltd.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [288344 2014-05-03] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358552 2014-05-03] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414232 2014-05-03] (Trusteer Ltd.)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-10] (Windows ® Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-10] (Windows ® Win 7 DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-28 11:43 - 2014-07-28 11:44 - 00026011 _____ () C:\Users\Hazel\Downloads\FRST.txt
2014-07-28 11:43 - 2014-07-28 11:43 - 00000000 ____D () C:\FRST
2014-07-28 11:42 - 2014-07-28 11:42 - 02093568 _____ (Farbar) C:\Users\Hazel\Downloads\FRST64.exe
2014-07-28 09:13 - 2014-07-28 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-07-27 20:08 - 2014-07-27 20:08 - 00013546 _____ () C:\Users\Hazel\Downloads\HitmanPro_20140727_2008.log
2014-07-27 20:00 - 2014-07-27 20:00 - 00001895 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-07-27 20:00 - 2014-07-27 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-07-27 20:00 - 2014-07-27 20:00 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-27 19:59 - 2014-07-27 19:59 - 11188736 _____ (SurfRight B.V.) C:\Users\Hazel\Downloads\HitmanPro_x64 (1).exe
2014-07-27 19:49 - 2014-07-27 19:49 - 00001291 _____ () C:\Malwarebytes.txt
2014-07-27 19:38 - 2014-07-27 19:38 - 00000114 ___RH () C:\Users\Hazel\Downloads\Stinger.opt
2014-07-27 19:25 - 2014-07-27 19:38 - 00000000 ____D () C:\Program Files (x86)\stinger
2014-07-27 19:25 - 2014-07-27 19:26 - 00000849 _____ () C:\Users\Hazel\Downloads\Stinger_27072014_192517.html
2014-07-27 19:24 - 2014-07-27 19:24 - 10972520 _____ (McAfee Inc) C:\Users\Hazel\Downloads\stinger32 (1).exe
2014-07-27 19:23 - 2014-07-27 19:24 - 10972520 _____ (McAfee Inc) C:\Users\Hazel\Downloads\stinger32.exe
2014-07-25 18:38 - 2014-07-25 18:46 - 00000000 ____D () C:\Users\Hazel\Downloads\Decoupage Papers
2014-07-23 09:25 - 2014-07-23 09:35 - 00000000 ____D () C:\Users\Hazel\Downloads\Giveaways
2014-07-23 09:07 - 2014-07-24 13:49 - 00000000 ____D () C:\Users\Hazel\Downloads\Selling4U
2014-07-22 16:31 - 2014-07-22 16:31 - 00208914 _____ () C:\Users\Hazel\Downloads\bunting.00_png_srz
2014-07-21 12:49 - 2014-07-21 12:49 - 00323632 _____ (Dropbox, Inc.) C:\Users\Hazel\Downloads\DropboxInstaller (1).exe
2014-07-21 12:48 - 2014-07-21 12:48 - 00323632 _____ (Dropbox, Inc.) C:\Users\Hazel\Downloads\DropboxInstaller.exe
2014-07-21 12:29 - 2014-07-21 12:39 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-21 12:27 - 2014-07-21 12:28 - 11188736 _____ (SurfRight B.V.) C:\Users\Hazel\Downloads\HitmanPro_x64.exe
2014-07-21 11:50 - 2014-07-21 11:50 - 00000000 ____D () C:\Windows\ERUNT
2014-07-21 11:49 - 2014-07-21 11:49 - 01016261 _____ (Thisisu) C:\Users\Hazel\Downloads\JRT.exe
2014-07-21 11:41 - 2014-07-21 11:44 - 00000000 ____D () C:\AdwCleaner
2014-07-21 11:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-21 11:40 - 2014-07-21 11:40 - 01354223 _____ () C:\Users\Hazel\Downloads\adwcleaner_3.216.exe
2014-07-17 20:04 - 2014-07-17 20:04 - 00324736 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-15 17:34 - 2014-07-19 18:54 - 00000000 ____D () C:\Users\Hazel\Downloads\Wholesale Items
2014-07-14 17:55 - 2014-07-16 11:50 - 00000000 ____D () C:\Users\Hazel\Downloads\1p auctions business pages
2014-07-12 10:18 - 2014-06-26 21:53 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-12 10:18 - 2014-06-26 21:53 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-11 23:08 - 2014-07-11 23:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 23:58 - 2014-06-18 00:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 23:58 - 2014-06-18 00:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 23:58 - 2014-06-11 05:18 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 23:58 - 2014-05-03 07:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-09 23:58 - 2014-05-03 07:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-07-09 23:58 - 2014-05-03 05:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-07-09 23:58 - 2014-05-01 23:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-07-09 23:58 - 2014-04-29 23:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-07-09 23:58 - 2014-04-29 23:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-07-09 23:58 - 2014-04-24 00:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-09 23:58 - 2014-04-24 00:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 23:58 - 2014-04-24 00:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-09 23:58 - 2014-04-24 00:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 23:58 - 2014-02-08 05:34 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-07-09 23:57 - 2014-06-02 23:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-07-09 23:57 - 2014-05-30 00:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-07-09 23:57 - 2014-05-30 00:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-07-09 23:57 - 2014-05-30 00:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 23:57 - 2014-05-30 00:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-07-09 23:56 - 2014-06-30 23:42 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 23:56 - 2014-06-30 23:42 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-07-09 23:56 - 2014-06-30 23:42 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-07-09 23:56 - 2014-06-28 04:35 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 23:56 - 2014-06-19 03:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 23:56 - 2014-06-19 03:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 23:56 - 2014-06-19 03:12 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-09 23:56 - 2014-06-19 03:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 23:56 - 2014-06-19 03:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 23:56 - 2014-06-19 03:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 23:56 - 2014-06-19 03:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 23:56 - 2014-06-19 03:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 23:56 - 2014-06-19 03:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-09 23:56 - 2014-06-19 03:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 23:56 - 2014-06-19 03:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 23:56 - 2014-06-19 03:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 23:56 - 2014-06-19 03:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 23:56 - 2014-06-19 03:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 23:56 - 2014-06-19 01:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 23:56 - 2014-06-19 01:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 23:56 - 2014-06-19 01:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 23:56 - 2014-06-19 01:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 23:56 - 2014-06-19 01:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 23:56 - 2014-06-19 01:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 23:56 - 2014-06-19 01:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 23:56 - 2014-06-19 01:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 23:56 - 2014-06-19 01:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-09 23:56 - 2014-06-19 01:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 23:56 - 2014-06-19 01:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 23:56 - 2014-06-19 01:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 23:56 - 2014-06-19 01:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-09 23:55 - 2014-06-19 03:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-07-09 23:55 - 2014-06-19 03:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 23:55 - 2014-06-19 03:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 23:55 - 2014-06-19 03:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-09 23:55 - 2014-06-19 03:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 23:55 - 2014-06-19 03:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 23:55 - 2014-06-19 03:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 23:55 - 2014-06-19 01:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 23:55 - 2014-06-19 01:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 23:55 - 2014-06-19 01:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-07-09 23:55 - 2014-06-19 01:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 23:55 - 2014-06-19 01:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 23:55 - 2014-06-19 01:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 23:55 - 2014-06-19 01:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 23:55 - 2014-06-19 01:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 23:55 - 2014-06-18 23:05 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-07-09 23:55 - 2014-06-06 15:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 23:55 - 2014-06-06 11:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 23:55 - 2014-05-29 23:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 14:28 - 2014-07-09 14:29 - 00000000 ____D () C:\Users\Hazel\Downloads\Joblots auctions
2014-07-09 12:07 - 2014-07-09 12:35 - 00000000 ____D () C:\Users\Hazel\Downloads\Stock from Lauranne
2014-07-07 11:23 - 2014-07-07 11:25 - 00000000 ____D () C:\Users\Hazel\Downloads\welcome
2014-07-06 11:25 - 2014-07-06 11:29 - 00000000 ____D () C:\Users\Hazel\Downloads\loved toys feedback
