Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91601 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

computer crash [Solved]


  • This topic is locked This topic is locked
120 replies to this topic

#61 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,133 posts

Posted 28 June 2014 - 06:43 PM

I'd like you to run Mbam or DDS... but apparently that isn't possible.  Let's try this:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

    Advertisements

Register to Remove


#62 wilma1313

wilma1313

    Silver Member

  • Authentic Member
  • PipPipPip
  • 386 posts

Posted 30 June 2014 - 07:43 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-06-2014 02
Ran by l (administrator) on PURPLE on 30-06-2014 08:23:49
Running from C:\Users\l\Desktop
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-11-12] (IDT, Inc.)
HKLM-x32\...\Run: [BtTray] => c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904 2013-01-10] (IVT Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-08] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2014-06-27] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-04-27] (Google Inc.)
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [gStart] => C:\Garmin\gStart.exe
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://speedial.com/...=2026722248&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPDTDFJS
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://speedial.com/...=2026722248&ir=
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPDTDFJS
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\windows\SysWow64\skype4com.dll (Skype Technologies)

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: https://www.yahoo.co...t&type=avastbcl
CHR StartupUrls: "https://www.yahoo.co...&type=avastbcl"
CHR NewTab: "chrome-extension://bakijjialdiiboeaknfpmflphhmljfkd/content/newtab/newtab.html"
CHR DefaultSearchProvider: "name": "Speedial"
CHR Extension: (Google Docs) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-04]
CHR Extension: (Google Drive) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-09]
CHR Extension: (YouTube) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-04]
CHR Extension: (Google Search) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-04]
CHR Extension: (Google Wallet) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-04]
CHR Extension: (Gmail) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-04]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-04] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-05-04] (AVAST Software)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1619704 2013-03-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2013-01-10] (IVT Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129336 2013-01-30] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-11-12] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-10-11] (Microsoft Corporation)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-04] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-05-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-04] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [447888 2014-05-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-04] ()
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg;
U4 BthHFEnum;
U4 bthhfhid;
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
R1 {a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64; C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys [61016 2014-06-09] (StdLib)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EraserUtilDrv11312; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [X]
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-30 08:23 - 2014-06-30 08:24 - 00017809 _____ () C:\Users\l\Desktop\FRST.txt
2014-06-30 08:22 - 2014-06-30 08:23 - 00000000 ____D () C:\FRST
2014-06-30 08:21 - 2014-06-30 08:21 - 02083328 _____ (Farbar) C:\Users\l\Desktop\FRST64.exe
2014-06-26 11:13 - 2014-06-29 09:02 - 00000099 _____ () C:\windows\SysWOW64\REMOTEDEVICE.INI
2014-06-20 16:36 - 2014-06-20 16:36 - 00099434 _____ () C:\Users\l\Documents\lori_tcdatabasebackup.tcx
2014-06-20 16:34 - 2014-06-20 16:34 - 00000000 ____D () C:\Users\l\Documents\My Garmin
2014-06-20 16:34 - 2014-06-20 16:34 - 00000000 ____D () C:\Users\l\AppData\Roaming\GARMIN
2014-06-20 16:34 - 2014-06-20 16:34 - 00000000 ____D () C:\ProgramData\GARMIN
2014-06-20 16:03 - 2014-06-20 16:03 - 00000000 ____D () C:\Program Files\DIFX
2014-06-20 11:31 - 2014-06-20 11:31 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-20 11:31 - 2014-06-20 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-20 11:31 - 2014-06-20 11:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-20 11:31 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-06-20 11:31 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-06-20 11:31 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-06-17 16:55 - 2014-06-17 16:55 - 00000000 ____D () C:\Users\l\AppData\Roaming\WebApp
2014-06-17 14:51 - 2014-06-17 14:51 - 00000000 ____D () C:\Users\l\AppData\Local\Cyberlink
2014-06-17 14:45 - 2014-06-17 14:45 - 00869456 _____ () C:\Users\l\Downloads\Norton_Removal_Tool (1).exe
2014-06-17 14:45 - 2014-06-17 14:45 - 00869456 _____ () C:\Users\l\Desktop\Norton_Removal_Tool.exe
2014-06-15 22:07 - 2014-06-15 22:07 - 00000000 ____D () C:\Users\l\AppData\Local\HP Quick Start
2014-06-14 08:03 - 2014-06-14 08:03 - 00000000 ____D () C:\Users\l\AppData\Local\Adobe
2014-06-13 06:43 - 2014-06-13 06:43 - 00003208 _____ () C:\Users\l\Desktop\AdwCleaner[S0].txt
2014-06-11 11:06 - 2014-05-23 21:48 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-11 11:06 - 2014-05-23 21:47 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-11 11:06 - 2014-05-23 21:47 - 01366016 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-11 11:06 - 2014-05-23 21:47 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-06-11 11:06 - 2014-05-23 21:47 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 19290112 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 15368704 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 02650112 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-11 11:06 - 2014-05-23 21:45 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-11 11:06 - 2014-05-23 21:45 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-11 11:06 - 2014-05-23 21:45 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-11 11:06 - 2014-05-23 20:26 - 14365696 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-11 11:06 - 2014-05-23 20:26 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-11 11:06 - 2014-05-23 20:26 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-11 11:06 - 2014-05-23 20:26 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-11 11:06 - 2014-05-23 20:26 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-11 11:06 - 2014-05-23 20:26 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-11 11:06 - 2014-05-23 20:26 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-06-11 11:06 - 2014-05-23 20:25 - 13731328 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-11 11:06 - 2014-05-23 20:25 - 02862080 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-11 11:06 - 2014-05-23 20:25 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-11 11:06 - 2014-05-23 20:25 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-11 11:06 - 2014-05-23 20:25 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-06-11 11:06 - 2014-05-23 20:25 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-11 11:06 - 2014-05-23 20:25 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-11 11:06 - 2014-05-23 20:25 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-06-11 11:06 - 2014-05-23 20:25 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-11 11:06 - 2014-05-23 20:25 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-11 11:06 - 2014-05-23 20:25 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-11 11:06 - 2014-05-23 20:09 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-11 11:06 - 2014-05-23 20:03 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-11 11:06 - 2014-05-23 17:37 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-06-11 11:06 - 2014-05-03 00:47 - 03246592 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-06-11 11:06 - 2014-05-02 22:34 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-06-11 11:05 - 2014-04-29 17:32 - 01301504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-06-11 11:05 - 2014-04-29 17:22 - 01023488 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-06-11 11:05 - 2014-04-03 06:19 - 00328024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
2014-06-11 11:05 - 2014-04-02 22:44 - 00619008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-06-11 11:05 - 2014-03-31 17:08 - 00387268 _____ () C:\windows\system32\ApnDatabase.xml
2014-06-11 11:05 - 2014-03-24 18:42 - 00305152 _____ (Microsoft Corporation) C:\windows\SysWOW64\wusa.exe
2014-06-11 11:05 - 2014-03-24 17:56 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\wusa.exe
2014-06-11 11:00 - 2014-06-13 06:39 - 00000000 ____D () C:\AdwCleaner
2014-06-11 11:00 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-06-11 10:59 - 2014-06-11 10:59 - 01333465 _____ () C:\Users\l\Desktop\AdwCleaner.exe
2014-06-11 10:57 - 2014-06-11 10:57 - 00002198 _____ () C:\Users\l\Desktop\JRT.txt
2014-06-11 10:50 - 2014-06-11 10:50 - 01016261 _____ (Thisisu) C:\Users\l\Desktop\JRT.exe
2014-06-11 10:36 - 2014-04-03 06:22 - 02233176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-11 10:36 - 2014-03-06 19:47 - 01419264 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-06-11 10:36 - 2014-03-06 19:08 - 01845760 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-06-10 13:33 - 2014-06-10 13:33 - 00625664 _____ () C:\Users\l\Desktop\dds.scr
2014-06-10 09:37 - 2014-06-09 12:24 - 00061016 _____ (StdLib) C:\windows\system32\Drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys
2014-06-10 08:46 - 2014-06-10 08:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-10 08:46 - 2014-06-10 08:46 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-06-10 08:45 - 2014-06-14 11:20 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-10 08:45 - 2014-06-10 08:45 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-10 08:37 - 2014-06-10 08:37 - 00001464 _____ () C:\Users\l\Desktop\Norton Security Scan.LNK
2014-06-10 08:36 - 2014-06-13 07:02 - 00000000 ____D () C:\Program Files (x86)\Greener Web
2014-06-10 08:36 - 2014-06-10 08:36 - 00000046 _____ () C:\Users\l\AppData\Roaming\WB.CFG
2014-06-09 09:20 - 2014-06-11 10:51 - 00000000 ____D () C:\windows\ERUNT
2014-06-09 09:20 - 2014-06-09 09:20 - 00000848 _____ () C:\DelFix.txt
2014-06-02 15:57 - 2014-06-02 15:57 - 00000000 ____D () C:\Users\Public\CyberLink
2014-06-02 15:57 - 2014-06-02 15:57 - 00000000 ____D () C:\Users\l\Documents\CyberLink
2014-06-02 15:57 - 2014-06-02 15:57 - 00000000 ____D () C:\Users\l\AppData\Roaming\CyberLink

