Jump to content

Browser search hijack and c:\windows\system32\drivers\truesight.sys


Recommended Posts

About a week ago I had: 'WSE_Lasaoren' search hijack installed by mistake when downloading a new program.

 

Malwarebyes removed it.

 

A couple of days ago I started Google Chrome and noticed that the search had been taken over by 'Lasaoren'.

 

Malwarebyes removed it again.

 

I'm just wondering if it is still in my system somewhere?

 

Last night I decided to run 'autoruns' to have a look round and came across:

c:\windows\system32\drivers\truesight.sys

The timestamp of the above was on the 23/09/2014 which was only a few days ago!

 

Searching on Google there seems a lot of talk about it being a trojan, but then others are saying it's part of Bitdefender or Roguekiller?

 

So I don't know what to believe.

 

My laptop seems to be running quite smoothly at the moment.

 

I have run: Roguekiller/ TDSSKILLER/ADWkiller

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-09-2014
Ran by Anthony (administrator) on ANTHONY on 27-09-2014 11:23:03
Running from C:\Users\Anthony\Desktop
Loaded Profile: Anthony (Available profiles: Anthony)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\SmartAudio3.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Spotify Ltd) C:\Users\Anthony\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Flux Software LLC) C:\Users\Anthony\AppData\Local\FluxSoftware\Flux\flux.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(abelhadigital.com) C:\Program Files (x86)\HostsMan\hm.exe
() C:\Program Files\Ditto\Ditto.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2898768 2012-07-09] (ELAN Microelectronics Corp.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5752480 2012-07-11] (Dell Inc.)
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4015346877-3346498852-3124713193-1001\...\Run: [spotify Web Helper] => C:\Users\Anthony\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-18] (Spotify Ltd)
HKU\S-1-5-21-4015346877-3346498852-3124713193-1001\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl)
HKU\S-1-5-21-4015346877-3346498852-3124713193-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKU\S-1-5-21-4015346877-3346498852-3124713193-1001\...\Run: [f.lux] => C:\Users\Anthony\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-4015346877-3346498852-3124713193-1001\...\Run: [HostsMan] => C:\Program Files (x86)\HostsMan\hm.exe [7922688 2014-08-28] (abelhadigital.com)
HKU\S-1-5-21-4015346877-3346498852-3124713193-1001\...\Run: [Ditto] => C:\Program Files\Ditto\Ditto.exe [1880064 2014-06-06] ()
HKU\S-1-5-21-4015346877-3346498852-3124713193-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
Startup: C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKLM - {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM - {A3D028CD-0D72-4E93-BDCF-DBAFA2F3B60E} URL = http://Lasaoren.com/results.php?f=4&q={searchTerms}&a=lrn_ir_14_38_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0D0ByDyD0DtC0BtCtC0Ezz0F0A0AtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFyEtFtBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyCtB0E0AyDyE0B0AtGzzzzyEtDtG0F0CtAzytGzyzyyEtCtGtDtDzy0A0EtBtCtC0FzzyEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0CtDzz0CyDyDzytGtA0A0EyCtGyEtB0ByEtGzyzztByEtGyCyCzytC0FtBtD0AzyyCyEtD2Q&cr=1362351949&ir=
SearchScopes: HKLM-x32 - {A3D028CD-0D72-4E93-BDCF-DBAFA2F3B60E} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKCU - DefaultScope {A3D028CD-0D72-4E93-BDCF-DBAFA2F3B60E} URL = http://Lasaoren.com/results.php?f=4&q={searchTerms}&a=lrn_ir_14_38_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0D0ByDyD0DtC0BtCtC0Ezz0F0A0AtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFyEtFtBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyCtB0E0AyDyE0B0AtGzzzzyEtDtG0F0CtAzytGzyzyyEtCtGtDtDzy0A0EtBtCtC0FzzyEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0CtDzz0CyDyDzytGtA0A0EyCtGyEtB0ByEtGzyzztByEtGyCyCzytC0FtBtD0AzyyCyEtD2Q&cr=1362351949&ir=
SearchScopes: HKCU - {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL =
SearchScopes: HKCU - {A3D028CD-0D72-4E93-BDCF-DBAFA2F3B60E} URL = http://Lasaoren.com/results.php?f=4&q={searchTerms}&a=lrn_ir_14_38_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0D0ByDyD0DtC0BtCtC0Ezz0F0A0AtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFyEtFtBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyCtB0E0AyDyE0B0AtGzzzzyEtDtG0F0CtAzytGzyzyyEtCtGtDtDzy0A0EtBtCtC0FzzyEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0CtDzz0CyDyDzytGtA0A0EyCtGyEtB0ByEtGzyzztByEtGyCyCzytC0FtBtD0AzyyCyEtD2Q&cr=1362351949&ir=
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default
FF NewTab: hxxp://news.bbc.co.uk
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF NetworkProxy: "ftp", "87.250.52.230"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "gopher", "87.250.52.230"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "http", "87.250.52.230"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "87.250.52.230"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "87.250.52.230"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\searchplugins\ixquick-https.xml
FF Extension: British English Dictionary (Updated) - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\en-gb@flyingtophat.co.uk [2014-03-06]
FF Extension: KeeFox - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\keefox@chris.tomlinson [2014-06-11]
FF Extension: FireShot - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-07-26]
FF Extension: LastTab - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\{68E5DD30-A659-4987-99F9-EAF21F9D4140}(117) [2013-02-21]
FF Extension: Disconnect - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\2.0@disconnect.me.xpi [2013-07-25]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-03-08]
FF Extension: Copy Plain Text 2 - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\copyplaintext@teo.pl.xpi [2014-07-26]
FF Extension: I don't care about cookies - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\jid1-KKzOGWgsW3Ao4Q@jetpack.xpi [2014-03-21]
FF Extension: Download Status Bar - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-01-18]
FF Extension: YouTube High Definition - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-07-10]
FF Extension: eCleaner - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\{c72c0c73-4eb0-4fb3-af0f-074e97326cfd}.xpi [2014-09-26]
FF Extension: Adblock Plus - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-21]
FF Extension: Tab Mix Plus - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-02-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-01]

Chrome:
=======
CHR Profile: C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10]
CHR Extension: (avast! Online Security) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-23]
CHR Extension: (Google Wallet) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-02]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-17] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-02] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2012-07-04] (Conexant Systems, Inc.)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
S3 InnovativeSolutions_monitor; C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [1064880 2014-08-25] ()
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-05-05] (Microsoft Corporation)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-11-26] (SoftThinks SAS)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2014-09-10] (RaMMicHaeL)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-02] ()
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-09-26] ()
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-09-21] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-10] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-27 11:23 - 2014-09-27 11:23 - 00022195 _____ () C:\Users\Anthony\Desktop\FRST.txt
2014-09-27 11:22 - 2014-09-27 11:23 - 00000000 ____D () C:\FRST
2014-09-27 11:21 - 2014-09-27 11:21 - 02108928 _____ (Farbar) C:\Users\Anthony\Desktop\FRST64.exe
2014-09-27 11:03 - 2014-09-27 11:04 - 00369808 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-27 11:03 - 2014-09-27 11:03 - 00000410 _____ () C:\WINDOWS\PFRO.log
2014-09-26 14:48 - 2014-09-27 11:12 - 00323703 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-26 14:00 - 2014-09-26 14:00 - 00006928 _____ () C:\Users\Anthony\Documents\cc_20140926_135958.reg
2014-09-25 23:25 - 2014-09-25 23:25 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\MusicBrainz
2014-09-25 23:25 - 2014-09-25 23:25 - 00000000 ____D () C:\Users\Anthony\AppData\Local\cache
2014-09-25 23:24 - 2014-09-25 23:24 - 00001189 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBrainz Picard.lnk
2014-09-25 23:24 - 2014-09-25 23:24 - 00000000 ____D () C:\Program Files (x86)\MusicBrainz Picard
2014-09-23 17:40 - 2014-09-24 17:08 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Mp3tag
2014-09-23 17:40 - 2014-09-23 17:40 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-09-23 12:50 - 2014-09-23 12:50 - 04893784 _____ () C:\Users\Anthony\Downloads\RogueKiller.exe
2014-09-21 18:04 - 2014-09-21 18:06 - 18201488 _____ (Dell Inc.) C:\Users\Anthony\Downloads\Chipset_Driver_65JF8_WN_6.2.9200.39052_A01.EXE
2014-09-21 18:03 - 2014-09-21 18:20 - 330193192 _____ (Dell Inc.) C:\Users\Anthony\Downloads\Audio_Driver_Y1116_WN_8.54.40.0_A00.EXE
2014-09-21 17:56 - 2014-09-21 17:57 - 39198616 _____ (Dell Inc.) C:\Users\Anthony\Downloads\Network_Application_XR83W_WN_3.1.1307.0362_A00.EXE
2014-09-21 16:54 - 2014-09-21 17:53 - 00000000 ____D () C:\Users\Anthony\Downloads\Bluescreenview
2014-09-21 16:02 - 2014-09-26 14:21 - 00000000 ____D () C:\WINDOWS\Minidump
2014-09-21 16:01 - 2014-09-26 14:12 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-09-17 15:43 - 2014-09-27 11:08 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Ditto
2014-09-17 15:43 - 2014-09-17 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ditto
2014-09-17 15:43 - 2014-09-17 15:43 - 00000000 ____D () C:\Program Files\Ditto
2014-09-17 13:02 - 2014-09-26 14:48 - 00000000 ____D () C:\Users\Anthony\AppData\Local\CrashDumps
2014-09-16 21:16 - 2014-09-16 21:16 - 00006741 _____ () C:\Users\Anthony\Documents\RKreport_DEL_09162014_211443.log
2014-09-16 21:02 - 2014-09-21 15:58 - 00033512 _____ () C:\WINDOWS\SysWOW64\Drivers\TrueSight.sys
2014-09-16 21:02 - 2014-09-16 21:02 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-16 16:50 - 2014-09-16 16:50 - 00005548 _____ () C:\Users\Anthony\Documents\cc_20140916_165037.reg
2014-09-16 16:17 - 2014-09-16 16:17 - 01373475 _____ () C:\Users\Anthony\Downloads\adwcleaner_3.310.exe
2014-09-14 17:48 - 2014-09-16 14:28 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\FreeFileSync
2014-09-14 17:29 - 2014-09-14 17:29 - 00000000 ____D () C:\Program Files\FreeFileSync
2014-09-14 16:21 - 2014-09-14 16:21 - 00014850 _____ () C:\Users\Anthony\Documents\cc_20140914_162124.reg
2014-09-14 15:32 - 2014-09-17 19:11 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-09-14 15:32 - 2014-09-14 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-09-14 15:32 - 2014-09-14 15:32 - 00000000 ____D () C:\ProgramData\Licenses
2014-09-14 15:32 - 2011-11-04 05:13 - 01070352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX
2014-09-14 15:32 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTDFMT.DLL
2014-09-14 14:44 - 2014-09-14 14:44 - 00000000 ____D () C:\Users\Public\Documents\HostsMan Backups
2014-09-14 14:44 - 2014-09-14 14:44 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\abelhadigital.com
2014-09-14 14:44 - 2014-09-14 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HostsMan
2014-09-14 14:44 - 2014-09-14 14:44 - 00000000 ____D () C:\ProgramData\abelhadigital.com
2014-09-14 14:44 - 2014-09-14 14:44 - 00000000 ____D () C:\Program Files (x86)\HostsMan
2014-09-14 14:02 - 2014-09-14 14:02 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2014-09-14 14:01 - 2014-09-14 14:01 - 00000000 ____D () C:\Users\Anthony\AppData\Local\FluxSoftware
2014-09-10 20:03 - 2014-08-23 08:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-09-10 20:03 - 2014-08-23 08:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-09-10 20:03 - 2014-08-23 07:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-09-10 20:03 - 2014-08-23 06:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-09-10 20:03 - 2014-08-23 05:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-09-10 20:03 - 2014-08-23 05:34 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-09-10 20:03 - 2014-08-23 05:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-09-10 20:03 - 2014-08-23 05:31 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-09-10 20:03 - 2014-08-23 05:20 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-09-10 20:03 - 2014-08-15 01:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2014-09-10 20:03 - 2014-07-30 02:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-09-10 20:03 - 2014-07-29 06:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2014-09-10 16:26 - 2014-09-10 16:26 - 00000000 ____D () C:\ProgramData\Unchecky
2014-09-10 15:17 - 2014-08-16 03:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-10 15:17 - 2014-08-16 03:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-09-10 15:17 - 2014-08-16 03:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-10 15:17 - 2014-08-16 03:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-10 15:17 - 2014-08-16 02:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-09-10 15:17 - 2014-08-16 02:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-09-10 15:17 - 2014-08-16 02:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-09-10 15:17 - 2014-08-16 02:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-09-10 15:17 - 2014-08-16 02:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-10 15:17 - 2014-08-16 02:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-09-10 15:17 - 2014-08-16 02:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-09-10 15:17 - 2014-08-16 02:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-09-10 15:17 - 2014-08-16 02:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-10 15:17 - 2014-08-16 02:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-09-10 15:17 - 2014-08-16 02:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-10 15:17 - 2014-08-16 02:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-09-10 15:17 - 2014-08-16 02:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-10 15:17 - 2014-08-16 02:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-10 15:17 - 2014-08-16 02:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-10 15:17 - 2014-08-16 02:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-10 15:17 - 2014-08-16 02:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-09-10 15:17 - 2014-08-16 01:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 15:17 - 2014-08-16 01:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-10 15:17 - 2014-08-16 01:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-10 15:17 - 2014-08-16 01:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-09-10 15:17 - 2014-08-16 01:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-09-10 15:17 - 2014-08-16 01:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-09-10 15:17 - 2014-08-16 01:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-09-10 15:17 - 2014-08-16 01:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-09-10 15:17 - 2014-08-16 01:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-09-10 15:17 - 2014-08-16 01:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-10 15:17 - 2014-08-16 01:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-09-10 15:17 - 2014-08-16 01:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-09-10 15:17 - 2014-08-16 01:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-09-10 15:17 - 2014-08-16 01:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-09-10 15:04 - 2014-08-02 01:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-09-10 15:03 - 2014-07-24 04:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-10 15:03 - 2014-07-24 04:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2014-09-09 18:45 - 2014-09-09 18:45 - 10036224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-27 11:23 - 2013-03-29 17:37 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\tixati
2014-09-27 11:12 - 2013-02-17 11:50 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4015346877-3346498852-3124713193-1001
2014-09-27 11:11 - 2012-11-19 10:40 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-09-27 11:10 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-27 11:07 - 2013-03-21 16:01 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\KeePass
2014-09-27 11:04 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-26 23:46 - 2014-05-03 22:00 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\ClassicShell
2014-09-26 23:46 - 2013-02-17 17:12 - 00000000 ____D () C:\Program Files\PeerBlock
2014-09-26 23:45 - 2013-03-17 15:47 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-26 22:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-26 15:42 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-26 15:13 - 2014-04-26 16:26 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-26 14:22 - 2014-01-03 21:40 - 00000000 ____D () C:\Program Files (x86)\System Ninja
2014-09-26 14:21 - 2013-02-17 20:06 - 00000000 ____D () C:\Program Files\Defraggler
2014-09-26 14:11 - 2014-04-08 19:08 - 00000000 ____D () C:\AdwCleaner
2014-09-26 14:10 - 2013-02-17 16:17 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-26 13:53 - 2014-05-04 14:33 - 00009626 _____ () C:\Users\Anthony\Documents\All installed programs.txt
2014-09-26 13:51 - 2013-03-23 19:46 - 00148878 _____ () C:\Users\Anthony\Documents\MyNewDatabase.kdbx
2014-09-26 13:50 - 2014-03-18 11:03 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-26 13:37 - 2013-02-17 16:15 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-26 11:36 - 2014-03-31 12:30 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-26 11:25 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-26 11:18 - 2013-02-17 12:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-25 12:52 - 2013-02-17 12:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 13:35 - 2013-04-25 18:14 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\vlc
2014-09-24 11:23 - 2013-02-17 14:56 - 00000000 ____D () C:\Users\Anthony\Documents\Calibre Library
2014-09-24 11:13 - 2013-03-03 18:15 - 00001137 _____ () C:\Users\Anthony\Documents\Albums deleted.txt
2014-09-24 11:12 - 2013-09-08 13:31 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\CUE Tools
2014-09-23 13:18 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-23 12:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Registration
2014-09-22 20:15 - 2014-04-25 20:34 - 00000000 ____D () C:\Users\Anthony\Downloads\Windows update notifier
2014-09-22 20:14 - 2014-05-23 20:45 - 00000000 ____D () C:\Users\Anthony\Downloads\Carom3d
2014-09-22 16:33 - 2014-07-24 17:22 - 00000785 _____ () C:\Users\Anthony\AppData\Roaming\burnaware.ini
2014-09-21 21:52 - 2014-05-05 15:13 - 00000000 ____D () C:\Users\Anthony
2014-09-21 16:31 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-09-19 21:44 - 2011-07-23 15:21 - 00000000 ____D () C:\Users\Anthony\Documents\Items for sale
2014-09-18 18:54 - 2013-02-17 16:45 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Spotify
2014-09-18 18:49 - 2013-02-17 16:45 - 00000000 ____D () C:\Users\Anthony\AppData\Local\Spotify
2014-09-18 13:39 - 2013-04-18 14:13 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-18 13:39 - 2013-04-18 14:13 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-17 19:11 - 2012-11-19 10:31 - 00000000 ____D () C:\ProgramData\Temp
2014-09-17 17:25 - 2013-04-18 14:13 - 00003890 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-17 17:25 - 2013-04-18 14:13 - 00003654 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-17 12:18 - 2013-02-17 12:01 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-09-16 18:30 - 2014-06-12 15:16 - 00000000 ____D () C:\Users\Anthony\Downloads\tdsskiller
2014-09-16 15:45 - 2014-07-24 17:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free
2014-09-16 15:45 - 2014-07-24 17:21 - 00000000 ____D () C:\Program Files (x86)\BurnAware Free
2014-09-14 20:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\vpnplugins
2014-09-14 15:53 - 2012-11-19 10:39 - 00000000 ____D () C:\WINDOWS\eBayDesktopShortcut
2014-09-14 14:31 - 2014-01-03 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Ninja
2014-09-12 13:49 - 2014-04-21 10:12 - 00000000 ____D () C:\Program Files\Recuva
2014-09-12 13:48 - 2013-02-24 16:48 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 11.lnk
2014-09-12 13:48 - 2013-02-24 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
2014-09-10 20:14 - 2013-07-19 13:23 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-10 20:10 - 2013-02-21 13:53 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-10 20:04 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-09-10 15:18 - 2014-06-10 20:11 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-09-10 15:18 - 2014-06-10 20:11 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-10 15:18 - 2014-06-10 20:11 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-09-10 15:18 - 2014-06-10 20:11 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-09-10 15:18 - 2014-06-10 20:11 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-10 15:18 - 2014-06-10 20:11 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-10 15:18 - 2014-06-10 20:11 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-10 15:18 - 2014-06-10 20:11 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-09-10 15:18 - 2014-06-10 20:10 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-10 15:18 - 2014-06-10 20:10 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-09-10 15:18 - 2014-06-10 20:10 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-09-10 15:18 - 2014-06-10 20:10 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-10 15:18 - 2014-05-05 23:56 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-10 15:18 - 2014-05-05 23:56 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-10 15:17 - 2014-06-10 20:10 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-10 15:17 - 2014-06-10 20:10 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-09 18:45 - 2013-03-17 15:47 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-09-05 18:57 - 2013-02-17 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2014-09-05 18:57 - 2013-02-17 14:56 - 00000000 ____D () C:\Program Files\Calibre2
2014-09-05 18:34 - 2013-03-29 17:37 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
2014-09-05 18:34 - 2013-03-29 17:37 - 00000000 ____D () C:\Program Files\tixati
2014-09-02 21:06 - 2013-08-22 16:38 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-02 21:06 - 2013-08-22 16:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-26 12:28