2014-07-04 08:13 - 2014-07-07 08:41 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-04 08:13 - 2014-07-07 08:41 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-04 08:13 - 2014-07-07 08:41 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-04 08:13 - 2014-07-07 08:41 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-04 08:13 - 2014-07-07 08:41 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-07-04 08:13 - 2014-07-07 08:41 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-07-04 08:13 - 2014-07-07 08:41 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-04 08:13 - 2014-07-07 08:41 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-04 08:13 - 2014-07-07 08:41 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-04 08:12 - 2014-07-11 23:07 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-04 08:12 - 2014-07-11 23:07 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-04 08:12 - 2014-07-11 23:07 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-04 08:12 - 2014-07-11 23:07 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-06-29 19:00 - 2014-06-29 19:00 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-06-29 19:00 - 2014-06-29 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-29 19:00 - 2014-06-29 19:00 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-06-29 19:00 - 2014-06-29 19:00 - 00000000 ____D () C:\Program Files (x86)\QuickTime
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-28 11:44 - 2014-07-28 11:43 - 00026011 _____ () C:\Users\Hazel\Downloads\FRST.txt
2014-07-28 11:43 - 2014-07-28 11:43 - 00000000 ____D () C:\FRST
2014-07-28 11:42 - 2014-07-28 11:42 - 02093568 _____ (Farbar) C:\Users\Hazel\Downloads\FRST64.exe
2014-07-28 11:38 - 2013-06-05 19:53 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-28 11:21 - 2013-09-08 23:34 - 00000000 ____D () C:\Program Files (x86)\nurago web meter
2014-07-28 11:21 - 2013-09-08 21:50 - 00000000 ____D () C:\Program Files (x86)\nuragoLSPService
2014-07-28 11:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-07-28 10:48 - 2013-04-30 17:24 - 01751936 _____ () C:\Windows\WindowsUpdate.log
2014-07-28 10:10 - 2014-06-14 15:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-28 09:13 - 2014-07-28 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-07-28 09:12 - 2014-05-24 13:57 - 00000000 ____D () C:\Users\Hazel\Desktop\My big fat file of stuff
2014-07-28 09:12 - 2013-11-04 12:13 - 00000000 ___RD () C:\Users\Hazel\Dropbox
2014-07-28 09:12 - 2013-11-04 12:06 - 00000000 ____D () C:\Users\Hazel\AppData\Roaming\Dropbox
2014-07-28 09:11 - 2014-02-20 13:12 - 00000478 _____ () C:\Windows\Tasks\SDMsgUpdate (Local).job
2014-07-28 09:11 - 2014-02-20 13:12 - 00000470 _____ () C:\Windows\Tasks\SDMsgUpdate (TE).job
2014-07-28 09:11 - 2013-06-05 19:52 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-27 22:06 - 2013-11-27 16:00 - 01917440 ___SH () C:\Users\Hazel\Desktop\Thumbs.db
2014-07-27 20:08 - 2014-07-27 20:08 - 00013546 _____ () C:\Users\Hazel\Downloads\HitmanPro_20140727_2008.log
2014-07-27 20:00 - 2014-07-27 20:00 - 00001895 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-07-27 20:00 - 2014-07-27 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-07-27 20:00 - 2014-07-27 20:00 - 00000000 ____D () C:\Program Files\HitmanPro
2014-07-27 19:59 - 2014-07-27 19:59 - 11188736 _____ (SurfRight B.V.) C:\Users\Hazel\Downloads\HitmanPro_x64 (1).exe
2014-07-27 19:57 - 2013-07-01 08:46 - 11723776 ___SH () C:\Users\Hazel\Downloads\Thumbs.db
2014-07-27 19:49 - 2014-07-27 19:49 - 00001291 _____ () C:\Malwarebytes.txt
2014-07-27 19:38 - 2014-07-27 19:38 - 00000114 ___RH () C:\Users\Hazel\Downloads\Stinger.opt
2014-07-27 19:38 - 2014-07-27 19:25 - 00000000 ____D () C:\Program Files (x86)\stinger
2014-07-27 19:26 - 2014-07-27 19:25 - 00000849 _____ () C:\Users\Hazel\Downloads\Stinger_27072014_192517.html
2014-07-27 19:24 - 2014-07-27 19:24 - 10972520 _____ (McAfee Inc) C:\Users\Hazel\Downloads\stinger32 (1).exe
2014-07-27 19:24 - 2014-07-27 19:23 - 10972520 _____ (McAfee Inc) C:\Users\Hazel\Downloads\stinger32.exe
2014-07-25 18:46 - 2014-07-25 18:38 - 00000000 ____D () C:\Users\Hazel\Downloads\Decoupage Papers
2014-07-25 14:01 - 2012-07-26 08:28 - 00876242 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-24 13:49 - 2014-07-23 09:07 - 00000000 ____D () C:\Users\Hazel\Downloads\Selling4U
2014-07-24 10:20 - 2014-06-26 10:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 10:19 - 2014-06-26 10:52 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 10:19 - 2014-06-26 10:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 09:32 - 2013-11-04 12:11 - 00000000 ____D () C:\Users\Hazel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-23 12:07 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-07-23 09:35 - 2014-07-23 09:25 - 00000000 ____D () C:\Users\Hazel\Downloads\Giveaways
2014-07-22 16:31 - 2014-07-22 16:31 - 00208914 _____ () C:\Users\Hazel\Downloads\bunting.00_png_srz
2014-07-21 18:08 - 2013-04-30 17:59 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-07-21 17:58 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-21 17:57 - 2012-07-26 06:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-07-21 12:49 - 2014-07-21 12:49 - 00323632 _____ (Dropbox, Inc.) C:\Users\Hazel\Downloads\DropboxInstaller (1).exe
2014-07-21 12:48 - 2014-07-21 12:48 - 00323632 _____ (Dropbox, Inc.) C:\Users\Hazel\Downloads\DropboxInstaller.exe
2014-07-21 12:39 - 2014-07-21 12:29 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-07-21 12:28 - 2014-07-21 12:27 - 11188736 _____ (SurfRight B.V.) C:\Users\Hazel\Downloads\HitmanPro_x64.exe
2014-07-21 11:50 - 2014-07-21 11:50 - 00000000 ____D () C:\Windows\ERUNT
2014-07-21 11:49 - 2014-07-21 11:49 - 01016261 _____ (Thisisu) C:\Users\Hazel\Downloads\JRT.exe
2014-07-21 11:46 - 2013-04-30 17:13 - 00085820 _____ () C:\Windows\PFRO.log
2014-07-21 11:44 - 2014-07-21 11:41 - 00000000 ____D () C:\AdwCleaner
2014-07-21 11:40 - 2014-07-21 11:40 - 01354223 _____ () C:\Users\Hazel\Downloads\adwcleaner_3.216.exe
2014-07-19 18:54 - 2014-07-15 17:34 - 00000000 ____D () C:\Users\Hazel\Downloads\Wholesale Items
2014-07-17 20:04 - 2014-07-17 20:04 - 00324736 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-17 20:04 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-16 19:51 - 2014-06-23 14:05 - 00000000 ____D () C:\Users\Hazel\Downloads\£1 Raffle Items
2014-07-16 11:50 - 2014-07-14 17:55 - 00000000 ____D () C:\Users\Hazel\Downloads\1p auctions business pages
2014-07-12 12:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-07-11 23:08 - 2014-07-11 23:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-11 23:08 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 23:08 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 23:08 - 2012-07-26 08:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 23:07 - 2014-07-04 08:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-11 23:07 - 2014-07-04 08:12 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-11 23:07 - 2014-07-04 08:12 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-11 23:07 - 2014-07-04 08:12 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-11 23:07 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2014-07-11 23:07 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-10 13:12 - 2013-07-26 11:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 13:11 - 2013-06-06 11:04 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 14:29 - 2014-07-09 14:28 - 00000000 ____D () C:\Users\Hazel\Downloads\Joblots auctions
2014-07-09 12:35 - 2014-07-09 12:07 - 00000000 ____D () C:\Users\Hazel\Downloads\Stock from Lauranne
2014-07-07 11:25 - 2014-07-07 11:23 - 00000000 ____D () C:\Users\Hazel\Downloads\welcome
2014-07-07 08:41 - 2014-07-04 08:13 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-07 08:41 - 2014-07-04 08:13 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-07 08:41 - 2014-07-04 08:13 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-07 08:41 - 2014-07-04 08:13 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-07 08:41 - 2014-07-04 08:13 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-07-07 08:41 - 2014-07-04 08:13 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-07-07 08:41 - 2014-07-04 08:13 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-07 08:41 - 2014-07-04 08:13 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-07 08:41 - 2014-07-04 08:13 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-06 11:29 - 2014-07-06 11:25 - 00000000 ____D () C:\Users\Hazel\Downloads\loved toys feedback
2014-06-30 23:42 - 2014-07-09 23:56 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 23:42 - 2014-07-09 23:56 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-06-30 23:42 - 2014-07-09 23:56 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-06-29 19:00 - 2014-06-29 19:00 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-06-29 19:00 - 2014-06-29 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-29 19:00 - 2014-06-29 19:00 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-06-29 19:00 - 2014-06-29 19:00 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-28 04:35 - 2014-07-09 23:56 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
 