==================== One Month Modified Files and Folders =======

2014-06-30 08:24 - 2014-06-30 08:23 - 00017809 _____ () C:\Users\l\Desktop\FRST.txt
2014-06-30 08:23 - 2014-06-30 08:22 - 00000000 ____D () C:\FRST
2014-06-30 08:23 - 2014-04-30 16:26 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-06-30 08:23 - 2014-04-30 16:21 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-30 08:21 - 2014-06-30 08:21 - 02083328 _____ (Farbar) C:\Users\l\Desktop\FRST64.exe
2014-06-30 08:19 - 2013-03-22 12:00 - 00000983 _____ () C:\windows\SysWOW64\bscs.ini
2014-06-30 08:18 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\sru
2014-06-30 08:16 - 2013-07-17 12:49 - 00003620 _____ () C:\windows\SysWOW64\LOCALSERVICE.INI
2014-06-30 08:16 - 2013-07-17 12:49 - 00000088 _____ () C:\windows\SysWOW64\LOCALDEVICE.INI
2014-06-29 09:02 - 2014-06-26 11:13 - 00000099 _____ () C:\windows\SysWOW64\REMOTEDEVICE.INI
2014-06-28 13:26 - 2014-04-19 10:14 - 01646997 _____ () C:\windows\WindowsUpdate.log
2014-06-28 13:22 - 2014-04-27 09:23 - 00000902 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-26 22:34 - 2014-04-19 10:13 - 00000000 ____D () C:\Users\l
2014-06-26 17:58 - 2014-05-22 08:01 - 00000000 ____D () C:\Users\l\AppData\Local\CrashDumps
2014-06-26 11:14 - 2012-07-26 02:28 - 00876558 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-25 22:22 - 2014-04-27 09:23 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-25 05:52 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\NDF
2014-06-24 16:09 - 2014-04-19 10:23 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2497467096-1107912187-4260812050-1001
2014-06-24 15:59 - 2014-05-04 16:20 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-06-24 15:55 - 2012-07-26 02:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-23 09:06 - 2012-08-10 18:49 - 00241354 _____ () C:\windows\PFRO.log
2014-06-23 09:05 - 2012-07-26 00:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-06-20 22:17 - 2014-04-27 09:23 - 00003874 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-20 22:17 - 2014-04-27 09:23 - 00003638 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 16:36 - 2014-06-20 16:36 - 00099434 _____ () C:\Users\l\Documents\lori_tcdatabasebackup.tcx
2014-06-20 16:34 - 2014-06-20 16:34 - 00000000 ____D () C:\Users\l\Documents\My Garmin
2014-06-20 16:34 - 2014-06-20 16:34 - 00000000 ____D () C:\Users\l\AppData\Roaming\GARMIN
2014-06-20 16:34 - 2014-06-20 16:34 - 00000000 ____D () C:\ProgramData\GARMIN
2014-06-20 16:03 - 2014-06-20 16:03 - 00000000 ____D () C:\Program Files\DIFX
2014-06-20 11:31 - 2014-06-20 11:31 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-20 11:31 - 2014-06-20 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-20 11:31 - 2014-06-20 11:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-20 11:28 - 2013-07-17 12:46 - 00000000 ____D () C:\ProgramData\Norton
2014-06-20 11:18 - 2014-05-26 17:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-06-20 10:11 - 2014-04-20 17:43 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-18 10:39 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-06-17 16:55 - 2014-06-17 16:55 - 00000000 ____D () C:\Users\l\AppData\Roaming\WebApp
2014-06-17 14:51 - 2014-06-17 14:51 - 00000000 ____D () C:\Users\l\AppData\Local\Cyberlink
2014-06-17 14:45 - 2014-06-17 14:45 - 00869456 _____ () C:\Users\l\Downloads\Norton_Removal_Tool (1).exe
2014-06-17 14:45 - 2014-06-17 14:45 - 00869456 _____ () C:\Users\l\Desktop\Norton_Removal_Tool.exe
2014-06-15 22:07 - 2014-06-15 22:07 - 00000000 ____D () C:\Users\l\AppData\Local\HP Quick Start
2014-06-14 11:20 - 2014-06-10 08:45 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-14 08:03 - 2014-06-14 08:03 - 00000000 ____D () C:\Users\l\AppData\Local\Adobe
2014-06-14 08:03 - 2014-04-19 10:15 - 00000000 ____D () C:\Users\l\AppData\Roaming\Adobe
2014-06-14 07:47 - 2014-04-30 16:40 - 00002178 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-13 09:01 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\rescache
2014-06-13 07:02 - 2014-06-10 08:36 - 00000000 ____D () C:\Program Files (x86)\Greener Web
2014-06-13 06:43 - 2014-06-13 06:43 - 00003208 _____ () C:\Users\l\Desktop\AdwCleaner[S0].txt
2014-06-13 06:39 - 2014-06-11 11:00 - 00000000 ____D () C:\AdwCleaner
2014-06-12 03:03 - 2012-07-26 02:59 - 00000000 ____D () C:\windows\CbsTemp
2014-06-12 03:02 - 2014-04-20 18:10 - 00000000 ____D () C:\windows\system32\MRT
2014-06-12 03:00 - 2014-04-20 18:10 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-06-11 10:59 - 2014-06-11 10:59 - 01333465 _____ () C:\Users\l\Desktop\AdwCleaner.exe
2014-06-11 10:57 - 2014-06-11 10:57 - 00002198 _____ () C:\Users\l\Desktop\JRT.txt
2014-06-11 10:51 - 2014-06-09 09:20 - 00000000 ____D () C:\windows\ERUNT
2014-06-11 10:50 - 2014-06-11 10:50 - 01016261 _____ (Thisisu) C:\Users\l\Desktop\JRT.exe
2014-06-11 10:47 - 2014-04-27 09:41 - 00230400 ___SH () C:\Users\l\Desktop\Thumbs.db
2014-06-10 17:37 - 2012-07-26 00:26 - 00000230 _____ () C:\windows\win.ini
2014-06-10 13:33 - 2014-06-10 13:33 - 00625664 _____ () C:\Users\l\Desktop\dds.scr
2014-06-10 08:46 - 2014-06-10 08:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-10 08:46 - 2014-06-10 08:46 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-06-10 08:45 - 2014-06-10 08:45 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-10 08:37 - 2014-06-10 08:37 - 00001464 _____ () C:\Users\l\Desktop\Norton Security Scan.LNK
2014-06-10 08:36 - 2014-06-10 08:36 - 00000046 _____ () C:\Users\l\AppData\Roaming\WB.CFG
2014-06-09 12:24 - 2014-06-10 09:37 - 00061016 _____ (StdLib) C:\windows\system32\Drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys
2014-06-09 09:20 - 2014-06-09 09:20 - 00000848 _____ () C:\DelFix.txt
2014-06-09 08:34 - 2014-04-30 16:27 - 00000000 ____D () C:\windows\erdnt
2014-06-03 09:36 - 2014-04-19 10:14 - 00000000 ____D () C:\Users\l\AppData\Local\Packages
2014-06-02 22:30 - 2014-04-27 09:28 - 00000000 ____D () C:\Users\l\AppData\Local\Microsoft Help
2014-06-02 15:57 - 2014-06-02 15:57 - 00000000 ____D () C:\Users\Public\CyberLink
2014-06-02 15:57 - 2014-06-02 15:57 - 00000000 ____D () C:\Users\l\Documents\CyberLink
2014-06-02 15:57 - 2014-06-02 15:57 - 00000000 ____D () C:\Users\l\AppData\Roaming\CyberLink
2014-06-02 15:57 - 2013-07-17 12:41 - 00000000 ____D () C:\ProgramData\CyberLink
2014-05-31 00:16 - 2012-07-26 03:14 - 00703992 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-05-31 00:16 - 2012-07-26 03:14 - 00105464 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\l\AppData\Local\temp\BackupSetup.exe
C:\Users\l\AppData\Local\temp\mbam-setup.exe
C:\Users\l\AppData\Local\temp\ntdll_dump.dll
C:\Users\l\AppData\Local\temp\Quarantine.exe
C:\Users\l\AppData\Local\temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-23 07:19