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-09-2014
Ran by Anthony at 2014-09-27 11:23:47
Running from C:\Users\Anthony\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Advanced Uninstaller PRO - Version 11 (HKLM-x32\...\AU11_is1) (Version: 11.48.0.196 - Innovative Solutions)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD AVIVO64 Codecs (Version: 12.5.100.20719 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{0CD183F1-E511-0777-1C35-DC29235885C5}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AudioShell 2.0 beta 1 (HKLM\...\AudioShell_is1) (Version: 2.0 beta 1 - Softpointer Inc)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
BurnAware Free 6.9 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
calibre 64bit (HKLM\...\{0F072A3A-7D6F-4CE0-AB44-10DB3A7B3852}) (Version: 1.17.0 - Kovid Goyal)
calibre 64bit (HKLM\...\{57ADE316-7B2D-4DD0-BA95-11AF9B58B3DA}) (Version: 2.2.0 - Kovid Goyal)
Carom3D (HKLM-x32\...\Carom3D) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CDCheck (HKLM-x32\...\CDCheck) (Version:  - )
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.40.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.5 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.5 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)
Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.39 - PC-Doctor, Inc.)
Dell Touchpad (HKLM\...\Elantech) (Version: 11.3.1.4 - ELAN Microelectronic Corp.)
Ditto (HKLM\...\Ditto_is1) (Version:  - Scott Brogden)
DSC/AA Factory Installer (Version: 3.2.6032.39 - PC-Doctor, Inc.) Hidden
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
f.lux (HKCU\...\Flux) (Version:  - )
FreeFileSync 6.9 (HKLM-x32\...\FreeFileSync) (Version: 6.9 - Zenju)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.2.0.822 - Citrix Online, a division of Citrix Systems, Inc.)
HostsMan 4.5.102 (HKLM-x32\...\{1A3DD1A9-7B7B-4ECA-AD2F-98466F49F62C}_is1) (Version: 4.5.102.0 - abelhadigital.com)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 16.1.1.0084 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Intel® WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
KeePass Password Safe 2.27 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.27 - Dominik Reichl)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mp3tag v2.64 (HKLM-x32\...\Mp3tag) (Version: v2.64 - Florian Heidenreich)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.2 - MusicBrainz)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.005 - Dell Inc.)
RadLight APE DirectShow filter (remove only) (HKLM-x32\...\RadLight APE DirectShow filter) (Version:  - "RadLight, LLC.")
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SlimComputer (HKLM-x32\...\{574BF026-4487-4051-BCE5-83C4E40AAF6D}) (Version: 1.3.30878 - SlimWare Utilities, Inc.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Spotify (HKCU\...\Spotify) (Version: 0.9.13.24.g5dbb3103 - Spotify AB)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.5.2 - Krzysztof Kowalczyk)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 6.5.48.0 - 2BrightSparks)
System Ninja version 3.0.3 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.0.3 - SingularLabs)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Tixati (HKLM-x32\...\tixati) (Version:  - )
Unchecky v0.2.16 (HKLM-x32\...\Unchecky) (Version: 0.2.16 - RaMMicHaeL)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
Wisdom-soft ScreenHunter 6.0 Free (HKLM-x32\...\Wisdom-soft ScreenHunter 6.0 Free) (Version:  - Wisdom Software Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4015346877-3346498852-3124713193-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Anthony\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

12-09-2014 12:48:04 After installing Advanced Uninstaller PRO
16-09-2014 15:38:05 due to running adwcleaner
24-09-2014 11:35:23 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2014-09-27 11:04 - 00002187 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.tracking.opencandy.com.s3.amazonaws.com
127.0.0.1 www.media.opencandy.com
127.0.0.1 www.cdn.opencandy.com
127.0.0.1 www.tracking.opencandy.com
127.0.0.1 www.api.opencandy.com
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us

There are 9 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {291BCD87-841C-4C76-ACEB-C0280F69F167} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-07-17] (PC-Doctor, Inc.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {4582F1BC-6E74-41CE-9846-6D94FBE6851A} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-4015346877-3346498852-3124713193-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {46CCF37A-20AF-407C-B8AB-B21A77CB9927} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-02] (AVAST Software)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {81345431-A3FC-47B6-8F00-0F59F2117983} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {86C64F1E-148B-49AB-A3B5-6F50F740A73C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {99767C56-B9DF-404C-8AFE-D3B59915661D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {BF58E14B-1069-43E0-80DD-BB525A2FD9CD} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {C1DC4B08-CAFD-4478-8F96-CBF4294E4CF7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-18] (Google Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D08F1AB1-8F5E-4779-937E-7A750E734C77} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {D180CFFA-23FE-4D2C-9C78-13ADB80B1687} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-07-17] (PC-Doctor, Inc.)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {D8DBAB05-4D8F-493C-946D-9E0DEAE35F2F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-09-10] (Microsoft Corporation)
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E2ACF668-4308-4463-9ECA-B3DD4467FB01} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {E3BDCA69-0278-4D27-AE94-D673C4802877} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E82EB3E3-1D40-40C3-9A67-B317508CFF5E} - System32\Tasks\SlimComputer Run => C:\Program Files (x86)\SlimComputer\SlimComputer.exe [2013-07-10] (SlimWare Utilities, Inc.)
Task: {E8CBC4AA-D88C-48AF-BC1C-F1D8E2326D92} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {EDE4B366-A711-4D37-B207-7A399F373344} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {F4C6DE01-F3AD-4D7B-A2B2-19ADBC2BBC71} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-18] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-09-26 11:34 - 2014-09-26 11:34 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2009-11-19 03:34 - 2009-11-19 03:34 - 00022016 _____ () C:\WINDOWS\System32\suge1l6.dll
2014-03-31 12:30 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-11-19 10:25 - 2012-04-05 21:55 - 00164992 _____ () C:\Program Files\Conexant\SA3\MaxxAudioWrapper.dll
2014-07-07 15:22 - 2014-07-07 15:22 - 00046080 _____ () C:\Users\Anthony\AppData\Local\KeePass\PluginCache\NyObG8KG1yCFmHQvJcRD\Fleck2.dll
2013-03-23 18:12 - 2014-07-06 09:36 - 00372736 _____ () C:\Program Files (x86)\KeePass Password Safe 2\KeePass.XmlSerializers.dll
2014-09-17 15:43 - 2014-06-06 21:43 - 01880064 _____ () C:\Program Files\Ditto\Ditto.exe
2014-07-02 21:04 - 2014-07-02 21:04 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-26 23:20 - 2014-09-26 23:20 - 02867200 _____ () C:\Program Files\AVAST Software\Avast\defs\14092602\algo.dll
2014-09-27 11:05 - 2014-09-27 11:05 - 02867200 _____ () C:\Program Files\AVAST Software\Avast\defs\14092700\algo.dll
2014-09-10 21:18 - 2014-09-10 21:18 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\8dd48af515d8e2453ca6d118ad35baeb\PSIClient.ni.dll
2014-09-26 11:29 - 2014-09-26 11:29 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-07-02 21:04 - 2014-07-02 21:04 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-02-17 12:07 - 2014-09-25 12:52 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-11-19 10:26 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "BTMTrayAgent"
HKCU\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKCU\...\StartupApproved\Run: => "Spybot-S&D Cleaning"

========================= Accounts: ==========================

Administrator (S-1-5-21-4015346877-3346498852-3124713193-500 -> Administrator - Disabled - Status: Degraded)
Anthony (S-1-5-21-4015346877-3346498852-3124713193-1001 -> Administrator - Enabled - Status: OK) => C:\Users\Anthony
Guest (S-1-5-21-4015346877-3346498852-3124713193-501 -> Limited - Disabled - Status: Degraded)

==================== Faulty Device Manager Devices =============

Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (09/26/2014 02:48:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39, time stamp: 0x4ffe56d2
Faulting module name: MSVCR90.dll, version: 9.0.30729.8387, time stamp: 0x51ea1bbd
Exception code: 0x40000015
Fault offset: 0x000000000004267f
Faulting process id: 0x1478
Faulting application start time: 0xpcdrsysinfocsmi.p5x0
Faulting application path: pcdrsysinfocsmi.p5x1
Faulting module path: pcdrsysinfocsmi.p5x2
Report Id: pcdrsysinfocsmi.p5x3
Faulting package full name: pcdrsysinfocsmi.p5x4
Faulting package-relative application ID: pcdrsysinfocsmi.p5x5

Error: (09/25/2014 01:17:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39, time stamp: 0x4ffe56d2
Faulting module name: MSVCR90.dll, version: 9.0.30729.8387, time stamp: 0x51ea1bbd
Exception code: 0x40000015
Fault offset: 0x000000000004267f
Faulting process id: 0xda0
Faulting application start time: 0xpcdrsysinfocsmi.p5x0
Faulting application path: pcdrsysinfocsmi.p5x1
Faulting module path: pcdrsysinfocsmi.p5x2
Report Id: pcdrsysinfocsmi.p5x3
Faulting package full name: pcdrsysinfocsmi.p5x4
Faulting package-relative application ID: pcdrsysinfocsmi.p5x5

Error: (09/24/2014 01:59:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39, time stamp: 0x4ffe56d2
Faulting module name: MSVCR90.dll, version: 9.0.30729.8387, time stamp: 0x51ea1bbd
Exception code: 0x40000015
Fault offset: 0x000000000004267f
Faulting process id: 0x1498
Faulting application start time: 0xpcdrsysinfocsmi.p5x0
Faulting application path: pcdrsysinfocsmi.p5x1
Faulting module path: pcdrsysinfocsmi.p5x2
Report Id: pcdrsysinfocsmi.p5x3
Faulting package full name: pcdrsysinfocsmi.p5x4
Faulting package-relative application ID: pcdrsysinfocsmi.p5x5