Some content of TEMP:
====================
C:\Users\Hazel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpltksbu.dll
C:\Users\Hazel\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Hazel\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-21 09:57
 
==================== End Of Log ============================
Link to post
Share on other sites

Hi,

Step 1

Download 51a612a8b27e2-Zoek.pngzoek.exe to your desktop

  • If Internet Explorer, any other browser, or a security program issues a warning indicating the file is unsafe, please ignore, since it is a false warning.
Using Zoek.exe
  • On the Desktop, double-click Zoek.exe to start the tool.

    Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.

    Give the program a few seconds to appear.

  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this system only, do not use it on any other computer even if the problems are similar.

    CHRdefaults;emptyclsid;autoclean;systemspecs;
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive.
  • Please post the logfile for further review in your next comment.
Link to post
Share on other sites

Hi Jurgen, thanks for your help, the zoek results are:

 

 
Zoek.exe v5.0.0.0 Updated 28-07-2014
Tool run by Hazel on 28/07/2014 at 20:56:58.21.
Microsoft Windows 8 6.2.9200  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Hazel\Downloads\zoek.exe [scan all users] [script inserted] 
 
==== System Restore Info ======================
 
28/07/2014 20:59:30 Zoek.exe System Restore Point Created Succesfully.
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~3\MR APP deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Hazel\AppData\Local\CRE deleted
C:\Users\Hazel\Searches deleted
C:\Windows\wininit.ini deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
 
==== System Specs ======================
 
Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 8062 MB
CPU Info: Intel® Core i7-3632QM CPU @ 2.20GHz
CPU Speed: 2252.7 MHz
Sound Card: Speakers (Conexant SmartAudio H | 
Display Adapters: Intel® HD Graphics 4000 | Intel® HD Graphics 4000 | Intel® HD Graphics 4000
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Bluetooth Device (Personal Area Network) | Realtek PCIe GBE Family Controller | Intel® Centrino® Wireless-N 2230
CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVDRWBD CT40N
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 2 Button Mouse Present
Hard Disks: C:  916.0GB
Hard Disks - Free: C:  859.0GB
Manufacturer *: Dell Inc.
BIOS Info: AT/AT COMPATIBLE |  | DELL   - 1
Time Zone: GMT Standard Time
Motherboard *: Dell Inc. 0PXH02
Country: United Kingdom 
Language: ENG 
 
==== System Specs (Software) ======================
 
Anti-Virus: McAfee Anti-Virus and Anti-Spyware On-access scanning disabled (Outdated)
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Spyware: McAfee Anti-Virus and Anti-Spyware disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Firewall: McAfee Firewall disabled
Default Browser: Google Chrome 36.0.1985.125
Internet Explorer Version: 10.0.9200.17028 
Google Chrome version: 36.0.1985.125
Adobe Reader version: 11.0.07.79
Sun Java version: 1.7.0_60 (32-bit) 
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"gacela2@nurago.com"="C:\Program Files (x86)\nurago web meter" [28/07/2014 20:21]
 
==== Chrome Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
igkejcihojcegdmifcnlkhmnelneogef - C:\Program Files (x86)\nurago web meter\Chrome Extension\extension.crx[25/09/2013 18:49]
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apjkpjchfbckhjhokinlgdbmibpbbjak - C:\Users\Hazel\AppData\Local\CRE\apjkpjchfbckhjhokinlgdbmibpbbjak.crx[]
 
Google Voice Search Hotword (Beta) - Hazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Multiple Account Checker for Gmail™ - Hazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnimhgelcnggigekhdjlifjpndgmnglm
Invite All (for Facebook) - Hazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopekjehpibhfpjjcokfmhcaeiclddih
Swagbucks - Hazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm
nurago web meter - Hazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\igkejcihojcegdmifcnlkhmnelneogef
Qmee - Hazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbaanpgkpkoamihninlcegnjclcpibde
Facebook Group Invite All - Hazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pefbbnblngelpldjnnihgincocdpcgdn
 
==== Chrome Fix ======================
 
C:\Users\Hazel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\apjkpjchfbckhjhokinlgdbmibpbbjak deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{8BCD8718-4378-4D60-9097-E67CF8D23DBE} Unknown  Url="Not_Found"
 
==== Reset Google Chrome ======================
 
C:\Users\Hazel\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Hazel\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-283331089-651184342-1534696237-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8BCD8718-4378-4D60-9097-E67CF8D23DBE} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Registry Keys ======================
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\apjkpjchfbckhjhokinlgdbmibpbbjak deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Hazel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Hazel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Hazel\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=53 folders=21 114889168 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Hazel\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Hazel\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on 28/07/2014 at 21:31:52.79 ======================
Link to post
Share on other sites

Hi,

Step 1

Scan with mbam.pngMalwarebytes Antimalware

  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.

    (If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)

  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
Step 2

Please download the eset.pngESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.

    Note: This scan might take a long time! Please be patient.

  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.

    Please copy and paste these logs in your next reply.

lesestoff.png

Can you please tell me which problems still persist now?

Link to post
Share on other sites

Step 1 completed and results are: 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 29/07/2014

Scan Time: 08:56:43

Logfile: 

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.07.29.01

Rootkit Database: v2014.07.17.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 8

CPU: x64

File System: NTFS

User: Hazel

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 286703

Time Elapsed: 11 min, 11 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

Step 2:

 

C:\AdwCleaner\Quarantine\C\Users\Hazel\AppData\Roaming\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe.vir Win32/InstallCore.AZ potentially unwanted application
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
 
Is this the only file? 
Link to post
Share on other sites

Step 3

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2014

Ran by Hazel at 2014-07-29 10:57:35

Running from C:\Users\Hazel\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)

Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)

AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden

AMD AVIVO64 Codecs (Version: 12.5.100.20719 - Advanced Micro Devices, Inc.) Hidden

AMD Catalyst Install Manager (HKLM\...\{0CD183F1-E511-0777-1C35-DC29235885C5}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)

Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center (x32 Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden

Catalyst Control Center Profiles Mobile (x32 Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Standard (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help Chinese Traditional (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help Danish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help Dutch (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help English (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help Finnish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help French (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help German (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help Italian (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help Japanese (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help Korean (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help Norwegian (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help Portuguese (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help Russian (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help Spanish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

CCC Help Swedish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden

ccc-utility64 (Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden

Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.40.0 - Conexant)

CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) Hidden

CyberLink Media Suite 10 (x32 Version: 10.0.1.2417 - CyberLink Corp.) Hidden

CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)

CyberLink Power2Go 8 (x32 Version: 8.0.0.2126 - CyberLink Corp.) Hidden

CyberLink PowerDirector 10 (x32 Version: 10.0.1.2413 - CyberLink Corp.) Hidden

CyberLink PowerDVD 10 (x32 Version: 10.0.4828.52 - CyberLink Corp.) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.1.1 - Dell Inc.)

Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.1.1 - Dell Inc.)

Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)

Dell Touchpad (HKLM\...\Elantech) (Version: 11.3.5.4 - ELAN Microelectronic Corp.)

Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.221 - SurfRight B.V.)

Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3097 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)

Intel® PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden

Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 16.1.1.0084 - Intel Corporation) Hidden

Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}) (Version: 2.6.1210.0278 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)

Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)

Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)

Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden

Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden

Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle)

Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.750 - McAfee, Inc.)

Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mobipocket Creator 4.2 (HKLM-x32\...\{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}) (Version: 4.2.41 - Mobipocket.com)

Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

nurago web meter (HKLM-x32\...\39992AD7-103F-4308-8BB7-3F65F543604D) (Version: 13.1.73 - nurago)

Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden

PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden

Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.017 - Dell Inc.)

QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

Rapport (x32 Version: 3.5.1307.76 - Trusteer) Hidden

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)

Serif DrawPlus Starter Edition (HKLM-x32\...\{33311EA4-0ECA-4E7F-83E5-8A92CD760152}) (Version: 2.0.2.010 - Serif (Europe) Ltd)

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1307.76 - Trusteer)

Valued Opinions Notify (HKLM-x32\...\{C6481CF8-13E0-45E2-9651-8644C117B684}) (Version: 1.1.0.83 - Valued Opinions)

Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-283331089-651184342-1534696237-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Hazel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-283331089-651184342-1534696237-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-283331089-651184342-1534696237-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-283331089-651184342-1534696237-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-283331089-651184342-1534696237-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-283331089-651184342-1534696237-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-283331089-651184342-1534696237-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-283331089-651184342-1534696237-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-283331089-651184342-1534696237-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

 

==================== Restore Points  =========================

 

14-07-2014 09:23:06 Windows Update

17-07-2014 10:06:40 Windows Update

20-07-2014 10:14:36 Windows Update

21-07-2014 11:35:40 Checkpoint by HitmanPro

25-07-2014 12:20:08 Windows Update

27-07-2014 19:05:46 Checkpoint by HitmanPro

28-07-2014 19:59:04 zoek.exe restore point

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {17583079-B83E-466E-B959-8CCCA713CFB0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-05] (Google Inc.)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {4926AB57-30B0-4983-A201-070114CC6E3B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-10] (Microsoft Corporation)

Task: {5854236D-0C61-445E-8972-E0F022AE0368} - System32\Tasks\SDMsgUpdate (Local) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()

Task: {59778C25-78EA-4BDD-B468-3F97654CBB08} - System32\Tasks\SDMsgUpdate (TE) => C:\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()

Task: {831BB6CE-CA05-4E25-B3C8-F951F7E4B53C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-05] (Google Inc.)

Task: {A067C417-FFB8-44E4-9DA6-83DF87151AF2} - \DSite No Task File <==== ATTENTION

Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {CF6DEE10-1DB0-49FB-83EA-A97A89825520} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: {ED2EEC1C-859E-4E62-B711-A0EE3780DFC4} - \DigitalSite No Task File <==== ATTENTION

Task: {F5154519-876D-41EC-99E2-85993604213E} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)

Task: {F51D79A9-05A2-4CF1-A924-C49EBED3A934} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\SDMsgUpdate (Local).job => C:\SMARTD~1\Messages\SDNotify.exe

Task: C:\Windows\Tasks\SDMsgUpdate (TE).job => C:\SMARTD~1\Messages\SDNotify.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-03-12 17:34 - 2013-03-12 17:34 - 00031744 _____ () C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe

2013-03-12 17:33 - 2013-03-12 17:33 - 00075776 _____ () C:\Program Files (x86)\MR APP\MRAPP.Common.dll

2013-03-12 17:33 - 2013-03-12 17:33 - 00013824 _____ () C:\Program Files (x86)\MR APP\MRAPP.Scheduler.dll

2013-03-12 17:33 - 2013-03-12 17:33 - 00272384 _____ () C:\Program Files (x86)\MR APP\C5.dll

2013-10-16 11:28 - 2013-09-25 18:51 - 03022456 _____ () C:\Program Files (x86)\nurago web meter\nurago-Reporting.exe

2013-10-16 11:28 - 2013-09-25 18:51 - 01377912 _____ () C:\Program Files (x86)\nurago web meter\nurago-Updater.exe

2013-04-30 17:54 - 2012-04-25 03:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

2014-04-18 19:55 - 2014-04-18 19:56 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll

2013-09-08 23:34 - 2013-09-25 18:52 - 00171640 _____ () C:\Program Files (x86)\nurago web meter\nurago-TrayIcon.exe

2013-10-16 11:28 - 2013-09-25 17:40 - 00060536 _____ () C:\Program Files (x86)\nuragoLSPService\nurago-WatchDog.exe

2012-07-20 05:47 - 2012-07-20 05:47 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2014-04-18 19:55 - 2014-04-18 19:55 - 00087552 _____ () C:\Program Files\WindowsApps\McAfeeInc.01.McAfeeSecurityAdvisorforDell_2.0.0.4_x64__n49tcsmxt2t2c\McCloudShim.dll

2013-06-18 11:38 - 2013-06-18 11:38 - 00212992 _____ () C:\Program Files\WindowsApps\McAfeeInc.01.McAfeeSecurityAdvisorforDell_2.0.0.4_x64__n49tcsmxt2t2c\McIHART.dll

2013-09-01 09:39 - 2014-05-22 10:07 - 01404120 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll

2013-09-08 23:34 - 2013-07-17 11:28 - 00477304 _____ () C:\Program Files (x86)\nurago web meter\UpdateHelper.dll

2014-02-16 14:42 - 2014-02-16 14:42 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\5baeeabc4ba71e8eeb8ccc7162c475b2\PSIClient.ni.dll

2013-04-30 17:41 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2014-07-29 08:46 - 2014-07-29 08:46 - 00043008 _____ () c:\users\hazel\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2febfb.dll

2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Hazel\AppData\Roaming\Dropbox\bin\libcef.dll

2014-07-16 19:39 - 2014-07-15 10:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll

2014-07-16 19:39 - 2014-07-15 10:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll

2013-04-30 17:51 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

2012-06-08 19:34 - 2012-06-08 19:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

2014-07-16 19:39 - 2014-07-15 10:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll

2014-07-16 19:39 - 2014-07-15 10:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll

2014-07-16 19:39 - 2014-07-15 10:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\50056038.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\50056038.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\Run: => "HotKeysCmds"

HKLM\...\StartupApproved\Run: => "IgfxTray"

HKLM\...\StartupApproved\Run: => "Persistence"

HKLM\...\StartupApproved\Run: => "SmartAudio"

HKLM\...\StartupApproved\Run32: => "mcui_exe"

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (07/29/2014 09:10:55 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

 

Error: (07/29/2014 09:10:49 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

 

Error: (07/29/2014 09:10:28 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

 

Error: (07/29/2014 09:10:28 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

 

Error: (07/28/2014 08:38:18 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)

Description: Chrome has encountered a fatal error.

ver=36.0.1985.125;lang=;guid=C7D48BA05C6D48E18DCA528F465C9076;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\46f6480e-f746-43c7-913b-a89b0fa1720e.dmp

 

Error: (07/27/2014 06:19:37 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)

Description: Chrome has encountered a fatal error.

ver=36.0.1985.125;lang=;guid=C7D48BA05C6D48E18DCA528F465C9076;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\afb0fcbf-f2d9-4fc6-abc6-cbe9c6081823.dmp

 

Error: (07/27/2014 11:22:22 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005

 

Error: (07/26/2014 08:16:38 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: ATI EEU Client event error

 

Error: (07/26/2014 11:07:17 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)

Description: Chrome has encountered a fatal error.

ver=36.0.1985.125;lang=;guid=C7D48BA05C6D48E18DCA528F465C9076;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\8346ac6f-a362-4fbe-bec7-794d23a43b48.dmp

 

Error: (07/25/2014 08:39:06 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)

Description: Chrome has encountered a fatal error.

ver=36.0.1985.125;lang=;guid=C7D48BA05C6D48E18DCA528F465C9076;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\2db6ddd7-3f5f-4c54-916c-fffc07f06f7d.dmp

 

 

System errors:

=============

Error: (07/28/2014 09:33:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (07/28/2014 09:31:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 

%%2153972227

 

Error: (07/28/2014 09:31:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Peer Name Resolution Protocol service terminated with the following error: 

%%2153972227

 

Error: (07/28/2014 09:31:39 PM) (Source: PNRPSvc) (EventID: 102) (User: )

Description: 0x80630203

 

Error: (07/28/2014 09:31:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The nuragoLSPService service failed to start due to the following error: 

%%1053

 

Error: (07/28/2014 09:31:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the nuragoLSPService service to connect.

