Jump to content

mal ware or mal function


whonew

Recommended Posts

I am not sure what I have, I can only say for the last several months I have had difficulty typing, it jumps . The curser from the line of type to the center of the line. I had someone go through this with me before , but nothing showed up. The other day  i came upon a file or folder that had to do with keyboard and mouse, and I thought it was a joke it said " Monk has not logged in sense 1999"  I deleteded that and not I am getting a notice to uninstal the keyboard and mouse off this laptop.  I can use the mouse and keys, and still have the cursor jumping around , making it difficult to type a sentence, with out getting upset enough to smash it.

Please take a look thank you

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Judith (administrator) on KIRK-PC on 01-09-2014 08:41:31
Running from C:\Users\Judith\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(F-Secure Corporation) C:\Program Files (x86)\Frontier\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\Frontier\apps\CCF_Reputation\fsorsp.exe
(F-Secure Corporation) C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(F-Secure Corporation) C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(F-Secure Corporation) C:\Program Files (x86)\Frontier\fshoster32.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(F-Secure Corporation) C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSM32.EXE
(F-Secure Corporation) C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSHDLL64.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM-x32\...\Run: [F-Secure Hoster (53784)] => C:\Program Files (x86)\Frontier\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSM32.EXE [310208 2013-08-14] (F-Secure Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-1596010243-3757955604-700281957-1000\...\RunOnce: [FlashPlayerUpdate] => C:\windows\system32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe [538288 2014-07-09] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0F0AEC0E875ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