Error: (09/22/2014 04:59:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 2.1.5.0, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 6.3.9600.17114, time stamp: 0x53649e73
Exception code: 0xc0000005
Fault offset: 0x000000000004b0b3
Faulting process id: 0x1680
Faulting application start time: 0xvlc.exe0
Faulting application path: vlc.exe1
Faulting module path: vlc.exe2
Report Id: vlc.exe3
Faulting package full name: vlc.exe4
Faulting package-relative application ID: vlc.exe5

Error: (09/22/2014 01:01:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39, time stamp: 0x4ffe56d2
Faulting module name: MSVCR90.dll, version: 9.0.30729.8387, time stamp: 0x51ea1bbd
Exception code: 0x40000015
Fault offset: 0x000000000004267f
Faulting process id: 0x1634
Faulting application start time: 0xpcdrsysinfocsmi.p5x0
Faulting application path: pcdrsysinfocsmi.p5x1
Faulting module path: pcdrsysinfocsmi.p5x2
Report Id: pcdrsysinfocsmi.p5x3
Faulting package full name: pcdrsysinfocsmi.p5x4
Faulting package-relative application ID: pcdrsysinfocsmi.p5x5

Error: (09/21/2014 02:08:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39, time stamp: 0x4ffe56d2
Faulting module name: MSVCR90.dll, version: 9.0.30729.8387, time stamp: 0x51ea1bbd
Exception code: 0x40000015
Fault offset: 0x000000000004267f
Faulting process id: 0xf10
Faulting application start time: 0xpcdrsysinfocsmi.p5x0
Faulting application path: pcdrsysinfocsmi.p5x1
Faulting module path: pcdrsysinfocsmi.p5x2
Report Id: pcdrsysinfocsmi.p5x3
Faulting package full name: pcdrsysinfocsmi.p5x4
Faulting package-relative application ID: pcdrsysinfocsmi.p5x5

Error: (09/20/2014 03:20:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39, time stamp: 0x4ffe56d2
Faulting module name: MSVCR90.dll, version: 9.0.30729.8387, time stamp: 0x51ea1bbd
Exception code: 0x40000015
Fault offset: 0x000000000004267f
Faulting process id: 0x1b8
Faulting application start time: 0xpcdrsysinfocsmi.p5x0
Faulting application path: pcdrsysinfocsmi.p5x1
Faulting module path: pcdrsysinfocsmi.p5x2
Report Id: pcdrsysinfocsmi.p5x3
Faulting package full name: pcdrsysinfocsmi.p5x4
Faulting package-relative application ID: pcdrsysinfocsmi.p5x5

Error: (09/19/2014 11:56:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 2.1.5.0, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 6.3.9600.17114, time stamp: 0x53649e73
Exception code: 0xc0000005
Fault offset: 0x000000000004b0b3
Faulting process id: 0x156c
Faulting application start time: 0xvlc.exe0
Faulting application path: vlc.exe1
Faulting module path: vlc.exe2
Report Id: vlc.exe3
Faulting package full name: vlc.exe4
Faulting package-relative application ID: vlc.exe5

Error: (09/19/2014 03:28:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000028a0fd8
Faulting process id: 0x5b4
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (09/19/2014 01:43:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39, time stamp: 0x4ffe56d2
Faulting module name: MSVCR90.dll, version: 9.0.30729.8387, time stamp: 0x51ea1bbd
Exception code: 0x40000015
Fault offset: 0x000000000004267f
Faulting process id: 0x8bc
Faulting application start time: 0xpcdrsysinfocsmi.p5x0
Faulting application path: pcdrsysinfocsmi.p5x1
Faulting module path: pcdrsysinfocsmi.p5x2
Report Id: pcdrsysinfocsmi.p5x3
Faulting package full name: pcdrsysinfocsmi.p5x4
Faulting package-relative application ID: pcdrsysinfocsmi.p5x5


System errors:
=============
Error: (09/27/2014 11:06:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/26/2014 04:36:18 PM) (Source: DCOM) (EventID: 10010) (User: Anthony)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (09/26/2014 02:12:27 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys

Error: (09/26/2014 11:21:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/25/2014 04:18:59 PM) (Source: DCOM) (EventID: 10010) (User: Anthony)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (09/25/2014 01:18:16 PM) (Source: DCOM) (EventID: 10010) (User: Anthony)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (09/25/2014 11:10:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/24/2014 02:00:11 PM) (Source: DCOM) (EventID: 10010) (User: Anthony)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (09/24/2014 11:01:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/23/2014 02:19:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (09/26/2014 02:48:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: pcdrsysinfocsmi.p5x6.0.6032.394ffe56d2MSVCR90.dll9.0.30729.838751ea1bbd40000015000000000004267f147801cfd99084d173f4C:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5xC:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dllc693aeaf-4583-11e4-80a4-e0db55d1b11e

Error: (09/25/2014 01:17:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: pcdrsysinfocsmi.p5x6.0.6032.394ffe56d2MSVCR90.dll9.0.30729.838751ea1bbd40000015000000000004267fda001cfd8bab4282251C:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5xC:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dllf9326302-44ad-11e4-80a3-e0db55d1b11e

Error: (09/24/2014 01:59:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: pcdrsysinfocsmi.p5x6.0.6032.394ffe56d2MSVCR90.dll9.0.30729.838751ea1bbd40000015000000000004267f149801cfd7f76a918470C:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5xC:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dllaaf97d82-43ea-11e4-80a2-e0db55d1b11e

Error: (09/22/2014 04:59:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.3.9600.1711453649e73c0000005000000000004b0b3168001cfd669697fcdc3C:\Program Files\VideoLAN\VLC\vlc.exeC:\WINDOWS\SYSTEM32\ntdll.dll7525e190-4271-11e4-809e-e0db55d1b11e

Error: (09/22/2014 01:01:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: pcdrsysinfocsmi.p5x6.0.6032.394ffe56d2MSVCR90.dll9.0.30729.838751ea1bbd40000015000000000004267f163401cfd65ce66af29cC:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5xC:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll277a8a8f-4250-11e4-809e-e0db55d1b11e

Error: (09/21/2014 02:08:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: pcdrsysinfocsmi.p5x6.0.6032.394ffe56d2MSVCR90.dll9.0.30729.838751ea1bbd40000015000000000004267ff1001cfd59d2fc00004C:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5xC:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll71d200d7-4190-11e4-809c-e0db55d1b11e

Error: (09/20/2014 03:20:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: pcdrsysinfocsmi.p5x6.0.6032.394ffe56d2MSVCR90.dll9.0.30729.838751ea1bbd40000015000000000004267f1b801cfd4ddf4f5480fC:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5xC:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll37342139-40d1-11e4-809b-e0db55d1b11e

Error: (09/19/2014 11:56:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.3.9600.1711453649e73c0000005000000000004b0b3156c01cfd450affa6bb8C:\Program Files\VideoLAN\VLC\vlc.exeC:\WINDOWS\SYSTEM32\ntdll.dll4020a24c-4050-11e4-809a-e0db55d1b11e

Error: (09/19/2014 03:28:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1728453f816dcunknown0.0.0.000000000c000000500000000028a0fd85b401cfd40063e7ea2fC:\WINDOWS\Explorer.EXEunknown356206f2-4009-11e4-8099-e0db55d1b11e

Error: (09/19/2014 01:43:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: pcdrsysinfocsmi.p5x6.0.6032.394ffe56d2MSVCR90.dll9.0.30729.838751ea1bbd40000015000000000004267f8bc01cfd407599a66e9C:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5xC:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dll9a4a3150-3ffa-11e4-8099-e0db55d1b11e


CodeIntegrity Errors:
===================================
  Date: 2013-05-26 15:09:04.567
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MCWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-26 15:09:04.536
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MCWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-26 15:09:04.111
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MCWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-26 15:09:03.913
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MCWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-12 12:55:13.523
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MCWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-12 12:55:13.476
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MCWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-12 12:55:13.105
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MCWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-12 12:55:12.902
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MCWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-12 12:19:30.619
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MCWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-12 12:19:30.386
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MCWrp64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 31%
Total physical RAM: 6013.27 MB
Available physical RAM: 4098.18 MB
Total Pagefile: 12157.27 MB
Available Pagefile: 10132.65 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:684.88 GB) (Free:588.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 48A4F829)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

 

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Before we proceed further, please read all of the following instructions carefully.

If there is anything that you do not understand kindly ask before proceeding.

If needed please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
  • When we are done, I'll give you instructions on how to cleanup all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)
STEP 0

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes

so that your normal security software can then run and clean your computer of infections.

When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies

that stop us from using certain tools. When finished it will display a log file that shows the processes that were

terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot

your computer as any malware processes that are configured to start automatically will just be started again.

Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1

Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe
STEP 02

Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below please see the following: MBAM Clean Removal Process 2x

When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 03

Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.
Thank you
Link to post
Share on other sites

I am no expert when it comes to computers so please bare with me.

 

The first problem concerns 'ERUNT' and you mention: ' NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.'

 

When installing 'ERUNT'  I have to install the 'shortcuts will be created in the following start menu folder'.

 

Is this the entry to the startup folder you mention, as I don't see an option to click 'no', I have to click 'next'?

 

Is this alright?

Link to post
Share on other sites

I have not installed ERUNT but have run the other programs you mentioned.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 06/10/2014
Scan Time: 17:23:34
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.06.06
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Anthony

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 315827
Time Elapsed: 13 min, 55 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

RogueKiller V9.3.0.0 (x64) [Oct  6 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Anthony [Admin rights]
Mode : Scan -- Date : 10/06/2014  19:08:26

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 39 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 www.tracking.opencandy.com.s3.amazonaws.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 www.media.opencandy.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 www.cdn.opencandy.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 www.tracking.opencandy.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 www.api.opencandy.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 media.opencandy.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.opencandy.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 api.opencandy.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 installer.betterinstaller.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 installer.filebulldog.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 inno.bisrv.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 nsis.bisrv.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.file2desktop.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.goateastcach.us
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.guttastatdk.us
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.inskinmedia.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.oibundles2.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.playbryte.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.llogetfastcach.us
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.montiera.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.msdwnld.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.mypcbackup.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.ppdownload.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.riceateastcach.us
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.shyapotato.us
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.solimba.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.tuto4pc.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.appround.biz
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.bigspeedpro.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.bispd.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.bisrv.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.cdndp.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.download.sweetpacks.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.dpdownload.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.visualbee.net

¤¤¤ Antirootkit : 3 (Driver: NOT LOADED [0x20]) ¤¤¤
[iAT:Addr] (explorer.exe) dwmapi.dll -  : Unknown @ 0xbb00000
[iAT:Addr] (explorer.exe) dwmapi.dll -  : Unknown @ 0xbb00020
[iAT:Addr] (explorer.exe) dwmapi.dll -  : Unknown @ 0xbb00040

¤¤¤ Web browsers : 2 ¤¤¤
[PUM.Proxy][FIREFX:Config] cqwyqvfd.default : user_pref("network.proxy.http", "87.250.52.230"); -> FOUND
[PUM.Proxy][FIREFX:Config] cqwyqvfd.default : user_pref("network.proxy.http_port", 8080); -> FOUND

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD7500BPVT-75HXZT3 +++++
--- User ---
[MBR] 19c6190e5ca794a77f04ff8093587dc1
[bSP] 2252737ad4e991122ec98402bb717fe4 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_09162014_211443.log - RKreport_SCN_09162014_210944.log - RKreport_SCN_09172014_131145.log - RKreport_SCN_09212014_161845.log
RKreport_SCN_09232014_124831.log - RKreport_SCN_09232014_130740.log - RKreport_SCN_09262014_141722.log - RKreport_SCN_10062014_175928.log
RKreport_SCN_10062014_190324.log

Link to post
Share on other sites

  • Root Admin

You can just ignore the warning about ERUNT and install it. We can deal with it if needed afterwards.

 

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Link to post
Share on other sites

