Jump to content

Recommended Posts

Posted

Hi Guys,

 

Was hoping you could help me with this. Came through from the kitchin to find Kaspersky had detected HEUR:Trojan.Win32.Generic.Not sure if this has infected my computer and Kaspersky would not let me delete it.

 

Any advice would be much appreciated.

 

Regards

  • Replies 28
  • Created
  • Last Reply

Top Posters In This Topic

  • ExTS Admin
Posted

Hi Gadgie,

 

Kaspersky had detected HEUR:Trojan.Win32.Generic.Not sure if this has infected my computer and Kaspersky would not let me delete it.

Kaspersky did have a problem with false positives, showing this infection in certain files awhile back.....do you know the location of the suspected file?

Member of:

UNITE

Posted
Hi Gadgie,

 

 

Kaspersky did have a problem with false positives, showing this infection in certain files awhile back.....do you know the location of the suspected file?

 

Hi Starbuck

 

location is c:\users\mark\downloads\java_installer.exe

 

my computer has also been running slow for a few weeks now so dont know if other problems aswell.

 

cheers

  • ExTS Admin
Posted

Hi Gadgie,

 

my computer has also been running slow for a few weeks now so dont know if other problems aswell.

Let's take a look then:

 

Note:

There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

 

If you are unsure what you're system bit type is..... click Here for help.

 

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

 

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

 

  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
     
    http://img.photobucket.com/albums/v708/starbuck50/frsticon_zpsdc3cbdc3.png
     
  • When the tool opens click Yes to disclaimer.
     
    http://img.photobucket.com/albums/v708/starbuck50/frstdis_zps7f598f12.png
     
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.
     
    http://img.photobucket.com/albums/v708/starbuck50/newfrst_zpsa63ffa3d.png
     
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

 

 

In your next reply, please submit:

Both reports from FRST

 

 

Thanks.

Member of:

UNITE

Posted
Hi Gadgie,

 

 

Let's take a look then:

 

Note:

There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

 

If you are unsure what you're system bit type is..... click Here for help.

 

For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

 

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

 

  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
     
    http://img.photobucket.com/albums/v708/starbuck50/frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.
     
    http://img.photobucket.com/albums/v708/starbuck50/frstdis_zps7f598f12.png
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.
     
    http://img.photobucket.com/albums/v708/starbuck50/newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

 

 

In your next reply, please submit:

Both reports from FRST

 

 

Thanks.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2014

Ran by Mark (administrator) on MARK-PC on 08-08-2014 21:32:37

Running from C:\Users\Mark\Downloads

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

 

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

 

==================== Processes (Whitelisted) =================

 

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

 

(AMD) C:\Windows\System32\atiesrxx.exe

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe

( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe

() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

 

 

==================== Registry (Whitelisted) ==================

 

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

 

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-15] (Synaptics Incorporated)

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-22] (IDT, Inc.)

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-08-05] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-11] (Easybits)

HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-07-23] (Hewlett-Packard)

HKU\S-1-5-21-1737154417-1697994350-281717988-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)

 

 

==================== Internet (Whitelisted) ====================

 

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByE0F0C0F0CyBtC0Azy0FtN0D0Tzu0CyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1346976118&ir=

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByE0F0C0F0CyBtC0Azy0FtN0D0Tzu0CyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1346976118&ir=

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByE0F0C0F0CyBtC0Azy0FtN0D0Tzu0CyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1346976118&ir=

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByE0F0C0F0CyBtC0Azy0FtN0D0Tzu0CyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1346976118&ir=

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByE0F0C0F0CyBtC0Azy0FtN0D0Tzu0CyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1346976118&ir=

SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByE0F0C0F0CyBtC0Azy0FtN0D0Tzu0CyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1346976118&ir=

BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)

BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

 

 

FireFox:

========

FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com

FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-03-14]

FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com

FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-03-14]

FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com

FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-03-14]

FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com

FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-03-14]

FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com

FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-03-14]

 

 

Chrome:

=======

CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByE0F0C0F0CyBtC0Azy0FtN0D0Tzu0CyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1346976118&ir=

CHR StartupUrls: "https://startpage.com/eng/"

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File

CHR Plugin: (Java Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll No File

CHR Extension: (Google Docs) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-03]

CHR Extension: (Google Drive) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-03]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-30]

CHR Extension: (YouTube) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-03]

CHR Extension: (Google Search) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-03]

CHR Extension: (Kaspersky URL Advisor) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-03-14]

CHR Extension: (Bargain Workbench) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebcpofjimbbchggpnfcaiieolloeodp [2013-08-31]

CHR Extension: (Safe Money) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-03-14]

CHR Extension: (Content Blocker) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-03-14]

CHR Extension: (Virtual Keyboard) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-03-14]

CHR Extension: (Google Wallet) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

CHR Extension: (Gmail) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-03]

CHR Extension: (Anti-Banner) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-03-14]

CHR HKLM\...\Chrome\Extension: [gebcpofjimbbchggpnfcaiieolloeodp] - C:\Users\Mark\AppData\Local\BargainWorkbench.crx [2013-08-31]

CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Mark\AppData\Local\mysearchdial-speeddial.crx [2013-12-04]

CHR HKCU\...\Chrome\Extension: [gebcpofjimbbchggpnfcaiieolloeodp] - C:\Users\Mark\AppData\Local\BargainWorkbench.crx [2013-08-31]

CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Mark\AppData\Local\mysearchdial-speeddial.crx [2013-12-04]

CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2013-01-14]

CHR HKLM-x32\...\Chrome\Extension: [gebcpofjimbbchggpnfcaiieolloeodp] - C:\Users\Mark\AppData\Local\BargainWorkbench.crx [2013-08-31]

CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2013-01-14]

CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2013-01-14]

CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2013-01-14]

CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [2013-01-14]

CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Mark\AppData\Local\mysearchdial-speeddial.crx [2013-12-04]

CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2013-01-14]

 

 

==================== Services (Whitelisted) =================

 

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

 

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)

R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed]

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]

R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-09-02] (Nero AG)

R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()

R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-22] (IDT, Inc.)

R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [X]

 

 

==================== Drivers (Whitelisted) ====================

 

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)

U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-29] (Kaspersky Lab ZAO)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-29] (Kaspersky Lab ZAO)

R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)

R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)

R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)

R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-18] (Kaspersky Lab ZAO)

R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-23] (Kaspersky Lab ZAO)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-10-07] ()

S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]

S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]

S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

 

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

 

 

==================== One Month Created Files and Folders ========

 

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

 

2014-08-08 21:32 - 2014-08-08 21:33 - 00023757 _____ () C:\Users\Mark\Downloads\FRST.txt

2014-08-08 21:31 - 2014-08-08 21:32 - 00000000 ____D () C:\FRST

2014-08-08 21:30 - 2014-08-08 21:30 - 02094080 _____ (Farbar) C:\Users\Mark\Downloads\FRST64.exe

2014-08-08 18:54 - 2014-08-08 18:54 - 00119360 _____ () C:\Users\Mark\Downloads\FLOAT (18).xlsx

2014-08-08 18:45 - 2014-08-08 18:53 - 00170751 _____ () C:\Users\Mark\Downloads\TAKINGS (44).xlsx

2014-08-04 19:50 - 2014-08-04 20:03 - 00170453 _____ () C:\Users\Mark\Downloads\TAKINGS (43).xlsx

2014-08-04 19:49 - 2014-08-04 19:50 - 00119302 _____ () C:\Users\Mark\Downloads\FLOAT (17).xlsx

2014-07-28 20:37 - 2014-07-28 20:37 - 00000076 _____ () C:\Users\Mark\Downloads\report.qif

2014-07-28 20:33 - 2014-07-28 20:33 - 00170316 _____ () C:\Users\Mark\Downloads\TAKINGS (42).xlsx

2014-07-26 18:56 - 2014-07-26 18:56 - 00119159 _____ () C:\Users\Mark\Downloads\FLOAT (16).xlsx

2014-07-26 18:53 - 2014-07-26 18:56 - 00165784 _____ () C:\Users\Mark\Downloads\TAKINGS (41).xlsx

2014-07-25 18:49 - 2014-07-25 18:49 - 00119142 _____ () C:\Users\Mark\Downloads\FLOAT (15).xlsx

2014-07-25 18:46 - 2014-07-25 18:46 - 00165764 _____ () C:\Users\Mark\Downloads\TAKINGS (40).xlsx

2014-07-23 22:33 - 2014-07-23 22:34 - 00161193 _____ () C:\Users\Mark\Downloads\TAKINGS (39).xlsx

2014-07-14 19:09 - 2014-07-14 19:10 - 00161010 _____ () C:\Users\Mark\Downloads\TAKINGS (38).xlsx

2014-07-11 18:51 - 2014-07-11 18:51 - 00160931 _____ () C:\Users\Mark\Downloads\TAKINGS (37).xlsx