FireFox:
========
FF ProfilePath: C:\Users\Judith\AppData\Roaming\Mozilla\Firefox\Profiles\ccn05kn1.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\chrome_tmbep.crx []
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\chrome_tmbep.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 fshoster; C:\Program Files (x86)\Frontier\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSMA32.EXE [216000 2013-08-14] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\Frontier\apps\CCF_Reputation\fsorsp.exe [60352 2013-10-16] (F-Secure Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [203304 2014-06-09] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\Frontier\apps\ComputerSecurity\HIPS\drivers\fshs.sys [69960 2014-06-23] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2013-10-16] ()
R3 fsni; C:\Program Files (x86)\Frontier\apps\CCF_Scanning\fsni64.sys [80832 2013-04-25] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13248 2013-08-14] ()
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Judith\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 08:41 - 2014-09-01 08:41 - 00012137 _____ () C:\Users\Judith\Desktop\FRST.txt
2014-09-01 08:39 - 2014-09-01 08:39 - 02104832 _____ (Farbar) C:\Users\Judith\Desktop\FRST64.exe
2014-09-01 08:01 - 2014-09-01 08:01 - 00003018 _____ () C:\windows\System32\Tasks\{D8CFA8F6-83B6-4C16-BBEA-E7E64DD9C045}
2014-08-28 08:18 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-28 08:18 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-28 08:18 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-25 03:06 - 2014-09-01 07:51 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-25 03:06 - 2014-08-25 03:06 - 00001819 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-08-25 03:06 - 2014-08-25 03:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-25 03:05 - 2014-08-25 03:05 - 00000000 ____D () C:\Users\Judith\AppData\Roaming\SUPERAntiSpyware.com
2014-08-25 03:05 - 2014-08-25 03:05 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-25 03:03 - 2014-08-25 03:04 - 18884400 _____ (SUPERAntiSpyware) C:\Users\Judith\Desktop\SUPERAntiSpyware(1).exe
2014-08-25 02:47 - 2014-08-25 02:50 - 54525952 _____ () C:\Users\Judith\Downloads\msert.exe
2014-08-25 02:39 - 2014-08-25 02:39 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-25 02:18 - 2014-08-25 02:18 - 00000905 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk
2014-08-25 02:18 - 2014-08-25 02:18 - 00000893 _____ () C:\Users\Public\Desktop\Waterfox.lnk
2014-08-25 02:08 - 2014-08-25 02:12 - 00000163 _____ () C:\windows\Reimage.ini
2014-08-23 21:00 - 2014-08-23 21:50 - 00000403 _____ () C:\Users\Judith\Desktop\zynga disconnect and reset.txt
2014-08-21 06:46 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-21 06:46 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-21 06:46 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-21 06:46 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-21 06:46 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-21 06:46 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-21 06:46 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-21 06:46 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-21 06:46 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-21 06:46 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-21 06:45 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-21 06:45 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-21 06:45 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-21 06:45 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-08-18 12:57 - 2014-08-18 12:57 - 00000199 _____ () C:\Users\Guest\Documents\speed test.txt
2014-08-17 11:07 - 2014-08-17 11:07 - 00002980 _____ () C:\windows\System32\Tasks\{79B87B05-E8FA-46B6-9DFA-35B3B78D1921}
2014-08-17 11:07 - 2014-08-17 11:07 - 00002980 _____ () C:\windows\System32\Tasks\{4465DEA9-0162-49D7-BADF-9CD5F1046E1C}
2014-08-16 09:57 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-16 09:57 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-16 09:57 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-16 09:57 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-16 09:57 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-16 09:57 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-16 09:56 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-16 09:56 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-16 09:53 - 2014-07-24 05:11 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-16 09:53 - 2014-07-24 05:10 - 02240000 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-16 09:53 - 2014-07-24 05:10 - 01407488 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-16 09:53 - 2014-07-24 05:09 - 15399936 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-16 09:53 - 2014-07-24 05:09 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-16 09:53 - 2014-07-24 05:09 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-16 09:53 - 2014-07-24 05:09 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-16 09:53 - 2014-07-24 05:09 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-16 09:53 - 2014-07-24 05:09 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-16 09:53 - 2014-07-24 05:09 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-16 09:53 - 2014-07-24 05:09 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-16 09:53 - 2014-07-24 05:09 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-16 09:53 - 2014-07-24 05:09 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-16 09:53 - 2014-07-24 05:09 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-16 09:53 - 2014-07-24 05:09 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-16 09:53 - 2014-07-24 03:52 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-16 09:53 - 2014-07-24 03:52 - 01180672 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-16 09:53 - 2014-07-24 03:51 - 13757440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-16 09:53 - 2014-07-24 03:51 - 02054656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-16 09:53 - 2014-07-24 03:51 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-16 09:53 - 2014-07-24 03:51 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-16 09:53 - 2014-07-24 03:51 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-16 09:53 - 2014-07-24 03:51 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-16 09:53 - 2014-07-24 03:51 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-16 09:53 - 2014-07-24 03:51 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-16 09:53 - 2014-07-24 03:51 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-16 09:53 - 2014-07-24 03:51 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-16 09:53 - 2014-07-24 03:51 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-16 09:53 - 2014-07-24 03:51 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-16 09:53 - 2014-07-24 03:33 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-16 09:53 - 2014-07-24 03:29 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-16 09:52 - 2014-07-24 05:09 - 19279872 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-16 09:52 - 2014-07-24 05:09 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-16 09:52 - 2014-07-24 05:09 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-08-16 09:52 - 2014-07-24 05:09 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-08-16 09:52 - 2014-07-24 05:09 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-16 09:52 - 2014-07-24 03:51 - 14371328 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-16 09:52 - 2014-07-24 03:51 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-16 09:52 - 2014-07-24 03:51 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-08-16 09:52 - 2014-07-24 03:51 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-08-16 09:52 - 2014-07-24 03:51 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-16 09:52 - 2014-07-24 02:37 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-08-16 09:52 - 2014-07-24 02:32 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-08-16 09:44 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-16 09:44 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-16 09:44 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-16 09:44 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-16 09:44 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-16 09:44 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-16 09:44 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-16 09:44 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-16 09:44 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-16 09:43 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-16 09:42 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-16 09:42 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-16 09:41 - 2014-08-06 19:06 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-16 09:41 - 2014-08-06 19:01 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-16 09:41 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-16 09:41 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-14 23:59 - 2014-08-14 23:59 - 00000000 ____D () C:\Users\Judith\AppData\Local\Windows Live
2014-08-14 23:58 - 2014-08-14 23:59 - 00000000 ____D () C:\Users\Judith\AppData\Local\{AE0EE541-777F-4A3E-9F3A-2EAA52B86BDC}
2014-08-11 14:29 - 2014-08-11 14:29 - 00004301 _____ () C:\Users\Guest\Documents\night of broke glass.txt
2014-08-09 12:04 - 2014-08-10 01:24 - 00001395 _____ () C:\Users\Guest\Documents\Strange Companion.txt
2014-08-03 10:12 - 2014-08-03 10:53 - 00002208 _____ () C:\Users\Guest\Documents\who would have guessed.txt
2014-08-02 01:12 - 2014-08-02 01:12 - 00041586 _____ () C:\Users\Guest\Downloads\Spotify Web Player.htm
2014-08-02 00:43 - 2014-08-02 23:18 - 00001031 _____ () C:\Users\Guest\Documents\no trust.txt
2014-08-02 00:14 - 2014-08-21 19:39 - 00000126 _____ () C:\Users\Guest\Documents\things I might buy.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 08:42 - 2014-09-01 08:41 - 00012137 _____ () C:\Users\Judith\Desktop\FRST.txt
2014-09-01 08:41 - 2014-04-30 07:18 - 00000000 ____D () C:\FRST
2014-09-01 08:39 - 2014-09-01 08:39 - 02104832 _____ (Farbar) C:\Users\Judith\Desktop\FRST64.exe
2014-09-01 08:24 - 2014-03-25 14:34 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-01 08:01 - 2014-09-01 08:01 - 00003018 _____ () C:\windows\System32\Tasks\{D8CFA8F6-83B6-4C16-BBEA-E7E64DD9C045}
2014-09-01 07:52 - 2009-07-13 21:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-01 07:52 - 2009-07-13 21:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-01 07:51 - 2014-08-25 03:06 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-01 07:34 - 2014-04-23 17:18 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-01 07:23 - 2009-07-13 22:13 - 00006402 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-31 21:35 - 2013-03-31 23:57 - 00003926 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{D4940CF2-687B-4072-9529-E1ACB9C40F93}
2014-08-31 15:32 - 2014-01-25 10:24 - 01868765 _____ () C:\windows\WindowsUpdate.log
2014-08-31 15:29 - 2014-02-20 04:11 - 00011370 _____ () C:\windows\setupact.log
2014-08-31 15:29 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-30 21:11 - 2013-02-27 10:41 - 00000000 ____D () C:\Users\Judith\AppData\Local\CrashDumps
2014-08-29 03:27 - 2013-12-16 17:11 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-08-28 08:30 - 2009-07-13 21:45 - 00409552 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-27 11:14 - 2013-07-09 19:26 - 00000000 ____D () C:\windows\Minidump
2014-08-26 17:00 - 2013-03-16 07:30 - 00000000 ____D () C:\Users\Judith\AppData\Local\Microsoft Games
2014-08-26 08:44 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache
2014-08-25 16:08 - 2013-02-09 16:13 - 00000000 ____D () C:\Users\Guest
2014-08-25 03:38 - 2014-02-20 04:11 - 00127682 _____ () C:\windows\PFRO.log
2014-08-25 03:06 - 2014-08-25 03:06 - 00001819 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-08-25 03:06 - 2014-08-25 03:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-25 03:05 - 2014-08-25 03:05 - 00000000 ____D () C:\Users\Judith\AppData\Roaming\SUPERAntiSpyware.com
2014-08-25 03:05 - 2014-08-25 03:05 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-25 03:04 - 2014-08-25 03:03 - 18884400 _____ (SUPERAntiSpyware) C:\Users\Judith\Desktop\SUPERAntiSpyware(1).exe
2014-08-25 02:50 - 2014-08-25 02:47 - 54525952 _____ () C:\Users\Judith\Downloads\msert.exe
2014-08-25 02:39 - 2014-08-25 02:39 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-25 02:18 - 2014-08-25 02:18 - 00000905 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk
2014-08-25 02:18 - 2014-08-25 02:18 - 00000893 _____ () C:\Users\Public\Desktop\Waterfox.lnk
2014-08-25 02:18 - 2014-03-07 16:48 - 00000000 ____D () C:\Program Files\Waterfox
2014-08-25 02:12 - 2014-08-25 02:08 - 00000163 _____ () C:\windows\Reimage.ini
2014-08-25 01:59 - 2013-02-08 17:17 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-25 01:58 - 2013-02-08 18:39 - 00000000 ____D () C:\Users\Judith\AppData\Local\Google
2014-08-25 01:42 - 2013-03-30 02:34 - 00000000 ____D () C:\temp
2014-08-25 01:36 - 2014-03-20 13:05 - 00000000 ____D () C:\Users\Judith\Downloads\Old Firefox Data
2014-08-25 01:30 - 2014-04-17 10:59 - 00000000 ____D () C:\ProgramData\EPSON
2014-08-23 21:50 - 2014-08-23 21:00 - 00000403 _____ () C:\Users\Judith\Desktop\zynga disconnect and reset.txt
2014-08-23 14:43 - 2013-02-08 18:37 - 00000000 ____D () C:\Users\Judith\AppData\Local\Deployment
2014-08-23 14:42 - 2013-02-08 18:37 - 00000000 ____D () C:\Users\Judith\AppData\Local\Apps\2.0
2014-08-22 19:07 - 2014-08-28 08:18 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-22 18:45 - 2014-08-28 08:18 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-22 17:59 - 2014-08-28 08:18 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-21 19:39 - 2014-08-02 00:14 - 00000126 _____ () C:\Users\Guest\Documents\things I might buy.txt
2014-08-20 20:22 - 2014-03-25 14:34 - 00699568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-08-20 20:22 - 2014-03-25 14:34 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-20 20:22 - 2014-03-25 14:34 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-08-18 12:57 - 2014-08-18 12:57 - 00000199 _____ () C:\Users\Guest\Documents\speed test.txt
2014-08-17 22:04 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\NDF
2014-08-17 11:07 - 2014-08-17 11:07 - 00002980 _____ () C:\windows\System32\Tasks\{79B87B05-E8FA-46B6-9DFA-35B3B78D1921}
2014-08-17 11:07 - 2014-08-17 11:07 - 00002980 _____ () C:\windows\System32\Tasks\{4465DEA9-0162-49D7-BADF-9CD5F1046E1C}
2014-08-16 10:30 - 2013-12-24 14:23 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-16 10:18 - 2013-02-23 11:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-16 10:08 - 2013-07-12 21:30 - 00000000 ____D () C:\windows\system32\MRT
2014-08-16 10:04 - 2013-02-08 19:40 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-16 09:56 - 2014-04-27 13:07 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-16 09:32 - 2014-04-17 11:07 - 00000000 ____D () C:\Users\Judith\AppData\Roaming\EPSON
2014-08-16 09:32 - 2014-04-17 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2014-08-16 09:32 - 2014-04-17 10:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-08-16 09:32 - 2013-12-06 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-16 09:32 - 2013-11-09 14:49 - 00000000 ____D () C:\Users\Judith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-08-16 09:32 - 2013-11-09 14:48 - 00000000 ____D () C:\Users\Judith\AppData\Local\Amazon Cloud Player
2014-08-16 09:32 - 2013-02-23 11:58 - 00000000 ____D () C:\Users\Judith\AppData\Local\Microsoft Help
2014-08-16 09:32 - 2013-02-08 18:33 - 00000000 ___RD () C:\Users\Judith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-16 09:32 - 2013-02-08 18:33 - 00000000 ___RD () C:\Users\Judith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-16 09:32 - 2013-02-08 18:33 - 00000000 ____D () C:\Users\Judith
2014-08-16 09:32 - 2013-02-08 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Label@Once
2014-08-16 09:32 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\servicing
2014-08-16 09:32 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\AppCompat
2014-08-16 09:31 - 2014-04-17 21:03 - 00000000 ____D () C:\Program Files (x86)\EpsonNet
2014-08-16 09:31 - 2014-04-17 21:00 - 00000000 ____D () C:\Program Files\EpsonNet
2014-08-16 09:31 - 2014-04-17 11:00 - 00000000 ____D () C:\Program Files (x86)\Epson Software
2014-08-16 09:31 - 2014-04-17 10:58 - 00000000 ____D () C:\Program Files (x86)\epson
2014-08-16 09:31 - 2013-12-06 00:29 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-16 09:31 - 2013-10-16 16:13 - 00000000 ____D () C:\Program Files (x86)\Frontier
2014-08-16 09:31 - 2013-02-08 16:59 - 00000000 ____D () C:\Program Files (x86)\Corel
2014-08-16 09:31 - 2011-03-29 19:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-16 09:31 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-16 09:30 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\registration
2014-08-16 09:26 - 2014-07-16 22:05 - 00000000 ____D () C:\Users\Judith\Desktop\Old Firefox Data
2014-08-16 09:26 - 2014-04-17 09:18 - 00000000 ____D () C:\Users\Judith\Documents\Fax
2014-08-16 09:26 - 2014-03-07 16:00 - 00000000 ____D () C:\Users\Judith\AppData\Roaming\Mozilla
2014-08-16 09:25 - 2013-09-07 22:49 - 00000000 ____D () C:\Users\Judith\AppData\Local\Mozilla
2014-08-16 09:25 - 2013-02-23 11:58 - 00000000 ___RD () C:\MSOCache
2014-08-16 09:25 - 2013-02-08 18:40 - 00000000 ____D () C:\Users\Judith\AppData\Local\TOSHIBA_Corporation
2014-08-16 09:25 - 2013-02-08 18:39 - 00000000 ____D () C:\Users\Judith\AppData\Roaming\Adobe
2014-08-16 01:23 - 2014-04-25 21:11 - 00000000 ____D () C:\Users\Guest\AppData\Local\CrashDumps
2014-08-14 23:59 - 2014-08-14 23:59 - 00000000 ____D () C:\Users\Judith\AppData\Local\Windows Live
2014-08-14 23:59 - 2014-08-14 23:58 - 00000000 ____D () C:\Users\Judith\AppData\Local\{AE0EE541-777F-4A3E-9F3A-2EAA52B86BDC}
2014-08-11 14:29 - 2014-08-11 14:29 - 00004301 _____ () C:\Users\Guest\Documents\night of broke glass.txt
2014-08-10 01:24 - 2014-08-09 12:04 - 00001395 _____ () C:\Users\Guest\Documents\Strange Companion.txt
2014-08-06 19:06 - 2014-08-16 09:41 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-06 19:01 - 2014-08-16 09:41 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-05 09:20 - 2010-11-20 20:27 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-08-03 10:53 - 2014-08-03 10:12 - 00002208 _____ () C:\Users\Guest\Documents\who would have guessed.txt
2014-08-02 23:18 - 2014-08-02 00:43 - 00001031 _____ () C:\Users\Guest\Documents\no trust.txt
2014-08-02 01:12 - 2014-08-02 01:12 - 00041586 _____ () C:\Users\Guest\Downloads\Spotify Web Player.htm