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2014 02
Ran by l at 2014-06-30 08:24:14
Running from C:\Users\l\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3.5901 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2509 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.3.2509 - CyberLink Corp.) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.3724 - CyberLink Corp.)
Cyberlink PhotoDirector (x32 Version: 3.0.1.3724 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2301 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.3.2301 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2524 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.3.2524 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.4930 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.8.4930 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Greener Web (HKLM\...\Greener Web) (Version: 2014.06.10.125401 - Greener Web) <==== ATTENTION
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6263.4289 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6435.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.2989 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.6.0.1033 - Intel Corporation) Hidden
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.54744 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Ralink Bluetooth Stack64 (HKLM\...\{307AA214-8490-9119-DA81-C8E875AD1C94}) (Version: 11.0.737.5 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.21.0 - Mediatek)
Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.7.1 - Tweaking.com)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Restore Points =========================

09-06-2014 14:20:18 End of disinfection
18-06-2014 16:07:59 Scheduled Checkpoint
20-06-2014 21:38:00 Removed Garmin Training Center
28-06-2014 14:59:25 Scheduled Checkpoint

==================== Hosts content: ==========================

2012-07-26 00:26 - 2014-05-28 08:11 - 00000855 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {10D4323D-4C7C-4010-8844-B48021AA3E20} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-06-12] (Microsoft Corporation)
Task: {198487C3-FB56-4E08-8917-5DD5007C8D4F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2CA39437-F2BF-479F-9969-4D9925A7E54A} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {3D60A443-BC36-41BC-896B-49D33511DF94} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN22C1H152 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {3DB32E1A-08B9-4B73-930F-2B9195E87896} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation)
Task: {542A5A1B-299D-4E06-A305-C7D9FDF0015B} - \UpdaterEX No Task File <==== ATTENTION
Task: {5C76E07C-9D98-4A75-AA13-B59369744392} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {6A652256-3B94-4C31-BFBB-F3CB5808B5B8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {709DE5DF-4DA8-4924-BDF8-7A577CC96517} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-11-01] (CyberLink)
Task: {799825FE-73A5-480E-AD0A-4B45DFBAE5D2} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-20] (Microsoft Corporation)
Task: {93F90927-ED8B-437F-81BA-5C40E6C2E4E4} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AE052C15-93AC-4008-84B0-2B187495236D} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {AFCBAEA8-DA09-4B78-AB10-C108A970AE56} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {B73F3F76-7573-4E29-AFD4-02A1E933052E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {C53FC9F0-7ECC-4017-81B3-D5EFE1C525BE} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {C5A0688E-F6E1-439F-9D86-82A903D42E42} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-04] (AVAST Software)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C89B9738-FCE7-4177-B52B-75B4DCA93FDC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-27] (Google Inc.)
Task: {C98B8279-63B0-44F8-87D2-2793810CD57F} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-11-01] (CyberLink Corp.)
Task: {CB9023C9-0D6C-4EA4-9487-0ACEC8935D09} - \Speedial No Task File <==== ATTENTION
Task: {D723125F-04B8-4C05-9E96-80DD19849605} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-27] (Google Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-05-04 16:15 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-01-10 15:35 - 2013-01-10 15:35 - 00009728 _____ () C:\windows\system32\BsHelpCSps.dll
2014-06-20 10:10 - 2014-06-20 10:10 - 08890536 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-01-10 13:25 - 2013-01-10 13:25 - 00364544 _____ () C:\windows\system32\BsExtendFunc.dll
2013-01-10 15:30 - 2013-01-10 15:30 - 00022528 _____ () C:\windows\system32\BsTrace.dll
2013-01-10 15:35 - 2013-01-10 15:35 - 00055296 _____ () C:\windows\system32\BlueSoleilCSps.dll
2014-06-24 07:53 - 2014-06-24 07:53 - 02783744 _____ () C:\Program Files\AVAST Software\Avast\defs\14062400\algo.dll
2014-06-30 08:22 - 2014-06-30 08:22 - 02789376 _____ () C:\Program Files\AVAST Software\Avast\defs\14063000\algo.dll
2013-01-10 15:30 - 2013-01-10 15:30 - 00022528 _____ () C:\windows\SYSTEM32\BsTrace.dll
2013-01-10 15:35 - 2013-01-10 15:35 - 00009728 _____ () C:\windows\SYSTEM32\BsHelpCSps.dll
2013-01-10 15:35 - 2013-01-10 15:35 - 00055296 _____ () C:\windows\SYSTEM32\BlueSoleilCSps.dll
2013-03-22 12:06 - 2013-03-22 12:06 - 00387936 _____ () c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
2011-07-05 12:53 - 2011-07-05 12:53 - 00012800 _____ () c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll
2013-01-31 19:04 - 2013-01-31 19:04 - 00080120 _____ () C:\windows\SYSTEM32\BsProfilefunc.dll
2013-01-10 13:25 - 2013-01-10 13:25 - 00364544 _____ () C:\windows\SYSTEM32\BsExtendFunc.dll
2014-05-04 16:19 - 2014-05-04 16:19 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-07-17 12:33 - 2012-06-07 22:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-07-17 12:27 - 2013-01-23 18:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-01-03 01:59 - 2014-02-10 12:04 - 00430080 _____ () C:\windows\mod_frst.exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/29/2014 08:28:55 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (06/28/2014 09:59:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8

Error: (06/27/2014 04:51:30 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (06/27/2014 04:50:52 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (06/26/2014 06:08:04 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8

Error: (06/26/2014 05:58:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921, time stamp: 0x537fc9dc
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16864, time stamp: 0x531d2be6
Exception code: 0xe06d7363
Fault offset: 0x00010f22
Faulting process id: 0xf78
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (06/26/2014 08:46:43 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (06/26/2014 07:59:40 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (06/26/2014 07:59:01 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (06/25/2014 10:29:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16921, time stamp: 0x537fc9dc
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16864, time stamp: 0x531d2be6
Exception code: 0xe06d7363
Fault offset: 0x00010f22
Faulting process id: 0xaf0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5


System errors:
=============
Error: (06/30/2014 08:24:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error:
%%1053

Error: (06/30/2014 08:23:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error:
%%1053

Error: (06/30/2014 08:23:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error:
%%1053

Error: (06/30/2014 08:23:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error:
%%1053

Error: (06/30/2014 08:23:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error:
%%1053

Error: (06/30/2014 08:23:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error:
%%1053

Error: (06/30/2014 08:23:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error:
%%1053

Error: (06/30/2014 08:23:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error:
%%1053

Error: (06/30/2014 08:23:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error:
%%1053

Error: (06/30/2014 08:23:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (06/29/2014 08:28:55 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe

Error: (06/28/2014 09:59:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8

Error: (06/27/2014 04:51:30 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe

Error: (06/27/2014 04:50:52 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe

Error: (06/26/2014 06:08:04 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\windows\system32\mscoree.dll8

Error: (06/26/2014 05:58:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.16921537fc9dcKERNELBASE.dll6.2.9200.16864531d2be6e06d736300010f22f7801cf91921c795963C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\KERNELBASE.dll71cb561a-fd85-11e3-be85-0c84dc3bd976

Error: (06/26/2014 08:46:43 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe

Error: (06/26/2014 07:59:40 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe

Error: (06/26/2014 07:59:01 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe

Error: (06/25/2014 10:29:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.16921537fc9dcKERNELBASE.dll6.2.9200.16864531d2be6e06d736300010f22af001cf90eed868fcb0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\windows\SYSTEM32\KERNELBASE.dll1d4087df-fce2-11e3-be85-0c84dc3bd976


CodeIntegrity Errors:
===================================
Date: 2014-05-17 08:12:37.871
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-05-17 08:12:37.840
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-04-30 16:32:03.045
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 12207.45 MB
Available physical RAM: 10568.03 MB
Total Pagefile: 12607.45 MB
Available Pagefile: 10854.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1843.67 GB) (Free:1795.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:17.87 GB) (Free:2.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 35E80B5E)

Partition: GPT Partition Type.

==================== End Of Log ============================

#63 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,133 posts

Posted 30 June 2014 - 11:12 AM

 I believe I see a worm that may be at the root of your current issues.