I have installed ERUNT and clicked no when asked about creating a start menu folder.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.1 (10.06.2014:1)
OS: Windows 8.1 x64
Ran by Anthony on 07/10/2014 at 19:36:46.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A3D028CD-0D72-4E93-BDCF-DBAFA2F3B60E}



~~~ Files

Successfully deleted: [File] "C:\WINDOWS\wininit.ini"



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Anthony\AppData\Roaming\mozilla\firefox\profiles\cqwyqvfd.default\prefs.js

user_pref("browser.search.useDBForOrder", "false");
user_pref("cbguardian.guardianpolldate", "Thu Mar 24 2011 15:23:38 GMT+0000 (GMT Standard Time)");
user_pref("cbguardian.guardianshownotification", true);
Emptied folder: C:\Users\Anthony\AppData\Roaming\mozilla\firefox\profiles\cqwyqvfd.default\minidumps [7 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\ehjldlodmkdlooagebfnaghgmkfccipn
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ehjldlodmkdlooagebfnaghgmkfccipn



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/10/2014 at 19:40:08.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

# AdwCleaner v3.311 - Report created 07/10/2014 at 19:54:48
# Updated 30/09/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Anthony - ANTHONY
# Running from : C:\Users\Anthony\Downloads\adwcleaner_3.311.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17278


-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[ File : C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\prefs.js ]


-\\ Google Chrome v37.0.2062.124

[ File : C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2286 octets] - [08/04/2014 19:58:26]
AdwCleaner[R10].txt - [2825 octets] - [16/09/2014 16:19:41]
AdwCleaner[R11].txt - [2886 octets] - [16/09/2014 16:41:52]
AdwCleaner[R12].txt - [1714 octets] - [16/09/2014 18:00:39]
AdwCleaner[R13].txt - [1776 octets] - [16/09/2014 21:22:36]
AdwCleaner[R14].txt - [1837 octets] - [21/09/2014 15:39:38]
AdwCleaner[R15].txt - [1898 octets] - [23/09/2014 14:19:11]
AdwCleaner[R16].txt - [1959 octets] - [26/09/2014 14:10:58]
AdwCleaner[R17].txt - [2020 octets] - [07/10/2014 19:52:54]
AdwCleaner[R18].txt - [1339 octets] - [07/10/2014 19:54:48]
AdwCleaner[R1].txt - [2346 octets] - [08/04/2014 20:05:07]
AdwCleaner[R2].txt - [2406 octets] - [08/04/2014 20:46:18]
AdwCleaner[R3].txt - [2466 octets] - [12/04/2014 17:59:44]
AdwCleaner[R4].txt - [2526 octets] - [25/04/2014 19:12:49]
AdwCleaner[R5].txt - [2278 octets] - [18/05/2014 14:46:03]
AdwCleaner[R6].txt - [2338 octets] - [25/05/2014 22:49:58]
AdwCleaner[R7].txt - [2437 octets] - [12/08/2014 19:56:00]
AdwCleaner[R8].txt - [2635 octets] - [10/09/2014 19:11:57]
AdwCleaner[R9].txt - [2697 octets] - [14/09/2014 20:50:14]
AdwCleaner[s0].txt - [2894 octets] - [16/09/2014 16:42:46]

########## EOF - C:\AdwCleaner\AdwCleaner[R18].txt - [2000 octets] ##########

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 07/10/2014
Scan Time: 20:02:57
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.07.11
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Anthony

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 316297
Time Elapsed: 13 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe    a variant of Win32/HiddenStart.A potentially unsafe application

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Anthony (administrator) on ANTHONY on 07-10-2014 21:05:22
Running from C:\Users\Anthony\Desktop
Loaded Profile: Anthony (Available profiles: Anthony)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\SmartAudio3.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Spotify Ltd) C:\Users\Anthony\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(abelhadigital.com) C:\Program Files (x86)\HostsMan\hm.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Flux Software LLC) C:\Users\Anthony\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files\Ditto\Ditto.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2898768 2012-07-09] (ELAN Microelectronics Corp.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5752480 2012-07-11] (Dell Inc.)
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4015346877-3346498852-3124713193-1001\...\Run: [spotify Web Helper] => C:\Users\Anthony\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-18] (Spotify Ltd)
HKU\S-1-5-21-4015346877-3346498852-3124713193-1001\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2117632 2014-07-06] (Dominik Reichl)
HKU\S-1-5-21-4015346877-3346498852-3124713193-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKU\S-1-5-21-4015346877-3346498852-3124713193-1001\...\Run: [HostsMan] => C:\Program Files (x86)\HostsMan\hm.exe [7922688 2014-08-28] (abelhadigital.com)
HKU\S-1-5-21-4015346877-3346498852-3124713193-1001\...\Run: [sandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-4015346877-3346498852-3124713193-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
Startup: C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKLM - {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM - {A3D028CD-0D72-4E93-BDCF-DBAFA2F3B60E} URL = http://Lasaoren.com/results.php?f=4&q={searchTerms}&a=lrn_ir_14_38_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0D0ByDyD0DtC0BtCtC0Ezz0F0A0AtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFyEtFtBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyCtB0E0AyDyE0B0AtGzzzzyEtDtG0F0CtAzytGzyzyyEtCtGtDtDzy0A0EtBtCtC0FzzyEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0CtDzz0CyDyDzytGtA0A0EyCtGyEtB0ByEtGzyzztByEtGyCyCzytC0FtBtD0AzyyCyEtD2Q&cr=1362351949&ir=
SearchScopes: HKLM-x32 - {A3D028CD-0D72-4E93-BDCF-DBAFA2F3B60E} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKCU - DefaultScope {A3D028CD-0D72-4E93-BDCF-DBAFA2F3B60E} URL =
SearchScopes: HKCU - {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default
FF NewTab: hxxp://news.bbc.co.uk
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF NetworkProxy: "ftp", "87.250.52.230"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "gopher", "87.250.52.230"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "http", "87.250.52.230"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "87.250.52.230"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "87.250.52.230"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\searchplugins\ixquick-https.xml
FF Extension: British English Dictionary (Updated) - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\en-gb@flyingtophat.co.uk [2014-03-06]
FF Extension: KeeFox - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\keefox@chris.tomlinson [2014-06-11]
FF Extension: FireShot - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-07-26]
FF Extension: LastTab - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\{68E5DD30-A659-4987-99F9-EAF21F9D4140}(117) [2013-02-21]
FF Extension: Disconnect - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\2.0@disconnect.me.xpi [2013-07-25]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-03-08]
FF Extension: Copy Plain Text 2 - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\copyplaintext@teo.pl.xpi [2014-07-26]
FF Extension: I don't care about cookies - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\jid1-KKzOGWgsW3Ao4Q@jetpack.xpi [2014-03-21]
FF Extension: Settings Guard for Firefox - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\settings-guard@mozilla.com.xpi [2014-09-27]
FF Extension: Download Status Bar - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-01-18]
FF Extension: YouTube High Definition - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-07-10]
FF Extension: eCleaner - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\{c72c0c73-4eb0-4fb3-af0f-074e97326cfd}.xpi [2014-09-26]
FF Extension: Adblock Plus - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-21]
FF Extension: Tab Mix Plus - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-02-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-01]

Chrome:
=======
CHR Profile: C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10]
CHR Extension: (avast! Online Security) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-23]
CHR Extension: (Google Wallet) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-02]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-17] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-02] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2012-07-04] (Conexant Systems, Inc.)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
S3 InnovativeSolutions_monitor; C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [1064880 2014-08-25] ()
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-05-05] (Microsoft Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-11-26] (SoftThinks SAS)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2014-09-10] (RaMMicHaeL)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-02] ()
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-10-02] (Emsisoft GmbH)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-06] ()
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-09-21] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-10] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-07 21:05 - 2014-10-07 21:05 - 00022495 _____ () C:\Users\Anthony\Desktop\FRST.txt
2014-10-07 21:04 - 2014-10-07 21:04 - 00000000 ____D () C:\Users\Anthony\Desktop\FRST-OlderVersion
2014-10-07 21:02 - 2014-10-07 21:02 - 00000145 _____ () C:\Users\Anthony\Desktop\eset.txt
2014-10-07 20:20 - 2014-10-07 20:20 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-07 20:19 - 2014-10-07 20:19 - 02347384 _____ (ESET) C:\Users\Anthony\Desktop\esetsmartinstaller_enu.exe
2014-10-07 19:40 - 2014-10-07 19:40 - 00001557 _____ () C:\Users\Anthony\Desktop\JRT.txt
2014-10-07 19:36 - 2014-10-07 19:36 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-10-07 19:32 - 2014-10-07 19:32 - 01375089 _____ () C:\Users\Anthony\Downloads\adwcleaner_3.311.exe
2014-10-07 19:15 - 2014-10-07 19:16 - 01705141 _____ (Thisisu) C:\Users\Anthony\Desktop\JRT.exe
2014-10-07 19:14 - 2014-10-07 19:14 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-10-07 19:13 - 2014-10-07 19:13 - 00000942 _____ () C:\Users\Anthony\Desktop\NTREGOPT.lnk
2014-10-07 19:13 - 2014-10-07 19:13 - 00000923 _____ () C:\Users\Anthony\Desktop\ERUNT.lnk
2014-10-07 19:13 - 2014-10-07 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-10-07 19:13 - 2014-10-07 19:13 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-10-06 18:40 - 2014-10-06 18:40 - 05491800 _____ () C:\Users\Anthony\Desktop\RogueKillerX64.exe
2014-10-06 16:27 - 2014-10-06 16:28 - 00004502 _____ () C:\Users\Anthony\Desktop\Rkill.txt
2014-10-06 16:11 - 2014-10-06 16:11 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Anthony\Desktop\rkill.exe
2014-10-04 22:18 - 2014-10-04 22:18 - 00016100 _____ () C:\HijackPatrol.log
2014-10-02 18:03 - 2014-10-02 18:05 - 00000000 ____D () C:\EEK
2014-10-02 17:51 - 2014-10-02 17:55 - 158874160 _____ () C:\Users\Anthony\Downloads\EmsisoftEmergencyKit.exe
2014-09-28 11:37 - 2014-09-28 11:37 - 00000000 ___RD () C:\Sandbox
2014-09-28 11:26 - 2014-09-29 14:55 - 00001812 _____ () C:\WINDOWS\Sandboxie.ini
2014-09-28 11:26 - 2014-09-28 11:25 - 00000870 _____ () C:\Users\Anthony\Desktop\Sandboxed Web Browser.lnk
2014-09-28 11:25 - 2014-09-28 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-09-28 11:18 - 2014-09-28 11:18 - 00000000 ____D () C:\Program Files\Sandboxie
2014-09-28 08:49 - 2014-10-07 20:08 - 00432769 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-28 08:42 - 2014-09-28 08:42 - 00369808 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-27 11:22 - 2014-10-07 21:05 - 00000000 ____D () C:\FRST
2014-09-27 11:21 - 2014-10-07 21:04 - 02109952 _____ (Farbar) C:\Users\Anthony\Desktop\FRST64.exe
2014-09-26 14:00 - 2014-09-26 14:00 - 00006928 _____ () C:\Users\Anthony\Documents\cc_20140926_135958.reg
2014-09-25 23:25 - 2014-09-25 23:25 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\MusicBrainz
2014-09-25 23:25 - 2014-09-25 23:25 - 00000000 ____D () C:\Users\Anthony\AppData\Local\cache
2014-09-25 23:24 - 2014-09-25 23:24 - 00001189 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBrainz Picard.lnk
2014-09-25 23:24 - 2014-09-25 23:24 - 00000000 ____D () C:\Program Files (x86)\MusicBrainz Picard
2014-09-23 17:40 - 2014-09-24 17:08 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Mp3tag
2014-09-23 17:40 - 2014-09-23 17:40 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-09-21 16:54 - 2014-09-21 17:53 - 00000000 ____D () C:\Users\Anthony\Downloads\Bluescreenview
2014-09-21 16:02 - 2014-09-26 14:21 - 00000000 ____D () C:\WINDOWS\Minidump
2014-09-21 16:01 - 2014-10-06 17:11 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-09-17 15:43 - 2014-10-07 21:03 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Ditto
2014-09-17 15:43 - 2014-09-17 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ditto
2014-09-17 15:43 - 2014-09-17 15:43 - 00000000 ____D () C:\Program Files\Ditto
2014-09-17 13:02 - 2014-10-07 14:56 - 00000000 ____D () C:\Users\Anthony\AppData\Local\CrashDumps
2014-09-16 21:16 - 2014-09-16 21:16 - 00006741 _____ () C:\Users\Anthony\Documents\RKreport_DEL_09162014_211443.log
2014-09-16 21:02 - 2014-09-21 15:58 - 00033512 _____ () C:\WINDOWS\SysWOW64\Drivers\TrueSight.sys
2014-09-16 21:02 - 2014-09-16 21:02 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-16 16:50 - 2014-09-16 16:50 - 00005548 _____ () C:\Users\Anthony\Documents\cc_20140916_165037.reg
2014-09-14 17:48 - 2014-09-16 14:28 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\FreeFileSync
2014-09-14 17:29 - 2014-09-14 17:29 - 00000000 ____D () C:\Program Files\FreeFileSync
2014-09-14 16:21 - 2014-09-14 16:21 - 00014850 _____ () C:\Users\Anthony\Documents\cc_20140914_162124.reg
2014-09-14 15:32 - 2014-10-06 20:42 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-09-14 15:32 - 2014-09-14 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-09-14 15:32 - 2014-09-14 15:32 - 00000000 ____D () C:\ProgramData\Licenses
2014-09-14 15:32 - 2011-11-04 05:13 - 01070352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX
2014-09-14 15:32 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTDFMT.DLL
2014-09-14 14:44 - 2014-09-14 14:44 - 00000000 ____D () C:\Users\Public\Documents\HostsMan Backups
2014-09-14 14:44 - 2014-09-14 14:44 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\abelhadigital.com
2014-09-14 14:44 - 2014-09-14 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HostsMan
2014-09-14 14:44 - 2014-09-14 14:44 - 00000000 ____D () C:\ProgramData\abelhadigital.com
2014-09-14 14:44 - 2014-09-14 14:44 - 00000000 ____D () C:\Program Files (x86)\HostsMan
2014-09-14 14:02 - 2014-09-14 14:02 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2014-09-14 14:01 - 2014-09-14 14:01 - 00000000 ____D () C:\Users\Anthony\AppData\Local\FluxSoftware
2014-09-10 20:03 - 2014-08-23 08:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-09-10 20:03 - 2014-08-23 08:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-09-10 20:03 - 2014-08-23 07:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-09-10 20:03 - 2014-08-23 06:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-09-10 20:03 - 2014-08-23 05:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-09-10 20:03 - 2014-08-23 05:34 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-09-10 20:03 - 2014-08-23 05:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-09-10 20:03 - 2014-08-23 05:31 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-09-10 20:03 - 2014-08-23 05:20 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-09-10 20:03 - 2014-08-15 01:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2014-09-10 20:03 - 2014-07-30 02:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-09-10 20:03 - 2014-07-29 06:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2014-09-10 16:26 - 2014-09-10 16:26 - 00000000 ____D () C:\ProgramData\Unchecky
2014-09-10 15:17 - 2014-08-16 03:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-10 15:17 - 2014-08-16 03:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-09-10 15:17 - 2014-08-16 03:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-10 15:17 - 2014-08-16 03:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-10 15:17 - 2014-08-16 02:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-09-10 15:17 - 2014-08-16 02:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-09-10 15:17 - 2014-08-16 02:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-09-10 15:17 - 2014-08-16 02:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-09-10 15:17 - 2014-08-16 02:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-10 15:17 - 2014-08-16 02:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-09-10 15:17 - 2014-08-16 02:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-09-10 15:17 - 2014-08-16 02:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-09-10 15:17 - 2014-08-16 02:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-10 15:17 - 2014-08-16 02:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-09-10 15:17 - 2014-08-16 02:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-10 15:17 - 2014-08-16 02:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-09-10 15:17 - 2014-08-16 02:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-10 15:17 - 2014-08-16 02:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-10 15:17 - 2014-08-16 02:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-10 15:17 - 2014-08-16 02:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-10 15:17 - 2014-08-16 02:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-09-10 15:17 - 2014-08-16 01:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 15:17 - 2014-08-16 01:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-10 15:17 - 2014-08-16 01:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-10 15:17 - 2014-08-16 01:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-09-10 15:17 - 2014-08-16 01:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-09-10 15:17 - 2014-08-16 01:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-09-10 15:17 - 2014-08-16 01:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-09-10 15:17 - 2014-08-16 01:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-09-10 15:17 - 2014-08-16 01:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-09-10 15:17 - 2014-08-16 01:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-10 15:17 - 2014-08-16 01:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-09-10 15:17 - 2014-08-16 01:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-09-10 15:17 - 2014-08-16 01:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-09-10 15:17 - 2014-08-16 01:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-09-10 15:04 - 2014-08-02 01:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-09-10 15:03 - 2014-07-24 04:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-10 15:03 - 2014-07-24 04:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2014-09-09 18:45 - 2014-09-09 18:45 - 10036224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-07 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-07 20:45 - 2013-03-17 15:47 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-07 20:01 - 2014-04-26 16:26 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-07 20:00 - 2014-05-03 22:00 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\ClassicShell