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-26 08:31

==================== End Of Log ============================

Link to post
Share on other sites

Hi and sorry for overlooking.


 

Minion%20Welcome.jpg


My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

  • Analysis and research take some time, also sometimes real life gets in the way, please be patient.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Paste the logs in your posts, attachments make my work harder and more complicated.
  • Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!
There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)



warning.gif Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.






51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download and install Malwarebytes Anti-Malware, or re-run it if you already have it installed.
  • First of all select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.


Also FRST should produce another log, called Addition.txt. Go ahead and post it also.


Cheers,
Naat :)

Link to post
Share on other sites

Hello Naat, I don't see additional txt for FRST, thank you for respoMalwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 9/3/2014

Scan Time: 11:44:06 AM

Logfile:

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.09.03.07

Rootkit Database: v2014.08.21.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Chameleon: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Judith

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 356413

Time Elapsed: 53 min, 5 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

(end)nding, I did not see this in my email. not sure how to change that notification.

FRST.txt

Link to post
Share on other sites

Hi :)
 
I need to see that report, so please re-run FRST using these set of instructions:
 
 
FRST.gif Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

 

Paste the logs instead of attaching them if possible. Use multiple posts if necesary :)

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Judith (administrator) on KIRK-PC on 03-09-2014 13:36:23
Running from C:\Users\Judith\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(F-Secure Corporation) C:\Program Files (x86)\Frontier\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\Frontier\apps\CCF_Reputation\fsorsp.exe
(F-Secure Corporation) C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(F-Secure Corporation) C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSHDLL64.EXE
(F-Secure Corporation) C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(F-Secure Corporation) C:\Program Files (x86)\Frontier\fshoster32.exe
(F-Secure Corporation) C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSM32.EXE
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM-x32\...\Run: [F-Secure Hoster (53784)] => C:\Program Files (x86)\Frontier\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Manager] => C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSM32.EXE [310208 2013-08-14] (F-Secure Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0F0AEC0E875ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