2014-07-09 13:36 - 2014-06-30 03:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-07-09 13:36 - 2014-06-30 03:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-07-09 13:36 - 2014-06-18 03:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe

2014-07-09 13:36 - 2014-06-18 02:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe

2014-07-09 13:36 - 2014-06-18 02:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-07-09 13:36 - 2014-06-06 11:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-07-09 13:36 - 2014-06-06 10:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2014-07-09 13:36 - 2014-05-30 09:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-07-09 13:36 - 2014-05-30 09:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-07-09 13:36 - 2014-05-30 09:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-07-09 13:36 - 2014-05-30 09:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2014-07-09 13:36 - 2014-05-30 09:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-07-09 13:36 - 2014-05-30 09:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-07-09 13:36 - 2014-05-30 09:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-07-09 13:36 - 2014-05-30 08:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-07-09 13:36 - 2014-05-30 08:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2014-07-09 13:36 - 2014-05-30 08:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2014-07-09 13:36 - 2014-05-30 08:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2014-07-09 13:36 - 2014-05-30 08:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2014-07-09 13:36 - 2014-05-30 08:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-07-09 13:36 - 2014-05-30 08:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-07-09 13:36 - 2014-05-30 07:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2014-07-09 13:35 - 2014-06-20 21:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-07-09 13:35 - 2014-06-20 20:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-07-09 13:35 - 2014-06-19 02:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-07-09 13:35 - 2014-06-19 02:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-07-09 13:35 - 2014-06-19 01:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-07-09 13:35 - 2014-06-19 01:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-07-09 13:35 - 2014-06-19 01:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-07-09 13:35 - 2014-06-19 01:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-07-09 13:35 - 2014-06-19 01:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-07-09 13:35 - 2014-06-19 00:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-07-09 13:35 - 2014-06-19 00:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-07-09 13:35 - 2014-06-19 00:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-07-09 13:35 - 2014-06-19 00:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-07-09 13:35 - 2014-06-19 00:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-07-09 13:35 - 2014-06-19 00:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-07-09 13:35 - 2014-06-19 00:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-07-09 13:35 - 2014-06-19 00:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-07-09 13:35 - 2014-06-19 00:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-07-09 13:35 - 2014-06-19 00:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-07-09 13:35 - 2014-06-19 00:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-07-09 13:35 - 2014-06-19 00:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-07-09 13:35 - 2014-06-19 00:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-07-09 13:35 - 2014-06-18 23:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-07-09 13:35 - 2014-06-18 23:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-07-09 13:35 - 2014-06-18 23:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-07-09 13:35 - 2014-06-18 23:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-07-09 13:35 - 2014-06-18 23:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-07-09 13:35 - 2014-06-18 23:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-07-09 13:35 - 2014-06-18 23:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-07-09 13:34 - 2014-06-19 02:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-07-09 13:34 - 2014-06-19 01:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-07-09 13:34 - 2014-06-19 01:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-07-09 13:34 - 2014-06-19 01:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-07-09 13:34 - 2014-06-19 01:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-07-09 13:34 - 2014-06-19 01:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-07-09 13:34 - 2014-06-19 01:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-07-09 13:34 - 2014-06-19 01:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-07-09 13:34 - 2014-06-19 01:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-07-09 13:34 - 2014-06-19 01:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-07-09 13:34 - 2014-06-19 00:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-07-09 13:34 - 2014-06-19 00:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-07-09 13:34 - 2014-06-19 00:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-07-09 13:34 - 2014-06-19 00:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-07-09 13:34 - 2014-06-19 00:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-07-09 13:34 - 2014-06-19 00:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-07-09 13:34 - 2014-06-19 00:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-07-09 13:34 - 2014-06-19 00:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-07-09 13:34 - 2014-06-19 00:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-07-09 13:34 - 2014-06-19 00:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-07-09 13:34 - 2014-06-18 23:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-07-09 13:34 - 2014-06-18 23:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-07-09 13:34 - 2014-06-18 23:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-07-09 13:34 - 2014-06-18 23:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-07-09 13:34 - 2014-06-18 23:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-07-09 13:34 - 2014-06-18 23:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-07-09 13:34 - 2014-06-18 23:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-07-09 13:34 - 2014-06-05 15:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-07-09 13:34 - 2014-06-05 15:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2014-07-09 13:34 - 2014-06-05 15:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

 

 

==================== One Month Modified Files and Folders =======

 

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

 

2014-08-08 21:33 - 2014-08-08 21:32 - 00023757 _____ () C:\Users\Mark\Downloads\FRST.txt

2014-08-08 21:32 - 2014-08-08 21:31 - 00000000 ____D () C:\FRST

2014-08-08 21:30 - 2014-08-08 21:30 - 02094080 _____ (Farbar) C:\Users\Mark\Downloads\FRST64.exe

2014-08-08 20:56 - 2013-03-14 18:33 - 00000000 ____D () C:\ProgramData\Kaspersky Lab

2014-08-08 20:53 - 2013-03-03 01:19 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-08-08 20:20 - 2010-03-26 10:31 - 01138462 _____ () C:\Windows\WindowsUpdate.log

2014-08-08 18:54 - 2014-08-08 18:54 - 00119360 _____ () C:\Users\Mark\Downloads\FLOAT (18).xlsx

2014-08-08 18:53 - 2014-08-08 18:45 - 00170751 _____ () C:\Users\Mark\Downloads\TAKINGS (44).xlsx

2014-08-08 16:42 - 2009-07-14 05:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-08 16:42 - 2009-07-14 05:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-08 16:41 - 2009-07-14 06:13 - 00006210 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-08 16:36 - 2013-06-03 16:50 - 00000000 ____D () C:\Users\Mark\AppData\Local\HTC MediaHub

2014-08-08 16:36 - 2013-03-03 01:19 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-08-08 16:34 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-08 16:34 - 2009-07-14 05:51 - 00140432 _____ () C:\Windows\setupact.log

2014-08-06 20:16 - 2013-03-10 14:33 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMark

2014-08-06 20:16 - 2013-03-10 14:33 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForMark.job

2014-08-04 20:03 - 2014-08-04 19:50 - 00170453 _____ () C:\Users\Mark\Downloads\TAKINGS (43).xlsx

2014-08-04 19:50 - 2014-08-04 19:49 - 00119302 _____ () C:\Users\Mark\Downloads\FLOAT (17).xlsx

2014-08-04 19:45 - 2014-02-26 22:39 - 00027136 _____ () C:\Users\Mark\Desktop\GM DD.xls

2014-07-29 19:04 - 2013-03-10 14:18 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log

2014-07-29 19:03 - 2013-03-12 12:47 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2014-07-28 20:37 - 2014-07-28 20:37 - 00000076 _____ () C:\Users\Mark\Downloads\report.qif

2014-07-28 20:33 - 2014-07-28 20:33 - 00170316 _____ () C:\Users\Mark\Downloads\TAKINGS (42).xlsx

2014-07-26 18:56 - 2014-07-26 18:56 - 00119159 _____ () C:\Users\Mark\Downloads\FLOAT (16).xlsx

2014-07-26 18:56 - 2014-07-26 18:53 - 00165784 _____ () C:\Users\Mark\Downloads\TAKINGS (41).xlsx

2014-07-25 18:49 - 2014-07-25 18:49 - 00119142 _____ () C:\Users\Mark\Downloads\FLOAT (15).xlsx

2014-07-25 18:46 - 2014-07-25 18:46 - 00165764 _____ () C:\Users\Mark\Downloads\TAKINGS (40).xlsx

2014-07-24 18:39 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-07-24 18:38 - 2013-08-17 20:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-07-24 18:38 - 2013-08-17 20:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-07-23 23:30 - 2013-08-17 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-07-23 22:34 - 2014-07-23 22:33 - 00161193 _____ () C:\Users\Mark\Downloads\TAKINGS (39).xlsx

2014-07-18 20:58 - 2013-03-03 01:21 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-07-15 18:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2014-07-14 19:10 - 2014-07-14 19:09 - 00161010 _____ () C:\Users\Mark\Downloads\TAKINGS (38).xlsx

2014-07-11 18:51 - 2014-07-11 18:51 - 00160931 _____ () C:\Users\Mark\Downloads\TAKINGS (37).xlsx

2014-07-10 08:31 - 2009-07-14 05:45 - 00354752 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-07-10 08:29 - 2014-05-06 22:22 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-07-10 08:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism

2014-07-10 08:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism

2014-07-10 07:46 - 2013-08-11 14:23 - 00000000 ____D () C:\Windows\system32\MRT

2014-07-10 07:43 - 2013-03-03 00:04 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

 

 

Some content of TEMP:

====================

C:\Users\Mark\AppData\Local\Temp\135.24487527704275_Update.exe

C:\Users\Mark\AppData\Local\Temp\45761uninstall.exe

C:\Users\Mark\AppData\Local\Temp\638.7074456770241_Update.exe

C:\Users\Mark\AppData\Local\Temp\93617uninstall.exe

C:\Users\Mark\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\Mark\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe

C:\Users\Mark\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\Mark\AppData\Local\Temp\rsxgdruj.dll

C:\Users\Mark\AppData\Local\Temp\sp64126.exe

C:\Users\Mark\AppData\Local\Temp\Sqlite3.dll

C:\Users\Mark\AppData\Local\Temp\UninstallHPSA.exe

 

 

 

 

==================== Bamital & volsnap Check =================

 

 

(There is no automatic fix for files that do not pass verification.)