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it  as fixlist.txt
 

HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2014-06-27] (Hewlett-Packard)
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://speedial.com/...=2026722248&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPDTDFJS
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://speedial.com/...=2026722248&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPDTDFJS
CHR NewTab: "chrome-extension://bakijjialdiiboeaknfpmflphhmljfkd/content/newtab/newtab.html"
CHR DefaultSearchProvider: "name": "Speedial"
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-06-13 07:02 - 2014-06-10 08:36 - 00000000 ____D () C:\Program Files (x86)\Greener Web
Task: {542A5A1B-299D-4E06-A305-C7D9FDF0015B} - \UpdaterEX No Task File <==== ATTENTION
Task: {AE052C15-93AC-4008-84B0-2B187495236D} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {AFCBAEA8-DA09-4B78-AB10-C108A970AE56} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {CB9023C9-0D6C-4EA4-9487-0ACEC8935D09} - \Speedial No Task File <==== ATTENTION

.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#64 wilma1313

wilma1313

    Silver Member

  • Authentic Member
  • PipPipPip
  • 386 posts

Posted 30 June 2014 - 06:54 PM

Hi! Fingers crossed we are getting to the bottom of whatever is messing with my computer. Starting to try to job hunt and do not want to upload sensitive info while infected.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-06-2014 02
Ran by l at 2014-06-30 19:52:23 Run:1
Running from C:\Users\l\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2014-06-27] (Hewlett-Packard)
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://speedial.com/...=2026722248&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPDTDFJS
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://speedial.com/...=2026722248&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPDTDFJS
CHR NewTab: "chrome-extension://bakijjialdiiboeaknfpmflphhmljfkd/content/newtab/newtab.html"
CHR DefaultSearchProvider: "name": "Speedial"
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-06-13 07:02 - 2014-06-10 08:36 - 00000000 ____D () C:\Program Files (x86)\Greener Web
Task: {542A5A1B-299D-4E06-A305-C7D9FDF0015B} - \UpdaterEX No Task File <==== ATTENTION
Task: {AE052C15-93AC-4008-84B0-2B187495236D} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {AFCBAEA8-DA09-4B78-AB10-C108A970AE56} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {CB9023C9-0D6C-4EA4-9487-0ACEC8935D09} - \Speedial No Task File <==== ATTENTION
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\NCPluginUpdater => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}' => Key deleted successfully.
'HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
CHR NewTab: "chrome-extension://bakijjialdiiboeaknfpmflphhmljfkd/content/newtab/newtab.html" ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider: "name": "Speedial" ==> The Chrome "Settings" can be used to fix the entry.
'HKCU\SOFTWARE\Policies\Google' => Key deleted successfully.
C:\Program Files (x86)\Greener Web => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{542A5A1B-299D-4E06-A305-C7D9FDF0015B}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{542A5A1B-299D-4E06-A305-C7D9FDF0015B}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE052C15-93AC-4008-84B0-2B187495236D}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE052C15-93AC-4008-84B0-2B187495236D}' => Key deleted successfully.
C:\Windows\System32\Tasks\Norton Internet Security\Norton Error Processor => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Processor' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFCBAEA8-DA09-4B78-AB10-C108A970AE56}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFCBAEA8-DA09-4B78-AB10-C108A970AE56}' => Key deleted successfully.
C:\Windows\System32\Tasks\Norton Internet Security\Norton Error Analyzer => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Analyzer' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB9023C9-0D6C-4EA4-9487-0ACEC8935D09}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB9023C9-0D6C-4EA4-9487-0ACEC8935D09}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Speedial' => Key deleted successfully.

==== End of Fixlog ====

#65 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,133 posts

Posted 01 July 2014 - 01:11 PM

Now let's see if we can get malwarebytes running.

 

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files
on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Print out these instructions as we may need to close every window that is open later in the fix.

Download and run Rkill

Do not reboot your computer after running rkill as the malware programs will start again.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions.  If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

Do not reboot your computer after running rkill as the malware programs will start again.


Download Malwarebytes-Anti-Malware

Click here

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware. and Launch Malwarebytes' Anti-Malware, then click Finish..
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Please include mbam.txt in your reply and describe how your computer is behaving now.

 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#66 wilma1313

wilma1313

    Silver Member

  • Authentic Member
  • PipPipPip
  • 386 posts

Posted 01 July 2014 - 03:54 PM

THis is the log from rkill. Mbam will still not run. Computer problems are unchanged.

Rkill 2.6.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html

Program started at: 07/01/2014 04:50:51 PM in x64 mode.
Windows Version: Windows 8

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

#67 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,133 posts

Posted 02 July 2014 - 10:14 AM

OK.... this may not run either...  but I'd like to try.

 

 

Download ComboFix from here:  http://download.blee...Bs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html 
     
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.


Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix.  If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#68 wilma1313

wilma1313

    Silver Member

  • Authentic Member
  • PipPipPip
  • 386 posts

Posted 02 July 2014 - 04:32 PM

success

 