FireFox:
========
FF ProfilePath: C:\Users\Judith\AppData\Roaming\Mozilla\Firefox\Profiles\ccn05kn1.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [tmbepff-7.5@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\chrome_tmbep.crx []
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\chrome_tmbep.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 fshoster; C:\Program Files (x86)\Frontier\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Common\FSMA32.EXE [216000 2013-08-14] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\Frontier\apps\CCF_Reputation\fsorsp.exe [60352 2013-10-16] (F-Secure Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [203304 2014-06-09] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\Frontier\apps\ComputerSecurity\HIPS\drivers\fshs.sys [69960 2014-06-23] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2013-10-16] ()
R3 fsni; C:\Program Files (x86)\Frontier\apps\CCF_Scanning\fsni64.sys [80832 2013-04-25] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13248 2013-08-14] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-09-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-05-02] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Judith\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 13:36 - 2014-09-03 13:37 - 00012846 _____ () C:\Users\Judith\Desktop\FRST.txt
2014-09-02 01:29 - 2014-09-02 01:29 - 00009587 _____ () C:\Users\Judith\Desktop\SUPERAntiSpyware Scan Log - 09-02-2014 - 01-28-24.log
2014-09-01 10:09 - 2014-09-01 10:09 - 00000000 ____H () C:\Users\Judith\Documents\Default.rdp
2014-09-01 08:39 - 2014-09-01 08:39 - 02104832 _____ (Farbar) C:\Users\Judith\Desktop\FRST64.exe
2014-09-01 08:01 - 2014-09-01 08:01 - 00003018 _____ () C:\windows\System32\Tasks\{D8CFA8F6-83B6-4C16-BBEA-E7E64DD9C045}
2014-08-28 08:18 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-28 08:18 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-28 08:18 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-25 03:06 - 2014-09-01 19:42 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-25 03:06 - 2014-08-25 03:06 - 00001819 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-08-25 03:06 - 2014-08-25 03:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-25 03:05 - 2014-08-25 03:05 - 00000000 ____D () C:\Users\Judith\AppData\Roaming\SUPERAntiSpyware.com
2014-08-25 03:05 - 2014-08-25 03:05 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-25 03:03 - 2014-08-25 03:04 - 18884400 _____ (SUPERAntiSpyware) C:\Users\Judith\Desktop\SUPERAntiSpyware(1).exe
2014-08-25 02:47 - 2014-08-25 02:50 - 54525952 _____ () C:\Users\Judith\Downloads\msert.exe
2014-08-25 02:39 - 2014-08-25 02:39 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-25 02:18 - 2014-08-25 02:18 - 00000905 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk
2014-08-25 02:18 - 2014-08-25 02:18 - 00000893 _____ () C:\Users\Public\Desktop\Waterfox.lnk
2014-08-25 02:08 - 2014-08-25 02:12 - 00000163 _____ () C:\windows\Reimage.ini
2014-08-23 21:00 - 2014-08-23 21:50 - 00000403 _____ () C:\Users\Judith\Desktop\zynga disconnect and reset.txt
2014-08-21 06:46 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-21 06:46 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-21 06:46 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-21 06:46 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-21 06:46 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-21 06:46 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-21 06:46 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-21 06:46 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-21 06:46 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-21 06:46 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-21 06:45 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-21 06:45 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-21 06:45 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-21 06:45 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-08-18 12:57 - 2014-08-18 12:57 - 00000199 _____ () C:\Users\Guest\Documents\speed test.txt
2014-08-17 11:07 - 2014-08-17 11:07 - 00002980 _____ () C:\windows\System32\Tasks\{79B87B05-E8FA-46B6-9DFA-35B3B78D1921}
2014-08-17 11:07 - 2014-08-17 11:07 - 00002980 _____ () C:\windows\System32\Tasks\{4465DEA9-0162-49D7-BADF-9CD5F1046E1C}
2014-08-16 09:57 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-16 09:57 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-16 09:57 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-16 09:57 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-16 09:57 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-16 09:57 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-16 09:56 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-16 09:56 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-16 09:53 - 2014-07-24 05:11 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-16 09:53 - 2014-07-24 05:10 - 02240000 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-16 09:53 - 2014-07-24 05:10 - 01407488 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-16 09:53 - 2014-07-24 05:09 - 15399936 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-16 09:53 - 2014-07-24 05:09 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-16 09:53 - 2014-07-24 05:09 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-16 09:53 - 2014-07-24 05:09 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-16 09:53 - 2014-07-24 05:09 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-16 09:53 - 2014-07-24 05:09 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-16 09:53 - 2014-07-24 05:09 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-16 09:53 - 2014-07-24 05:09 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-16 09:53 - 2014-07-24 05:09 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-16 09:53 - 2014-07-24 05:09 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-16 09:53 - 2014-07-24 05:09 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-16 09:53 - 2014-07-24 05:09 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-16 09:53 - 2014-07-24 03:52 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-16 09:53 - 2014-07-24 03:52 - 01180672 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-16 09:53 - 2014-07-24 03:51 - 13757440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-16 09:53 - 2014-07-24 03:51 - 02054656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-16 09:53 - 2014-07-24 03:51 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-16 09:53 - 2014-07-24 03:51 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-16 09:53 - 2014-07-24 03:51 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-16 09:53 - 2014-07-24 03:51 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-16 09:53 - 2014-07-24 03:51 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-16 09:53 - 2014-07-24 03:51 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-16 09:53 - 2014-07-24 03:51 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-16 09:53 - 2014-07-24 03:51 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-16 09:53 - 2014-07-24 03:51 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-16 09:53 - 2014-07-24 03:51 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-16 09:53 - 2014-07-24 03:33 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-16 09:53 - 2014-07-24 03:29 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-16 09:52 - 2014-07-24 05:09 - 19279872 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-16 09:52 - 2014-07-24 05:09 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-16 09:52 - 2014-07-24 05:09 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-08-16 09:52 - 2014-07-24 05:09 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-08-16 09:52 - 2014-07-24 05:09 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-16 09:52 - 2014-07-24 03:51 - 14371328 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-16 09:52 - 2014-07-24 03:51 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-16 09:52 - 2014-07-24 03:51 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-08-16 09:52 - 2014-07-24 03:51 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-08-16 09:52 - 2014-07-24 03:51 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-16 09:52 - 2014-07-24 02:37 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-08-16 09:52 - 2014-07-24 02:32 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-08-16 09:44 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-16 09:44 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-16 09:44 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-16 09:44 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-16 09:44 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-16 09:44 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-16 09:44 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-16 09:44 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-16 09:44 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-16 09:43 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-16 09:42 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-16 09:42 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-16 09:41 - 2014-08-06 19:06 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-16 09:41 - 2014-08-06 19:01 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-16 09:41 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-16 09:41 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-14 23:59 - 2014-08-14 23:59 - 00000000 ____D () C:\Users\Judith\AppData\Local\Windows Live
2014-08-14 23:58 - 2014-08-14 23:59 - 00000000 ____D () C:\Users\Judith\AppData\Local\{AE0EE541-777F-4A3E-9F3A-2EAA52B86BDC}
2014-08-11 14:29 - 2014-08-11 14:29 - 00004301 _____ () C:\Users\Guest\Documents\night of broke glass.txt
2014-08-09 12:04 - 2014-08-10 01:24 - 00001395 _____ () C:\Users\Guest\Documents\Strange Companion.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 13:37 - 2014-09-03 13:36 - 00012846 _____ () C:\Users\Judith\Desktop\FRST.txt
2014-09-03 13:36 - 2014-04-30 07:18 - 00000000 ____D () C:\FRST
2014-09-03 13:24 - 2014-03-25 14:34 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-03 13:06 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache
2014-09-03 12:58 - 2014-01-25 10:24 - 01073938 _____ () C:\windows\WindowsUpdate.log
2014-09-03 10:50 - 2014-04-23 17:18 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-03 08:59 - 2009-07-13 22:13 - 00006402 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-02 01:29 - 2014-09-02 01:29 - 00009587 _____ () C:\Users\Judith\Desktop\SUPERAntiSpyware Scan Log - 09-02-2014 - 01-28-24.log
2014-09-01 23:26 - 2013-03-31 23:57 - 00003926 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{D4940CF2-687B-4072-9529-E1ACB9C40F93}
2014-09-01 19:42 - 2014-08-25 03:06 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-01 10:09 - 2014-09-01 10:09 - 00000000 ____H () C:\Users\Judith\Documents\Default.rdp
2014-09-01 10:07 - 2009-07-13 21:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-01 10:07 - 2009-07-13 21:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-01 10:00 - 2014-02-20 04:11 - 00011426 _____ () C:\windows\setupact.log
2014-09-01 10:00 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-01 08:39 - 2014-09-01 08:39 - 02104832 _____ (Farbar) C:\Users\Judith\Desktop\FRST64.exe
2014-09-01 08:01 - 2014-09-01 08:01 - 00003018 _____ () C:\windows\System32\Tasks\{D8CFA8F6-83B6-4C16-BBEA-E7E64DD9C045}
2014-08-30 21:11 - 2013-02-27 10:41 - 00000000 ____D () C:\Users\Judith\AppData\Local\CrashDumps
2014-08-29 03:27 - 2013-12-16 17:11 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-08-28 08:30 - 2009-07-13 21:45 - 00409552 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-27 11:14 - 2013-07-09 19:26 - 00000000 ____D () C:\windows\Minidump
2014-08-26 17:00 - 2013-03-16 07:30 - 00000000 ____D () C:\Users\Judith\AppData\Local\Microsoft Games
2014-08-25 16:08 - 2013-02-09 16:13 - 00000000 ____D () C:\Users\Guest
2014-08-25 03:38 - 2014-02-20 04:11 - 00127682 _____ () C:\windows\PFRO.log
2014-08-25 03:06 - 2014-08-25 03:06 - 00001819 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-08-25 03:06 - 2014-08-25 03:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-08-25 03:05 - 2014-08-25 03:05 - 00000000 ____D () C:\Users\Judith\AppData\Roaming\SUPERAntiSpyware.com
2014-08-25 03:05 - 2014-08-25 03:05 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-08-25 03:04 - 2014-08-25 03:03 - 18884400 _____ (SUPERAntiSpyware) C:\Users\Judith\Desktop\SUPERAntiSpyware(1).exe
2014-08-25 02:50 - 2014-08-25 02:47 - 54525952 _____ () C:\Users\Judith\Downloads\msert.exe
2014-08-25 02:39 - 2014-08-25 02:39 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-25 02:18 - 2014-08-25 02:18 - 00000905 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk
2014-08-25 02:18 - 2014-08-25 02:18 - 00000893 _____ () C:\Users\Public\Desktop\Waterfox.lnk
2014-08-25 02:18 - 2014-03-07 16:48 - 00000000 ____D () C:\Program Files\Waterfox
2014-08-25 02:12 - 2014-08-25 02:08 - 00000163 _____ () C:\windows\Reimage.ini
2014-08-25 01:59 - 2013-02-08 17:17 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-25 01:58 - 2013-02-08 18:39 - 00000000 ____D () C:\Users\Judith\AppData\Local\Google
2014-08-25 01:42 - 2013-03-30 02:34 - 00000000 ____D () C:\temp
2014-08-25 01:36 - 2014-03-20 13:05 - 00000000 ____D () C:\Users\Judith\Downloads\Old Firefox Data
2014-08-25 01:30 - 2014-04-17 10:59 - 00000000 ____D () C:\ProgramData\EPSON
2014-08-23 21:50 - 2014-08-23 21:00 - 00000403 _____ () C:\Users\Judith\Desktop\zynga disconnect and reset.txt
2014-08-23 14:43 - 2013-02-08 18:37 - 00000000 ____D () C:\Users\Judith\AppData\Local\Deployment
2014-08-23 14:42 - 2013-02-08 18:37 - 00000000 ____D () C:\Users\Judith\AppData\Local\Apps\2.0
2014-08-22 19:07 - 2014-08-28 08:18 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-22 18:45 - 2014-08-28 08:18 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-22 17:59 - 2014-08-28 08:18 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-21 19:39 - 2014-08-02 00:14 - 00000126 _____ () C:\Users\Guest\Documents\things I might buy.txt
2014-08-20 20:22 - 2014-03-25 14:34 - 00699568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-08-20 20:22 - 2014-03-25 14:34 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-20 20:22 - 2014-03-25 14:34 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-08-18 12:57 - 2014-08-18 12:57 - 00000199 _____ () C:\Users\Guest\Documents\speed test.txt
2014-08-17 22:04 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\NDF
2014-08-17 11:07 - 2014-08-17 11:07 - 00002980 _____ () C:\windows\System32\Tasks\{79B87B05-E8FA-46B6-9DFA-35B3B78D1921}
2014-08-17 11:07 - 2014-08-17 11:07 - 00002980 _____ () C:\windows\System32\Tasks\{4465DEA9-0162-49D7-BADF-9CD5F1046E1C}
2014-08-16 10:30 - 2013-12-24 14:23 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-16 10:18 - 2013-02-23 11:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-16 10:08 - 2013-07-12 21:30 - 00000000 ____D () C:\windows\system32\MRT
2014-08-16 10:04 - 2013-02-08 19:40 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-16 09:56 - 2014-04-27 13:07 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-16 09:32 - 2014-04-17 11:07 - 00000000 ____D () C:\Users\Judith\AppData\Roaming\EPSON
2014-08-16 09:32 - 2014-04-17 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2014-08-16 09:32 - 2014-04-17 10:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-08-16 09:32 - 2013-12-06 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-08-16 09:32 - 2013-11-09 14:49 - 00000000 ____D () C:\Users\Judith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-08-16 09:32 - 2013-11-09 14:48 - 00000000 ____D () C:\Users\Judith\AppData\Local\Amazon Cloud Player
2014-08-16 09:32 - 2013-02-23 11:58 - 00000000 ____D () C:\Users\Judith\AppData\Local\Microsoft Help
2014-08-16 09:32 - 2013-02-08 18:33 - 00000000 ___RD () C:\Users\Judith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-16 09:32 - 2013-02-08 18:33 - 00000000 ___RD () C:\Users\Judith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-16 09:32 - 2013-02-08 18:33 - 00000000 ____D () C:\Users\Judith
2014-08-16 09:32 - 2013-02-08 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Label@Once
2014-08-16 09:32 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\servicing
2014-08-16 09:32 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\AppCompat
2014-08-16 09:31 - 2014-04-17 21:03 - 00000000 ____D () C:\Program Files (x86)\EpsonNet
2014-08-16 09:31 - 2014-04-17 21:00 - 00000000 ____D () C:\Program Files\EpsonNet
2014-08-16 09:31 - 2014-04-17 11:00 - 00000000 ____D () C:\Program Files (x86)\Epson Software
2014-08-16 09:31 - 2014-04-17 10:58 - 00000000 ____D () C:\Program Files (x86)\epson
2014-08-16 09:31 - 2013-12-06 00:29 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-16 09:31 - 2013-10-16 16:13 - 00000000 ____D () C:\Program Files (x86)\Frontier
2014-08-16 09:31 - 2013-02-08 16:59 - 00000000 ____D () C:\Program Files (x86)\Corel
2014-08-16 09:31 - 2011-03-29 19:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-16 09:31 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-16 09:30 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\registration
2014-08-16 09:26 - 2014-07-16 22:05 - 00000000 ____D () C:\Users\Judith\Desktop\Old Firefox Data
2014-08-16 09:26 - 2014-04-17 09:18 - 00000000 ____D () C:\Users\Judith\Documents\Fax
2014-08-16 09:26 - 2014-03-07 16:00 - 00000000 ____D () C:\Users\Judith\AppData\Roaming\Mozilla
2014-08-16 09:25 - 2013-09-07 22:49 - 00000000 ____D () C:\Users\Judith\AppData\Local\Mozilla
2014-08-16 09:25 - 2013-02-23 11:58 - 00000000 ___RD () C:\MSOCache
2014-08-16 09:25 - 2013-02-08 18:40 - 00000000 ____D () C:\Users\Judith\AppData\Local\TOSHIBA_Corporation
2014-08-16 09:25 - 2013-02-08 18:39 - 00000000 ____D () C:\Users\Judith\AppData\Roaming\Adobe
2014-08-16 01:23 - 2014-04-25 21:11 - 00000000 ____D () C:\Users\Guest\AppData\Local\CrashDumps
2014-08-14 23:59 - 2014-08-14 23:59 - 00000000 ____D () C:\Users\Judith\AppData\Local\Windows Live
2014-08-14 23:59 - 2014-08-14 23:58 - 00000000 ____D () C:\Users\Judith\AppData\Local\{AE0EE541-777F-4A3E-9F3A-2EAA52B86BDC}
2014-08-11 14:29 - 2014-08-11 14:29 - 00004301 _____ () C:\Users\Guest\Documents\night of broke glass.txt
2014-08-10 01:24 - 2014-08-09 12:04 - 00001395 _____ () C:\Users\Guest\Documents\Strange Companion.txt
2014-08-06 19:06 - 2014-08-16 09:41 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-06 19:01 - 2014-08-16 09:41 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-05 09:20 - 2010-11-20 20:27 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-01 09:43