 

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

 

 

LastRegBack: 2014-08-08 18:06

 

 

==================== End Of Log ============================

Posted

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-08-2014

Ran by Mark at 2014-08-08 21:34:20

Running from C:\Users\Mark\Downloads

Boot Mode: Normal

==========================================================

 

 

 

 

==================== Security Center ========================

 

 

(If an entry is included in the fixlist, it will be removed.)

 

 

AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

 

 

==================== Installed Programs ======================

 

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

 

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.880 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 3.5.0.880 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)

Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)

Adobe Shockwave Player (HKLM-x32\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)

AMD USB Filter Driver (HKLM-x32\...\{5271C0D4-24E4-4C3D-A782-C012033FD3CF}) (Version: 1.0.10.84 - Advanced Micro Devices, Inc.)

Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)

ATI Catalyst Install Manager (HKLM\...\{902004C7-2B12-4A4F-E1DB-E75C7B03EDD4}) (Version: 3.0.732.0 - ATI Technologies, Inc.)

Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden

Catalyst Control Center Core Implementation (x32 Version: 2009.0804.2223.38385 - ATI) Hidden

Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0804.2223.38385 - ATI) Hidden

Catalyst Control Center Graphics Full New (x32 Version: 2009.0804.2223.38385 - ATI) Hidden

Catalyst Control Center Graphics Light (x32 Version: 2009.0804.2223.38385 - ATI) Hidden

Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0804.2223.38385 - ATI) Hidden

Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0804.2223.38385 - ATI) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2009.0804.2223.38385 - ATI Technologies, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2009.0804.2223.38385 - ATI) Hidden

CCC Help Chinese Standard (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Chinese Traditional (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Czech (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Danish (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Dutch (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help English (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Finnish (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help French (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help German (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Greek (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Hungarian (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Italian (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Japanese (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Korean (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Norwegian (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Polish (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Portuguese (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Russian (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Spanish (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Swedish (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Thai (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Turkish (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

ccc-core-static (x32 Version: 2009.0804.2223.38385 - ATI) Hidden

ccc-utility64 (Version: 2009.0804.2223.38385 - ATI) Hidden

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2111 - CyberLink Corp.)

CyberLink DVD Suite (x32 Version: 7.0.2111 - CyberLink Corp.) Hidden

CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3325 - CyberLink Corp.)

CyberLink MediaShow (x32 Version: 4.1.3325 - CyberLink Corp.) Hidden

CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.1.1005 - CyberLink Corp.)

CyberLink PowerDVD 8 (x32 Version: 8.0.1.1005 - CyberLink Corp.) Hidden

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2201 - CyberLink Corp.)

CyberLink YouCam (x32 Version: 3.0.2201 - CyberLink Corp.) Hidden

DriverUpdate (HKLM-x32\...\{850A14FC-F410-47F7-94E4-38F4D3F270D4}) (Version: 2.2.30452 - SlimWare Utilities, Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)

HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)

HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.7.1 - Hewlett-Packard)

HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)

HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)

HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)

HP User Guides 0148 (HKLM-x32\...\{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}) (Version: 1.01.0005 - Hewlett-Packard)

HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)

HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.10.0.001 - HTC Corporation)

HTC Sync Manager (HKLM-x32\...\{368E4EF8-E840-40EE-A224-50B8D1DC2B12}) (Version: 2.4.11.0 - HTC)

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6225.0 - IDT)

IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)

Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)

Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)

Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden

LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2111 - CyberLink Corp.)

LabelPrint (x32 Version: 2.5.2111 - CyberLink Corp.) Hidden

LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)

Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden

Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)

Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden

MSXML 4.0 SP3 P****r (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 P****r (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

muvee Reveal (HKLM-x32\...\{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}) (Version: 7.0.43.11502 - muvee Technologies Pte Ltd)

Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3311 - CyberLink Corp.)

Power2Go (x32 Version: 6.0.3311 - CyberLink Corp.) Hidden

PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3311 - CyberLink Corp.)

PowerDirector (x32 Version: 7.0.3311 - CyberLink Corp.) Hidden

QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden

Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.)

Recovery Manager (x32 Version: 5.5.2202 - CyberLink Corp.) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)

Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)

Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)

Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)

Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)

Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)

Update for Zip Opener (HKCU\...\DSite) (Version: - ) <==== ATTENTION

Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden

Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

 

 

==================== Custom CLSID (selected items): ==========================

 

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

 

 

==================== Restore Points =========================

 

 

05-07-2014 07:09:49 Windows Update

09-07-2014 12:14:52 Windows Update

10-07-2014 06:39:31 Windows Update

15-07-2014 15:54:15 Windows Update

18-07-2014 19:11:40 Windows Update

22-07-2014 18:46:36 Windows Update

23-07-2014 22:27:53 Windows Update

29-07-2014 17:55:44 Windows Update

05-08-2014 19:27:09 Windows Update

 

 

==================== Hosts content: ==========================

 

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

 

2009-07-14 03:34 - 2013-10-17 17:57 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

 

 

==================== Scheduled Tasks (whitelisted) =============

 

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

 

Task: {0477E927-6F33-4A5C-9D93-070712CCFC75} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-03] (Google Inc.)

Task: {14E2FB40-B049-4E4F-A225-356371DE7C83} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {189CF012-F358-4708-9C7A-C8EEC27FBC75} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

Task: {1FBFFA86-7C49-43F0-A447-0DBE5597C588} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)

Task: {24A94DC7-A6DD-4EA6-B1BE-477BF7A45E6B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-07-23] (Microsoft)

Task: {78B56BCE-1121-4A4F-89C9-8A51A89C0651} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {7EB8E889-1801-4790-9D6F-4947C1E95878} - System32\Tasks\HPCeeScheduleForMark => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

Task: {8C7E7597-8307-4CA0-8E78-0EE66CF897D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-03] (Google Inc.)

Task: {8F7A542B-8DF7-4232-8DE0-F984ABF47EEF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {9C7F915A-B7B5-4C5D-AD5E-E5F2DD6AAA95} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-07] ()

Task: {F7949A76-4940-4235-99F3-69BD523137DC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForMark.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

 

 

==================== Loaded Modules (whitelisted) =============

 

 

2013-06-03 16:49 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

2009-12-17 12:45 - 2009-07-06 20:20 - 00247152 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

2013-11-14 22:32 - 2013-11-14 22:32 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe

2009-07-02 00:44 - 2009-07-02 00:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

2009-10-02 23:46 - 2009-10-02 23:46 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

2010-03-26 10:29 - 2010-03-26 10:29 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2013-01-14 15:41 - 2013-01-14 15:41 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll

2013-10-17 16:40 - 2013-10-17 16:40 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll

2013-11-14 22:31 - 2013-11-14 22:31 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll

2013-10-17 16:40 - 2013-10-17 16:40 - 00044392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll

2013-10-17 16:40 - 2013-10-17 16:40 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll

2013-10-17 16:40 - 2013-10-17 16:40 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll

2013-10-17 16:42 - 2013-10-17 16:42 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll

2013-11-14 22:34 - 2013-11-14 22:34 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll

2009-08-20 20:35 - 2009-08-20 20:35 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll

2009-08-20 20:35 - 2009-08-20 20:35 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll

2009-08-20 20:35 - 2009-08-20 20:35 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

2012-08-17 22:38 - 2012-08-17 22:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll

2014-07-18 20:58 - 2014-07-15 10:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll

2014-07-18 20:58 - 2014-07-15 10:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll

2014-07-18 20:58 - 2014-07-15 10:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll

2014-07-18 20:58 - 2014-07-15 10:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll

2014-07-18 20:58 - 2014-07-15 10:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll

 

 

==================== Alternate Data Streams (whitelisted) =========

 

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

 

 

==================== Safe Mode (whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

 

 

==================== EXE Association (whitelisted) =============

 

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

 

(Currently there is no automatic fix for this section.)