2014-10-07 19:55 - 2014-04-08 19:08 - 00000000 ____D () C:\AdwCleaner
2014-10-07 19:51 - 2012-11-19 10:40 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-10-07 19:48 - 2013-02-17 11:50 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4015346877-3346498852-3124713193-1001
2014-10-07 19:47 - 2013-03-21 16:01 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\KeePass
2014-10-07 19:43 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-07 19:43 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-10-07 19:42 - 2013-02-17 17:12 - 00000000 ____D () C:\Program Files\PeerBlock
2014-10-07 19:31 - 2013-03-29 17:37 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\tixati
2014-10-07 19:05 - 2014-03-18 11:03 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-06 21:49 - 2013-02-17 14:56 - 00000000 ____D () C:\Users\Anthony\Documents\Calibre Library
2014-10-06 21:27 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-10-06 20:42 - 2012-11-19 10:31 - 00000000 ____D () C:\ProgramData\Temp
2014-10-04 15:15 - 2013-02-17 16:17 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-10-02 14:23 - 2014-03-31 12:46 - 00000000 ____D () C:\Users\Anthony\Documents\OneNote Notebooks
2014-10-02 12:10 - 2013-03-03 18:15 - 00001170 _____ () C:\Users\Anthony\Documents\Albums deleted.txt
2014-10-02 12:07 - 2013-02-17 12:01 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-09-27 17:44 - 2013-03-23 19:46 - 00148942 _____ () C:\Users\Anthony\Documents\MyNewDatabase.kdbx
2014-09-26 15:42 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-26 14:22 - 2014-01-03 21:40 - 00000000 ____D () C:\Program Files (x86)\System Ninja
2014-09-26 14:21 - 2013-02-17 20:06 - 00000000 ____D () C:\Program Files\Defraggler
2014-09-26 13:53 - 2014-05-04 14:33 - 00009626 _____ () C:\Users\Anthony\Documents\All installed programs.txt
2014-09-26 13:37 - 2013-02-17 16:15 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-26 11:36 - 2014-03-31 12:30 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-26 11:25 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-26 11:18 - 2013-02-17 12:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-25 12:52 - 2013-02-17 12:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 13:35 - 2013-04-25 18:14 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\vlc
2014-09-24 11:12 - 2013-09-08 13:31 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\CUE Tools
2014-09-23 12:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Registration
2014-09-22 20:15 - 2014-04-25 20:34 - 00000000 ____D () C:\Users\Anthony\Downloads\Windows update notifier
2014-09-22 20:14 - 2014-05-23 20:45 - 00000000 ____D () C:\Users\Anthony\Downloads\Carom3d
2014-09-22 16:33 - 2014-07-24 17:22 - 00000785 _____ () C:\Users\Anthony\AppData\Roaming\burnaware.ini
2014-09-21 21:52 - 2014-05-05 15:13 - 00000000 ____D () C:\Users\Anthony
2014-09-21 16:31 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-09-19 21:44 - 2011-07-23 15:21 - 00000000 ____D () C:\Users\Anthony\Documents\Items for sale
2014-09-18 18:54 - 2013-02-17 16:45 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Spotify
2014-09-18 18:49 - 2013-02-17 16:45 - 00000000 ____D () C:\Users\Anthony\AppData\Local\Spotify
2014-09-18 13:39 - 2013-04-18 14:13 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-18 13:39 - 2013-04-18 14:13 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-17 17:25 - 2013-04-18 14:13 - 00003890 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-17 17:25 - 2013-04-18 14:13 - 00003654 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-16 18:30 - 2014-06-12 15:16 - 00000000 ____D () C:\Users\Anthony\Downloads\tdsskiller
2014-09-16 15:45 - 2014-07-24 17:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free
2014-09-16 15:45 - 2014-07-24 17:21 - 00000000 ____D () C:\Program Files (x86)\BurnAware Free
2014-09-14 20:45 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\vpnplugins
2014-09-14 15:53 - 2012-11-19 10:39 - 00000000 ____D () C:\WINDOWS\eBayDesktopShortcut
2014-09-14 14:31 - 2014-01-03 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Ninja
2014-09-12 13:49 - 2014-04-21 10:12 - 00000000 ____D () C:\Program Files\Recuva
2014-09-12 13:48 - 2013-02-24 16:48 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 11.lnk
2014-09-12 13:48 - 2013-02-24 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
2014-09-10 20:14 - 2013-07-19 13:23 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-10 20:10 - 2013-02-21 13:53 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-10 20:04 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-09-10 15:18 - 2014-06-10 20:11 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-09-10 15:18 - 2014-06-10 20:11 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-10 15:18 - 2014-06-10 20:11 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-09-10 15:18 - 2014-06-10 20:11 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-09-10 15:18 - 2014-06-10 20:11 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-10 15:18 - 2014-06-10 20:11 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-10 15:18 - 2014-06-10 20:11 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-10 15:18 - 2014-06-10 20:11 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-09-10 15:18 - 2014-06-10 20:10 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-10 15:18 - 2014-06-10 20:10 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-09-10 15:18 - 2014-06-10 20:10 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-09-10 15:18 - 2014-06-10 20:10 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-10 15:18 - 2014-05-05 23:56 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-10 15:18 - 2014-05-05 23:56 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-10 15:17 - 2014-06-10 20:10 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-10 15:17 - 2014-06-10 20:10 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-09 18:45 - 2013-03-17 15:47 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

Some content of TEMP:
====================
C:\Users\Anthony\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-07 15:06

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01
Ran by Anthony at 2014-10-07 21:06:01
Running from C:\Users\Anthony\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Advanced Uninstaller PRO - Version 11 (HKLM-x32\...\AU11_is1) (Version: 11.48.0.196 - Innovative Solutions)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD AVIVO64 Codecs (Version: 12.5.100.20719 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{0CD183F1-E511-0777-1C35-DC29235885C5}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AudioShell 2.0 beta 1 (HKLM\...\AudioShell_is1) (Version: 2.0 beta 1 - Softpointer Inc)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
BurnAware Free 6.9 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
calibre 64bit (HKLM\...\{0F072A3A-7D6F-4CE0-AB44-10DB3A7B3852}) (Version: 1.17.0 - Kovid Goyal)
calibre 64bit (HKLM\...\{57ADE316-7B2D-4DD0-BA95-11AF9B58B3DA}) (Version: 2.2.0 - Kovid Goyal)
Carom3D (HKLM-x32\...\Carom3D) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CDCheck (HKLM-x32\...\CDCheck) (Version:  - )
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.40.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.5 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.5 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)
Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.39 - PC-Doctor, Inc.)
Dell Touchpad (HKLM\...\Elantech) (Version: 11.3.1.4 - ELAN Microelectronic Corp.)
Ditto (HKLM\...\Ditto_is1) (Version:  - Scott Brogden)
DSC/AA Factory Installer (Version: 3.2.6032.39 - PC-Doctor, Inc.) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
f.lux (HKCU\...\Flux) (Version:  - )
FreeFileSync 6.9 (HKLM-x32\...\FreeFileSync) (Version: 6.9 - Zenju)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.2.0.822 - Citrix Online, a division of Citrix Systems, Inc.)
HostsMan 4.5.102 (HKLM-x32\...\{1A3DD1A9-7B7B-4ECA-AD2F-98466F49F62C}_is1) (Version: 4.5.102.0 - abelhadigital.com)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 16.1.1.0084 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Intel® WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
KeePass Password Safe 2.27 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.27 - Dominik Reichl)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mp3tag v2.64 (HKLM-x32\...\Mp3tag) (Version: v2.64 - Florian Heidenreich)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.2 - MusicBrainz)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.005 - Dell Inc.)
RadLight APE DirectShow filter (remove only) (HKLM-x32\...\RadLight APE DirectShow filter) (Version:  - "RadLight, LLC.")
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SlimComputer (HKLM-x32\...\{574BF026-4487-4051-BCE5-83C4E40AAF6D}) (Version: 1.3.30878 - SlimWare Utilities, Inc.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Spotify (HKCU\...\Spotify) (Version: 0.9.13.24.g5dbb3103 - Spotify AB)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.5.2 - Krzysztof Kowalczyk)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 6.5.48.0 - 2BrightSparks)
System Ninja version 3.0.3 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.0.3 - SingularLabs)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Tixati (HKLM-x32\...\tixati) (Version:  - )
Unchecky v0.2.16 (HKLM-x32\...\Unchecky) (Version: 0.2.16 - RaMMicHaeL)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
Wisdom-soft ScreenHunter 6.0 Free (HKLM-x32\...\Wisdom-soft ScreenHunter 6.0 Free) (Version:  - Wisdom Software Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4015346877-3346498852-3124713193-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Anthony\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

16-09-2014 15:38:05 due to running adwcleaner
24-09-2014 11:35:23 Scheduled Checkpoint
07-10-2014 14:30:45 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2014-10-07 19:43 - 00002187 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.tracking.opencandy.com.s3.amazonaws.com
127.0.0.1 www.media.opencandy.com
127.0.0.1 www.cdn.opencandy.com
127.0.0.1 www.tracking.opencandy.com
127.0.0.1 www.api.opencandy.com
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us

There are 9 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {291BCD87-841C-4C76-ACEB-C0280F69F167} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-07-17] (PC-Doctor, Inc.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {4582F1BC-6E74-41CE-9846-6D94FBE6851A} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-4015346877-3346498852-3124713193-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {46CCF37A-20AF-407C-B8AB-B21A77CB9927} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-02] (AVAST Software)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {81345431-A3FC-47B6-8F00-0F59F2117983} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {86C64F1E-148B-49AB-A3B5-6F50F740A73C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {99767C56-B9DF-404C-8AFE-D3B59915661D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {BEC7B78E-B39A-4C71-A44D-40B57FAE9DDE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-09-10] (Microsoft Corporation)
Task: {BF58E14B-1069-43E0-80DD-BB525A2FD9CD} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {C1DC4B08-CAFD-4478-8F96-CBF4294E4CF7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-18] (Google Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D08F1AB1-8F5E-4779-937E-7A750E734C77} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {D180CFFA-23FE-4D2C-9C78-13ADB80B1687} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-07-17] (PC-Doctor, Inc.)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E2ACF668-4308-4463-9ECA-B3DD4467FB01} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {E3BDCA69-0278-4D27-AE94-D673C4802877} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E82EB3E3-1D40-40C3-9A67-B317508CFF5E} - System32\Tasks\SlimComputer Run => C:\Program Files (x86)\SlimComputer\SlimComputer.exe [2013-07-10] (SlimWare Utilities, Inc.)
Task: {E8CBC4AA-D88C-48AF-BC1C-F1D8E2326D92} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {EDE4B366-A711-4D37-B207-7A399F373344} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {F4C6DE01-F3AD-4D7B-A2B2-19ADBC2BBC71} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-18] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-09-26 11:34 - 2014-09-26 11:34 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-02-21 15:39 - 2011-10-26 18:41 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2009-11-19 03:34 - 2009-11-19 03:34 - 00022016 _____ () C:\WINDOWS\System32\suge1l6.dll
2014-03-31 12:30 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-11-19 10:25 - 2012-04-05 21:55 - 00164992 _____ () C:\Program Files\Conexant\SA3\MaxxAudioWrapper.dll
2014-07-07 15:22 - 2014-07-07 15:22 - 00046080 _____ () C:\Users\Anthony\AppData\Local\KeePass\PluginCache\NyObG8KG1yCFmHQvJcRD\Fleck2.dll
2013-03-23 18:12 - 2014-07-06 09:36 - 00372736 _____ () C:\Program Files (x86)\KeePass Password Safe 2\KeePass.XmlSerializers.dll
2014-09-17 15:43 - 2014-06-06 21:43 - 01880064 _____ () C:\PROGRAM FILES\DITTO\DITTO.EXE
2014-07-02 21:04 - 2014-07-02 21:04 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-07 19:45 - 2014-10-07 19:45 - 02859008 _____ () C:\Program Files\AVAST Software\Avast\defs\14100702\algo.dll
2014-09-10 21:18 - 2014-09-10 21:18 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\8dd48af515d8e2453ca6d118ad35baeb\PSIClient.ni.dll
2014-09-26 11:29 - 2014-09-26 11:29 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-07-02 21:04 - 2014-07-02 21:04 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-11-19 10:26 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-02-17 12:07 - 2014-09-25 12:52 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "BTMTrayAgent"
HKCU\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKCU\...\StartupApproved\Run: => "Spybot-S&D Cleaning"

========================= Accounts: ==========================

Administrator (S-1-5-21-4015346877-3346498852-3124713193-500 - Administrator - Disabled)
Anthony (S-1-5-21-4015346877-3346498852-3124713193 - Administrator - Enabled)
Guest (S-1-5-21-4015346877-3346498852-3124713193-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (10/07/2014 08:20:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (10/07/2014 08:20:20 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (10/07/2014 08:20:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (10/07/2014 08:19:43 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.


System errors:
=============
Error: (10/07/2014 07:46:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (10/07/2014 08:20:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Anthony\Desktop\esetsmartinstaller_enu.exe

Error: (10/07/2014 08:20:20 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Anthony\Desktop\esetsmartinstaller_enu.exe

Error: (10/07/2014 08:20:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Anthony\Desktop\esetsmartinstaller_enu.exe

Error: (10/07/2014 08:19:43 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Anthony\Desktop\esetsmartinstaller_enu.exe


CodeIntegrity Errors:
===================================
  Date: 2013-05-26 15:09:04.567
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MCWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-26 15:09:04.536
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MCWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-26 15:09:04.111
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MCWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-26 15:09:03.913
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MCWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-12 12:55:13.523
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MCWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-12 12:55:13.476
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MCWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-12 12:55:13.105
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MCWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-12 12:55:12.902
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MCWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-12 12:19:30.619
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MCWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-12 12:19:30.386
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MCWrp64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 41%
Total physical RAM: 6013.27 MB
Available physical RAM: 3493.74 MB
Total Pagefile: 12157.27 MB
Available Pagefile: 9571.89 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:684.88 GB) (Free:578.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 48A4F829)

Partition: GPT Partition Type.

==================== End Of Log ============================




 

Link to post
Share on other sites

  • Root Admin

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome
Start by disabling Sync
How To Delete Your Google Chrome Browser Sync Data
Chrome - Reset browser settings
If that fails then Uninstall Google Chrome and do not reinstall until sure the system is clean.
 

 

 

 

Next,

panda-av.jpg Scan with Panda Cloud Cleaner

This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.

Please download Panda Cloud Cleaner and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Install the scanner by right-click on panda-av.jpg icon and select RunAsAdmin.jpg Run as Administrator.
  • It should start itself automaticaly after the installation.