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 02
Ran by Judith at 2014-09-03 13:37:55
Running from C:\Users\Judith\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Computer Security (Enabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17}
AS: Computer Security (Enabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.1.0.381 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.1.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 2.1.0 - Amazon Services LLC) Hidden
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{1D27E8CF-7546-F200-4CA3-CD2F39909F5A}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0216.726.13233 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0216.726.13233 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0216.726.13233 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help English (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help French (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help German (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0216.0725.13233 - ATI) Hidden
ccc-core-static (x32 Version: 2011.0216.726.13233 - ATI) Hidden
ccc-utility64 (Version: 2011.0216.726.13233 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
Computer Security 12.83.104.0 (release) (x32 Version: 12.83.104.0 - F-Secure Corporation) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.1.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
EPSON Artisan 810 Series Printer Uninstall (HKLM\...\EPSON Artisan 810 Series) (Version:  - SEIKO EPSON Corporation)
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION)
ETDWare PS/2-X64 8.0.8.0_R01 (HKLM\...\Elantech) (Version: 8.0.8.0 - ELAN Microelectronic Corp.)
Frontier Secure (HKLM-x32\...\F-Secure ServiceEnabler 53784) (Version: 1.83.311.0 - F-Secure Corporation)
Frontier Secure (x32 Version: 1.83.311.0 - F-Secure Corporation) Hidden
F-Secure CCF Reputation (x32 Version: 1.0.25.1877 - F-Secure) Hidden
F-Secure CCF Scanning 1.23.124.8831 (release) (x32 Version: 1.23.124.8831 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.02.128 (x32 Version: 1.02.128.1 - F-Secure Corporation) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Online Safety 2.83.1346.10 (x32 Version: 2.83.1346.10 - F-Secure Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1130 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.08.64 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.14 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.16.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.16.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.07 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.22.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.22.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.22.64 - TOSHIBA Corporation) Hidden
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Waterfox 27.0.2 (x64 en-US) (HKLM\...\Waterfox 27.0.2 (x64 en-US)) (Version: 27.0.2 - Mozilla)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