 

 

 

 

==================== Faulty Device Manager Devices =============

 

 

 

 

==================== Event log errors: =========================

 

 

Application errors:

==================

Error: (08/08/2014 04:41:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)

Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

 

 

Error: (08/08/2014 04:41:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)

Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

 

 

Error: (08/07/2014 08:23:03 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)

Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

 

 

Error: (08/07/2014 08:23:03 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)

Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

 

 

Error: (08/06/2014 01:30:20 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)

Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

 

 

Error: (08/06/2014 01:30:20 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)

Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

 

 

Error: (08/05/2014 08:22:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)

Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

 

 

Error: (08/05/2014 08:22:58 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)

Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

 

 

Error: (08/04/2014 02:15:27 PM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: The backup did not complete because of an error writing to the backup location G:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

 

 

Error: (08/04/2014 02:12:42 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)

Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

 

 

 

 

System errors:

=============

Error: (08/08/2014 04:34:47 PM) (Source: atikmdag) (EventID: 19468) (User: )

Description: CPLIB :: General - Invalid Parameter

 

 

Error: (08/07/2014 01:23:53 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.

 

 

Error: (08/07/2014 08:15:36 AM) (Source: atikmdag) (EventID: 19468) (User: )

Description: CPLIB :: General - Invalid Parameter

 

 

Error: (08/07/2014 08:15:37 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 22:10:27 on ‎06/‎08/‎2014 was unexpected.

 

 

Error: (08/06/2014 01:23:04 PM) (Source: atikmdag) (EventID: 19468) (User: )

Description: CPLIB :: General - Invalid Parameter

 

 

Error: (08/06/2014 01:23:06 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 23:11:40 on ‎05/‎08/‎2014 was unexpected.

 

 

Error: (08/05/2014 08:16:18 PM) (Source: atikmdag) (EventID: 19468) (User: )

Description: CPLIB :: General - Invalid Parameter

 

 

Error: (08/05/2014 08:16:20 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 23:36:10 on ‎04/‎08/‎2014 was unexpected.

 

 

Error: (08/04/2014 04:11:19 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

 

 

Error: (08/04/2014 02:05:17 PM) (Source: atikmdag) (EventID: 19468) (User: )

Description: CPLIB :: General - Invalid Parameter

 

 

 

 

Microsoft Office Sessions:

=========================

 

 

CodeIntegrity Errors:

===================================

Date: 2014-08-08 18:09:35.885

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

 

Date: 2014-08-08 18:09:35.885

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

 

Date: 2014-08-08 18:09:35.885

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

 

Date: 2014-08-08 18:09:35.838

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

 

 

Date: 2014-08-08 18:09:35.838

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

 

 

Date: 2014-08-08 18:09:35.838

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

 

 

Date: 2014-08-06 20:56:11.645

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

 

Date: 2014-08-06 20:56:11.630

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

 

Date: 2014-08-06 20:56:11.630

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

 

Date: 2014-08-06 20:56:11.599

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

 

 

 

 

==================== Memory info ===========================

 

 

Percentage of memory in use: 69%

Total physical RAM: 1788.2 MB

Available physical RAM: 546.68 MB

Total Pagefile: 3576.4 MB

Available Pagefile: 1425.05 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB

 

 

==================== Drives ================================

 

 

Drive c: () (Fixed) (Total:219.29 GB) (Free:133.68 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (RECOVERY) (Fixed) (Total:13.3 GB) (Free:2.21 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

 

 

==================== MBR & Partition Table ==================

 

 

========================================================

Disk: 0 (Size: 233 GB) (Disk ID: 7661831D)

Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=219 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

 

 

==================== End Of Log ============================

  • ExTS Admin
Posted

Hi Gadgie,

 

 

Step 1

AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

Windows Defender will conflict with Kaspersky.

Most 3rd party AV's will disable Windows Defender when they are installed, for this reason.

 

  • Click Start >> Programs >> Windows Defender or launch from the system tray icon.
  • Click on Tools & Settings >> Options.
  • Under Real-time protection options, uncheck the "Real-time protection" check box.
  • Click Save.
  • Go to Start >> Control Panel >> Security >> Windows Defender, at the bottom of the Window Defenders page uncheck under Administrator Options "use Windows Defender" and then Save.

 

Step 2

Malwarebytes Anti-Malware version 1.75.0.1300

Please uninstall MBAM ..... this is an old version.

Installing the latest version when an old version is still on the system can cause problems.

Just be-aware that the latest version does look a lot different.

 

Once MBAM is uninstalled....

 

  • Download Malwarebytes Anti-Malware Free and save it to your desktop
  • Double click the desktop icon, click Run, then OK
  • Click Next
  • Select I accept the agreement then continue to click Next then finally click Install
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program
    I recommend that you UNtick this option.
  • Click Finish
  • If you are notified the Database is out of date click Update Now
     
    http://img.photobucket.com/albums/v708/starbuck50/mbamnew_zpsdc989cc1.png
     
  • Click Scan Now >>
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

.

 

(Copy to clipboard for pasting into forum replies)

 

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab >> Application Logs.
     
    http://img.photobucket.com/albums/v708/starbuck50/mbamapplog_zps222887ef.png
     
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
     
    http://img.photobucket.com/albums/v708/starbuck50/mbamhis_zps7bfe6503.png
     
  • Paste the contents of the clipboard into your reply.

 

 

Step 3

Now that MBAM has been run, let's get an up to date set of FRST reports.

 

Please re-run FRST.

  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.
     
    http://img.photobucket.com/albums/v708/starbuck50/newfrst_zpsa63ffa3d.png
     
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It will also make another log (Addition.txt). Please copy and paste it to your reply also.

 

 

In your next reply, please submit:

MBAM report

Both reports from the new FRST scan.

 

 

Thanks.

Member of:

UNITE

Posted

Hi Starbuck,

 

Sorry cant find Windows Defender under security!!

 

 

  • Go to Start >> Control Panel >> Security >> Windows Defender, at the bottom of the Window Defenders page uncheck under Administrator Options "use Windows Defender" and then Save.

  • ExTS Admin
Posted

Hi Gadgie,

 

Sorry i forgot that the Control Panel can be set up to show more than one way.

This is were you will find Windows Defender:

Once you open Control Panel....Click the drop down arrow next to View by:

and change it to Large Icons.

Windows Defender will be at the bottom of the list.

 

http://img.photobucket.com/albums/v708/starbuck50/windef_zpsc8b81bac.png

Member of:

UNITE

Posted

Malwarebytes Anti-Malware

http://www.malwarebytes.org

 

 

Scan Date: 12/08/2014

Scan Time: 15:05:56

Logfile:

Administrator: Yes

 

 

Version: 2.00.2.1012

Malware Database: v2014.08.12.04

Rootkit Database: v2014.08.04.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Mark

 

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 321537

Time Elapsed: 25 min, 4 sec

 

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

 

Processes: 0

(No malicious items detected)

 

 

Modules: 0

(No malicious items detected)

 

 

Registry Keys: 13

PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}, Quarantined, [12a2814489f29b9baeb0574ad62c48b8],

PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, Quarantined, [12a2814489f29b9baeb0574ad62c48b8],

PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, Quarantined, [12a2814489f29b9baeb0574ad62c48b8],

PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1737154417-1697994350-281717988-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [5f553c89b9c2fb3bf11e2741d032c937],

PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [5f553c89b9c2fb3bf11e2741d032c937],

PUP.Optional.BargainWorkbench.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\gebcpofjimbbchggpnfcaiieolloeodp, Quarantined, [773d3194a1daed49462014d805fd3fc1],

PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdff, Quarantined, [72425372f28959dd360b57b2709343bd],

PUP.Optional.BargainWorkbench.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gebcpofjimbbchggpnfcaiieolloeodp, Quarantined, [f9bb8243532859ddf472f4f817ebe41c],

PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdff, Quarantined, [b5ff6560374474c2132efe0b0003a65a],

PUP.Optional.BargainWorkbench.A, HKU\S-1-5-21-1737154417-1697994350-281717988-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\gebcpofjimbbchggpnfcaiieolloeodp, Quarantined, [585cbb0a8feca591baadc626a26032ce],

PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1737154417-1697994350-281717988-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pflphaooapbgpeakohlggbpidpppgdff, Quarantined, [aa0afec78cefa3939aa6749563a0b050],

PUP.Optional.InstallCore.A, HKU\S-1-5-21-1737154417-1697994350-281717988-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [aa0ad4f16c0f46f0edd85caa3cc7a25e],

PUP.Optional.InstallCore.A, HKU\S-1-5-21-1737154417-1697994350-281717988-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [5262576e700bca6ce2fcab71d92bd32d],

 

 

Registry Values: 1

PUP.Optional.InstallCore.A, HKU\S-1-5-21-1737154417-1697994350-281717988-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0H1L1J1L1S1R1N, Quarantined, [5262576e700bca6ce2fcab71d92bd32d]

 

 

Registry Data: 4

PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByE0F0C0F0CyBtC0Azy0FtN0D0Tzu0CyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1346976118&ir=, Good: (http://www.google.com), Bad: (http://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByE0F0C0F0CyBtC0Azy0FtN0D0Tzu0CyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1346976118&ir=),Replaced,[13a1a61fa5d637ff9b9ca328ec18ea16]

PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, http://start.mysearchdial.com/?f=2&a=dsites&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByE0F0C0F0CyBtC0Azy0FtN0D0Tzu0CyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1346976118&ir=, Good: (http://www.google.com), Bad: (http://start.mysearchdial.com/?f=2&a=dsites&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByE0F0C0F0CyBtC0Azy0FtN0D0Tzu0CyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1346976118&ir=),Replaced,[3282ac19dd9eef47f1f7526fde2629d7]

PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByE0F0C0F0CyBtC0Azy0FtN0D0Tzu0CyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1346976118&ir=, Good: (http://www.google.com), Bad: (http://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByE0F0C0F0CyBtC0Azy0FtN0D0Tzu0CyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1346976118&ir=),Replaced,[466e35903b4067cf03348d3e4db760a0]

PUP.Optional.MySearchDial.A, HKU\S-1-5-21-1737154417-1697994350-281717988-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByE0F0C0F0CyBtC0Azy0FtN0D0Tzu0CyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1346976118&ir=, Good: (http://www.google.com), Bad: (http://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByE0F0C0F0CyBtC0Azy0FtN0D0Tzu0CyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1346976118&ir=),Replaced,[5064388db8c3a39316205f6cf31150b0]

 

 

Folders: 3

PUP.Optional.BargainWorkbench.A, C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebcpofjimbbchggpnfcaiieolloeodp, Quarantined, [664e685d235893a3a8875372c83ae31d],

PUP.Optional.BargainWorkbench.A, C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebcpofjimbbchggpnfcaiieolloeodp\1.4.1.0_0, Quarantined, [664e685d235893a3a8875372c83ae31d],

PUP.Optional.BargainWorkbench.A, C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebcpofjimbbchggpnfcaiieolloeodp\1.4.1.0_0\images, Quarantined, [664e685d235893a3a8875372c83ae31d],

 

 

Files: 12

PUP.Optional.BuzzSearch.A, C:\Users\Mark\AppData\Local\Temp\is1590112554\2310202_stp\BuzzSearchSetup.exe, Quarantined, [0aaa5e671368f4420f642a1e5fa53ec2],

PUP.Optional.JumpyApps.A, C:\Users\Mark\Downloads\ZipExtractorSetup.exe, Quarantined, [b7fdf9cceb9046f05ac43f4e7490956b],

PUP.Optional.InstallCore, C:\Users\Mark\Downloads\ZipOpenerSetup.exe, Quarantined, [2193af16ea91ab8bc03f463efe06b44c],

PUP.Optional.MySearchDial.A, C:\Users\Mark\AppData\Local\mysearchdial-speeddial.crx, Quarantined, [ddd7794c6d0ef541bbef9f41b74b768a],

PUP.Optional.BargainWorkbench.A, C:\Users\Mark\AppData\Local\BargainWorkbench.crx, Quarantined, [684c5a6ba8d32313065ff3f944be7090],

PUP.Optional.MySearchDial.A, C:\Users\Mark\Desktop\MySearchDial.url, Quarantined, [8b296065bcbfd462a5221f06b64e9a66],

PUP.Optional.BargainWorkbench.A, C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebcpofjimbbchggpnfcaiieolloeodp\1.4.1.0_0\background.js, Quarantined, [664e685d235893a3a8875372c83ae31d],

PUP.Optional.BargainWorkbench.A, C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebcpofjimbbchggpnfcaiieolloeodp\1.4.1.0_0\manifest.json, Quarantined, [664e685d235893a3a8875372c83ae31d],

PUP.Optional.BargainWorkbench.A, C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebcpofjimbbchggpnfcaiieolloeodp\1.4.1.0_0\images\128.png, Quarantined, [664e685d235893a3a8875372c83ae31d],

PUP.Optional.BargainWorkbench.A, C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebcpofjimbbchggpnfcaiieolloeodp\1.4.1.0_0\images\16.png, Quarantined, [664e685d235893a3a8875372c83ae31d],

PUP.Optional.BargainWorkbench.A, C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebcpofjimbbchggpnfcaiieolloeodp\1.4.1.0_0\images\48.png, Quarantined, [664e685d235893a3a8875372c83ae31d],

PUP.Optional.MySearchDial.A, C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByE0F0C0F0CyBtC0Azy0FtN0D0Tzu0CyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1346976118&ir=",), Replaced,[6c48923397e48ea831e1916c14f0dd23]

 

 

Physical Sectors: 0

(No malicious items detected)

 

 

 

 

(end)

Posted

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01

Ran by Mark (administrator) on MARK-PC on 12-08-2014 15:53:25

Running from C:\Users\Mark\Downloads

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

 

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

 

==================== Processes (Whitelisted) =================

 

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

 

(AMD) C:\Windows\System32\atiesrxx.exe

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe

() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

(Microsoft Corporation) C:\Windows\splwow64.exe

(Farbar) C:\Users\Mark\Downloads\FRST64 (1).exe

 

 

 

 

==================== Registry (Whitelisted) ==================

 

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

 

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-15] (Synaptics Incorporated)

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-22] (IDT, Inc.)

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-08-05] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1243656 2013-12-11] (Easybits)

HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-07-23] (Hewlett-Packard)

HKU\S-1-5-21-1737154417-1697994350-281717988-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)

 

 

==================== Internet (Whitelisted) ====================

 

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =

BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)

BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

 

 

FireFox:

========

FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com

FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-03-14]

FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com

FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-03-14]

FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com

FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-03-14]

FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com

FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-03-14]

FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com

FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-03-14]

 

 

Chrome:

=======

CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByE0F0C0F0CyBtC0Azy0FtN0D0Tzu0CyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1346976118&ir=

CHR StartupUrls: "https://startpage.com/eng/"

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File

CHR Plugin: (Java Platform SE 7 U15) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\SysWOW64\npDeployJava1.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll No File

CHR Extension: (Google Docs) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-03]

CHR Extension: (Google Drive) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-03]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-30]

CHR Extension: (YouTube) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-03]

CHR Extension: (Google Search) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-03]

CHR Extension: (Kaspersky URL Advisor) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-03-14]

CHR Extension: (Safe Money) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-03-14]

CHR Extension: (Content Blocker) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-03-14]

CHR Extension: (Virtual Keyboard) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-03-14]

CHR Extension: (Google Wallet) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

CHR Extension: (Gmail) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-03]

CHR Extension: (Anti-Banner) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-03-14]

CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2013-01-14]

CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2013-01-14]

CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2013-01-14]

CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2013-01-14]

CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [2013-01-14]

CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2013-01-14]

 

 

==================== Services (Whitelisted) =================

 

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

 

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)

R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed]

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]

R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-09-02] (Nero AG)

R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]

R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()

R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe [240128 2009-07-22] (IDT, Inc.)

R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [X]

 

 

==================== Drivers (Whitelisted) ====================

 

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)

U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-29] (Kaspersky Lab ZAO)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-29] (Kaspersky Lab ZAO)

R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)

R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)

R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)

R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-18] (Kaspersky Lab ZAO)

R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-23] (Kaspersky Lab ZAO)

S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-10-07] ()

S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]

S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]

S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

 

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

 

 

==================== One Month Created Files and Folders ========

 

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

 

2014-08-12 15:51 - 2014-08-12 15:52 - 02099712 _____ (Farbar) C:\Users\Mark\Downloads\FRST64 (1).exe

2014-08-12 15:04 - 2014-08-12 15:40 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-12 15:03 - 2014-08-12 15:03 - 00000907 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-08-12 15:03 - 2014-08-12 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-12 15:03 - 2014-08-12 15:03 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-08-12 15:03 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-08-12 15:03 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-08-12 15:03 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-08-12 14:59 - 2014-08-12 15:00 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mark\Downloads\mbam-setup-2.0.2.1012.exe

2014-08-11 18:42 - 2014-08-11 18:42 - 00170817 _____ () C:\Users\Mark\Downloads\TAKINGS (45).xlsx

2014-08-08 21:34 - 2014-08-08 21:35 - 00035038 _____ () C:\Users\Mark\Downloads\Addition.txt

2014-08-08 21:32 - 2014-08-12 15:54 - 00021094 _____ () C:\Users\Mark\Downloads\FRST.txt

2014-08-08 21:31 - 2014-08-12 15:53 - 00000000 ____D () C:\FRST

2014-08-08 21:30 - 2014-08-08 21:30 - 02094080 _____ (Farbar) C:\Users\Mark\Downloads\FRST64.exe

2014-08-08 18:54 - 2014-08-08 18:54 - 00119360 _____ () C:\Users\Mark\Downloads\FLOAT (18).xlsx

2014-08-08 18:45 - 2014-08-08 18:53 - 00170751 _____ () C:\Users\Mark\Downloads\TAKINGS (44).xlsx

2014-08-04 19:50 - 2014-08-04 20:03 - 00170453 _____ () C:\Users\Mark\Downloads\TAKINGS (43).xlsx

