Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help w/ BROWSER*32 removal! [Solved]

browser*32 windows 7 malware virus help virus removal

  • This topic is locked This topic is locked

#1
CARS Auto

CARS Auto

    Member

  • Member
  • PipPip
  • 13 posts

Hello, I started my computer today and found it was not operating properly seemed like it was doing things without me initiating them. I opened my task manager only to find a program disguising itself as google chrome running a slew of processes and bogging down the computer. I ran a quick scan with my Microsoft security essentials and to no surprise found nothing wrong. After some research I had found that it is a malware and had nothing to do with google chrome. I don't even have google chrome installed on the computer. I do run windows 7. If anyone can offer a solution I would greatly appreciate it!!


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is the process called idle crawler perchance ?

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
CARS Auto

CARS Auto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Ok, the FRST log is:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by CARS (administrator) on WORKSTATION003 on 02-09-2014 14:11:26
Running from C:\Users\CARS\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(CryptoMill Technologies Ltd.) C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\CreoSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Hewlett-Packard Development Company) C:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CORESHREDDER.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [CryptoMill Refresh] => C:\Program Files\Hewlett-Packard\HP Trust Circles\ceflauncher -m refresh
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-08-06] (CyberLink Corp.)
HKLM-x32\...\Run: [HP File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe [2213592 2013-09-17] (Hewlett-Packard)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2013-07-18] (PDF Complete Inc)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2014-07-29] (Sun Microsystems, Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
HKU\S-1-5-21-3776492921-3609242386-4060756468-1002\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-03-08] (AMD)
HKU\S-1-5-21-3776492921-3609242386-4060756468-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\CARS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: +1TBIcon -> {B9C55E85-DED6-4911-82F3-83CF1CAB2898} => C:\Program Files\Hewlett-Packard\HP Trust Circles\tbicon.dll (CryptoMill Technologies Ltd.)
ShellIconOverlayIdentifiers-x32: +1TBIcon -> {B9C55E85-DED6-4911-82F3-83CF1CAB2898} => C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\tbicon.dll (CryptoMill Technologies Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.earthlink.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM14/19
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM14/19
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM14/19
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CMDTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CMDTDFJS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CMDTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CMDTDFJS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CMDTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=CMDTDFJS
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: HP File Sanitizer -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll (DigitalPersona, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome
FF Extension: HP Client Security Manager - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2014-03-21]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome.crx [2013-11-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [210432 2013-04-26] (Broadcom Corporation) [File not signed]
R2 CreoService; C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\CreoSvc.exe [1390552 2013-10-02] (CryptoMill Technologies Ltd.)
R2 CtAgentService; C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe [7168 2013-08-14] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2013-11-21] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [567608 2013-11-20] (Hewlett-Packard Company)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HpDamServiceHost; c:\Program Files (x86)\Hewlett-Packard\HP Device Access Manager\HP.ProtectTools.DeviceAccessManager.ServiceHost.exe [18232 2013-11-15] (Hewlett-Packard Development Company)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1854056 2012-12-07] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-07-18] (PDF Complete Inc)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-27] (CyberLink)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [65752 2013-10-07] (Hewlett-Packard Company)
R3 IceKore; C:\Windows\System32\DRIVERS\IceKore.sys [401368 2013-09-30] (CryptoMill Technologies Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-02 14:11 - 2014-09-02 14:12 - 00016059 _____ () C:\Users\CARS\Desktop\FRST.txt
2014-09-02 14:10 - 2014-09-02 14:10 - 02104832 _____ (Farbar) C:\Users\CARS\Desktop\FRST64.exe
2014-09-02 14:09 - 2014-09-02 14:11 - 00000000 ____D () C:\FRST
2014-09-02 07:26 - 2014-09-02 07:26 - 00003416 ____N () C:\bootsqm.dat
2014-09-02 07:17 - 2014-09-02 07:17 - 00000000 ____D () C:\found.000
2014-08-30 23:43 - 2014-09-02 13:17 - 00000000 ____D () C:\Users\CARS\AppData\Local\CottonNoteworthy