ComboFix 14-06-30.01 - l 07/02/2014  15:58:20.1.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.12207.10769 [GMT -5:00]
Running from: c:\users\l\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\l\AppData\Local\Microsoft\Windows\Temporary Internet Files\{16AC52A5-3E04-41D0-A802-8179AFB3347D}.xps
c:\users\l\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1C0BE228-BE02-41D2-92A2-C6E3F299E195}.xps
c:\users\l\AppData\Local\Microsoft\Windows\Temporary Internet Files\{403DA3C7-9435-4639-91A1-A3F0B3EA805E}.xps
c:\users\l\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4AC885D8-7031-4F05-B10D-0179F7A47759}.xps
c:\users\l\AppData\Local\Microsoft\Windows\Temporary Internet Files\{54BE750F-4C9B-4437-8D2A-90722796C5BD}.xps
c:\users\l\AppData\Local\Microsoft\Windows\Temporary Internet Files\{63EF07EC-1226-43B3-955D-A4D7845B63AE}.xps
c:\users\l\AppData\Local\Microsoft\Windows\Temporary Internet Files\{81E6CF14-F884-4FD6-A528-97F8CB15ECE0}.xps
c:\users\l\AppData\Local\Microsoft\Windows\Temporary Internet Files\{97396FEC-49DC-48D8-B936-3AAC18AE38C3}.xps
c:\users\l\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CA3F3269-3670-4F2F-9361-EFB09EDD44DC}.xps
c:\users\l\AppData\Local\Microsoft\Windows\Temporary Internet Files\{ED40363C-80D6-4A4A-8AF2-AE460DD557C3}.xps
c:\users\l\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F102D300-8626-47D7-B2BC-E6D53EB1E665}.xps
c:\users\l\AppData\Local\Microsoft\Windows\Temporary Internet Files\Greener Web_iels
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-02 to 2014-07-02  )))))))))))))))))))))))))))))))
.
.
2014-07-02 15:00 . 2014-07-02 15:00 257704 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10243.bin
2014-07-01 22:17 . 2014-07-01 22:17 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-07-01 22:17 . 2014-05-12 12:26 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-01 22:17 . 2014-05-12 12:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-01 22:17 . 2014-05-12 12:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-30 20:19 . 2014-06-30 20:19 -------- d-----w- c:\users\l\AppData\Local\HPConnectedMusic
2014-06-30 13:22 . 2014-07-01 00:52 -------- d-----w- C:\FRST
2014-06-20 21:34 . 2014-06-20 21:34 -------- d-----w- c:\users\l\AppData\Roaming\GARMIN
2014-06-20 21:34 . 2014-06-20 21:34 -------- d-----w- c:\programdata\GARMIN
2014-06-20 21:03 . 2014-06-20 21:03 -------- d-----w- c:\program files\DIFX
2014-06-17 21:55 . 2014-06-17 21:55 -------- d-----w- c:\users\l\AppData\Roaming\WebApp
2014-06-17 19:51 . 2014-06-17 19:51 -------- d-----w- c:\users\l\AppData\Local\Cyberlink
2014-06-16 03:07 . 2014-06-16 03:07 -------- d-----w- c:\users\l\AppData\Local\HP Quick Start
2014-06-14 13:03 . 2014-06-14 13:03 -------- d-----w- c:\users\l\AppData\Local\Adobe
2014-06-11 16:05 . 2014-04-03 11:19 328024 ----a-w- c:\windows\system32\drivers\Classpnp.sys
2014-06-11 16:05 . 2014-04-03 03:44 619008 ----a-w- c:\windows\system32\drivers\srv2.sys
2014-06-11 16:05 . 2014-03-24 23:42 305152 ----a-w- c:\windows\SysWow64\wusa.exe
2014-06-11 16:05 . 2014-03-24 22:56 309760 ----a-w- c:\windows\system32\wusa.exe
2014-06-11 16:05 . 2014-04-29 22:32 1301504 ----a-w- c:\windows\system32\gdi32.dll
2014-06-11 16:05 . 2014-04-29 22:22 1023488 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-06-11 16:00 . 2010-08-30 13:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-06-11 16:00 . 2014-07-02 14:54 -------- d-----w- C:\AdwCleaner
2014-06-11 15:36 . 2014-04-03 11:22 2233176 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-06-11 15:36 . 2014-03-07 00:47 1419264 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-06-11 15:36 . 2014-03-07 00:08 1845760 ----a-w- c:\windows\system32\msxml3.dll
2014-06-10 14:37 . 2014-06-09 17:24 61016 ----a-w- c:\windows\system32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys
2014-06-10 13:45 . 2014-06-10 13:46 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2014-06-09 14:20 . 2014-06-11 15:51 -------- d-----w- c:\windows\ERUNT
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-21 19:40 . 2014-04-19 21:20 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2014-06-20 15:09 . 2014-04-20 22:44 588496 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-06-12 08:00 . 2014-04-20 23:10 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-05-31 05:16 . 2012-07-26 08:14 703992 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-31 05:16 . 2012-07-26 08:14 105464 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-28 13:54 . 2014-05-28 13:01 181064 ----a-w- c:\windows\PSEXESVC.EXE
2014-05-17 12:54 . 2014-05-04 21:19 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-05-17 12:54 . 2014-05-04 21:19 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-05-17 12:54 . 2014-05-04 21:19 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-17 12:54 . 2014-05-04 21:19 447888 ----a-w- c:\windows\system32\drivers\aswndisflt.sys
2014-05-12 08:27 . 2012-07-26 02:26 199680 ----a-w- c:\windows\system32\cdd.dll
2014-05-04 21:19 . 2014-05-04 21:19 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-05-04 21:19 . 2014-05-04 21:19 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-05-04 21:19 . 2014-05-04 21:19 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-05-04 21:19 . 2014-05-04 21:19 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-05-04 21:19 . 2014-05-04 21:19 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-05-04 21:19 . 2014-05-04 21:19 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-05-04 21:19 . 2014-05-04 21:19 43152 ----a-w- c:\windows\avastSS.scr
2014-05-04 21:19 . 2014-05-04 21:19 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-05-04 20:34 . 2014-04-19 21:20 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-04-30 23:20 . 2014-05-21 15:29 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BD6D99F-127A-4C60-B25F-0D402985F0DA}\mpengine.dll
2014-04-23 16:50 . 2014-05-17 13:08 1031560 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DBFDA6F8-C9CE-4B93-95AC-772234B75B61}\gapaengine.dll
2014-04-19 15:13 . 2012-07-26 08:13 23264 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-04-19 09:39 . 2014-05-12 09:07 628024 ----a-w- c:\windows\system32\NotificationUI.exe
2014-04-19 08:45 . 2014-05-12 09:07 693760 ----a-w- c:\windows\system32\WSShared.dll
2014-04-19 08:45 . 2014-05-12 09:07 163840 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-19 06:57 . 2014-05-12 09:07 566784 ----a-w- c:\windows\SysWow64\WSShared.dll
2014-04-19 06:57 . 2014-05-12 09:07 124928 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 09:27 . 2014-05-21 15:41 172888 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 09:10 . 2014-05-21 15:41 578048 ----a-w- c:\windows\system32\winlogon.exe
2014-04-12 09:09 . 2014-05-21 15:40 208896 ----a-w- c:\windows\system32\wdigest.dll
2014-04-12 09:09 . 2014-05-21 15:40 1043968 ----a-w- c:\windows\system32\usercpl.dll
2014-04-12 09:09 . 2014-05-21 15:40 94720 ----a-w- c:\windows\system32\TSpkg.dll
2014-04-12 09:09 . 2014-05-21 15:41 588288 ----a-w- c:\windows\system32\SHCore.dll
2014-04-12 09:08 . 2014-05-21 15:41 318464 ----a-w- c:\windows\system32\msv1_0.dll
2014-04-12 09:08 . 2014-05-21 15:41 1281536 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 09:08 . 2014-05-21 15:40 439808 ----a-w- c:\windows\system32\lsm.dll
2014-04-12 09:08 . 2014-05-21 15:41 827904 ----a-w- c:\windows\system32\kerberos.dll
2014-04-12 09:07 . 2014-05-21 15:40 20480 ----a-w- c:\windows\system32\credssp.dll
2014-04-12 07:23 . 2014-05-21 15:40 178688 ----a-w- c:\windows\SysWow64\wdigest.dll
2014-04-12 07:23 . 2014-05-21 15:40 961536 ----a-w- c:\windows\SysWow64\usercpl.dll
2014-04-12 07:23 . 2014-05-21 15:40 76800 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-04-12 07:23 . 2014-05-21 15:40 452608 ----a-w- c:\windows\SysWow64\SHCore.dll
2014-04-12 07:23 . 2014-05-21 15:41 273920 ----a-w- c:\windows\SysWow64\msv1_0.dll
2014-04-12 07:22 . 2014-05-21 15:41 666624 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-04-12 07:22 . 2014-05-21 15:40 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-04-12 06:58 . 2014-05-21 15:40 14848 ----a-w- c:\windows\system32\workerdd.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-04-20 22:46 220632 ----a-w- c:\users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-04-20 22:46 220632 ----a-w- c:\users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-04-20 22:46 220632 ----a-w- c:\users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-04-27 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BtTray"="c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2013-01-10 379904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-08 3890208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 EraserUtilDrv11312;EraserUtilDrv11312;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 {a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64;{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64;c:\windows\system32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys;c:\windows\SYSNATIVE\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;c:\windows\System32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\System32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
S3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\System32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\System32\drivers\rtbth.sys;c:\windows\SYSNATIVE\drivers\rtbth.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ    apphostsvc
iissvcs REG_MULTI_SZ    w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-14 12:42 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-27 14:23]
.
2014-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-27 14:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-04-20 22:46 244696 ----a-w- c:\users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-04-20 22:46 244696 ----a-w- c:\users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-04-20 22:46 244696 ----a-w- c:\users\l\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-06-20 15:10 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-06-20 15:10 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-06-20 15:10 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-04 21:19 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2012-08-22 41664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-11-13 1664000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-26 164848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-26 406512]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-26 439792]
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = https://www.yahoo.co...t&type=avastbcl
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-gStart - c:\garmin\gStart.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
Completion time: 2014-07-02  16:08:11
ComboFix-quarantined-files.txt  2014-07-02 21:08
.
Pre-Run: 1,931,609,509,888 bytes free
Post-Run: 1,931,335,917,568 bytes free
.
- - End Of File - - A541625D3B837D57F3B75D5EB052D945
5FB38429D5D77768867C76DCBDB35194
 



#69 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,133 posts

Posted 02 July 2014 - 10:32 PM

Nothing there.

 

I'm not seeing any signs of malware.  All I know to do is try resetting windows files again.

 

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22002979.gif



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22002980.gif


Go to Step 4 and under "System Restore" click on Create button:

p22002982.gif


Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

p22003030.gif

Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#70 wilma1313

wilma1313

    Silver Member

  • Authentic Member
  • PipPipPip
  • 386 posts

Posted 03 July 2014 - 02:36 PM

Here is the log. After finishing was able to run MBAM. Nothing detected. Computer seems to be running ok now.
System Variables
--------------------------------------------------------------------------------
OS: Windows 8
OS Architecture: 64-bit
OS Version: 6.2.9200
OS Service Pack:
Computer Name: PURPLE
Windows Drive: C:\
Windows Path: C:\Windows
Current Profile: C:\Users\l
Current Profile SID: S-1-5-21-2497467096-1107912187-4260812050-1001
Current Profile Classes: S-1-5-21-2497467096-1107912187-4260812050-1001_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\l\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 01:01:01

Process Count: 67
Commit Total: 1.80 GB
Commit Limit: 12.31 GB
Commit Peak: 2.38 GB
Handle Count: 24471
Kernel Total: 612.42 MB
Kernel Paged: 454.90 MB
Kernel Non Paged: 157.52 MB
System Cache: 6.59 GB
Thread Count: 964
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 11.92 GB
Memory Used: 1.79 GB(15.011%)
Memory Avail.: 10.13 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 11.92 GB
Memory Used: 1.56 GB(13.122%)
Memory Avail.: 10.36 GB
--------------------------------------------------------------------------------

Starting Repairs...
Start (7/3/2014 12:11:35 PM)

01 - Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (7/3/2014 12:11:40 PM)
Running Repair Under Current User Account
Done (7/3/2014 12:11:44 PM)

01 - Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (7/3/2014 12:11:44 PM)
Running Repair Under System Account
Done (7/3/2014 12:13:54 PM)

01 - Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (7/3/2014 12:13:54 PM)
Running Repair Under System Account
Done (7/3/2014 12:14:36 PM)

03 - Reset Service Permissions
Start (7/3/2014 12:14:36 PM)
Running Repair Under System Account
Done (7/3/2014 12:14:43 PM)

04 - Register System Files
Start (7/3/2014 12:14:43 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/3/2014 12:15:08 PM)

05 - Repair WMI
Start (7/3/2014 12:15:08 PM)

Starting Security Center So We Can Export The Security Info.

Exporting Antivirus Info...
avast! Antivirus Exported.

Exporting AntiSpyware Info...
Windows Defender Exported.
avast! Antivirus Exported.

Exporting 3rd Party Firewall Info...
avast! Antivirus Exported.