2014-08-04 19:49 - 2014-08-04 19:50 - 00119302 _____ () C:\Users\Mark\Downloads\FLOAT (17).xlsx

2014-07-28 20:37 - 2014-07-28 20:37 - 00000076 _____ () C:\Users\Mark\Downloads\report.qif

2014-07-28 20:33 - 2014-07-28 20:33 - 00170316 _____ () C:\Users\Mark\Downloads\TAKINGS (42).xlsx

2014-07-26 18:56 - 2014-07-26 18:56 - 00119159 _____ () C:\Users\Mark\Downloads\FLOAT (16).xlsx

2014-07-26 18:53 - 2014-07-26 18:56 - 00165784 _____ () C:\Users\Mark\Downloads\TAKINGS (41).xlsx

2014-07-25 18:49 - 2014-07-25 18:49 - 00119142 _____ () C:\Users\Mark\Downloads\FLOAT (15).xlsx

2014-07-25 18:46 - 2014-07-25 18:46 - 00165764 _____ () C:\Users\Mark\Downloads\TAKINGS (40).xlsx

2014-07-23 22:33 - 2014-07-23 22:34 - 00161193 _____ () C:\Users\Mark\Downloads\TAKINGS (39).xlsx

2014-07-14 19:09 - 2014-07-14 19:10 - 00161010 _____ () C:\Users\Mark\Downloads\TAKINGS (38).xlsx

 

 

==================== One Month Modified Files and Folders =======

 

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

 

2014-08-12 15:54 - 2014-08-08 21:32 - 00021094 _____ () C:\Users\Mark\Downloads\FRST.txt

2014-08-12 15:53 - 2014-08-08 21:31 - 00000000 ____D () C:\FRST

2014-08-12 15:53 - 2013-03-03 01:19 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-08-12 15:52 - 2014-08-12 15:51 - 02099712 _____ (Farbar) C:\Users\Mark\Downloads\FRST64 (1).exe

2014-08-12 15:42 - 2010-03-26 10:31 - 01239399 _____ () C:\Windows\WindowsUpdate.log

2014-08-12 15:42 - 2009-07-14 05:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-12 15:42 - 2009-07-14 05:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-12 15:41 - 2009-07-14 06:13 - 00006210 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-12 15:40 - 2014-08-12 15:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-12 15:36 - 2013-03-14 18:33 - 00000000 ____D () C:\ProgramData\Kaspersky Lab

2014-08-12 15:35 - 2013-06-03 16:50 - 00000000 ____D () C:\Users\Mark\AppData\Local\HTC MediaHub

2014-08-12 15:35 - 2013-03-03 01:19 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-08-12 15:34 - 2010-03-26 10:33 - 00309806 _____ () C:\Windows\PFRO.log

2014-08-12 15:34 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-12 15:34 - 2009-07-14 05:51 - 00140992 _____ () C:\Windows\setupact.log

2014-08-12 15:03 - 2014-08-12 15:03 - 00000907 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-08-12 15:03 - 2014-08-12 15:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-12 15:03 - 2014-08-12 15:03 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-08-12 15:03 - 2013-10-03 13:02 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-08-12 15:00 - 2014-08-12 14:59 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mark\Downloads\mbam-setup-2.0.2.1012.exe

2014-08-11 18:42 - 2014-08-11 18:42 - 00170817 _____ () C:\Users\Mark\Downloads\TAKINGS (45).xlsx

2014-08-10 20:16 - 2013-03-10 14:33 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMark

2014-08-10 20:16 - 2013-03-10 14:33 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForMark.job

2014-08-08 21:35 - 2014-08-08 21:34 - 00035038 _____ () C:\Users\Mark\Downloads\Addition.txt

2014-08-08 21:30 - 2014-08-08 21:30 - 02094080 _____ (Farbar) C:\Users\Mark\Downloads\FRST64.exe

2014-08-08 18:54 - 2014-08-08 18:54 - 00119360 _____ () C:\Users\Mark\Downloads\FLOAT (18).xlsx

2014-08-08 18:53 - 2014-08-08 18:45 - 00170751 _____ () C:\Users\Mark\Downloads\TAKINGS (44).xlsx

2014-08-04 20:03 - 2014-08-04 19:50 - 00170453 _____ () C:\Users\Mark\Downloads\TAKINGS (43).xlsx

2014-08-04 19:50 - 2014-08-04 19:49 - 00119302 _____ () C:\Users\Mark\Downloads\FLOAT (17).xlsx

2014-08-04 19:45 - 2014-02-26 22:39 - 00027136 _____ () C:\Users\Mark\Desktop\GM DD.xls

2014-07-29 19:04 - 2013-03-10 14:18 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log

2014-07-29 19:03 - 2013-03-12 12:47 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2014-07-28 20:37 - 2014-07-28 20:37 - 00000076 _____ () C:\Users\Mark\Downloads\report.qif

2014-07-28 20:33 - 2014-07-28 20:33 - 00170316 _____ () C:\Users\Mark\Downloads\TAKINGS (42).xlsx

2014-07-26 18:56 - 2014-07-26 18:56 - 00119159 _____ () C:\Users\Mark\Downloads\FLOAT (16).xlsx

2014-07-26 18:56 - 2014-07-26 18:53 - 00165784 _____ () C:\Users\Mark\Downloads\TAKINGS (41).xlsx

2014-07-25 18:49 - 2014-07-25 18:49 - 00119142 _____ () C:\Users\Mark\Downloads\FLOAT (15).xlsx

2014-07-25 18:46 - 2014-07-25 18:46 - 00165764 _____ () C:\Users\Mark\Downloads\TAKINGS (40).xlsx

2014-07-24 18:39 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-07-24 18:38 - 2013-08-17 20:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-07-24 18:38 - 2013-08-17 20:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-07-23 23:30 - 2013-08-17 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-07-23 22:34 - 2014-07-23 22:33 - 00161193 _____ () C:\Users\Mark\Downloads\TAKINGS (39).xlsx

2014-07-18 20:58 - 2013-03-03 01:21 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-07-15 18:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2014-07-14 19:10 - 2014-07-14 19:09 - 00161010 _____ () C:\Users\Mark\Downloads\TAKINGS (38).xlsx

 

 

Some content of TEMP:

====================

C:\Users\Mark\AppData\Local\Temp\135.24487527704275_Update.exe

C:\Users\Mark\AppData\Local\Temp\45761uninstall.exe

C:\Users\Mark\AppData\Local\Temp\638.7074456770241_Update.exe

C:\Users\Mark\AppData\Local\Temp\93617uninstall.exe

C:\Users\Mark\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\Mark\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe

C:\Users\Mark\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\Mark\AppData\Local\Temp\rsxgdruj.dll

C:\Users\Mark\AppData\Local\Temp\sp64126.exe

C:\Users\Mark\AppData\Local\Temp\Sqlite3.dll

C:\Users\Mark\AppData\Local\Temp\UninstallHPSA.exe

 

 

 

 

==================== Bamital & volsnap Check =================

 

 

(There is no automatic fix for files that do not pass verification.)

 

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

 

 

LastRegBack: 2014-08-08 18:06

 

 

==================== End Of Log ============================

Posted

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-08-2014 01

Ran by Mark at 2014-08-12 15:55:03

Running from C:\Users\Mark\Downloads

Boot Mode: Normal

==========================================================

 

 

 

 

==================== Security Center ========================

 

 

(If an entry is included in the fixlist, it will be removed.)

 

 

AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

 

 

==================== Installed Programs ======================

 

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

 

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.880 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 3.5.0.880 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)

Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)

Adobe Shockwave Player (HKLM-x32\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)

AMD USB Filter Driver (HKLM-x32\...\{5271C0D4-24E4-4C3D-A782-C012033FD3CF}) (Version: 1.0.10.84 - Advanced Micro Devices, Inc.)

Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros)

ATI Catalyst Install Manager (HKLM\...\{902004C7-2B12-4A4F-E1DB-E75C7B03EDD4}) (Version: 3.0.732.0 - ATI Technologies, Inc.)

Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden

Catalyst Control Center Core Implementation (x32 Version: 2009.0804.2223.38385 - ATI) Hidden

Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0804.2223.38385 - ATI) Hidden

Catalyst Control Center Graphics Full New (x32 Version: 2009.0804.2223.38385 - ATI) Hidden

Catalyst Control Center Graphics Light (x32 Version: 2009.0804.2223.38385 - ATI) Hidden

Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0804.2223.38385 - ATI) Hidden

Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0804.2223.38385 - ATI) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2009.0804.2223.38385 - ATI Technologies, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2009.0804.2223.38385 - ATI) Hidden

CCC Help Chinese Standard (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Chinese Traditional (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Czech (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Danish (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Dutch (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help English (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Finnish (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help French (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help German (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Greek (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Hungarian (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Italian (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Japanese (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Korean (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Norwegian (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Polish (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Portuguese (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Russian (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Spanish (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Swedish (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Thai (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

CCC Help Turkish (x32 Version: 2009.0804.2222.38385 - ATI) Hidden

ccc-core-static (x32 Version: 2009.0804.2223.38385 - ATI) Hidden

ccc-utility64 (Version: 2009.0804.2223.38385 - ATI) Hidden

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2111 - CyberLink Corp.)