  • In the main console click Accept and Scan.
  • This scan won't take long, about several minutes (depending on your system specs). Let it run uninterrupted.
  • At the last stage you will see a couple of messages about veryfying & analyzing results. Wait patiently.
  • Upon completion you will see detections window. Enter one of them and click there View Report at the bottom right side.
  • A notepad window named PCloudCleaner.log will open. Save it to your desktop.


Please include the contents of that file in your next reply.
Don't forget to re-enable your switched-off protection software!
After that you may uninstall Panda Cloud Cleaner from your machine, if you wish to.
 

Link to post
Share on other sites

ESET scanner which I did previously found 1 item which I pasted in my last post, which was:

 

C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe    a variant of Win32/HiddenStart.A potentially unsafe application

 

What exactly has been detected so far?  Anything serious?

 

I have reset Internet Explorer

I have uninstalled Google Chrome (it was a backup in case I could not view a page in Firefox). I will reinstall it if need be.

Now, Firefox, which is my main browser.

I have not reset Firefox yet as I have a lot of tabs open (which reload when starting Firefox) and extension settings which I will need to remember, and then there is Keepass and Keefox which I really do not want to mess about with.

If I mess with Keepass/Keefox which has all my passwords........this is one thing I am extremely worried about.

 

I have run the Panda scan without resetting Firefox which I know is not perfect, but is there a way to save settings and extension settings and then there is Keepass/Keefox?

 

 

. FILE: C:\PROGRAMDATA\INSTALLMATE\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}\SETUP.EXE to be deleted.

. FILE: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol\Uninstall WinPatrol.lnk to be deleted.

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0

Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLEREGISTRYTOOLS]. Value: DISABLEREGISTRYTOOLS To be deleted.

Malware. REGKEY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM[DISABLETASKMGR]. Value: DISABLETASKMGR To be deleted.
 

Link to post
Share on other sites

I want to reset Firefox but I am quite busy with work at the moment and I don't have time to sort out all the extensions and everything else that will need sorting out.

 

One question:

When disabling Avast to run the scans and I am still connected to the internet, won't I be vulnerable to virus infections etc.?

Link to post
Share on other sites

  • Root Admin

The scan only takes a moment so you're not really that much of a threat as you're not supposed to be browsing the Internet and your firewall should be on.

 

As for the files from Panda I would delete all of them except the WinPatrol entry.

 

As for resetting Firefox you should be able to print out your add-on, extensions so you know what you are, were using. You can also save/export your NoScript settings and I would assume the same for your key password program. Then your bookmarks as well (those typically are touched but sometimes things happen so best to backup). Once everything is backed up you should be okay to clean up. However if there are no longer any issues and no redirects or other malware related issues you might not need to reset Firefox at this time.

Link to post
Share on other sites

I have not detected any changes with Firefox since the cleanup - it does seem to be a bit quicker.

 

Of all the programs I have run is there anything I need to go back to delete anything, which I had to do with Panda cloud cleaner, or were they deleted automatically when I ran the progam?

 

What about the file that Eset found: C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe    a variant of Win32/HiddenStart.A potentially unsafe application

 

Was that a false positive?

 

So the programs I have run have found problems and fixed them - anything serious?

 

Of all the programs you asked me to download onto my desktop, can I now delete them including the scan results which were added to my desktop?

 

Should I keep some of them to use again?

 

Thanks

Link to post
Share on other sites

Emsisoft Emergency Kit - Version 9.0
Last update: 10/10/2014 20:07:46
User account: Anthony\Anthony

Scan settings:

Scan type: Smart Scan
Objects: Rootkits, Memory, Traces, C:\WINDOWS\, C:\Program Files\, C:\Program Files (x86)\

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    10/10/2014 20:09:49
Value: HKEY_USERS\S-1-5-21-4015346877-3346498852-3124713193-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-4015346877-3346498852-3124713193-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)

Scanned    198087
Found    2

Scan end:    10/10/2014 20:35:39
Scan time:    0:25:50
 

Link to post
Share on other sites

Just ran another Roguekiller scan.

What can I delete:

 

Here are the results:

 

RogueKiller V10.0.1.0 (x64) [Oct 10 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Anthony [Administrator]
Mode : Scan -- Date : 10/10/2014  20:52:28

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4015346877-3346498852-3124713193-1001\Software\Microsoft\Internet Explorer\Main | Start Page :   -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4015346877-3346498852-3124713193-1001\Software\Microsoft\Internet Explorer\Main | Start Page :   -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 39 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 www.tracking.opencandy.com.s3.amazonaws.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 www.media.opencandy.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 www.cdn.opencandy.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 www.tracking.opencandy.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 www.api.opencandy.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 media.opencandy.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.opencandy.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 api.opencandy.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 installer.betterinstaller.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 installer.filebulldog.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 inno.bisrv.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 nsis.bisrv.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.file2desktop.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.goateastcach.us
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.guttastatdk.us
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.inskinmedia.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.oibundles2.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.playbryte.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.llogetfastcach.us
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.montiera.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.msdwnld.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.mypcbackup.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.ppdownload.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.riceateastcach.us
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.shyapotato.us
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.solimba.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.tuto4pc.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.appround.biz
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.bigspeedpro.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.bispd.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.bisrv.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.cdndp.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.download.sweetpacks.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.dpdownload.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.visualbee.net

¤¤¤ Antirootkit : 6 (Driver: Loaded) ¤¤¤
[iAT:Addr] (explorer.exe) dwmapi.dll -  : Unknown @ 0xa7b0000
[iAT:Addr] (explorer.exe) dwmapi.dll -  : Unknown @ 0xa7b0020
[iAT:Addr] (explorer.exe) dwmapi.dll -  : Unknown @ 0xa7b0040
[EAT:Addr] (explorer.exe) NetworkExplorer.dll - DllCanUnloadNow : C:\WINDOWS\system32\fontext.dll @ 0x7ffee261fa74
[EAT:Addr] (explorer.exe) NetworkExplorer.dll - DllGetClassObject : C:\WINDOWS\system32\fontext.dll @ 0x7ffee261f8d0
[EAT:Addr] (explorer.exe) NetworkExplorer.dll - InstallFontFile : C:\WINDOWS\system32\fontext.dll @ 0x7ffee2624ddc

¤¤¤ Web browsers : 2 ¤¤¤
[PUM.Proxy][FIREFX:Config] cqwyqvfd.default : user_pref("network.proxy.http", "87.250.52.230"); -> Found
[PUM.Proxy][FIREFX:Config] cqwyqvfd.default : user_pref("network.proxy.http_port", 8080); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD7500BPVT-75HXZT3 +++++
--- User ---
[MBR] 19c6190e5ca794a77f04ff8093587dc1
[bSP] 2252737ad4e991122ec98402bb717fe4 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_09162014_211443.log - RKreport_SCN_09162014_210944.log - RKreport_SCN_09172014_131145.log - RKreport_SCN_09212014_161845.log
RKreport_SCN_09232014_124831.log - RKreport_SCN_09232014_130740.log - RKreport_SCN_09262014_141722.log - RKreport_SCN_10062014_175928.log
RKreport_SCN_10062014_190324.log - RKreport_SCN_10062014_190826.log

Link to post
Share on other sites

  • Root Admin

Don't delete anything. Those are all okay.

Please find and upload this file to www.virustotal.com and then post back a link to the scan. If they say it's been scanned before tell it to go ahead and rescan.

c:\windows\system32\drivers\truesight.sys

This one below is a false positive. Do not delete it, just leave it alone.

C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe

Thanks

Link to post
Share on other sites

I noticed c:\windows\system32\drivers\truesight.sys when I ran autoruns.

 

I have just rerun autoruns and I can't find it anymore?

 

As I can't find it I have not run the Totalvirus scan.

 

So the results below which I posted above are nothing to be worried about?

 

The two registry found is nothing to be worried about with the Emsisoft scan?

 

What about the Registry/Antirootkit and Web browser results which were found by Roguekiller?

 

Posted 10 October 2014 - 08:38 PM

Emsisoft Emergency Kit - Version 9.0
Last update: 10/10/2014 20:07:46
User account: Anthony\Anthony

Scan settings:

Scan type: Smart Scan
Objects: Rootkits, Memory, Traces, C:\WINDOWS\, C:\Program Files\, C:\Program Files (x86)\

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    10/10/2014 20:09:49
Value: HKEY_USERS\S-1-5-21-4015346877-3346498852-3124713193-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-4015346877-3346498852-3124713193-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)

Scanned    198087
Found    2

Scan end:    10/10/2014 20:35:39
Scan time:    0:25:50

 

Posted 10 October 2014 - 09:00 PM:

 

RogueKiller V10.0.1.0 (x64) [Oct 10 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Anthony [Administrator]
Mode : Scan -- Date : 10/10/2014  20:52:28

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4015346877-3346498852-3124713193-1001\Software\Microsoft\Internet Explorer\Main | Start Page :   -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4015346877-3346498852-3124713193-1001\Software\Microsoft\Internet Explorer\Main | Start Page :   -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 39 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 www.tracking.opencandy.com.s3.amazonaws.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 www.media.opencandy.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 www.cdn.opencandy.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 www.tracking.opencandy.com
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 www.api.opencandy.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 media.opencandy.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.opencandy.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 tracking.opencandy.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 api.opencandy.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 installer.betterinstaller.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 installer.filebulldog.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 inno.bisrv.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 nsis.bisrv.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.file2desktop.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.goateastcach.us
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.guttastatdk.us
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.inskinmedia.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.oibundles2.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.insta.playbryte.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.llogetfastcach.us
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.montiera.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.msdwnld.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.mypcbackup.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.ppdownload.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.riceateastcach.us
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.shyapotato.us
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.solimba.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.tuto4pc.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.appround.biz
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.bigspeedpro.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.bispd.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.bisrv.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.cdndp.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.download.sweetpacks.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.dpdownload.com
[C:\WINDOWS\System32\drivers\etc\hosts] 0.0.0.0 cdn.visualbee.net

¤¤¤ Antirootkit : 6 (Driver: Loaded) ¤¤¤
[iAT:Addr] (explorer.exe) dwmapi.dll -  : Unknown @ 0xa7b0000
[iAT:Addr] (explorer.exe) dwmapi.dll -  : Unknown @ 0xa7b0020
[iAT:Addr] (explorer.exe) dwmapi.dll -  : Unknown @ 0xa7b0040
[EAT:Addr] (explorer.exe) NetworkExplorer.dll - DllCanUnloadNow : C:\WINDOWS\system32\fontext.dll @ 0x7ffee261fa74
[EAT:Addr] (explorer.exe) NetworkExplorer.dll - DllGetClassObject : C:\WINDOWS\system32\fontext.dll @ 0x7ffee261f8d0
[EAT:Addr] (explorer.exe) NetworkExplorer.dll - InstallFontFile : C:\WINDOWS\system32\fontext.dll @ 0x7ffee2624ddc

¤¤¤ Web browsers : 2 ¤¤¤
[PUM.Proxy][FIREFX:Config] cqwyqvfd.default : user_pref("network.proxy.http", "87.250.52.230"); -> Found
[PUM.Proxy][FIREFX:Config] cqwyqvfd.default : user_pref("network.proxy.http_port", 8080); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD7500BPVT-75HXZT3 +++++
--- User ---
[MBR] 19c6190e5ca794a77f04ff8093587dc1
[bSP] 2252737ad4e991122ec98402bb717fe4 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_09162014_211443.log - RKreport_SCN_09162014_210944.log - RKreport_SCN_09172014_131145.log - RKreport_SCN_09212014_161845.log
RKreport_SCN_09232014_124831.log - RKreport_SCN_09232014_130740.log - RKreport_SCN_09262014_141722.log - RKreport_SCN_10062014_175928.log
RKreport_SCN_10062014_190324.log - RKreport_SCN_10062014_190826.log

Link to post
Share on other sites

  • Root Admin

Well what's odd is that Panda should have removed the entries for you but assuming you were not able to we can manually remove if needed.

 

The antirootkit is not necessarily bad it's just saying it sees something. You also have a proxy running still it shows that we should remove. Emsisoft should be able to remove this for you though as well. Doesn't it offer to remove it?

 

Let me get a new FRST scan log and make sure you place a check mark in the Additions.txt check box and post back both new logs.

Link to post
Share on other sites

Can you explain what these do:

 

Value: HKEY_USERS\S-1-5-21-4015346877-3346498852-3124713193-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-4015346877-3346498852-3124713193-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)

 

You mention that I have a proxy running - what is this and what does it do?

Could it have been created by a program I use, and needs it to run?

 

What were the six PUM registry results found?  What do they do?

 

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-4015346877-3346498852-3124713193-1001\Software\Microsoft\Internet Explorer\Main | Start Page :   -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-4015346877-3346498852-3124713193-1001\Software\Microsoft\Internet Explorer\Main | Start Page :   -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

 

I will post a new FRST log tomorrow, I don't have time to do it now.

 

Thanks

Link to post
Share on other sites

  • Root Admin

The policy settings attempt to prevent users from running programs or utilities on the computer. Often done to help prevent you from removing an infection using built in tools.

The other settings are normal to find and nothing to worry about. We'll use FRST logs to determine what else needs to be done.

Cheers

Link to post
Share on other sites

Hi

 

I tried to quarantine the two found (shown below) using Panda Cleaner but Panda Cleaner never seemed to get rid of them, so I have now quarantined them using Emsisoft Emergency Kit.

 

Value: HKEY_USERS\S-1-5-21-4015346877-3346498852-3124713193-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-4015346877-3346498852-3124713193-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-10-2014 02
Ran by Anthony (administrator) on ANTHONY on 16-10-2014 17:28:19
Running from C:\Users\Anthony\Desktop
Loaded Profile: Anthony (Available profiles: Anthony)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\SmartAudio3.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(abelhadigital.com) C:\Program Files (x86)\HostsMan\hm.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Flux Software LLC) C:\Users\Anthony\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files\Ditto\Ditto.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Spotify Ltd) C:\Users\Anthony\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(PeerBlock, LLC) C:\Program Files\PeerBlock\peerblock.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2898768 2012-07-09] (ELAN Microelectronics Corp.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5752480 2012-07-11] (Dell Inc.)
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2109952 2014-10-07] (Dominik Reichl)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4015346877-3346498852-3124713193-1001\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2109952 2014-10-07] (Dominik Reichl)