Running Repair Under Current User Account
Done (7/3/2014 12:19:48 PM)

06 - Repair Windows Firewall
Start (7/3/2014 12:19:48 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/3/2014 12:21:18 PM)

07 - Repair Internet Explorer
Start (7/3/2014 12:21:18 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/3/2014 12:21:36 PM)

08 - Repair MDAC/MS Jet
Start (7/3/2014 12:21:36 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/3/2014 12:21:45 PM)

09 - Repair Hosts File
Start (7/3/2014 12:21:45 PM)
Running Repair Under System Account
Done (7/3/2014 12:21:47 PM)

10 - Remove Policies Set By Infections
Start (7/3/2014 12:21:47 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/3/2014 12:21:52 PM)

11 - Repair Start Menu Icons Removed By Infections
Start (7/3/2014 12:21:52 PM)
Running Repair Under System Account
Done (7/3/2014 12:21:54 PM)

12 - Repair Icons
Start (7/3/2014 12:21:54 PM)
Running Repair Under Current User Account
Done (7/3/2014 12:21:57 PM)

13 - Repair Winsock & DNS Cache
Start (7/3/2014 12:21:57 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/3/2014 12:22:05 PM)

15 - Repair Proxy Settings
Start (7/3/2014 12:22:05 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/3/2014 12:22:10 PM)

17 - Repair Windows Updates
Start (7/3/2014 12:22:10 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/3/2014 12:22:28 PM)

18 - Repair CD/DVD Missing/Not Working
Start (7/3/2014 12:22:28 PM)
iTunes not found, not applying UpperFilters iTunes Reg Key
Done (7/3/2014 12:22:28 PM)

19 - Repair Volume Shadow Copy Service
Start (7/3/2014 12:22:28 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/3/2014 12:22:32 PM)

21 - Repair MSI (Windows Installer)
Start (7/3/2014 12:22:32 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/3/2014 12:22:41 PM)

23.01 - Repair bat Association
Start (7/3/2014 12:22:41 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/3/2014 12:22:46 PM)

23.02 - Repair cmd Association
Start (7/3/2014 12:22:46 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/3/2014 12:22:51 PM)

23.03 - Repair com Association
Start (7/3/2014 12:22:51 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/3/2014 12:22:55 PM)

23.04 - Repair Directory Association
Start (7/3/2014 12:22:55 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/3/2014 12:23:00 PM)

23.05 - Repair Drive Association
Start (7/3/2014 12:23:00 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/3/2014 12:23:07 PM)

23.06 - Repair exe Association
Start (7/3/2014 12:23:07 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/3/2014 12:23:12 PM)

23.07 - Repair Folder Association
Start (7/3/2014 12:23:12 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/3/2014 12:23:17 PM)

23.08 - Repair inf Association
Start (7/3/2014 12:23:17 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/3/2014 12:23:21 PM)

23.09 - Repair lnk (Shortcuts) Association
Start (7/3/2014 12:23:21 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/3/2014 12:23:26 PM)

23.10 - Repair msc Association
Start (7/3/2014 12:23:26 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/3/2014 12:23:31 PM)

23.11 - Repair reg Association
Start (7/3/2014 12:23:31 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/3/2014 12:23:36 PM)

23.12 - Repair scr Association
Start (7/3/2014 12:23:36 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/3/2014 12:23:42 PM)

24 - Repair Windows Safe Mode
Start (7/3/2014 12:23:42 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/3/2014 12:23:47 PM)

25 - Repair Print Spooler
Start (7/3/2014 12:23:47 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/3/2014 12:24:00 PM)

26 - Restore Important Windows Services
Start (7/3/2014 12:24:00 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/3/2014 12:24:05 PM)

27 - Set Windows Services To Default Startup
Start (7/3/2014 12:24:05 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/3/2014 12:24:09 PM)

28 - Repair Windows 8 App Store
Start (7/3/2014 12:24:09 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (7/3/2014 12:24:24 PM)

29 - Repair Windows 8 Component Store
Start (7/3/2014 12:24:24 PM)
Running Repair Under Current User Account
Done (7/3/2014 12:53:14 PM)

30 - Restore Windows 8 COM+ Unmarshalers
Start (7/3/2014 12:53:14 PM)
Running Repair Under System Account
Processing ACL of: <classes_root\Unmarshalers>

SetACL finished with error(s):
SetACL error message: The call to SetNamedSecurityInfo () failed
Operating system error message: Access is denied.

Done (7/3/2014 12:53:18 PM)

Cleaning up empty logs...

All Selected Repairs Done.
Done (7/3/2014 12:53:18 PM)
Total Repair Time: 00:41:45


...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under Current User Account

    Advertisements

Register to Remove


#71 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,133 posts

Posted 03 July 2014 - 03:07 PM

That's great news. :woot:

 

As I said, I'm not seeing any malware... so I'm thinking the sluggishness was caused by some system files that forgot where they were.  Hopefully all is good now.

 

Go ahead and uninstall combofix:

 

  • Click START then RUN
  • Now type ComboFix /Uninstall in the runbox  and click OK.
  • Note the space between the X and the U, it needs to be there.
  • Combofix_uninstall_image.jpg


Please re-enable any security that was disabled.

 

Give things a good test drive and let me know things still seem to be OK before I close the thread.


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#72 wilma1313

wilma1313

    Silver Member

  • Authentic Member
  • PipPipPip
  • 386 posts

Posted 04 July 2014 - 01:00 PM

Hi,

I toatally don't get it. Neither one of us used the computer since I posted yesterday when everything was good. Came home today, back to not being able to get online and Mbam will not work again. WE definitely didn't mess it up since yesterday. Any thoughts? Is it a lurking infection or did something get damaged permanently? Am I safe to do any banking or other sensitive tasks on here. (or relatively safe, I know no guarantees)Dang computer less than a year old, gonna be sad if I already have to replace it.

Happy 4th!!

#73 wilma1313

wilma1313

    Silver Member

  • Authentic Member
  • PipPipPip
  • 386 posts

Posted 04 July 2014 - 05:40 PM

and now complete backsliddin. I'm getting redirected to the fake ie error page as was happening previously. Very hard to get online and very hard to get onto this forum again. Bummer!

#74 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,133 posts

Posted 04 July 2014 - 08:48 PM

Try for a FRST set of logs again please.


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#75 wilma1313

wilma1313

    Silver Member

  • Authentic Member
  • PipPipPip
  • 386 posts

Posted 05 July 2014 - 07:45 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by l (administrator) on PURPLE on 05-07-2014 08:41:47
Running from C:\Users\l\Desktop
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-11-12] (IDT, Inc.)
HKLM-x32\...\Run: [BtTray] => c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904 2013-01-10] (IVT Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-04] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-04-27] (Google Inc.)
HKU\S-1-5-21-2497467096-1107912187-4260812050-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6564120 2014-06-04] (SUPERAntiSpyware)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\windows\SysWow64\skype4com.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-04]