CyberLink DVD Suite (x32 Version: 7.0.2111 - CyberLink Corp.) Hidden

CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3325 - CyberLink Corp.)

CyberLink MediaShow (x32 Version: 4.1.3325 - CyberLink Corp.) Hidden

CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.1.1005 - CyberLink Corp.)

CyberLink PowerDVD 8 (x32 Version: 8.0.1.1005 - CyberLink Corp.) Hidden

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2201 - CyberLink Corp.)

CyberLink YouCam (x32 Version: 3.0.2201 - CyberLink Corp.) Hidden

DriverUpdate (HKLM-x32\...\{850A14FC-F410-47F7-94E4-38F4D3F270D4}) (Version: 2.2.30452 - SlimWare Utilities, Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)

HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)

HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.7.1 - Hewlett-Packard)

HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)

HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)

HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)

HP User Guides 0148 (HKLM-x32\...\{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}) (Version: 1.01.0005 - Hewlett-Packard)

HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)

HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.10.0.001 - HTC Corporation)

HTC Sync Manager (HKLM-x32\...\{368E4EF8-E840-40EE-A224-50B8D1DC2B12}) (Version: 2.4.11.0 - HTC)

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6225.0 - IDT)

IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)

Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)

Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)

Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden

LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2111 - CyberLink Corp.)

LabelPrint (x32 Version: 2.5.2111 - CyberLink Corp.) Hidden

LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden

Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)

Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden

MSXML 4.0 SP3 P****r (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 P****r (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

muvee Reveal (HKLM-x32\...\{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}) (Version: 7.0.43.11502 - muvee Technologies Pte Ltd)

Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3311 - CyberLink Corp.)

Power2Go (x32 Version: 6.0.3311 - CyberLink Corp.) Hidden

PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3311 - CyberLink Corp.)

PowerDirector (x32 Version: 7.0.3311 - CyberLink Corp.) Hidden

QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden

Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.)

Recovery Manager (x32 Version: 5.5.2202 - CyberLink Corp.) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)

Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)

Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)

Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)

Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)

Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)

Update for Zip Opener (HKCU\...\DSite) (Version: - ) <==== ATTENTION

Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden

Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

 

 

==================== Custom CLSID (selected items): ==========================

 

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

 

 

==================== Restore Points =========================

 

 

15-07-2014 15:54:15 Windows Update

18-07-2014 19:11:40 Windows Update

22-07-2014 18:46:36 Windows Update

23-07-2014 22:27:53 Windows Update

29-07-2014 17:55:44 Windows Update

05-08-2014 19:27:09 Windows Update

12-08-2014 13:53:48 Windows Update

 

 

==================== Hosts content: ==========================

 

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

 

2009-07-14 03:34 - 2013-10-17 17:57 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

 

 

==================== Scheduled Tasks (whitelisted) =============

 

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

 

Task: {0477E927-6F33-4A5C-9D93-070712CCFC75} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-03] (Google Inc.)

Task: {14E2FB40-B049-4E4F-A225-356371DE7C83} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {189CF012-F358-4708-9C7A-C8EEC27FBC75} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe

Task: {1FBFFA86-7C49-43F0-A447-0DBE5597C588} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)

Task: {24A94DC7-A6DD-4EA6-B1BE-477BF7A45E6B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-07-23] (Microsoft)

Task: {78B56BCE-1121-4A4F-89C9-8A51A89C0651} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {7EB8E889-1801-4790-9D6F-4947C1E95878} - System32\Tasks\HPCeeScheduleForMark => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

Task: {8C7E7597-8307-4CA0-8E78-0EE66CF897D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-03] (Google Inc.)

Task: {8F7A542B-8DF7-4232-8DE0-F984ABF47EEF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {9C7F915A-B7B5-4C5D-AD5E-E5F2DD6AAA95} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-07] ()

Task: {F7949A76-4940-4235-99F3-69BD523137DC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForMark.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

 

 

==================== Loaded Modules (whitelisted) =============

 

 

2013-06-03 16:49 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

2009-12-17 12:45 - 2009-07-06 20:20 - 00247152 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

2013-11-14 22:32 - 2013-11-14 22:32 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe

2009-07-02 00:44 - 2009-07-02 00:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

2009-10-02 23:46 - 2009-10-02 23:46 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

2010-03-26 10:29 - 2010-03-26 10:29 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2013-01-14 15:41 - 2013-01-14 15:41 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll

2013-10-17 16:40 - 2013-10-17 16:40 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll

2013-11-14 22:31 - 2013-11-14 22:31 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll

2013-10-17 16:40 - 2013-10-17 16:40 - 00044392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll

2013-10-17 16:40 - 2013-10-17 16:40 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll

2013-10-17 16:40 - 2013-10-17 16:40 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll

2013-10-17 16:42 - 2013-10-17 16:42 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll

2013-11-14 22:34 - 2013-11-14 22:34 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll

2009-08-20 20:35 - 2009-08-20 20:35 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll

2009-08-20 20:35 - 2009-08-20 20:35 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll

2009-08-20 20:35 - 2009-08-20 20:35 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

2012-08-17 22:38 - 2012-08-17 22:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll

2014-07-18 20:58 - 2014-07-15 10:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll

2014-07-18 20:58 - 2014-07-15 10:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll

2014-07-18 20:58 - 2014-07-15 10:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll

2014-07-18 20:58 - 2014-07-15 10:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll

2014-07-18 20:58 - 2014-07-15 10:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll

2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

 

 

==================== Alternate Data Streams (whitelisted) =========

 

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

 

 

==================== Safe Mode (whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

 

 

==================== EXE Association (whitelisted) =============

 

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

 

(Currently there is no automatic fix for this section.)

 

 

 

 

==================== Faulty Device Manager Devices =============

 

 

 

 

==================== Event log errors: =========================

 

 

Application errors:

==================

Error: (08/12/2014 03:41:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)

Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

 

 

Error: (08/12/2014 03:41:38 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)

Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

 

 

Error: (08/12/2014 02:49:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)

Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

 

 

Error: (08/12/2014 02:49:27 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)

Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

 

 

Error: (08/11/2014 04:41:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)

Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

 

 

Error: (08/11/2014 04:41:02 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)

Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

 

 

Error: (08/10/2014 07:17:15 PM) (Source: Windows Backup) (EventID: 4103) (User: )

Description: The backup did not complete because of an error writing to the backup location G:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

 

 

Error: (08/10/2014 01:24:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)

Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

 

 

Error: (08/10/2014 01:24:12 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)

Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

 

 

Error: (08/09/2014 03:47:22 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)

Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

 

 

 

 

System errors:

=============

Error: (08/12/2014 03:34:52 PM) (Source: atikmdag) (EventID: 19468) (User: )

Description: CPLIB :: General - Invalid Parameter

 

 

Error: (08/12/2014 02:42:50 PM) (Source: atikmdag) (EventID: 19468) (User: )

Description: CPLIB :: General - Invalid Parameter

 

 

Error: (08/12/2014 02:42:52 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 20:04:09 on ‎11/‎08/‎2014 was unexpected.

 

 

Error: (08/11/2014 04:33:46 PM) (Source: atikmdag) (EventID: 19468) (User: )

Description: CPLIB :: General - Invalid Parameter

 

 

Error: (08/11/2014 04:33:48 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 23:32:34 on ‎10/‎08/‎2014 was unexpected.

 

 

Error: (08/10/2014 05:45:52 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.

 

 

Error: (08/10/2014 01:18:59 PM) (Source: atikmdag) (EventID: 19468) (User: )

Description: CPLIB :: General - Invalid Parameter

 

 

Error: (08/10/2014 01:19:01 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 23:03:13 on ‎09/‎08/‎2014 was unexpected.