19-08-2014 18:46:51 Windows Update
21-08-2014 13:45:01 Windows Update
25-08-2014 09:04:25 Removed Label@Once 1.0.
26-08-2014 13:55:41 Windows Update
28-08-2014 15:21:37 Windows Update
02-09-2014 15:59:41 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2014-04-17 12:50 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0FE80366-8A82-4B97-86F4-7DD0582BE800} - System32\Tasks\{C61D0DB7-19E8-42FC-8186-E8023D65E8B8} => Firefox.exe
Task: {270CA8DD-E40C-4512-B522-0BF8FEFF8483} - System32\Tasks\{B4705F96-9088-4C7F-8B6C-A4F7DC5EABEC} => Firefox.exe
Task: {2DA53F4C-F384-4EEC-9D83-B0A848006CC1} - System32\Tasks\{B15AF9A3-4973-4356-A12E-1AC4CC6851FA} => C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
Task: {3A27E351-E84C-42CB-B96E-CEBF66929C01} - System32\Tasks\{DA0BDAC5-032C-4A4F-8326-EEBE5440CD16} => Firefox.exe
Task: {3B758073-CCF7-4A02-9B3A-8ABE6D5189BB} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-20] (Adobe Systems Incorporated)
Task: {40912EF1-A8FC-43C5-A6C4-4ADCE81A9D34} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {4E5F1D1C-7E80-4B83-A8FD-A260C3279F9C} - System32\Tasks\{79B87B05-E8FA-46B6-9DFA-35B3B78D1921} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2014-04-03] (Malwarebytes Corporation)
Task: {5E50B421-C175-41B1-A0E9-447DCCC32701} - System32\Tasks\{0AEDA49D-1493-4E9D-A001-669FA5192D02} => Firefox.exe
Task: {61BFBB2C-8654-48A2-A18A-19F1298DA793} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {6873988D-2DE7-42A5-A68A-730699C43F31} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {68D0EB19-002E-43CB-80A1-D4C85ACA99D2} - System32\Tasks\{4465DEA9-0162-49D7-BADF-9CD5F1046E1C} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2014-04-03] (Malwarebytes Corporation)
Task: {A0B523D4-9C4F-4805-9FC6-A1B4D7D4325F} - System32\Tasks\{D8CFA8F6-83B6-4C16-BBEA-E7E64DD9C045} => c:\Program Files\Microsoft Mouse and Keyboard Center\MouseKeyboardCenter.exe [2013-05-13] (Microsoft)
Task: {A4D235D2-4A7E-4878-BC9A-285797F57C42} - System32\Tasks\{D43A060E-12C5-4289-A5B7-64FD800F4A72} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2014-04-03] (Malwarebytes Corporation)
Task: {B10D70BE-CD32-43A0-A386-4B9720E45D54} - System32\Tasks\{A36C11B9-6838-429F-8CC4-8FCC92D14C39} => C:\Users\Judith\Downloads\Silverlight_x64.exe [2013-10-15] (Microsoft Corporation)
Task: {C0000956-1C41-44CB-9243-442D7CC44B3B} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {C1756598-09F4-4E15-9143-DAB0317A521E} - System32\Tasks\{6F88532B-D144-4717-AE5F-28A0F751BAAB} => C:\Users\Judith\Desktop\ccsetup404.exe
Task: {C7F9E654-9593-4933-BA50-37C42B20D81C} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {E1796917-C4D3-4DB6-926D-EA7EE98CD435} - System32\Tasks\{2B8CE091-096B-4BE4-A871-8371B0BD267C} => C:\Users\Judith\Downloads\Silverlight_x64.exe [2013-10-15] (Microsoft Corporation)
Task: {E80F36D5-A4A4-42E3-A239-1A5BBDE9C0C4} - System32\Tasks\{51BAB293-CAA6-4ED4-BEE7-EDE573C4C098} => C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
Task: {F148F8C2-0F40-4376-8E77-E0B66BD1293B} - System32\Tasks\{D6316FFE-752C-4829-A453-86D7913742E7} => C:\Users\Judith\Desktop\ccsetup404.exe
Task: {F47827AD-3218-4D8B-AC45-4399CB9C7F05} - System32\Tasks\{48CF2A02-6F72-486B-A626-6565BF054CB7} => C:\Program Files\Waterfox\plugin-container.exe [2014-02-26] (Mozilla Corporation)
Task: {FF4A12EC-10D4-4399-B67D-F554F250B13E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-10-16 16:18 - 2013-08-14 05:22 - 00045504 _____ () C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\FSAVHRES.ENG
2013-05-15 16:05 - 2013-05-15 16:05 - 00220096 _____ () C:\Program Files (x86)\Frontier\daas2.dll
2013-10-16 16:23 - 2013-10-16 16:23 - 00030888 _____ () C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\minifilter\hashlib_x86.dll
2013-10-16 16:19 - 2013-12-10 19:38 - 00212008 _____ () C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Spam Control\fsas.dll
2013-10-16 16:18 - 2014-06-09 07:22 - 00949288 _____ () C:\Program Files (x86)\Frontier\apps\ComputerSecurity\Anti-Virus\fm4av.dll
2013-10-16 16:13 - 2013-10-16 16:13 - 00593464 _____ () C:\windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.65_none_b59e1e0911fd55ab\QtMultimediaKit1.dll
2013-10-16 16:18 - 2013-08-14 05:22 - 00056256 _____ () C:\Program Files (x86)\Frontier\apps\ComputerSecurity\FSGUI\fsavures.ENG
2014-04-17 11:03 - 2009-03-12 15:45 - 00135168 _____ () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
2014-04-17 11:03 - 2008-11-21 13:58 - 00057344 _____ () C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Judith\AppData\Roaming\Microsoft\Windows\Start Menu\MSN.com.website:TASKICON_0favicon1129903636
AlternateDataStreams: C:\Users\Judith\AppData\Roaming\Microsoft\Windows\Start Menu\MSN.com.website:TASKICON_1favicon-298702541
AlternateDataStreams: C:\Users\Judith\AppData\Roaming\Microsoft\Windows\Start Menu\MSN.com.website:TASKICON_2favicon-1464078272
AlternateDataStreams: C:\Users\Judith\AppData\Roaming\Microsoft\Windows\Start Menu\MSN.com.website:TASKICON_3favicon-860043155
AlternateDataStreams: C:\Users\Judith\AppData\Roaming\Microsoft\Windows\Start Menu\MSN.com.website:TASKICON_4favicon640180837