Chrome:
=======
CHR HomePage: https://www.yahoo.co...t&type=avastbcl
CHR StartupUrls: "https://www.yahoo.co...&type=avastbcl"
CHR NewTab: "chrome-extension://bakijjialdiiboeaknfpmflphhmljfkd/content/newtab/newtab.html"
CHR DefaultSearchProvider: "name": "Speedial"
CHR Extension: (Google Docs) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-04]
CHR Extension: (Google Drive) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-09]
CHR Extension: (YouTube) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-04]
CHR Extension: (Google Search) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-04]
CHR Extension: (Google Wallet) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-04]
CHR Extension: (Gmail) - C:\Users\l\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-04]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-04] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-04] (AVAST Software)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1619704 2013-03-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2013-01-10] (IVT Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129336 2013-01-30] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-01-30] (Intel Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-11-12] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-10-11] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-04] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-07-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-04] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-07-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-04] ()
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg;
U4 BthHFEnum;
U4 bthhfhid;
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 {a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64; C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys [61016 2014-06-09] (StdLib)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EraserUtilDrv11312; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [X]
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-05 08:41 - 2014-07-05 08:41 - 00000000 ____D () C:\Users\l\Desktop\FRST-OlderVersion
2014-07-04 18:44 - 2014-07-04 18:44 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-04 14:02 - 2014-07-04 14:02 - 00000207 _____ () C:\windows\tweaking.com-regbackup-PURPLE-Microsoft-Windows-8-(64-bit).dat
2014-07-04 14:02 - 2014-07-04 14:02 - 00000000 ____D () C:\RegBackup
2014-07-04 13:56 - 2014-07-04 13:56 - 00448400 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys
2014-07-04 13:56 - 2014-07-04 13:56 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-07-03 15:37 - 2014-07-03 15:37 - 00001815 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\Users\l\AppData\Roaming\SUPERAntiSpyware.com
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-07-03 11:03 - 2014-07-03 11:03 - 05461664 _____ () C:\Users\l\Desktop\tweaking.com_windows_repair_aio_setup.exe
2014-07-02 17:28 - 2014-07-02 17:28 - 00021027 _____ () C:\Users\l\Desktop\combo.txt
2014-07-02 16:08 - 2014-07-02 16:08 - 00021027 _____ () C:\ComboFix.txt
2014-07-02 15:56 - 2014-07-02 16:08 - 00000000 ____D () C:\Qoobox
2014-07-02 15:56 - 2011-06-26 01:45 - 00256000 _____ () C:\windows\PEV.exe
2014-07-02 15:56 - 2010-11-07 12:20 - 00208896 _____ () C:\windows\MBR.exe
2014-07-02 15:56 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-07-02 15:56 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-07-02 15:56 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-07-02 15:56 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe
2014-07-02 15:56 - 2000-08-30 19:00 - 00098816 _____ () C:\windows\sed.exe
2014-07-02 15:56 - 2000-08-30 19:00 - 00080412 _____ () C:\windows\grep.exe
2014-07-02 15:56 - 2000-08-30 19:00 - 00068096 _____ () C:\windows\zip.exe
2014-07-02 15:55 - 2014-07-02 15:55 - 05212874 ____R (Swearware) C:\Users\l\Desktop\ComboFix.exe
2014-07-01 16:50 - 2014-07-01 17:17 - 00002480 _____ () C:\Users\l\Desktop\Rkill.txt
2014-07-01 16:50 - 2014-07-01 16:50 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\l\Downloads\rkill.exe
2014-07-01 16:50 - 2014-07-01 16:50 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\l\Downloads\rkill64.exe
2014-06-30 15:17 - 2014-06-30 15:17 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-06-30 08:24 - 2014-06-30 08:24 - 00035724 _____ () C:\Users\l\Desktop\Addition.txt
2014-06-30 08:23 - 2014-07-05 08:41 - 00016601 _____ () C:\Users\l\Desktop\FRST.txt
2014-06-30 08:22 - 2014-07-05 08:41 - 00000000 ____D () C:\FRST
2014-06-30 08:21 - 2014-07-05 08:41 - 02084352 _____ (Farbar) C:\Users\l\Desktop\FRST64.exe
2014-06-26 11:13 - 2014-06-30 10:47 - 00000099 _____ () C:\windows\SysWOW64\REMOTEDEVICE.INI
2014-06-20 16:36 - 2014-06-20 16:36 - 00099434 _____ () C:\Users\l\Documents\lori_tcdatabasebackup.tcx
2014-06-20 16:34 - 2014-06-20 16:34 - 00000000 ____D () C:\Users\l\Documents\My Garmin
2014-06-20 16:34 - 2014-06-20 16:34 - 00000000 ____D () C:\Users\l\AppData\Roaming\GARMIN
2014-06-20 16:34 - 2014-06-20 16:34 - 00000000 ____D () C:\ProgramData\GARMIN
2014-06-20 16:03 - 2014-06-20 16:03 - 00000000 ____D () C:\Program Files\DIFX
2014-06-17 16:55 - 2014-06-17 16:55 - 00000000 ____D () C:\Users\l\AppData\Roaming\WebApp
2014-06-17 14:51 - 2014-06-17 14:51 - 00000000 ____D () C:\Users\l\AppData\Local\Cyberlink
2014-06-17 14:45 - 2014-06-17 14:45 - 00869456 _____ () C:\Users\l\Downloads\Norton_Removal_Tool (1).exe
2014-06-15 22:07 - 2014-06-15 22:07 - 00000000 ____D () C:\Users\l\AppData\Local\HP Quick Start
2014-06-14 08:03 - 2014-06-14 08:03 - 00000000 ____D () C:\Users\l\AppData\Local\Adobe
2014-06-11 11:06 - 2014-05-23 21:48 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-11 11:06 - 2014-05-23 21:47 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-11 11:06 - 2014-05-23 21:47 - 01366016 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-11 11:06 - 2014-05-23 21:47 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-06-11 11:06 - 2014-05-23 21:47 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 19290112 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 15368704 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 02650112 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-11 11:06 - 2014-05-23 21:46 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-11 11:06 - 2014-05-23 21:45 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-11 11:06 - 2014-05-23 21:45 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-11 11:06 - 2014-05-23 21:45 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-11 11:06 - 2014-05-23 20:26 - 14365696 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-11 11:06 - 2014-05-23 20:26 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-11 11:06 - 2014-05-23 20:26 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-11 11:06 - 2014-05-23 20:26 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-11 11:06 - 2014-05-23 20:26 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-11 11:06 - 2014-05-23 20:26 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-11 11:06 - 2014-05-23 20:26 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-06-11 11:06 - 2014-05-23 20:25 - 13731328 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-11 11:06 - 2014-05-23 20:25 - 02862080 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-11 11:06 - 2014-05-23 20:25 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-11 11:06 - 2014-05-23 20:25 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-11 11:06 - 2014-05-23 20:25 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-06-11 11:06 - 2014-05-23 20:25 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-11 11:06 - 2014-05-23 20:25 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-11 11:06 - 2014-05-23 20:25 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-06-11 11:06 - 2014-05-23 20:25 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-11 11:06 - 2014-05-23 20:25 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-11 11:06 - 2014-05-23 20:25 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-11 11:06 - 2014-05-23 20:09 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-11 11:06 - 2014-05-23 20:03 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-11 11:06 - 2014-05-23 17:37 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-06-11 11:06 - 2014-05-03 00:47 - 03246592 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-06-11 11:06 - 2014-05-02 22:34 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-06-11 11:05 - 2014-04-29 17:32 - 01301504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-06-11 11:05 - 2014-04-29 17:22 - 01023488 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-06-11 11:05 - 2014-04-03 06:19 - 00328024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
2014-06-11 11:05 - 2014-04-02 22:44 - 00619008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-06-11 11:05 - 2014-03-31 17:08 - 00387268 _____ () C:\windows\system32\ApnDatabase.xml
2014-06-11 11:05 - 2014-03-24 18:42 - 00305152 _____ (Microsoft Corporation) C:\windows\SysWOW64\wusa.exe
2014-06-11 11:05 - 2014-03-24 17:56 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\wusa.exe
2014-06-11 11:00 - 2014-07-02 09:54 - 00000000 ____D () C:\AdwCleaner
2014-06-11 11:00 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-06-11 10:59 - 2014-06-11 10:59 - 01333465 _____ () C:\Users\l\Desktop\AdwCleaner.exe
2014-06-11 10:50 - 2014-06-11 10:50 - 01016261 _____ (Thisisu) C:\Users\l\Desktop\JRT.exe
2014-06-11 10:36 - 2014-04-03 06:22 - 02233176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-11 10:36 - 2014-03-06 19:47 - 01419264 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-06-11 10:36 - 2014-03-06 19:08 - 01845760 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-06-10 13:33 - 2014-06-10 13:33 - 00625664 _____ () C:\Users\l\Desktop\dds.scr
2014-06-10 09:37 - 2014-06-09 12:24 - 00061016 _____ (StdLib) C:\windows\system32\Drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys
2014-06-10 08:46 - 2014-06-10 08:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-10 08:46 - 2014-06-10 08:46 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-06-10 08:45 - 2014-06-14 11:20 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-10 08:45 - 2014-06-10 08:45 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-10 08:36 - 2014-06-10 08:36 - 00000046 _____ () C:\Users\l\AppData\Roaming\WB.CFG
2014-06-09 09:20 - 2014-06-11 10:51 - 00000000 ____D () C:\windows\ERUNT
2014-06-09 09:20 - 2014-06-09 09:20 - 00000848 _____ () C:\DelFix.txt