 

Error: (07/28/2014 09:20:43 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (07/28/2014 09:20:42 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (07/28/2014 09:20:41 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (07/28/2014 09:20:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

 

Microsoft Office Sessions:

=========================

Error: (07/29/2014 09:10:55 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Hazel\Downloads\esetsmartinstaller_enu.exe

 

Error: (07/29/2014 09:10:49 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Hazel\Downloads\esetsmartinstaller_enu.exe

 

Error: (07/29/2014 09:10:28 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Hazel\Downloads\esetsmartinstaller_enu.exe

 

Error: (07/29/2014 09:10:28 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Hazel\Downloads\esetsmartinstaller_enu.exe

 

Error: (07/28/2014 08:38:18 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)

Description: Chrome has encountered a fatal error.

ver=36.0.1985.125;lang=;guid=C7D48BA05C6D48E18DCA528F465C9076;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\46f6480e-f746-43c7-913b-a89b0fa1720e.dmp

 

Error: (07/27/2014 06:19:37 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)

Description: Chrome has encountered a fatal error.

ver=36.0.1985.125;lang=;guid=C7D48BA05C6D48E18DCA528F465C9076;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\afb0fcbf-f2d9-4fc6-abc6-cbe9c6081823.dmp

 

Error: (07/27/2014 11:22:22 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005

 

Error: (07/26/2014 08:16:38 PM) (Source: ATIeRecord) (EventID: 16388) (User: )

Description: 

 

Error: (07/26/2014 11:07:17 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)

Description: Chrome has encountered a fatal error.

ver=36.0.1985.125;lang=;guid=C7D48BA05C6D48E18DCA528F465C9076;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\8346ac6f-a362-4fbe-bec7-794d23a43b48.dmp

 

Error: (07/25/2014 08:39:06 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)

Description: Chrome has encountered a fatal error.

ver=36.0.1985.125;lang=;guid=C7D48BA05C6D48E18DCA528F465C9076;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\2db6ddd7-3f5f-4c54-916c-fffc07f06f7d.dmp

 

 

CodeIntegrity Errors:

===================================

  Date: 2013-09-24 16:20:50.560

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\igdumd64.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-24 16:20:50.528

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\igdumd64.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-24 16:20:50.513

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\igdumd64.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-24 16:20:50.497

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\igdumd64.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-24 16:20:50.476

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\igdumd64.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-24 16:20:50.453

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\igdumd64.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-24 16:20:50.430

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\igdumd64.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-24 16:20:50.408

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\igdumd64.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-24 16:20:14.338

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\igdumd64.dll because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-24 16:20:14.307

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\igdumd64.dll because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 53%

Total physical RAM: 8061.27 MB

Available physical RAM: 3765.84 MB

Total Pagefile: 9277.27 MB

Available Pagefile: 4626.32 MB

Total Virtual: 8192 MB

Available Virtual: 8191.78 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:916.01 GB) (Free:860.38 GB) NTFS

Drive f: (NIKON D3100) (Removable) (Total:7.45 GB) (Free:4.23 GB) FAT32

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 932 GB) (Disk ID: E06C1F8A)

 

Partition: GPT Partition Type.

 

========================================================

Disk: 1 (Size: 7 GB) (Disk ID: 00000000)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

Link to post
Share on other sites

Yes the computer is a lot faster already :) can i ask what it was you were able to see on my files? Or is that very complicated? I am interested in learning a bit more about what to look for etc :)

Hi,

It's good to hear that! :)

Yes, it is generally speaking complicated. During an intensive training at a malware-removal-school you get the knowledge about malware- and adwaretraces in logs and the ability to remove these. Also you learn selecting the right tool for each issue and infection to use for. (Is this english? :))

P.S.

The FRST.txt is missing! :)

Link to post
Share on other sites

Oh how interesting :) how do you find a malware removal school? lol!! 

 

Yes your sentence is English but just a little mixed up - i would say "Also you learn about selecting the right tool to use for each issue and infection" It is pretty common for translations to be in the wrong order - my second language attempts are very funny i think. My German almost non existent - i can say dankuchen though ;)  

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014

Ran by Hazel (administrator) on LAPPYDO on 29-07-2014 13:58:05

Running from C:\Users\Hazel\Downloads

Platform: Windows 8 (X64) OS Language: English (United States)

Internet Explorer Version 10

Boot Mode: Normal

 

The only official download link for FRST:



Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe

() C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

() C:\Program Files (x86)\nurago web meter\nurago-Reporting.exe

() C:\Program Files (x86)\nurago web meter\nurago-Updater.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(Microsoft) C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe

(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe

(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe

() C:\Program Files (x86)\nurago web meter\nurago-TrayIcon.exe

(Dropbox, Inc.) C:\Users\Hazel\AppData\Roaming\Dropbox\bin\Dropbox.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe

() C:\Program Files (x86)\nuragoLSPService\nurago-WatchDog.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(McAfee, Inc.) C:\Program Files\mcafee\msm\McSmtFwk.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

(Microsoft Corporation) C:\Windows\System32\WWAHost.exe

(Farbar) C:\Users\Hazel\Downloads\FRST64 (2).exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2774864 2013-01-10] (ELAN Microelectronics Corp.)

HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-02-01] (Dell Inc.)

HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)

HKLM\...\Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" 

HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp 

HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-07-20] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)

HKLM-x32\...\Run: [bDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179928 2013-01-03] (cyberlink)

HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-08-06] (McAfee, Inc.)

HKLM-x32\...\Run: [nurago-WatchDog] => C:\Program Files (x86)\nuragoLSPService\nurago-WatchDog.exe [60536 2013-09-25] ()

HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-08-06] (McAfee, Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-283331089-651184342-1534696237-1001\...\Run: [GoogleChromeAutoLaunch_03A4F751659AFE497E098F8544F7FE2D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\nurago-TrayIcon.lnk

ShortcutTarget: nurago-TrayIcon.lnk -> C:\Program Files (x86)\nurago web meter\nurago-TrayIcon.exe ()

Startup: C:\Users\Hazel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Hazel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hazel\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

BootExecute: autocheck autochk * sdnclean64.exe

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}

SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}

BHO: nurago web meter -> {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} -> C:\Program Files (x86)\nurago web meter\x64\Gacela2.dll (nurago)

BHO-x32: nurago web meter -> {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} -> C:\Program Files (x86)\nurago web meter\Gacela2.dll (nurago)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - nurago web meter - {5F6E2508-41C4-4D4B-8AC3-D7ED6E4EB2AE} - C:\Program Files (x86)\nurago web meter\x64\Gacela2.dll (nurago)

Toolbar: HKLM-x32 - nurago web meter - {5F6E2508-41C4-4D4B-8AC3-D7ED6E4EB2AE} - C:\Program Files (x86)\nurago web meter\Gacela2.dll (nurago)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)

Winsock: Catalog9 01 C:\Windows\SysWOW64\nuragoLSPService.DLL [316024] (nurago)

Winsock: Catalog9 02 C:\Windows\SysWOW64\nuragoLSPService.DLL [316024] (nurago)

Winsock: Catalog9 03 C:\Windows\SysWOW64\nuragoLSPService.DLL [316024] (nurago)

Winsock: Catalog9 04 C:\Windows\SysWOW64\nuragoLSPService.DLL [316024] (nurago)

Winsock: Catalog9 16 C:\Windows\SysWOW64\nuragoLSPService.DLL [316024] (nurago)

Winsock: Catalog9-x64 01 C:\Windows\system32\nuragoLSPService64.DLL [383608] (nurago)

Winsock: Catalog9-x64 02 C:\Windows\system32\nuragoLSPService64.DLL [383608] (nurago)

Winsock: Catalog9-x64 03 C:\Windows\system32\nuragoLSPService64.DLL [383608] (nurago)

Winsock: Catalog9-x64 04 C:\Windows\system32\nuragoLSPService64.DLL [383608] (nurago)

Winsock: Catalog9-x64 16 C:\Windows\system32\nuragoLSPService64.DLL [383608] (nurago)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

 

FireFox:

========

FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM-x32\...\Firefox\Extensions: [gacela2@nurago.com] - C:\Program Files (x86)\nurago web meter

FF Extension: nurago web meter - C:\Program Files (x86)\nurago web meter [2013-09-08]

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-04-30]

 

Chrome: 

=======

CHR Extension: (Google Docs) - C:\Users\Hazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-05]

CHR Extension: (Google Drive) - C:\Users\Hazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-05]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-12]

CHR Extension: (YouTube) - C:\Users\Hazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-05]

CHR Extension: (Google Search) - C:\Users\Hazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-05]

CHR Extension: (nurago web meter) - C:\Users\Hazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\igkejcihojcegdmifcnlkhmnelneogef [2013-09-09]

CHR Extension: (Google Wallet) - C:\Users\Hazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-28]

CHR Extension: (Gmail) - C:\Users\Hazel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-05]

CHR HKLM-x32\...\Chrome\Extension: [igkejcihojcegdmifcnlkhmnelneogef] - C:\Program Files (x86)\nurago web meter\Chrome Extension\extension.crx [2013-09-08]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [245888 2013-01-03] (CyberLink)

R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2012-08-07] (Conexant Systems, Inc.)