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: TMachInfo => 3
MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3
MSCONFIG\startupfolder: C:^Users^Judith^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Amazon Cloud Player => "C:\Users\Judith\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
MSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/03/2014 08:59:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (09/03/2014 08:59:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (09/02/2014 11:06:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program waterfox.exe version 27.0.1.5170 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f3c

Start Time: 01cfc6dca0e639ef

Termination Time: 949

Application Path: C:\Program Files\Waterfox\waterfox.exe

Report Id: 4981c461-3330-11e4-ba60-00266ccd7520

Error: (09/02/2014 08:49:21 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (09/02/2014 08:49:21 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (09/01/2014 07:43:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program waterfox.exe version 27.0.1.5170 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2dc

Start Time: 01cfc608d8589bbb

Termination Time: 681

Application Path: C:\Program Files\Waterfox\waterfox.exe

Report Id: b192fcf5-324a-11e4-ba60-00266ccd7520

Error: (09/01/2014 10:06:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (09/01/2014 10:06:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (09/01/2014 10:01:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2014 07:23:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

System errors:
=============
Error: (09/03/2014 11:55:15 AM) (Source: DCOM) (EventID: 10016) (User: KIRK-PC)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}KIRK-PCJudithS-1-5-21-1596010243-3757955604-700281957-1000LocalHost (Using LRPC)

Error: (09/03/2014 11:55:15 AM) (Source: DCOM) (EventID: 10016) (User: KIRK-PC)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}KIRK-PCJudithS-1-5-21-1596010243-3757955604-700281957-1000LocalHost (Using LRPC)

Error: (09/01/2014 10:00:01 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (08/31/2014 03:29:24 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (08/31/2014 03:27:35 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (08/31/2014 03:27:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error:
%%1053

Error: (08/31/2014 03:27:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.

Error: (08/31/2014 08:15:16 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (08/28/2014 08:44:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/28/2014 08:44:02 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Microsoft Office Sessions:
=========================
Error: (09/03/2014 08:59:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (09/03/2014 08:59:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (09/02/2014 11:06:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: waterfox.exe27.0.1.5170f3c01cfc6dca0e639ef949C:\Program Files\Waterfox\waterfox.exe4981c461-3330-11e4-ba60-00266ccd7520

Error: (09/02/2014 08:49:21 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (09/02/2014 08:49:21 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (09/01/2014 07:43:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: waterfox.exe27.0.1.51702dc01cfc608d8589bbb681C:\Program Files\Waterfox\waterfox.exeb192fcf5-324a-11e4-ba60-00266ccd7520

Error: (09/01/2014 10:06:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (09/01/2014 10:06:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (09/01/2014 10:01:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2014 07:23:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

CodeIntegrity Errors:
===================================
  Date: 2014-04-17 12:49:03.168
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-04-17 12:49:03.012
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD E-350 Processor
Percentage of memory in use: 52%
Total physical RAM: 2662.87 MB
Available physical RAM: 1255.55 MB
Total Pagefile: 5323.91 MB
Available Pagefile: 3415.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (TI106147W0C) (Fixed) (Total:285.29 GB) (Free:241.65 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: A9AEA8CE)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=285.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.3 GB) - (Type=17)

==================== End Of Log ============================

Link to post
Share on other sites

Well, I don't see any obvious signs of malware in these logs. However, I'd like to take some more scans just to be sure if there's anything lurking :)



warning.gif HitmanPro warning!

I see that you have ran HitmanPro. Please consider the warning below:
In any case don't remove on your own anything that Hitman Pro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead od curing them, which in some cases may render the machine unbootable.
Any removals of the findings should be done manually after careful analysis of the scan results!


My best recommendation is to stay away from it, unless a trusted supervisor will instruct you what and how to remove.