==================== One Month Modified Files and Folders =======

2014-07-05 08:42 - 2014-06-30 08:23 - 00016601 _____ () C:\Users\l\Desktop\FRST.txt
2014-07-05 08:41 - 2014-07-05 08:41 - 00000000 ____D () C:\Users\l\Desktop\FRST-OlderVersion
2014-07-05 08:41 - 2014-06-30 08:22 - 00000000 ____D () C:\FRST
2014-07-05 08:41 - 2014-06-30 08:21 - 02084352 _____ (Farbar) C:\Users\l\Desktop\FRST64.exe
2014-07-05 08:41 - 2014-04-27 09:23 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-05 08:41 - 2013-07-17 12:49 - 00003619 _____ () C:\windows\SysWOW64\LOCALSERVICE.INI
2014-07-05 08:39 - 2012-07-26 02:28 - 00876558 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-05 08:38 - 2013-03-22 12:00 - 00000983 _____ () C:\windows\SysWOW64\bscs.ini
2014-07-05 08:35 - 2013-07-17 12:49 - 00000088 _____ () C:\windows\SysWOW64\LOCALDEVICE.INI
2014-07-05 08:35 - 2012-07-26 02:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-05 08:33 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\sru
2014-07-04 22:22 - 2014-04-27 09:23 - 00000902 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-04 18:49 - 2014-04-19 10:23 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2497467096-1107912187-4260812050-1001
2014-07-04 18:44 - 2014-07-04 18:44 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-04 18:37 - 2014-05-26 17:31 - 00002130 _____ () C:\Users\l\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-07-04 18:33 - 2014-05-22 08:01 - 00000000 ____D () C:\Users\l\AppData\Local\CrashDumps
2014-07-04 17:23 - 2014-05-17 08:33 - 00432288 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-04 17:23 - 2012-08-10 18:49 - 00244248 _____ () C:\windows\PFRO.log
2014-07-04 17:22 - 2014-04-19 10:14 - 01141686 _____ () C:\windows\WindowsUpdate.log
2014-07-04 14:29 - 2012-07-26 02:59 - 00000000 ____D () C:\windows\CbsTemp
2014-07-04 14:17 - 2012-07-26 00:26 - 00000230 _____ () C:\windows\win.ini
2014-07-04 14:09 - 2012-08-10 18:56 - 00876558 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-07-04 14:02 - 2014-07-04 14:02 - 00000207 _____ () C:\windows\tweaking.com-regbackup-PURPLE-Microsoft-Windows-8-(64-bit).dat
2014-07-04 14:02 - 2014-07-04 14:02 - 00000000 ____D () C:\RegBackup
2014-07-04 13:56 - 2014-07-04 13:56 - 00448400 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys
2014-07-04 13:56 - 2014-07-04 13:56 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-07-04 13:56 - 2014-05-04 16:20 - 00003924 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-07-04 13:56 - 2014-05-04 16:20 - 00001979 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-07-04 13:56 - 2014-05-04 16:19 - 01041168 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-07-04 13:56 - 2014-05-04 16:19 - 00427360 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-07-04 13:56 - 2014-05-04 16:19 - 00307344 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-07-04 13:56 - 2014-05-04 16:19 - 00224896 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-07-04 13:56 - 2014-05-04 16:19 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-07-04 13:56 - 2014-05-04 16:19 - 00092008 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2014-07-04 13:56 - 2014-05-04 16:19 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-07-04 13:56 - 2014-05-04 16:19 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-07-04 13:56 - 2014-05-04 16:19 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-07-04 13:56 - 2014-05-04 16:19 - 00028184 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2014-07-04 13:50 - 2014-05-26 17:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-07-03 15:37 - 2014-07-03 15:37 - 00001815 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\Users\l\AppData\Roaming\SUPERAntiSpyware.com
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-07-03 15:37 - 2014-07-03 15:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-07-03 12:21 - 2012-07-26 00:26 - 00000855 _____ () C:\windows\system32\Drivers\etc\hosts_bak_786
2014-07-03 11:03 - 2014-07-03 11:03 - 05461664 _____ () C:\Users\l\Desktop\tweaking.com_windows_repair_aio_setup.exe
2014-07-02 17:28 - 2014-07-02 17:28 - 00021027 _____ () C:\Users\l\Desktop\combo.txt
2014-07-02 16:08 - 2014-07-02 16:08 - 00021027 _____ () C:\ComboFix.txt
2014-07-02 16:08 - 2014-07-02 15:56 - 00000000 ____D () C:\Qoobox
2014-07-02 16:04 - 2012-07-26 00:26 - 00000215 _____ () C:\windows\system.ini
2014-07-02 16:04 - 2012-07-26 00:26 - 00000027 _____ () C:\windows\system32\Drivers\etc\hosts_bak_451
2014-07-02 15:56 - 2014-04-30 16:27 - 00000000 ____D () C:\windows\erdnt
2014-07-02 15:55 - 2014-07-02 15:55 - 05212874 ____R (Swearware) C:\Users\l\Desktop\ComboFix.exe
2014-07-02 10:11 - 2014-04-19 10:14 - 00000000 ____D () C:\Users\l\AppData\Local\Packages
2014-07-02 09:55 - 2012-07-26 00:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-07-02 09:54 - 2014-06-11 11:00 - 00000000 ____D () C:\AdwCleaner
2014-07-01 17:17 - 2014-07-01 16:50 - 00002480 _____ () C:\Users\l\Desktop\Rkill.txt
2014-07-01 17:11 - 2013-07-17 12:33 - 00000000 ____D () C:\ProgramData\WildTangent
2014-07-01 17:11 - 2013-07-17 12:33 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-07-01 16:50 - 2014-07-01 16:50 - 01942776 _____ (Bleeping Computer, LLC) C:\Users\l\Downloads\rkill.exe
2014-07-01 16:50 - 2014-07-01 16:50 - 01062136 _____ (Bleeping Computer, LLC) C:\Users\l\Downloads\rkill64.exe
2014-06-30 19:52 - 2014-04-27 08:45 - 00000000 ____D () C:\windows\System32\Tasks\Norton Internet Security
2014-06-30 15:20 - 2012-07-26 02:21 - 00028086 _____ () C:\windows\setupact.log
2014-06-30 15:17 - 2014-06-30 15:17 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-06-30 10:47 - 2014-06-26 11:13 - 00000099 _____ () C:\windows\SysWOW64\REMOTEDEVICE.INI
2014-06-30 08:24 - 2014-06-30 08:24 - 00035724 _____ () C:\Users\l\Desktop\Addition.txt
2014-06-30 08:23 - 2014-04-30 16:26 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-06-30 08:23 - 2014-04-30 16:21 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-26 22:34 - 2014-04-19 10:13 - 00000000 ____D () C:\Users\l
2014-06-25 05:52 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\system32\NDF
2014-06-20 22:17 - 2014-04-27 09:23 - 00003874 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-20 22:17 - 2014-04-27 09:23 - 00003638 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 16:36 - 2014-06-20 16:36 - 00099434 _____ () C:\Users\l\Documents\lori_tcdatabasebackup.tcx
2014-06-20 16:34 - 2014-06-20 16:34 - 00000000 ____D () C:\Users\l\Documents\My Garmin
2014-06-20 16:34 - 2014-06-20 16:34 - 00000000 ____D () C:\Users\l\AppData\Roaming\GARMIN
2014-06-20 16:34 - 2014-06-20 16:34 - 00000000 ____D () C:\ProgramData\GARMIN
2014-06-20 16:03 - 2014-06-20 16:03 - 00000000 ____D () C:\Program Files\DIFX
2014-06-20 11:28 - 2013-07-17 12:46 - 00000000 ____D () C:\ProgramData\Norton
2014-06-20 10:11 - 2014-04-20 17:43 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-18 10:39 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-06-17 16:55 - 2014-06-17 16:55 - 00000000 ____D () C:\Users\l\AppData\Roaming\WebApp
2014-06-17 14:51 - 2014-06-17 14:51 - 00000000 ____D () C:\Users\l\AppData\Local\Cyberlink
2014-06-17 14:45 - 2014-06-17 14:45 - 00869456 _____ () C:\Users\l\Downloads\Norton_Removal_Tool (1).exe
2014-06-15 22:07 - 2014-06-15 22:07 - 00000000 ____D () C:\Users\l\AppData\Local\HP Quick Start
2014-06-14 11:20 - 2014-06-10 08:45 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-14 08:03 - 2014-06-14 08:03 - 00000000 ____D () C:\Users\l\AppData\Local\Adobe
2014-06-14 08:03 - 2014-04-19 10:15 - 00000000 ____D () C:\Users\l\AppData\Roaming\Adobe
2014-06-14 07:47 - 2014-04-30 16:40 - 00002178 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-13 09:01 - 2012-07-26 03:12 - 00000000 ____D () C:\windows\rescache
2014-06-12 03:02 - 2014-04-20 18:10 - 00000000 ____D () C:\windows\system32\MRT
2014-06-12 03:00 - 2014-04-20 18:10 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-06-11 10:59 - 2014-06-11 10:59 - 01333465 _____ () C:\Users\l\Desktop\AdwCleaner.exe
2014-06-11 10:51 - 2014-06-09 09:20 - 00000000 ____D () C:\windows\ERUNT
2014-06-11 10:50 - 2014-06-11 10:50 - 01016261 _____ (Thisisu) C:\Users\l\Desktop\JRT.exe
2014-06-11 10:47 - 2014-04-27 09:41 - 00230400 ___SH () C:\Users\l\Desktop\Thumbs.db
2014-06-10 13:33 - 2014-06-10 13:33 - 00625664 _____ () C:\Users\l\Desktop\dds.scr
2014-06-10 08:46 - 2014-06-10 08:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-10 08:46 - 2014-06-10 08:46 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-06-10 08:45 - 2014-06-10 08:45 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-10 08:36 - 2014-06-10 08:36 - 00000046 _____ () C:\Users\l\AppData\Roaming\WB.CFG
2014-06-09 12:24 - 2014-06-10 09:37 - 00061016 _____ (StdLib) C:\windows\system32\Drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys
2014-06-09 09:20 - 2014-06-09 09:20 - 00000848 _____ () C:\DelFix.txt

Some content of TEMP:
====================
C:\Users\l\AppData\Local\temp\mbam-setup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-23 07:19

==================== End Of Log ============================

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users