 

 

Error: (08/09/2014 03:40:35 PM) (Source: atikmdag) (EventID: 19468) (User: )

Description: CPLIB :: General - Invalid Parameter

 

 

Error: (08/08/2014 04:34:47 PM) (Source: atikmdag) (EventID: 19468) (User: )

Description: CPLIB :: General - Invalid Parameter

 

 

 

 

Microsoft Office Sessions:

=========================

 

 

CodeIntegrity Errors:

===================================

Date: 2014-08-10 23:15:21.479

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

 

Date: 2014-08-10 23:15:21.479

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

 

Date: 2014-08-10 23:15:21.463

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

 

Date: 2014-08-10 23:15:21.432

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

 

 

Date: 2014-08-10 23:15:21.432

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

 

 

Date: 2014-08-10 23:15:21.432

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

 

 

Date: 2014-08-09 18:35:12.561

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

 

Date: 2014-08-09 18:35:12.561

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

 

Date: 2014-08-09 18:35:12.561

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

 

 

Date: 2014-08-09 18:35:12.545

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

 

 

 

 

==================== Memory info ===========================

 

 

Percentage of memory in use: 72%

Total physical RAM: 1788.2 MB

Available physical RAM: 492.45 MB

Total Pagefile: 3576.4 MB

Available Pagefile: 1549.34 MB

Total Virtual: 8192 MB

Available Virtual: 8191.86 MB

 

 

==================== Drives ================================

 

 

Drive c: () (Fixed) (Total:219.29 GB) (Free:136.41 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (RECOVERY) (Fixed) (Total:13.3 GB) (Free:2.21 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

 

 

==================== MBR & Partition Table ==================

 

 

========================================================

Disk: 0 (Size: 233 GB) (Disk ID: 7661831D)

Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=219 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

 

 

==================== End Of Log ============================

  • ExTS Admin
Posted

Hi Gadgie

 

A few things for you to do:

 

Step 1

Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\Mark\Downloads.

NOTE.

It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

 

NOTICE: This script was written specifically for this user, for use on that particular machine.

Running this on another machine may cause damage to your operating system

 

Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

 

http://img.photobucket.com/albums/v708/starbuck50/frstfix_zps7db0c905.png

 

The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply.

 

 

Step 2

Please reset Google Chrome:

  • Click the Menu option button at the top right of the Google Chrome screen
  • Select Settings.
  • Click Show advanced settings and find the "Reset browser settings” section.
  • Click Reset browser settings.
  • In the dialogue that appears, click Reset. Note: When the "Help make Google Chrome better by reporting the current settings" tick box is selected you are anonymously sending Google your Chrome settings. Reporting these settings allows us to analyse trends and work to prevent future unwanted settings changes.

 

Resetting your browser settings will impact the settings below:

 

Default search engine and saved search engines will be reset and to their original defaults.

Homepage button will be hidden and the URL that you previously set will be removed.

Default startup tabs will be cleared. The browser will show a new tab when you startup or continue where you left off if you're on a Chromebook.

New Tab page will be empty unless you have a version of Chrome with an extension that controls it. In that case your page may be preserved.

Pinned tabs will be unpinned.

Content settings will be cleared and reset to their installation defaults.

Cookies and site data will be cleared.

Extensions and themes will be disabled.

 

 

Step 3

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) 8 Update 11 and save it to your desktop.
  • Scroll down to where it says "Java SE 8 Update 11".
  • Click the "Download JRE " button.
  • Accept the license agreement.
  • select 'Windows x64.exe' from the list.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    .
    Java 7 Update 45 (64-bit)
    Java 7 Update 55
    .
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on downloaded icon to install the newest version.

 

 

Please post the fixlog.txt in your next reply.

 

Thanks.

[ATTACH]1268.vB5-legacyid=2275[/ATTACH]

fixlist.txt

Member of:

UNITE

Posted

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-08-2014

Ran by Mark at 2014-08-15 22:52:43 Run:1

Running from C:\Users\Mark\Downloads

Boot Mode: Normal

==============================================

 

 

Content of fixlist:

*****************

HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =

R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [X]

S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]

S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]

S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

C:\Users\Mark\AppData\Local\Temp\135.2448752770427 5_Update.exe

C:\Users\Mark\AppData\Local\Temp\45761uninstall.ex e

C:\Users\Mark\AppData\Local\Temp\638.7074456770241 _Update.exe

C:\Users\Mark\AppData\Local\Temp\93617uninstall.ex e

C:\Users\Mark\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\Mark\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe

C:\Users\Mark\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\Mark\AppData\Local\Temp\rsxgdruj.dll

C:\Users\Mark\AppData\Local\Temp\sp64126.exe

C:\Users\Mark\AppData\Local\Temp\Sqlite3.dll

C:\Users\Mark\AppData\Local\Temp\UninstallHPSA.exe

C:\Program Files (x86)\Mobogenie

Hosts:

CMD: ipconfig /flushdns

EmptyTemp:

 

 

 

 

 

 

 

 

 

 

*****************

 

 

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => value deleted successfully.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.

"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

ezSharedSvc => Unable to stop service

ezSharedSvc => Service deleted successfully.

RSUSBSTOR => Service deleted successfully.

RtsUIR => Service deleted successfully.

USBCCID => Service deleted successfully.

"C:\Users\Mark\AppData\Local\Temp\135.2448752770427 5_Update.exe" => File/Directory not found.

"C:\Users\Mark\AppData\Local\Temp\45761uninstall.ex e" => File/Directory not found.

"C:\Users\Mark\AppData\Local\Temp\638.7074456770241 _Update.exe" => File/Directory not found.

"C:\Users\Mark\AppData\Local\Temp\93617uninstall.ex e" => File/Directory not found.

C:\Users\Mark\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.

C:\Users\Mark\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.

C:\Users\Mark\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.

C:\Users\Mark\AppData\Local\Temp\rsxgdruj.dll => Moved successfully.

C:\Users\Mark\AppData\Local\Temp\sp64126.exe => Moved successfully.

C:\Users\Mark\AppData\Local\Temp\Sqlite3.dll => Moved successfully.

C:\Users\Mark\AppData\Local\Temp\UninstallHPSA.exe => Moved successfully.

C:\Program Files (x86)\Mobogenie => Moved successfully.

"C:\Windows\System32\Drivers\etc\hosts" => Could not move.

Could not reset Hosts.

 

 

========= ipconfig /flushdns =========

 

 

 

 

Windows IP Configuration

 

 

Successfully flushed the DNS Resolver Cache.

 

 

========= End of CMD: =========

 

 

EmptyTemp: => Removed 743 MB temporary data.

 

 

 

 

The system needed a reboot.

 

 

==== End of Fixlog ====

Posted

Hi Starbuck,

 

I have completed parts 1 & 2 but need to get to bed, will complete part 3 tomorrow. thanks for your help thus far

  • ExTS Admin
Posted

Hi Gadgie,

 

I had a quick word with Farbar concerning this:

"C:\Windows\System32\Drivers\etc\hosts" => Could not move.

Could not reset Hosts.

It could be that Kaspersky is stopping the reset.

Could you please try this:

 

Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\Mark\Downloads.

NOTE.

It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

 

Close any programs you may have running - especially your web browser.

Now please disable Kaspersky Internet Security.

You can re-enable it again as soon as the fix has run.

 

NOTICE: This script was written specifically for this user, for use on that particular machine.

Running this on another machine may cause damage to your operating system

 

Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

 

http://img.photobucket.com/albums/v708/starbuck50/frstfix_zps7db0c905.png

 

The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply.

 

Thanks

fixlist.txt

Member of:

UNITE

Posted

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2014 01

Ran by Mark at 2014-08-20 21:46:18 Run:2

Running from C:\Users\Mark\Downloads

Boot Mode: Normal

==============================================

 

 

Content of fixlist:

*****************

Hosts:

EmptyTemp:

 

 

*****************

 

 

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.

Hosts was reset successfully.

EmptyTemp: => Removed 364.9 MB temporary data.

 

 

 

 

The system needed a reboot.

 

 

==== End of Fixlog ====

  • ExTS Admin
Posted

Hi Gadgie,

 

That's good.

I wanted to make sure that the Hosts file was reset before we finish off.

 

I'd like to double check everything now.

 

I'd like you to do an ESET OnlineScan

64Bit users, please see note at the bottom.

 

You may find it beneficial to close your resident AV program before running the scan.

 

It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )

To prevent this happening:

When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

 

Enable Anti-Stealth technology

 

http://img.photobucket.com/albums/v708/starbuck50/eset.png

 

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
     
  • Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
  • If asked, allow the activex control to install
     
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer.
      Save it to your desktop.
    • Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

    [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png

    [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.

    [*]Accept any security warnings from your browser.

    [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png

    [*] Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked

    [*]Click the Start button.

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png

    [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan.

    Include the contents of this report in your next reply.

    [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.

    [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

 

Note:

As you are running a 64bit system:

The ESET Online Scanner is a 32-bit application, which means it must be run through in the 32-bit version of Internet Explorer, and as an Administrator. To do so, right-click on the Internet Explorer (32-bit) icon in the Start Menu and select "Run as administrator" from the context menu.

Or you can use Firefox or Chrome which all most certainly will be 32bit versions.

 

When you post the report, also let me know how the system is running now.

Member of:

UNITE

Posted

C:\AdwCleaner\Quarantine\C\Users\Mark\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe.vir Win32/InstallCore.AZ potentially unwanted application deleted - quarantined

C:\Users\Mark\Downloads\Setup.exe Win32/DomaIQ.AH potentially unwanted application deleted - quarantined

  • ExTS Admin
Posted

Hi Gadgie,

 

Ok, those are not as bad as they look.

One was already in quarantine and the other is a setup.exe that contained adware.... but wasn't actually installed on the system.

Have you had any other messages come up from Kaspersky?

Member of:

UNITE

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...