2014-08-16 03:01 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 03:01 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 03:01 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 03:01 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-16 03:01 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 03:01 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 03:01 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 03:01 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-16 01:37 - 2014-07-31 19:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-16 01:37 - 2014-07-25 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-16 01:37 - 2014-07-25 10:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-16 01:37 - 2014-07-25 09:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-16 01:37 - 2014-07-25 09:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-16 01:37 - 2014-07-25 09:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-16 01:37 - 2014-07-25 09:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-16 01:37 - 2014-07-25 08:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-16 01:37 - 2014-07-25 08:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-16 01:37 - 2014-07-25 08:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-16 01:37 - 2014-07-25 08:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-16 01:37 - 2014-07-25 08:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-16 01:37 - 2014-07-25 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-16 01:37 - 2014-07-25 08:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-16 01:37 - 2014-07-25 08:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-16 01:37 - 2014-07-25 08:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-16 01:37 - 2014-07-25 07:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-16 01:37 - 2014-07-25 07:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-16 01:37 - 2014-07-25 07:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-16 01:37 - 2014-07-25 07:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-16 01:37 - 2014-07-25 07:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-16 01:37 - 2014-07-25 07:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-16 01:37 - 2014-07-25 07:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-16 01:37 - 2014-07-25 07:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-16 01:37 - 2014-07-25 07:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-16 01:37 - 2014-07-25 06:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-16 01:37 - 2014-07-25 06:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-16 01:37 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-16 01:37 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-16 01:37 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-16 01:37 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-16 01:37 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-16 01:37 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-16 01:37 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-16 01:37 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-16 01:37 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-16 01:37 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-16 01:37 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-16 01:37 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-16 01:36 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-16 01:36 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-16 01:36 - 2014-07-31 19:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-16 01:36 - 2014-07-25 10:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-16 01:36 - 2014-07-25 09:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-16 01:36 - 2014-07-25 09:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-16 01:36 - 2014-07-25 09:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-16 01:36 - 2014-07-25 09:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-16 01:36 - 2014-07-25 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-16 01:36 - 2014-07-25 09:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-16 01:36 - 2014-07-25 09:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-16 01:36 - 2014-07-25 09:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-16 01:36 - 2014-07-25 08:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-16 01:36 - 2014-07-25 08:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-16 01:36 - 2014-07-25 08:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-16 01:36 - 2014-07-25 08:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-16 01:36 - 2014-07-25 08:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-16 01:36 - 2014-07-25 08:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-16 01:36 - 2014-07-25 08:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-16 01:36 - 2014-07-25 08:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-16 01:36 - 2014-07-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-16 01:36 - 2014-07-25 08:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-16 01:36 - 2014-07-25 07:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-16 01:36 - 2014-07-25 07:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-16 01:36 - 2014-07-25 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-16 01:36 - 2014-07-25 07:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-16 01:36 - 2014-07-25 07:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-16 01:36 - 2014-07-25 06:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-16 01:36 - 2014-07-25 06:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-16 01:36 - 2014-07-25 06:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-16 01:36 - 2014-07-25 06:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-16 01:36 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-16 01:36 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-11 08:13 - 2014-08-25 08:33 - 00000000 ____D () C:\Users\CARS\Desktop\New folder
2014-08-08 12:00 - 2014-08-08 12:00 - 00004044 _____ () C:\Windows\System32\Tasks\{C3CEF35D-9609-D9E2-3338-9CCCAD91C4F6}
2014-08-07 07:08 - 2014-08-07 07:08 - 00000000 ____D () C:\Users\CARS\Documents\CyberLink
2014-08-07 07:08 - 2014-08-07 07:08 - 00000000 ____D () C:\Users\CARS\AppData\Roaming\CyberLink
2014-08-07 07:08 - 2014-08-07 07:08 - 00000000 ____D () C:\Users\CARS\AppData\Local\CyberLink