HKU\S-1-5-21-4015346877-3346498852-3124713193-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKU\S-1-5-21-4015346877-3346498852-3124713193-1001\...\Run: [HostsMan] => C:\Program Files (x86)\HostsMan\hm.exe [7922688 2014-08-28] (abelhadigital.com)
HKU\S-1-5-21-4015346877-3346498852-3124713193-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bitPCloudBroom64.exe \systemroot\system32\BroomData.bit

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-gb/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x562D7E2E0FE3CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM - {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM - {A3D028CD-0D72-4E93-BDCF-DBAFA2F3B60E} URL = http://Lasaoren.com/results.php?f=4&q={searchTerms}&a=lrn_ir_14_38_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0D0ByDyD0DtC0BtCtC0Ezz0F0A0AtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFyEtFtBtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyCtB0E0AyDyE0B0AtGzzzzyEtDtG0F0CtAzytGzyzyyEtCtGtDtDzy0A0EtBtCtC0FzzyEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0E0CtDzz0CyDyDzytGtA0A0EyCtGyEtB0ByEtGzyzztByEtGyCyCzytC0FtBtD0AzyyCyEtD2Q&cr=1362351949&ir=
SearchScopes: HKLM-x32 - {A3D028CD-0D72-4E93-BDCF-DBAFA2F3B60E} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default
FF NewTab: hxxp://news.bbc.co.uk
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF NetworkProxy: "ftp", "87.250.52.230"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "gopher", "87.250.52.230"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "http", "87.250.52.230"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "87.250.52.230"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "87.250.52.230"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\searchplugins\ixquick-https.xml
FF Extension: British English Dictionary (Updated) - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\en-gb@flyingtophat.co.uk [2014-03-06]
FF Extension: KeeFox - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\keefox@chris.tomlinson [2014-10-09]
FF Extension: FireShot - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-07-26]
FF Extension: LastTab - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\{68E5DD30-A659-4987-99F9-EAF21F9D4140}(117) [2013-02-21]
FF Extension: Disconnect - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\2.0@disconnect.me.xpi [2013-07-25]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-03-08]
FF Extension: Copy Plain Text 2 - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\copyplaintext@teo.pl.xpi [2014-07-26]
FF Extension: I don't care about cookies - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\jid1-KKzOGWgsW3Ao4Q@jetpack.xpi [2014-03-21]
FF Extension: Settings Guard for Firefox - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\settings-guard@mozilla.com.xpi [2014-09-27]
FF Extension: Download Status Bar - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-01-18]
FF Extension: YouTube High Definition - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-07-10]
FF Extension: eCleaner - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\{c72c0c73-4eb0-4fb3-af0f-074e97326cfd}.xpi [2014-09-26]
FF Extension: Adblock Plus - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-21]
FF Extension: Tab Mix Plus - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\cqwyqvfd.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-02-21]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-01]

Chrome:
=======
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-17] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-02] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2012-07-04] (Conexant Systems, Inc.)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
S4 InnovativeSolutions_monitor; C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [1064880 2014-08-25] ()
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-12] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-05-05] (Microsoft Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-11-26] (SoftThinks SAS)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [111208 2014-10-14] (RaMMicHaeL)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-02] ()
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-10-02] (Emsisoft GmbH)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-12] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-10] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-16 17:28 - 2014-10-16 17:28 - 00020899 _____ () C:\Users\Anthony\Desktop\FRST.txt
2014-10-15 16:33 - 2014-09-10 07:25 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-10-15 16:33 - 2014-09-08 04:07 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-10-15 16:33 - 2014-09-08 04:07 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-10-15 16:33 - 2014-09-07 23:08 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-10-15 16:33 - 2014-09-04 23:30 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-10-15 16:33 - 2014-09-04 23:21 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-10-15 16:33 - 2014-09-04 04:15 - 00561416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-10-15 16:33 - 2014-09-04 04:14 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-10-15 16:33 - 2014-09-04 04:05 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-10-15 16:33 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-10-15 16:33 - 2014-09-04 02:19 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-10-15 16:33 - 2014-09-04 02:01 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-10-15 16:33 - 2014-09-04 01:45 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-10-15 16:33 - 2014-09-04 01:41 - 01420288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-10-15 16:33 - 2014-09-04 01:36 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-10-15 16:33 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-10-15 16:33 - 2014-09-04 01:15 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-10-15 16:33 - 2014-08-31 01:17 - 00148800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-10-15 16:33 - 2014-08-31 01:15 - 21197152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-10-15 16:33 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-10-15 16:33 - 2014-08-30 23:05 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2014-10-15 16:33 - 2014-08-30 22:58 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2014-10-15 16:33 - 2014-08-30 22:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-10-15 16:33 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2014-10-15 16:33 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-10-15 16:33 - 2014-08-28 03:55 - 07484224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-10-15 16:33 - 2014-08-28 01:21 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-10-15 16:33 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-10-15 16:33 - 2014-08-23 06:14 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-10-15 16:33 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-10-15 16:33 - 2014-08-23 05:50 - 02714112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-10-15 16:33 - 2014-08-02 01:51 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2014-10-15 16:33 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2014-10-15 16:17 - 2014-09-27 23:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-10-15 16:17 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-15 16:17 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-15 16:17 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-15 16:17 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-15 16:17 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-15 16:17 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-15 16:17 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-15 16:17 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-15 16:17 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-15 16:17 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-10-15 16:17 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-10-15 16:17 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-15 16:17 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-15 16:17 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-10-15 16:17 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-10-15 16:17 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-15 16:17 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-10-15 16:17 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-15 16:17 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-15 16:17 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-15 16:17 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-15 16:17 - 2014-09-19 01:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-15 16:17 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-15 16:17 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-15 16:17 - 2014-09-19 01:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-15 16:17 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-15 16:17 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-15 16:17 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-10-15 16:17 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-15 16:17 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-10-15 16:17 - 2014-09-08 04:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-10-15 16:17 - 2014-09-08 02:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-10-15 16:17 - 2014-09-08 02:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-10-15 16:17 - 2014-09-08 01:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-10-15 16:17 - 2014-09-08 01:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-10-15 16:17 - 2014-09-08 01:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-10-15 16:17 - 2014-09-08 01:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-10-15 16:17 - 2014-09-08 01:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-10-15 16:17 - 2014-09-08 01:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-10-15 16:17 - 2014-09-08 01:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-10-15 16:17 - 2014-09-08 00:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-10-15 16:17 - 2014-09-08 00:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-10-15 16:17 - 2014-09-08 00:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-10-15 16:17 - 2014-09-08 00:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-10-15 16:17 - 2014-09-04 01:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-10-15 16:17 - 2014-09-04 00:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-10-15 16:17 - 2014-09-04 00:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-10-15 16:16 - 2014-09-13 07:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-15 16:16 - 2014-09-13 07:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-15 16:16 - 2014-09-13 06:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-15 16:16 - 2014-09-13 06:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-15 16:16 - 2014-09-04 01:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-15 16:16 - 2014-09-04 01:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-15 16:16 - 2014-08-29 02:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-10-15 16:16 - 2014-08-29 00:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-10-15 16:16 - 2014-08-29 00:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-10-14 17:38 - 2014-10-14 17:38 - 00009153 _____ () C:\Users\Anthony\Documents\TMPpref.txt
2014-10-14 16:14 - 2014-10-15 18:02 - 00004732 _____ () C:\WINDOWS\PFRO.log
2014-10-14 16:12 - 2014-10-14 16:12 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\InstallShield
2014-10-14 15:55 - 2013-08-05 20:20 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\WINDOWS\SysWOW64\CSVer.dll
2014-10-14 15:54 - 2014-10-14 15:54 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2014-10-14 15:51 - 2013-09-12 17:55 - 00099288 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverx64.sys
2014-10-14 15:48 - 2014-10-14 15:48 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-10-14 15:48 - 2013-09-04 21:06 - 00329944 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtsUVStor.sys
2014-10-12 16:45 - 2014-10-12 16:46 - 11239424 _____ () C:\Users\Anthony\Downloads\EMET Setup.msi
2014-10-10 20:46 - 2014-10-10 20:46 - 18495064 _____ () C:\Users\Anthony\Downloads\RogueKillerX64.exe
2014-10-10 19:39 - 2014-10-10 19:39 - 625408276 _____ () C:\WINDOWS\MEMORY.DMP
2014-10-10 19:39 - 2014-10-10 19:39 - 00287744 _____ () C:\WINDOWS\Minidump\101014-23218-01.dmp
2014-10-10 16:44 - 2014-10-14 15:54 - 00001093 _____ () C:\WINDOWS\setupact.log
2014-10-10 16:44 - 2014-10-10 16:44 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-10-10 13:56 - 2014-10-15 18:00 - 00000856 _____ () C:\WINDOWS\SysWOW64\BroomData.bit
2014-10-10 13:56 - 2013-04-08 16:30 - 00022752 _____ () C:\WINDOWS\system32\PCloudBroom64.exe
2014-10-08 17:32 - 2014-10-10 13:42 - 00001304 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-10-08 17:32 - 2014-10-08 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-10-08 17:09 - 2013-04-29 09:17 - 00047632 _____ (Panda Security, S.L.) C:\WINDOWS\system32\Drivers\PSKMAD.sys
2014-10-08 16:56 - 2014-10-08 17:32 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-10-07 21:04 - 2014-10-16 17:27 - 00000000 ____D () C:\Users\Anthony\Desktop\FRST-OlderVersion
2014-10-07 21:02 - 2014-10-07 21:02 - 00000145 _____ () C:\Users\Anthony\Desktop\eset.txt
2014-10-07 20:20 - 2014-10-07 20:20 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-07 20:19 - 2014-10-07 20:19 - 02347384 _____ (ESET) C:\Users\Anthony\Desktop\esetsmartinstaller_enu.exe
2014-10-07 19:40 - 2014-10-07 19:40 - 00001557 _____ () C:\Users\Anthony\Desktop\JRT.txt
2014-10-07 19:36 - 2014-10-07 19:36 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-10-07 19:32 - 2014-10-07 19:32 - 01375089 _____ () C:\Users\Anthony\Downloads\adwcleaner_3.311.exe
2014-10-07 19:15 - 2014-10-07 19:16 - 01705141 _____ (Thisisu) C:\Users\Anthony\Desktop\JRT.exe
2014-10-07 19:14 - 2014-10-07 19:14 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-10-07 19:13 - 2014-10-07 19:13 - 00000942 _____ () C:\Users\Anthony\Desktop\NTREGOPT.lnk
2014-10-07 19:13 - 2014-10-07 19:13 - 00000923 _____ () C:\Users\Anthony\Desktop\ERUNT.lnk
2014-10-07 19:13 - 2014-10-07 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-10-07 19:13 - 2014-10-07 19:13 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-10-06 16:27 - 2014-10-06 16:28 - 00004502 _____ () C:\Users\Anthony\Desktop\Rkill.txt
2014-10-06 16:11 - 2014-10-06 16:11 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Anthony\Desktop\rkill.exe
2014-10-04 22:18 - 2014-10-04 22:18 - 00016100 _____ () C:\HijackPatrol.log
2014-10-02 18:03 - 2014-10-16 16:47 - 00000000 ____D () C:\EEK
2014-09-28 11:37 - 2014-09-28 11:37 - 00000000 ___RD () C:\Sandbox
2014-09-28 11:26 - 2014-10-09 16:47 - 00001812 _____ () C:\WINDOWS\Sandboxie.ini
2014-09-28 11:26 - 2014-09-28 11:25 - 00000870 _____ () C:\Users\Anthony\Desktop\Sandboxed Web Browser.lnk
2014-09-28 11:25 - 2014-09-28 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-09-28 11:18 - 2014-09-28 11:18 - 00000000 ____D () C:\Program Files\Sandboxie
2014-09-28 08:49 - 2014-10-16 17:13 - 01232887 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-28 08:42 - 2014-10-15 16:27 - 00369808 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-27 11:22 - 2014-10-16 17:28 - 00000000 ____D () C:\FRST
2014-09-27 11:21 - 2014-10-16 17:27 - 02111488 _____ (Farbar) C:\Users\Anthony\Desktop\FRST64.exe
2014-09-26 14:00 - 2014-09-26 14:00 - 00006928 _____ () C:\Users\Anthony\Documents\cc_20140926_135958.reg
2014-09-25 23:25 - 2014-09-25 23:25 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\MusicBrainz
2014-09-25 23:25 - 2014-09-25 23:25 - 00000000 ____D () C:\Users\Anthony\AppData\Local\cache
2014-09-25 23:24 - 2014-09-25 23:24 - 00001189 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBrainz Picard.lnk
2014-09-25 23:24 - 2014-09-25 23:24 - 00000000 ____D () C:\Program Files (x86)\MusicBrainz Picard
2014-09-23 17:40 - 2014-09-24 17:08 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Mp3tag
2014-09-23 17:40 - 2014-09-23 17:40 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-09-21 16:54 - 2014-09-21 17:53 - 00000000 ____D () C:\Users\Anthony\Downloads\Bluescreenview
2014-09-21 16:02 - 2014-10-10 19:39 - 00000000 ____D () C:\WINDOWS\Minidump
2014-09-21 16:01 - 2014-10-10 20:48 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-09-17 15:43 - 2014-10-16 17:22 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Ditto
2014-09-17 15:43 - 2014-09-17 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ditto
2014-09-17 15:43 - 2014-09-17 15:43 - 00000000 ____D () C:\Program Files\Ditto
2014-09-17 13:02 - 2014-10-16 17:02 - 00000000 ____D () C:\Users\Anthony\AppData\Local\CrashDumps
2014-09-16 21:16 - 2014-09-16 21:16 - 00006741 _____ () C:\Users\Anthony\Documents\RKreport_DEL_09162014_211443.log
2014-09-16 21:02 - 2014-09-21 15:58 - 00033512 _____ () C:\WINDOWS\SysWOW64\Drivers\TrueSight.sys
2014-09-16 21:02 - 2014-09-16 21:02 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-16 16:50 - 2014-09-16 16:50 - 00005548 _____ () C:\Users\Anthony\Documents\cc_20140916_165037.reg

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-16 17:22 - 2013-02-17 17:12 - 00000000 ____D () C:\Program Files\PeerBlock
2014-10-16 17:13 - 2013-03-21 16:01 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\KeePass
2014-10-16 17:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-16 16:52 - 2012-11-19 10:40 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-10-16 16:46 - 2013-02-17 12:01 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-10-16 16:45 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-15 20:05 - 2014-05-03 22:00 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\ClassicShell
2014-10-15 20:04 - 2014-03-18 11:03 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-15 20:04 - 2013-02-17 14:56 - 00000000 ____D () C:\Users\Anthony\Documents\Calibre Library
2014-10-15 19:45 - 2013-03-17 15:47 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-15 17:41 - 2013-03-29 17:37 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\tixati