S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]

R2 EventService; C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe [31744 2013-03-12] () [File not signed]

R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-07-27] (SurfRight B.V.)

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-08-06] (McAfee, Inc.)

S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)

S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)

R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1017016 2013-08-05] (McAfee, Inc.)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-08-07] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-08-07] (McAfee, Inc.)

R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()

R2 nurago-Reporting-Service; C:\Program Files (x86)\nurago web meter\nurago-Reporting.exe [3022456 2013-09-25] ()

R2 nurago-Update-Service; C:\Program Files (x86)\nurago web meter\nurago-Updater.exe [1377912 2013-09-25] ()

S2 nuragoLSPService; C:\Program Files (x86)\nuragoLSPService\nuragoLSPService.exe [3302520 2013-09-25] (nurago)

R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1882392 2014-05-03] (Trusteer Ltd.)

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()

R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915408 2013-10-10] (SoftThinks SAS)

R2 TransferService; C:\Program Files (x86)\MR APP\MRAPP.Transfer.Service.exe [31232 2013-03-12] (Microsoft) [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-10] (Advanced Micro Devices, Inc.)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)

R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.)

R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-08-07] (McAfee, Inc.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-29] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179664 2013-08-07] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [310224 2013-08-07] (McAfee, Inc.)

S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69264 2013-08-07] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519064 2013-08-07] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [776168 2013-08-07] (McAfee, Inc.)

R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [377040 2013-07-09] (McAfee, Inc.)

S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [95984 2013-07-09] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343568 2013-08-07] (McAfee, Inc.)

R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)

R1 RapportCerberus_68261; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_68261.sys [631096 2014-05-22] ()

R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299512 2014-05-03] (Trusteer Ltd.)

R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [288344 2014-05-03] (Trusteer Ltd.)

R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358552 2014-05-03] (Trusteer Ltd.)

R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414232 2014-05-03] (Trusteer Ltd.)

R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-10] (Windows ® Win 7 DDK provider)

R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-10] (Windows ® Win 7 DDK provider)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-07-29 13:57 - 2014-07-29 13:57 - 02093568 _____ (Farbar) C:\Users\Hazel\Downloads\FRST64 (2).exe

2014-07-29 10:56 - 2014-07-29 10:56 - 02093568 _____ (Farbar) C:\Users\Hazel\Downloads\FRST64 (1).exe

2014-07-29 09:10 - 2014-07-29 09:10 - 02347384 _____ (ESET) C:\Users\Hazel\Downloads\esetsmartinstaller_enu.exe

2014-07-29 09:10 - 2014-07-29 09:10 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-07-29 08:47 - 2014-07-29 08:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2014-07-28 21:31 - 2014-07-28 21:31 - 00000000 ____D () C:\ProgramData\MR APP

2014-07-28 21:27 - 2014-07-28 20:56 - 00024064 _____ () C:\Windows\zoek-delete.exe

2014-07-28 20:59 - 2014-07-28 21:31 - 00008533 _____ () C:\zoek-results.log

2014-07-28 20:56 - 2014-07-28 21:22 - 00000000 ____D () C:\zoek_backup

2014-07-28 20:56 - 2014-07-28 20:56 - 01287168 _____ () C:\Users\Hazel\Downloads\zoek.exe

2014-07-28 20:56 - 2014-07-28 20:56 - 01287168 _____ () C:\Users\Hazel\Downloads\zoek (1).exe

2014-07-28 11:45 - 2014-07-29 10:58 - 00036591 _____ () C:\Users\Hazel\Downloads\Addition.txt

2014-07-28 11:43 - 2014-07-29 13:58 - 00024291 _____ () C:\Users\Hazel\Downloads\FRST.txt

2014-07-28 11:43 - 2014-07-29 13:58 - 00000000 ____D () C:\FRST

2014-07-28 11:42 - 2014-07-28 11:42 - 02093568 _____ (Farbar) C:\Users\Hazel\Downloads\FRST64.exe

2014-07-27 20:08 - 2014-07-27 20:08 - 00013546 _____ () C:\Users\Hazel\Downloads\HitmanPro_20140727_2008.log

2014-07-27 20:00 - 2014-07-27 20:00 - 00001895 _____ () C:\Users\Public\Desktop\HitmanPro.lnk

2014-07-27 20:00 - 2014-07-27 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro

2014-07-27 20:00 - 2014-07-27 20:00 - 00000000 ____D () C:\Program Files\HitmanPro

2014-07-27 19:59 - 2014-07-27 19:59 - 11188736 _____ (SurfRight B.V.) C:\Users\Hazel\Downloads\HitmanPro_x64 (1).exe

2014-07-27 19:49 - 2014-07-27 19:49 - 00001291 _____ () C:\Malwarebytes.txt

2014-07-27 19:38 - 2014-07-27 19:38 - 00000114 ___RH () C:\Users\Hazel\Downloads\Stinger.opt

2014-07-27 19:25 - 2014-07-27 19:38 - 00000000 ____D () C:\Program Files (x86)\stinger

2014-07-27 19:25 - 2014-07-27 19:26 - 00000849 _____ () C:\Users\Hazel\Downloads\Stinger_27072014_192517.html

2014-07-27 19:24 - 2014-07-27 19:24 - 10972520 _____ (McAfee Inc) C:\Users\Hazel\Downloads\stinger32 (1).exe

2014-07-27 19:23 - 2014-07-27 19:24 - 10972520 _____ (McAfee Inc) C:\Users\Hazel\Downloads\stinger32.exe

2014-07-25 18:38 - 2014-07-25 18:46 - 00000000 ____D () C:\Users\Hazel\Downloads\Decoupage Papers

2014-07-23 09:25 - 2014-07-23 09:35 - 00000000 ____D () C:\Users\Hazel\Downloads\Giveaways

2014-07-23 09:07 - 2014-07-24 13:49 - 00000000 ____D () C:\Users\Hazel\Downloads\Selling4U

2014-07-22 16:31 - 2014-07-22 16:31 - 00208914 _____ () C:\Users\Hazel\Downloads\bunting.00_png_srz

2014-07-21 12:49 - 2014-07-21 12:49 - 00323632 _____ (Dropbox, Inc.) C:\Users\Hazel\Downloads\DropboxInstaller (1).exe

2014-07-21 12:48 - 2014-07-21 12:48 - 00323632 _____ (Dropbox, Inc.) C:\Users\Hazel\Downloads\DropboxInstaller.exe

2014-07-21 12:29 - 2014-07-21 12:39 - 00000000 ____D () C:\ProgramData\HitmanPro

2014-07-21 12:27 - 2014-07-21 12:28 - 11188736 _____ (SurfRight B.V.) C:\Users\Hazel\Downloads\HitmanPro_x64.exe

2014-07-21 11:50 - 2014-07-21 11:50 - 00000000 ____D () C:\Windows\ERUNT

2014-07-21 11:49 - 2014-07-21 11:49 - 01016261 _____ (Thisisu) C:\Users\Hazel\Downloads\JRT.exe

2014-07-21 11:41 - 2014-07-21 11:44 - 00000000 ____D () C:\AdwCleaner

2014-07-21 11:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-07-21 11:40 - 2014-07-21 11:40 - 01354223 _____ () C:\Users\Hazel\Downloads\adwcleaner_3.216.exe

2014-07-17 20:04 - 2014-07-17 20:04 - 00324736 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-07-15 17:34 - 2014-07-28 15:29 - 00000000 ____D () C:\Users\Hazel\Downloads\Wholesale Items

2014-07-14 17:55 - 2014-07-16 11:50 - 00000000 ____D () C:\Users\Hazel\Downloads\1p auctions business pages

2014-07-12 10:18 - 2014-06-26 21:53 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-07-12 10:18 - 2014-06-26 21:53 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-07-11 23:08 - 2014-07-11 23:08 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-07-09 23:58 - 2014-06-18 00:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe

2014-07-09 23:58 - 2014-06-18 00:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe

2014-07-09 23:58 - 2014-06-11 05:18 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-07-09 23:58 - 2014-05-03 07:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2014-07-09 23:58 - 2014-05-03 07:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2014-07-09 23:58 - 2014-05-03 05:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2014-07-09 23:58 - 2014-05-01 23:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll

2014-07-09 23:58 - 2014-04-29 23:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe

2014-07-09 23:58 - 2014-04-29 23:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe

2014-07-09 23:58 - 2014-04-24 00:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll

2014-07-09 23:58 - 2014-04-24 00:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-07-09 23:58 - 2014-04-24 00:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll

2014-07-09 23:58 - 2014-04-24 00:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-07-09 23:58 - 2014-02-08 05:34 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys

2014-07-09 23:57 - 2014-06-02 23:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll

2014-07-09 23:57 - 2014-05-30 00:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll

2014-07-09 23:57 - 2014-05-30 00:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll

2014-07-09 23:57 - 2014-05-30 00:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-07-09 23:57 - 2014-05-30 00:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll

2014-07-09 23:56 - 2014-06-30 23:42 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-07-09 23:56 - 2014-06-30 23:42 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-07-09 23:56 - 2014-06-30 23:42 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2014-07-09 23:56 - 2014-06-28 04:35 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-07-09 23:56 - 2014-06-19 03:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-07-09 23:56 - 2014-06-19 03:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-07-09 23:56 - 2014-06-19 03:12 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll

2014-07-09 23:56 - 2014-06-19 03:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-07-09 23:56 - 2014-06-19 03:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-07-09 23:56 - 2014-06-19 03:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-07-09 23:56 - 2014-06-19 03:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-07-09 23:56 - 2014-06-19 03:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-07-09 23:56 - 2014-06-19 03:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-07-09 23:56 - 2014-06-19 03:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-07-09 23:56 - 2014-06-19 03:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-07-09 23:56 - 2014-06-19 03:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-07-09 23:56 - 2014-06-19 03:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-07-09 23:56 - 2014-06-19 03:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-07-09 23:56 - 2014-06-19 01:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-07-09 23:56 - 2014-06-19 01:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-07-09 23:56 - 2014-06-19 01:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-07-09 23:56 - 2014-06-19 01:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-07-09 23:56 - 2014-06-19 01:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-07-09 23:56 - 2014-06-19 01:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-07-09 23:56 - 2014-06-19 01:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-07-09 23:56 - 2014-06-19 01:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-07-09 23:56 - 2014-06-19 01:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-07-09 23:56 - 2014-06-19 01:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-07-09 23:56 - 2014-06-19 01:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-07-09 23:56 - 2014-06-19 01:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-07-09 23:56 - 2014-06-19 01:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2014-07-09 23:55 - 2014-06-19 03:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll

2014-07-09 23:55 - 2014-06-19 03:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-07-09 23:55 - 2014-06-19 03:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-07-09 23:55 - 2014-06-19 03:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-07-09 23:55 - 2014-06-19 03:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-07-09 23:55 - 2014-06-19 03:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-07-09 23:55 - 2014-06-19 03:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-07-09 23:55 - 2014-06-19 01:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-07-09 23:55 - 2014-06-19 01:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-07-09 23:55 - 2014-06-19 01:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll

2014-07-09 23:55 - 2014-06-19 01:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-07-09 23:55 - 2014-06-19 01:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-07-09 23:55 - 2014-06-19 01:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-07-09 23:55 - 2014-06-19 01:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-07-09 23:55 - 2014-06-19 01:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-07-09 23:55 - 2014-06-18 23:05 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

2014-07-09 23:55 - 2014-06-06 15:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-07-09 23:55 - 2014-06-06 11:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2014-07-09 23:55 - 2014-05-29 23:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2014-07-09 14:28 - 2014-07-09 14:29 - 00000000 ____D () C:\Users\Hazel\Downloads\Joblots auctions

2014-07-09 12:07 - 2014-07-09 12:35 - 00000000 ____D () C:\Users\Hazel\Downloads\Stock from Lauranne

2014-07-07 11:23 - 2014-07-07 11:25 - 00000000 ____D () C:\Users\Hazel\Downloads\welcome

2014-07-06 11:25 - 2014-07-06 11:29 - 00000000 ____D () C:\Users\Hazel\Downloads\loved toys feedback

2014-07-04 08:13 - 2014-07-07 08:41 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2014-07-04 08:13 - 2014-07-07 08:41 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2014-07-04 08:13 - 2014-07-07 08:41 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2014-07-04 08:13 - 2014-07-07 08:41 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2014-07-04 08:13 - 2014-07-07 08:41 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll

2014-07-04 08:13 - 2014-07-07 08:41 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll

2014-07-04 08:13 - 2014-07-07 08:41 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2014-07-04 08:13 - 2014-07-07 08:41 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2014-07-04 08:13 - 2014-07-07 08:41 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2014-07-04 08:12 - 2014-07-11 23:07 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2014-07-04 08:12 - 2014-07-11 23:07 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2014-07-04 08:12 - 2014-07-11 23:07 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2014-07-04 08:12 - 2014-07-11 23:07 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2014-06-29 19:00 - 2014-06-29 19:00 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk

2014-06-29 19:00 - 2014-06-29 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2014-06-29 19:00 - 2014-06-29 19:00 - 00000000 ____D () C:\ProgramData\Apple Computer

2014-06-29 19:00 - 2014-06-29 19:00 - 00000000 ____D () C:\Program Files (x86)\QuickTime

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-07-29 13:58 - 2014-07-28 11:43 - 00024291 _____ () C:\Users\Hazel\Downloads\FRST.txt

2014-07-29 13:58 - 2014-07-28 11:43 - 00000000 ____D () C:\FRST

2014-07-29 13:57 - 2014-07-29 13:57 - 02093568 _____ (Farbar) C:\Users\Hazel\Downloads\FRST64 (2).exe

2014-07-29 13:49 - 2013-04-30 17:24 - 02024625 _____ () C:\Windows\WindowsUpdate.log

2014-07-29 13:41 - 2014-06-14 15:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-29 13:38 - 2013-06-05 19:53 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-29 13:13 - 2013-09-08 23:34 - 00000000 ____D () C:\Program Files (x86)\nurago web meter

2014-07-29 13:13 - 2013-09-08 21:50 - 00000000 ____D () C:\Program Files (x86)\nuragoLSPService

2014-07-29 13:02 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru

2014-07-29 10:58 - 2014-07-28 11:45 - 00036591 _____ () C:\Users\Hazel\Downloads\Addition.txt

2014-07-29 10:56 - 2014-07-29 10:56 - 02093568 _____ (Farbar) C:\Users\Hazel\Downloads\FRST64 (1).exe

2014-07-29 10:53 - 2013-06-05 18:57 - 00000000 ____D () C:\Users\Hazel

2014-07-29 09:10 - 2014-07-29 09:10 - 02347384 _____ (ESET) C:\Users\Hazel\Downloads\esetsmartinstaller_enu.exe

2014-07-29 09:10 - 2014-07-29 09:10 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-07-29 08:47 - 2014-07-29 08:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2014-07-29 08:46 - 2014-02-20 13:12 - 00000478 _____ () C:\Windows\Tasks\SDMsgUpdate (Local).job

2014-07-29 08:46 - 2014-02-20 13:12 - 00000470 _____ () C:\Windows\Tasks\SDMsgUpdate (TE).job

2014-07-29 08:46 - 2013-11-04 12:13 - 00000000 ___RD () C:\Users\Hazel\Dropbox

2014-07-29 08:46 - 2013-11-04 12:06 - 00000000 ____D () C:\Users\Hazel\AppData\Roaming\Dropbox

2014-07-29 08:46 - 2013-06-05 19:52 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-28 21:40 - 2013-04-30 17:59 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery

2014-07-28 21:31 - 2014-07-28 21:31 - 00000000 ____D () C:\ProgramData\MR APP

2014-07-28 21:31 - 2014-07-28 20:59 - 00008533 _____ () C:\zoek-results.log

2014-07-28 21:31 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-07-28 21:31 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM

2014-07-28 21:30 - 2014-06-26 10:52 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-07-28 21:30 - 2014-06-26 10:52 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-07-28 21:30 - 2013-04-30 17:13 - 00086156 _____ () C:\Windows\PFRO.log

2014-07-28 21:29 - 2012-07-26 06:26 - 00524288 ___SH () C:\Windows\system32\config\BBI