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-02 14:12 - 2014-09-02 14:11 - 00016059 _____ () C:\Users\CARS\Desktop\FRST.txt
2014-09-02 14:11 - 2014-09-02 14:09 - 00000000 ____D () C:\FRST
2014-09-02 14:10 - 2014-09-02 14:10 - 02104832 _____ (Farbar) C:\Users\CARS\Desktop\FRST64.exe
2014-09-02 13:39 - 2014-07-29 08:58 - 02081245 _____ () C:\Windows\WindowsUpdate.log
2014-09-02 13:31 - 2009-07-14 00:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-02 13:31 - 2009-07-14 00:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-02 13:28 - 2009-07-14 01:13 - 00874392 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-02 13:26 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-09-02 13:24 - 2014-07-29 08:58 - 00000000 ____D () C:\Users\CARS
2014-09-02 13:24 - 2014-03-21 07:14 - 00000000 ____D () C:\ProgramData\PDFC
2014-09-02 13:23 - 2014-03-21 07:13 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.log
2014-09-02 13:23 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-02 13:23 - 2009-07-14 00:51 - 00032901 _____ () C:\Windows\setupact.log
2014-09-02 13:17 - 2014-08-30 23:43 - 00000000 ____D () C:\Users\CARS\AppData\Local\CottonNoteworthy
2014-09-02 13:17 - 2014-07-29 13:25 - 00000000 ____D () C:\Users\Classic .NET AppPool
2014-09-02 13:01 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-09-02 12:58 - 2014-07-29 15:09 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-02 08:08 - 2014-07-29 13:32 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-02 07:26 - 2014-09-02 07:26 - 00003416 ____N () C:\bootsqm.dat
2014-09-02 07:17 - 2014-09-02 07:17 - 00000000 ____D () C:\found.000
2014-08-29 11:12 - 2014-07-30 16:13 - 00000000 ____D () C:\Users\CARS\Documents\Outlook Files
2014-08-29 03:00 - 2014-07-31 10:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-28 09:15 - 2014-07-29 13:38 - 00000000 ____D () C:\Windows\ADPTemp
2014-08-28 08:10 - 2014-07-29 08:55 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D81BBF53-22CE-4225-AF00-5C145D8BE0B4}
2014-08-25 08:33 - 2014-08-11 08:13 - 00000000 ____D () C:\Users\CARS\Desktop\New folder
2014-08-23 10:54 - 2014-07-30 10:32 - 00000000 ____D () C:\Users\CARS\AppData\Local\CutePDF Writer
2014-08-23 10:54 - 2014-07-30 10:31 - 00000000 ____D () C:\Users\CARS\Desktop\CCC email Folder
2014-08-22 10:15 - 2014-03-21 07:13 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.001
2014-08-16 06:55 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-08-16 04:48 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-16 03:33 - 2014-03-21 07:13 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.002
2014-08-16 03:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-16 03:08 - 2014-07-31 06:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-16 03:06 - 2014-07-31 06:51 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-16 03:05 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-16 03:00 - 2014-07-31 04:13 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-11 07:52 - 2014-08-02 07:41 - 00000000 ____D () C:\Users\CARS\Desktop\Tackle Shed
2014-08-08 12:00 - 2014-08-08 12:00 - 00004044 _____ () C:\Windows\System32\Tasks\{C3CEF35D-9609-D9E2-3338-9CCCAD91C4F6}
2014-08-08 12:00 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-08-08 09:00 - 2014-07-29 08:59 - 00003770 _____ () C:\Windows\System32\Tasks\Registration
2014-08-07 07:08 - 2014-08-07 07:08 - 00000000 ____D () C:\Users\CARS\Documents\CyberLink
2014-08-07 07:08 - 2014-08-07 07:08 - 00000000 ____D () C:\Users\CARS\AppData\Roaming\CyberLink
2014-08-07 07:08 - 2014-08-07 07:08 - 00000000 ____D () C:\Users\CARS\AppData\Local\CyberLink
2014-08-07 07:08 - 2014-03-21 07:12 - 00000000 ____D () C:\ProgramData\CyberLink
2014-08-07 06:46 - 2014-07-29 16:39 - 00000000 ____D () C:\Users\CARS\AppData\Roaming\RepairCenter
2014-08-06 22:06 - 2014-08-16 01:36 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-16 01:36 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 08:14 - 2014-07-29 14:59 - 00000339 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some content of TEMP:
====================
C:\Users\CARS\AppData\Local\Temp\converter.exe
C:\Users\CARS\AppData\Local\Temp\ochelper.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-27 00:14