2014-10-15 17:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-10-15 16:34 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-15 16:34 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-10-15 16:33 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-10-15 16:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-10-15 16:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-10-15 16:26 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-10-15 16:21 - 2013-07-19 13:23 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-15 16:18 - 2013-02-21 13:53 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-14 19:41 - 2014-04-21 10:12 - 00000000 ____D () C:\Program Files\Recuva
2014-10-14 19:40 - 2013-02-17 20:06 - 00000000 ____D () C:\Program Files\Defraggler
2014-10-14 19:38 - 2014-09-10 16:26 - 00000000 ____D () C:\ProgramData\Unchecky
2014-10-14 19:38 - 2013-02-17 16:15 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-14 19:24 - 2014-04-26 16:26 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-14 18:06 - 2013-02-17 11:50 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4015346877-3346498852-3124713193-1001
2014-10-14 16:12 - 2012-11-19 10:26 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-14 15:55 - 2012-11-19 10:24 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-10-14 15:48 - 2014-03-31 16:22 - 00000000 ____D () C:\WINDOWS\SysWOW64\sda
2014-10-12 13:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-10-10 21:11 - 2014-05-05 15:13 - 00000000 ____D () C:\Users\Anthony
2014-10-10 17:57 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-10-10 16:05 - 2014-09-14 15:32 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-10-10 16:05 - 2012-11-19 10:31 - 00000000 ____D () C:\ProgramData\Temp
2014-10-10 15:43 - 2013-02-17 16:17 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-10-10 15:41 - 2014-04-08 19:08 - 00000000 ____D () C:\AdwCleaner
2014-10-10 14:14 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-10-09 16:54 - 2014-05-04 16:41 - 00000000 ____D () C:\Program Files (x86)\Unchecky
2014-10-08 16:49 - 2013-04-18 14:13 - 00000000 ____D () C:\Users\Anthony\AppData\Local\Google
2014-10-08 16:49 - 2013-04-18 14:13 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-08 15:26 - 2013-03-23 18:12 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2014-10-08 15:26 - 2013-03-23 18:12 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-10-02 14:23 - 2014-03-31 12:46 - 00000000 ____D () C:\Users\Anthony\Documents\OneNote Notebooks
2014-10-02 12:10 - 2013-03-03 18:15 - 00001170 _____ () C:\Users\Anthony\Documents\Albums deleted.txt
2014-09-29 23:45 - 2013-08-22 16:38 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-29 23:45 - 2013-08-22 16:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-27 17:44 - 2013-03-23 19:46 - 00148942 _____ () C:\Users\Anthony\Documents\MyNewDatabase.kdbx
2014-09-26 14:22 - 2014-01-03 21:40 - 00000000 ____D () C:\Program Files (x86)\System Ninja
2014-09-26 13:53 - 2014-05-04 14:33 - 00009626 _____ () C:\Users\Anthony\Documents\All installed programs.txt
2014-09-26 11:36 - 2014-03-31 12:30 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-26 11:18 - 2013-02-17 12:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-25 12:52 - 2013-02-17 12:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 13:35 - 2013-04-25 18:14 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\vlc
2014-09-24 11:12 - 2013-09-08 13:31 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\CUE Tools
2014-09-23 12:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Registration
2014-09-22 20:15 - 2014-04-25 20:34 - 00000000 ____D () C:\Users\Anthony\Downloads\Windows update notifier
2014-09-22 20:14 - 2014-05-23 20:45 - 00000000 ____D () C:\Users\Anthony\Downloads\Carom3d
2014-09-22 16:33 - 2014-07-24 17:22 - 00000785 _____ () C:\Users\Anthony\AppData\Roaming\burnaware.ini
2014-09-19 21:44 - 2011-07-23 15:21 - 00000000 ____D () C:\Users\Anthony\Documents\Items for sale
2014-09-18 18:54 - 2013-02-17 16:45 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\Spotify
2014-09-18 18:49 - 2013-02-17 16:45 - 00000000 ____D () C:\Users\Anthony\AppData\Local\Spotify
2014-09-16 18:30 - 2014-06-12 15:16 - 00000000 ____D () C:\Users\Anthony\Downloads\tdsskiller
2014-09-16 15:45 - 2014-07-24 17:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free
2014-09-16 15:45 - 2014-07-24 17:21 - 00000000 ____D () C:\Program Files (x86)\BurnAware Free
2014-09-16 14:28 - 2014-09-14 17:48 - 00000000 ____D () C:\Users\Anthony\AppData\Roaming\FreeFileSync

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-15 19:30

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-10-2014 02
Ran by Anthony at 2014-10-16 17:29:11
Running from C:\Users\Anthony\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Advanced Uninstaller PRO - Version 11 (HKLM-x32\...\AU11_is1) (Version: 11.48.0.196 - Innovative Solutions)
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD AVIVO64 Codecs (Version: 12.5.100.20719 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{0CD183F1-E511-0777-1C35-DC29235885C5}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AudioShell 2.0 beta 1 (HKLM\...\AudioShell_is1) (Version: 2.0 beta 1 - Softpointer Inc)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
BurnAware Free 6.9 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
calibre 64bit (HKLM\...\{0F072A3A-7D6F-4CE0-AB44-10DB3A7B3852}) (Version: 1.17.0 - Kovid Goyal)
calibre 64bit (HKLM\...\{57ADE316-7B2D-4DD0-BA95-11AF9B58B3DA}) (Version: 2.2.0 - Kovid Goyal)
Carom3D (HKLM-x32\...\Carom3D) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0719.2148.37214 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0719.2149.37214 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CDCheck (HKLM-x32\...\CDCheck) (Version:  - )
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Conexant HD Audio (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 1.0.52.0 - Conexant)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.40.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.5 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.5 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)
Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.39 - PC-Doctor, Inc.)
Dell Touchpad (HKLM\...\Elantech) (Version: 11.3.1.4 - ELAN Microelectronic Corp.)
Ditto (HKLM\...\Ditto_is1) (Version:  - Scott Brogden)
DSC/AA Factory Installer (Version: 3.2.6032.39 - PC-Doctor, Inc.) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
f.lux (HKCU\...\Flux) (Version:  - )
FreeFileSync 6.9 (HKLM-x32\...\FreeFileSync) (Version: 6.9 - Zenju)
HostsMan 4.5.102 (HKLM-x32\...\{1A3DD1A9-7B7B-4ECA-AD2F-98466F49F62C}_is1) (Version: 4.5.102.0 - abelhadigital.com)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 16.1.1.0084 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Intel® WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
KeePass Password Safe 2.28 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.28 - Dominik Reichl)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mp3tag v2.64 (HKLM-x32\...\Mp3tag) (Version: v2.64 - Florian Heidenreich)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.2 - MusicBrainz)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.107 - Panda Security)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.005 - Dell Inc.)
RadLight APE DirectShow filter (remove only) (HKLM-x32\...\RadLight APE DirectShow filter) (Version:  - "RadLight, LLC.")
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SlimComputer (HKLM-x32\...\{574BF026-4487-4051-BCE5-83C4E40AAF6D}) (Version: 1.3.30878 - SlimWare Utilities, Inc.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Spotify (HKCU\...\Spotify) (Version: 0.9.13.24.g5dbb3103 - Spotify AB)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.5.2 - Krzysztof Kowalczyk)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 6.5.48.0 - 2BrightSparks)
System Ninja version 3.0.3 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.0.3 - SingularLabs)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Tixati (HKLM-x32\...\tixati) (Version:  - )
Unchecky v0.3.2 (HKLM-x32\...\Unchecky) (Version: 0.3.2 - RaMMicHaeL)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
Wisdom-soft ScreenHunter 6.0 Free (HKLM-x32\...\Wisdom-soft ScreenHunter 6.0 Free) (Version:  - Wisdom Software Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4015346877-3346498852-3124713193-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Anthony\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

24-09-2014 11:35:23 Scheduled Checkpoint
07-10-2014 14:30:45 Scheduled Checkpoint
14-10-2014 14:47:41 Installed Realtek Card Reader

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2014-10-16 16:45 - 00002187 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.tracking.opencandy.com.s3.amazonaws.com
127.0.0.1 www.media.opencandy.com
127.0.0.1 www.cdn.opencandy.com
127.0.0.1 www.tracking.opencandy.com
127.0.0.1 www.api.opencandy.com
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us

There are 9 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {291BCD87-841C-4C76-ACEB-C0280F69F167} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-07-17] (PC-Doctor, Inc.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {4582F1BC-6E74-41CE-9846-6D94FBE6851A} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-4015346877-3346498852-3124713193-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {46CCF37A-20AF-407C-B8AB-B21A77CB9927} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-02] (AVAST Software)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6CD1C8FC-D312-450D-BC49-324D22D0B321} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-15] (Microsoft Corporation)
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {81345431-A3FC-47B6-8F00-0F59F2117983} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {86C64F1E-148B-49AB-A3B5-6F50F740A73C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {99767C56-B9DF-404C-8AFE-D3B59915661D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {BF58E14B-1069-43E0-80DD-BB525A2FD9CD} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D08F1AB1-8F5E-4779-937E-7A750E734C77} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {D180CFFA-23FE-4D2C-9C78-13ADB80B1687} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-07-17] (PC-Doctor, Inc.)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E2ACF668-4308-4463-9ECA-B3DD4467FB01} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {E3BDCA69-0278-4D27-AE94-D673C4802877} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E82EB3E3-1D40-40C3-9A67-B317508CFF5E} - System32\Tasks\SlimComputer Run => C:\Program Files (x86)\SlimComputer\SlimComputer.exe [2013-07-10] (SlimWare Utilities, Inc.)
Task: {E8CBC4AA-D88C-48AF-BC1C-F1D8E2326D92} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {EDE4B366-A711-4D37-B207-7A399F373344} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-09-26 11:34 - 2014-09-26 11:34 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-02-21 15:39 - 2011-10-26 18:41 - 00318976 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2009-11-19 03:34 - 2009-11-19 03:34 - 00022016 _____ () C:\WINDOWS\System32\suge1l6.dll
2014-03-31 12:30 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-11-19 10:25 - 2012-04-05 21:55 - 00164992 _____ () C:\Program Files\Conexant\SA3\MaxxAudioWrapper.dll
2014-10-09 16:50 - 2014-10-09 16:50 - 00046080 _____ () C:\Users\Anthony\AppData\Local\KeePass\PluginCache\KFncGMfDpJaU3kGDyfaS\Fleck2.dll
2013-03-23 18:12 - 2014-10-07 17:29 - 00376832 _____ () C:\Program Files (x86)\KeePass Password Safe 2\KeePass.XmlSerializers.dll
2014-09-17 15:43 - 2014-06-06 21:43 - 01880064 _____ () C:\PROGRAM FILES\DITTO\DITTO.EXE
2014-07-02 21:04 - 2014-07-02 21:04 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-16 16:45 - 2014-10-16 16:45 - 02874368 _____ () C:\Program Files\AVAST Software\Avast\defs\14101506\algo.dll
2014-10-15 17:07 - 2014-10-15 17:07 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\80a14cd14e9579821dba2282b4349fef\PSIClient.ni.dll
2014-07-02 21:04 - 2014-07-02 21:04 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-14 15:54 - 2013-09-12 17:55 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-02-17 12:07 - 2014-09-25 12:52 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "BTMTrayAgent"
HKCU\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKCU\...\StartupApproved\Run: => "Spybot-S&D Cleaning"

========================= Accounts: ==========================

Administrator (S-1-5-21-4015346877-3346498852-3124713193-500 - Administrator - Disabled)
Anthony (S-1-5-21-4015346877-3346498852-3124713193 - Administrator - Enabled)
Guest (S-1-5-21-4015346877-3346498852-3124713193-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (10/16/2014 05:02:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39, time stamp: 0x4ffe56d2
Faulting module name: MSVCR90.dll, version: 9.0.30729.8387, time stamp: 0x51ea1bbd
Exception code: 0x40000015
Fault offset: 0x000000000004267f
Faulting process id: 0x128c
Faulting application start time: 0xpcdrsysinfocsmi.p5x0
Faulting application path: pcdrsysinfocsmi.p5x1
Faulting module path: pcdrsysinfocsmi.p5x2
Report Id: pcdrsysinfocsmi.p5x3
Faulting package full name: pcdrsysinfocsmi.p5x4
Faulting package-relative application ID: pcdrsysinfocsmi.p5x5

Error: (10/16/2014 04:45:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (10/15/2014 07:31:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (10/15/2014 07:00:24 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (10/15/2014 06:57:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (10/15/2014 06:03:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PCloudCleaner.exe, version: 1.0.0.1533, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 6.3.9600.17114, time stamp: 0x53648f36
Exception code: 0xc0000005
Fault offset: 0x0001ec81
Faulting process id: 0x1e0
Faulting application start time: 0xPCloudCleaner.exe0
Faulting application path: PCloudCleaner.exe1
Faulting module path: PCloudCleaner.exe2
Report Id: PCloudCleaner.exe3
Faulting package full name: PCloudCleaner.exe4
Faulting package-relative application ID: PCloudCleaner.exe5

Error: (10/15/2014 04:58:23 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (10/15/2014 04:49:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (10/14/2014 09:33:38 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (10/14/2014 06:10:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.


System errors:
=============
Error: (10/16/2014 04:50:42 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\System32\DRIVERS\PSKMAD.sys

Error: (10/16/2014 04:47:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/15/2014 07:14:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/15/2014 07:13:55 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\System32\DRIVERS\PSKMAD.sys

Error: (10/15/2014 06:05:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/15/2014 06:02:54 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\System32\DRIVERS\PSKMAD.sys

Error: (10/15/2014 05:40:53 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\System32\DRIVERS\PSKMAD.sys

Error: (10/15/2014 04:49:16 PM) (Source: DCOM) (EventID: 10010) (User: Anthony)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (10/15/2014 04:48:46 PM) (Source: DCOM) (EventID: 10010) (User: Anthony)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (10/15/2014 04:38:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (10/16/2014 05:02:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: pcdrsysinfocsmi.p5x6.0.6032.394ffe56d2MSVCR90.dll9.0.30729.838751ea1bbd40000015000000000004267f128c01cfe95a8513794cC:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5xC:\WINDOWS\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.8387_none_08e793bfa83a89b5\MSVCR90.dllcab3a003-554d-11e4-80c1-e0db55d1b11e

Error: (10/16/2014 04:45:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Anthony\Desktop\esetsmartinstaller_enu.exe

Error: (10/15/2014 07:31:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (10/15/2014 07:00:24 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (10/15/2014 06:57:44 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (10/15/2014 06:03:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PCloudCleaner.exe1.0.0.153300000000ntdll.dll6.3.9600.1711453648f36c00000050001ec811e001cfe899c6922e89C:\Program Files (x86)\Panda Security\Panda Cloud Cleaner\PCloudCleaner.exeC:\WINDOWS\SYSTEM32\ntdll.dll21cc32c2-548d-11e4-80bf-e0db55d1b11e

Error: (10/15/2014 04:58:23 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (10/15/2014 04:49:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (10/14/2014 09:33:38 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Anthony\Desktop\esetsmartinstaller_enu.exe

Error: (10/14/2014 06:10:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe


CodeIntegrity Errors:
===================================
  Date: 2013-05-26 15:09:04.567
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MCWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-26 15:09:04.536
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MCWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-26 15:09:04.111
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MCWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-26 15:09:03.913
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MCWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-12 12:55:13.523
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MCWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-12 12:55:13.476
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MCWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-12 12:55:13.105
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MCWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-12 12:55:12.902
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MCWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-12 12:19:30.619
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MCWrp64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-12 12:19:30.386
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\MCWrp64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 35%
Total physical RAM: 6013.27 MB
Available physical RAM: 3863.32 MB
Total Pagefile: 12157.27 MB
Available Pagefile: 9696.05 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:684.88 GB) (Free:577.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 48A4F829)

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Let's do a little more cleaning here.

Please download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.