2014-07-28 21:22 - 2014-07-28 20:56 - 00000000 ____D () C:\zoek_backup

2014-07-28 20:56 - 2014-07-28 21:27 - 00024064 _____ () C:\Windows\zoek-delete.exe

2014-07-28 20:56 - 2014-07-28 20:56 - 01287168 _____ () C:\Users\Hazel\Downloads\zoek.exe

2014-07-28 20:56 - 2014-07-28 20:56 - 01287168 _____ () C:\Users\Hazel\Downloads\zoek (1).exe

2014-07-28 16:38 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent

2014-07-28 15:29 - 2014-07-15 17:34 - 00000000 ____D () C:\Users\Hazel\Downloads\Wholesale Items

2014-07-28 15:29 - 2013-07-01 08:46 - 11723776 ___SH () C:\Users\Hazel\Downloads\Thumbs.db

2014-07-28 11:42 - 2014-07-28 11:42 - 02093568 _____ (Farbar) C:\Users\Hazel\Downloads\FRST64.exe

2014-07-28 09:12 - 2014-05-24 13:57 - 00000000 ____D () C:\Users\Hazel\Desktop\My big fat file of stuff

2014-07-27 22:06 - 2013-11-27 16:00 - 01917440 ___SH () C:\Users\Hazel\Desktop\Thumbs.db

2014-07-27 20:08 - 2014-07-27 20:08 - 00013546 _____ () C:\Users\Hazel\Downloads\HitmanPro_20140727_2008.log

2014-07-27 20:00 - 2014-07-27 20:00 - 00001895 _____ () C:\Users\Public\Desktop\HitmanPro.lnk

2014-07-27 20:00 - 2014-07-27 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro

2014-07-27 20:00 - 2014-07-27 20:00 - 00000000 ____D () C:\Program Files\HitmanPro

2014-07-27 19:59 - 2014-07-27 19:59 - 11188736 _____ (SurfRight B.V.) C:\Users\Hazel\Downloads\HitmanPro_x64 (1).exe

2014-07-27 19:49 - 2014-07-27 19:49 - 00001291 _____ () C:\Malwarebytes.txt

2014-07-27 19:38 - 2014-07-27 19:38 - 00000114 ___RH () C:\Users\Hazel\Downloads\Stinger.opt

2014-07-27 19:38 - 2014-07-27 19:25 - 00000000 ____D () C:\Program Files (x86)\stinger

2014-07-27 19:26 - 2014-07-27 19:25 - 00000849 _____ () C:\Users\Hazel\Downloads\Stinger_27072014_192517.html

2014-07-27 19:24 - 2014-07-27 19:24 - 10972520 _____ (McAfee Inc) C:\Users\Hazel\Downloads\stinger32 (1).exe

2014-07-27 19:24 - 2014-07-27 19:23 - 10972520 _____ (McAfee Inc) C:\Users\Hazel\Downloads\stinger32.exe

2014-07-25 18:46 - 2014-07-25 18:38 - 00000000 ____D () C:\Users\Hazel\Downloads\Decoupage Papers

2014-07-25 14:01 - 2012-07-26 08:28 - 00876242 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-07-24 13:49 - 2014-07-23 09:07 - 00000000 ____D () C:\Users\Hazel\Downloads\Selling4U

2014-07-24 10:20 - 2014-06-26 10:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-07-24 09:32 - 2013-11-04 12:11 - 00000000 ____D () C:\Users\Hazel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-07-23 09:35 - 2014-07-23 09:25 - 00000000 ____D () C:\Users\Hazel\Downloads\Giveaways

2014-07-22 16:31 - 2014-07-22 16:31 - 00208914 _____ () C:\Users\Hazel\Downloads\bunting.00_png_srz

2014-07-21 12:49 - 2014-07-21 12:49 - 00323632 _____ (Dropbox, Inc.) C:\Users\Hazel\Downloads\DropboxInstaller (1).exe

2014-07-21 12:48 - 2014-07-21 12:48 - 00323632 _____ (Dropbox, Inc.) C:\Users\Hazel\Downloads\DropboxInstaller.exe

2014-07-21 12:39 - 2014-07-21 12:29 - 00000000 ____D () C:\ProgramData\HitmanPro

2014-07-21 12:28 - 2014-07-21 12:27 - 11188736 _____ (SurfRight B.V.) C:\Users\Hazel\Downloads\HitmanPro_x64.exe

2014-07-21 11:50 - 2014-07-21 11:50 - 00000000 ____D () C:\Windows\ERUNT

2014-07-21 11:49 - 2014-07-21 11:49 - 01016261 _____ (Thisisu) C:\Users\Hazel\Downloads\JRT.exe

2014-07-21 11:44 - 2014-07-21 11:41 - 00000000 ____D () C:\AdwCleaner

2014-07-21 11:40 - 2014-07-21 11:40 - 01354223 _____ () C:\Users\Hazel\Downloads\adwcleaner_3.216.exe

2014-07-17 20:04 - 2014-07-17 20:04 - 00324736 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-07-16 19:51 - 2014-06-23 14:05 - 00000000 ____D () C:\Users\Hazel\Downloads\£1 Raffle Items

2014-07-16 11:50 - 2014-07-14 17:55 - 00000000 ____D () C:\Users\Hazel\Downloads\1p auctions business pages

2014-07-12 12:00 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache

2014-07-11 23:08 - 2014-07-11 23:08 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-07-11 23:08 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-07-11 23:08 - 2012-07-26 09:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-07-11 23:08 - 2012-07-26 08:52 - 00000000 ____D () C:\Program Files\Windows Journal

2014-07-11 23:07 - 2014-07-04 08:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2014-07-11 23:07 - 2014-07-04 08:12 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2014-07-11 23:07 - 2014-07-04 08:12 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2014-07-11 23:07 - 2014-07-04 08:12 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2014-07-11 23:07 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore

2014-07-11 23:07 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp

2014-07-10 13:12 - 2013-07-26 11:49 - 00000000 ____D () C:\Windows\system32\MRT

2014-07-10 13:11 - 2013-06-06 11:04 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-07-09 14:29 - 2014-07-09 14:28 - 00000000 ____D () C:\Users\Hazel\Downloads\Joblots auctions

2014-07-09 12:35 - 2014-07-09 12:07 - 00000000 ____D () C:\Users\Hazel\Downloads\Stock from Lauranne

2014-07-07 11:25 - 2014-07-07 11:23 - 00000000 ____D () C:\Users\Hazel\Downloads\welcome

2014-07-07 08:41 - 2014-07-04 08:13 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2014-07-07 08:41 - 2014-07-04 08:13 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2014-07-07 08:41 - 2014-07-04 08:13 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2014-07-07 08:41 - 2014-07-04 08:13 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2014-07-07 08:41 - 2014-07-04 08:13 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll

2014-07-07 08:41 - 2014-07-04 08:13 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll

2014-07-07 08:41 - 2014-07-04 08:13 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2014-07-07 08:41 - 2014-07-04 08:13 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2014-07-07 08:41 - 2014-07-04 08:13 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2014-07-06 11:29 - 2014-07-06 11:25 - 00000000 ____D () C:\Users\Hazel\Downloads\loved toys feedback

2014-06-30 23:42 - 2014-07-09 23:56 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-06-30 23:42 - 2014-07-09 23:56 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2014-06-30 23:42 - 2014-07-09 23:56 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2014-06-29 19:00 - 2014-06-29 19:00 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk

2014-06-29 19:00 - 2014-06-29 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2014-06-29 19:00 - 2014-06-29 19:00 - 00000000 ____D () C:\ProgramData\Apple Computer

2014-06-29 19:00 - 2014-06-29 19:00 - 00000000 ____D () C:\Program Files (x86)\QuickTime

 

Some content of TEMP:

====================

C:\Users\Hazel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2febfb.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-07-21 09:57

 

==================== End Of Log ============================

Link to post
Share on other sites

There are some odd problems - for example the scroll bar on the side only works if i press the arrow i can't move it with the slider.  Also i notice i can't copy text at times.  I have had one crash of chrome this evening as well.  So far that is all i can tell! 

Link to post
Share on other sites

There are some odd problems - for example the scroll bar on the side only works if i press the arrow i can't move it with the slider.  Also i notice i can't copy text at times.  I have had one crash of chrome this evening as well.  So far that is all i can tell!

Hi,

please observe this for some time.

But "artemis" is gone, right? :)

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.