==================== End Of Log ============================

 

 

 

 

 

The Addition Log is:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 02
Ran by CARS at 2014-09-02 14:12:25
Running from C:\Users\CARS\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - )
AMD Accelerated Video Transcoding (Version: 12.10.100.30307 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{7F37CED5-7504-BC2B-600D-BFB4861271FE}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.0307.2216.39940 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80307.2206 - Advanced Micro Devices, Inc.) Hidden
AMD Problem Report Wizard (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) Hidden
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
AMD Steady Video Plug-In  (Version: 2.06.0000 - AMD) Hidden
AMD VISION Engine Control Center (x32 Version: 2013.0307.2216.39940 - Advanced Micro Devices, Inc.) Hidden
Audatex Estimating / Autosource (HKLM-x32\...\{CDAD7AA0-2FF9-4C34-902B-B6EA2C2BD68D}) (Version: 7.0.226 - Audatex, a Solera company)
Audatex Estimating Vehicle Data (HKLM-x32\...\{EA8D8730-5DF8-4163-951A-7AF5B219C2F1}) (Version: 2.00.0179 - Audatex, a Solera company)
Audatex Frame Dimension Data (HKLM-x32\...\{482F1231-BF64-4BB9-BD8F-A0629A9AE4AF}) (Version: 1.00.0070 - Audatex, a Solera company)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{916302F3-4586-40B0-BAE6-06C1347DBCB6}) (Version: 16.2.3.1 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0307.2216.39940 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0307.2216.39940 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0307.2216.39940 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0307.2215.39940 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0307.2215.39940 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0307.2215.39940 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0307.2215.39940 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0307.2215.39940 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0307.2215.39940 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0307.2215.39940 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0307.2215.39940 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0307.2215.39940 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0307.2215.39940 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0307.2215.39940 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0307.2215.39940 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0307.2215.39940 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0307.2215.39940 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0307.2215.39940 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0307.2215.39940 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0307.2215.39940 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0307.2215.39940 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0307.2215.39940 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0307.2215.39940 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0307.2215.39940 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0307.2215.39940 - Advanced Micro Devices, Inc.) Hidden
CCC ONE (HKLM-x32\...\{D143AFE1-CCDF-4308-B057-1F55E95553BA}) (Version: 3.8.5.1389 - CCC Information Services, Inc)
CCC ONE Converter (HKLM-x32\...\{DF47708E-999C-4470-BC97-5FA4BA533A1C}) (Version: 1.3.11110.0 - CCC Information Services, Inc)
ccc-utility64 (Version: 2013.0307.2216.39940 - Advanced Micro Devices, Inc.) Hidden
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM-x32\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.1.0 - Business Objects)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.3.3207 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
CyberLink PowerDVD 12 (x32 Version: 12.0.2.3212 - CyberLink Corp.) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Express Repair Link (HKLM\...\{C9496C86-12B9-47D2-9580-F8004D3C4699}) (Version: 3.11.06280 - Allstate Insurance Co.)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 8.3.2.1744 - Hewlett-Packard Company)
HP Client Security Manager (Version: 8.3.2.1744 - Hewlett-Packard Company) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Device Access Manager (HKLM\...\{DBE16A07-DDFF-4453-807A-212EF93916E0}) (Version: 8.3.2.0 - Hewlett-Packard Company)
HP File Sanitizer (HKLM-x32\...\{547607B0-3294-4ECA-8F5E-921404676CBB}) (Version: 8.4.13.1 - Hewlett-Packard Company)
HP Postscript Converter (Version: 4.5.12202 - Hewlett-Packard) Hidden
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{49524B48-4FE9-4A62-A9FD-1F2258DF5489}) (Version: 3.4.12.0 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Theft Recovery (HKLM-x32\...\InstallShield_{BAC712C6-4061-4C9F-AB58-A5C53E76704A}) (Version: 8.3.0.5 - Hewlett-Packard Company)
HP Theft Recovery (x32 Version: 8.3.0.5 - Hewlett-Packard Company) Hidden
HP Trust Circles (HKLM-x32\...\HP Trust Circles) (Version: 8.3.6.16976 - Hewlett-Packard Company)
HP Trust Circles (Version: 8.3.6.16976 - CryptoMill Technologies Ltd.) Hidden
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Java™ 6 Update 16 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.160 - Sun Microsystems, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50701 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50706 - Microsoft Corporation) Hidden
Mitchell RepairCenter 2012 (HKLM-x32\...\{081B31EC-2AE0-4620-9F87-DDDC480A43D6}) (Version: 16.133.572 - Mitchell International)
Mitchell System Requirement Verification 1.1.4 (HKLM-x32\...\{C77BAC18-D555-4D44-8300-2747F03B0C25}) (Version: 1.1.4 - Mitchell International)
MSXML 4.0 SP2 (KB941833) (HKLM-x32\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4454.1510 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4454.1510 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4454.1510 - Microsoft Corporation) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.50 - PDF Complete, Inc)
PDFX 2011 Lite DE (HKLM\...\{9EEEC987-7424-4A35-8843-054A8BCA71D1}_is1) (Version: 5.0.253.0 - Tracker Software Products Ltd)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.6704 - CyberLink Corp.) Hidden
RMC (HKLM-x32\...\{42674AAC-10E3-4C52-88E3-43C2988EAFFA}) (Version: 2.7.02 - Mitchell International)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}) (Version: 15.0.10039 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3776492921-3609242386-4060756468-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\CARS\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3776492921-3609242386-4060756468-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\CARS\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3776492921-3609242386-4060756468-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\CARS\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3776492921-3609242386-4060756468-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\CARS\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