FRST.gif Fix with Farbar Recovery Scan Tool
 

 This fix was created for this user for use on that particular machine.
 Running it on another one may cause damage and render the system unstable.


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:
    startSearchScopes: HKLM-x32 - DefaultScope value is missing.FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No FileS3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 cpuz134; \??\C:\Users\Judith\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]Best Buy pc app (Version: 3.0.0.0 - Best Buy) HiddenEmptyTemp:end
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please include it in your reply.



gmericon.png Scan with Gmer

This type of scan often produces false positives. At any point do not take any action for any suspicious entries you may see there. Instead post the log to be analyzed.

Please download GMER by Gmer and save the file to your desktop.
It will come as a randomly named file (like a6ge38b4.exe) - that's absolutely normal.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

  • Right-click on randomly named gmericon.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It is very important that you do not use your computer while Gmer is running!
  • Gmer will open to the Rootkit/Malware tab and perform an automatic quick scan.
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO!

When the pre-scan is completed, please do the following:

  • Please check in the Quick scan box.
  • Please uncheck the IAT/EAT and Show All.
  • Click Scan.
  • If you see a rootkit warning window click OK.
  • When the scan is finished, Save the results to your desktop as gmer.log.

Please include the content of this file in your next reply.
Don't forget to re-enable previously switched-off protection software!

icon_idea.gif If you encounter any problems, try running GMER in Safe Mode.
icon_idea.gif If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning.

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02
Ran by Judith at 2014-09-04 08:31:49 Run:1
Running from C:\Users\Judith\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
SearchScopes: HKLM-x32 - DefaultScope value is missing.
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Judith\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
EmptyTemp:
end
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@TrendMicro.com/FFExtension" => Key deleted successfully.
catchme => Service deleted successfully.
cpuz134 => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FBBC4667-2521-4E78-B1BD-8706F774549B}\\SystemComponent => value deleted successfully.
EmptyTemp: => Removed 261.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

Link to post
Share on other sites

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-09-04 09:37:04
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000067 TOSHIBA_ rev.FG02 298.09GB
Running: sdpu5u7l.exe; Driver: C:\Users\Judith\AppData\Local\Temp\kxldqpow.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Frontier\apps\CCF_Reputation\fsorsp.exe[1668] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                 0000000076c71465 2 bytes [C7, 76]
.text   C:\Program Files (x86)\Frontier\apps\CCF_Reputation\fsorsp.exe[1668] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                0000000076c714bb 2 bytes [C7, 76]
.text   ...                                                                                                                                          * 2
.text   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1728] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69             0000000076c71465 2 bytes [C7, 76]
.text   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe[1728] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155            0000000076c714bb 2 bytes [C7, 76]
.text   ...                                                                                                                                          * 2
.text   C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3512] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69          0000000076c71465 2 bytes [C7, 76]
.text   C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[3512] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155         0000000076c714bb 2 bytes [C7, 76]
.text   ...                                                                                                                                          * 2

---- Threads - GMER 2.1 ----

Thread  C:\windows\System32\svchost.exe [2076:2752]                                                                                                  000007fef7c99688

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{5551BD72-C243-46ED-A622-FE279E1F908B}\Connection@Name  isatap.{A14C8F7A-FA03-4073-8C4B-9CC4AA515474}
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind     \Device\{5551BD72-C243-46ED-A622-FE279E1F908B}?\Device\{B2F7B143-F089-4573-88EB-BE77D6D03B75}?\Device\{1128E136-DC5A-4FD6-AB15-5F2A858F32EB}?
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route    "{5551BD72-C243-46ED-A622-FE279E1F908B}"?"{B2F7B143-F089-4573-88EB-BE77D6D03B75}"?"{1128E136-DC5A-4FD6-AB15-5F2A858F32EB}"?
Reg     HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export   \Device\TCPIP6TUNNEL_{5551BD72-C243-46ED-A622-FE279E1F908B}?\Device\TCPIP6TUNNEL_{B2F7B143-F089-4573-88EB-BE77D6D03B75}?\Device\TCPIP6TUNNEL_{1128E136-DC5A-4FD6-AB15-5F2A858F32EB}?
Reg     HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{5551BD72-C243-46ED-A622-FE279E1F908B}@InterfaceName                       isatap.{A14C8F7A-FA03-4073-8C4B-9CC4AA515474}
Reg     HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{5551BD72-C243-46ED-A622-FE279E1F908B}@ReusableType                        0
Reg     HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch                                                                              10916
Reg     HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch                                                                             8238

---- EOF - GMER 2.1 ----

Link to post
Share on other sites

Still no signs of malware. Let's do a general scan :)



herdprotect-logo-200x200.png Scan with HerdProtect

This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.

Please download HerdProtect by Reason Software (portable edition) and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on herdprotect-logo-200x200.png icon and select RunAsAdmin.jpg Run as Administrator to install the scanner.
  • It will ask for the location - leave the default one (%ProgramFiles%) or select another, convenient one.
  • Agree to the terms, select Launch herdProtect and click Finish.
  • Click Scan. It may take a while, depending on your system and connection specs. Please be patient.
  • When it finishes click on Save Results.
  • A Notepad with a report should open.

Please include the contens of that report in your next reply.
Upon completion of the cleaning you may remove HerdProtect if you wish so. To do it just delete its directory (chosen by you when installing the tool).

Link to post
Share on other sites

I will run that because I still have problems typing, but did find a folder in add/remove and not sure how it got there for mouse/keyboard and I removed it , I have turned the computer off and on and so far I no longer see that warning to remove mouse/keyboard so I think that removal helped. Still do no know where it came from, I never had to do a download for the mouse I use , it was plug and play I think . I also forgot to mention , that I had a blue screen about running low on resources before I made the original post here.

Link to post
Share on other sites

Well, this scan is always full of false positives. I don't think that any of these files can be infected or behave like described.
 
 
You look like malware free :)
 
 
51a5ce45263de-delfix.png Clean with DelFix
Please download DelFix by Xplode and save it to your desktop.

  • Right-click on 51a5ce45263de-delfix.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
  • Push Run.
  • When finished, it will display a notepad report.

Include it for my review.
Please also manually reboot your machine after posting your logfile.

Link to post
Share on other sites

I suggest seeking help on a typical technical forum. This one isn't malware related, for sure.
 
 
Below you will find my thoughts about securing your machine. Go ahead through it, you will benefit from some useful advice about safe computing.
 

Recommended reading:

icon_exclaim.gif MUST READ - security tips: Computer Security - a short guide to staying safer online.
icon_exclaim.gif MUST READ - general maintenance: What to do if your Computer is running slowly?



Recommended additional software:

icon_arrow.gif TFC - to clean unneeded temporary files.
icon_arrow.gif Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gif Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gif McShield - to prevent infections spread by removable media.
icon_arrow.gif CryptoPrevent - to secure yourself from very severe CryptoLocker infection.
icon_arrow.gif Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.

My help is always free, but if you are happy with the help provided and wish to help my fight against malware, please consider making a donation.
All donations are to refund a new HDD to replace the old one, which recently passed away!
  btn_donate_SM.gif

Now if you have any other questions, feel free to ask me. Otherwise simply acknowledge my recommendations and this topic will be closed.



Minion-Bye-smaller.jpg

Stay safe,
Naat :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.