23-08-2014 11:27:04 Windows Update
27-08-2014 01:09:38 Windows Update
29-08-2014 07:00:28 Windows Update
02-09-2014 11:38:43 Windows Update
02-09-2014 11:58:39 Removed Bonjour
02-09-2014 16:47:01 Restore Operation
02-09-2014 17:35:42 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06B29795-0993-4C2A-842A-210D4B439C5F} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2013-07-04] (CyberLink)
Task: {074D7048-7C5D-47B6-A2E0-F902536456ED} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2012-03-21] ()
Task: {237CD024-F3B2-458E-BBA1-6B8C044FD425} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {29BFB047-EE2F-43C3-82BC-028168B5949C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {4A7EBADE-DD4E-4DB9-BCF9-2B86A7501DA5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {8CA808BD-46DB-4D83-BA5C-EC7D1B71150A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-12-07] (Microsoft Corporation)
Task: {AB9DCFE2-DE60-4D22-91BD-775F504206FA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-31] (Adobe Systems Incorporated)
Task: {BC19A23C-4E95-47C2-9E8F-3635642D4514} - System32\Tasks\{C3CEF35D-9609-D9E2-3338-9CCCAD91C4F6} => C:\Users\CARS\AppData\Roaming\abkar.dll/s "C:\Users\CARS\AppData\Roaming\abkar.dll"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-07-29 13:06 - 2013-10-23 14:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2013-08-14 16:06 - 2013-08-14 16:06 - 00007168 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
2014-07-29 15:09 - 2012-11-24 17:13 - 00373312 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2014-07-29 15:09 - 2012-12-07 07:04 - 00513616 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2014-07-29 15:09 - 2012-12-07 07:05 - 00607312 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2014-07-29 15:11 - 2014-07-29 15:11 - 06522944 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-17 14:32 - 2013-09-17 14:32 - 02654936 _____ () C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\ShredContextMenu.dll
2013-03-08 02:28 - 2013-03-08 02:28 - 00103424 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-01-22 18:50 - 2013-01-22 18:50 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2014-07-29 15:09 - 2014-07-29 15:09 - 00312896 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-07-29 15:09 - 2014-07-29 15:09 - 00354368 _____ () C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
2014-03-21 07:12 - 2013-08-05 03:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 18:48 - 2013-08-05 18:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/02/2014 01:24:53 PM) (Source: MsiInstaller) (EventID: 1024) (User: WORKSTATION003)
Description: Product: Adobe Reader XI (11.0.07) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011008}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error: (09/02/2014 10:00:32 AM) (Source: MsiInstaller) (EventID: 1024) (User: WORKSTATION003)
Description: Product: Adobe Reader XI (11.0.07) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011008}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error: (09/02/2014 09:34:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17239 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2a20

Start Time: 01cfc6a6cff7be24

Termination Time: 558

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (09/02/2014 09:32:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17239 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3e6c

Start Time: 01cfc6b2121e152a

Termination Time: 139

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (09/02/2014 09:30:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17239 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1784

Start Time: 01cfc6a12f61daa1

Termination Time: 5604

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (09/02/2014 09:01:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17239, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17239, time stamp: 0x53d26078
Exception code: 0xc0000005
Fault offset: 0x0015062f
Faulting process id: 0x4280
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (09/02/2014 08:46:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17239, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17239, time stamp: 0x53d26078
Exception code: 0xc0000005
Fault offset: 0x00136cef
Faulting process id: 0x1fdc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (09/02/2014 08:45:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17239, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17239, time stamp: 0x53d26078
Exception code: 0xc0000005
Fault offset: 0x003cc2ab
Faulting process id: 0x3b58
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (09/02/2014 08:30:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17239, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17239, time stamp: 0x53d26078
Exception code: 0xc0000005
Fault offset: 0x00136cef
Faulting process id: 0x14c4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (09/02/2014 08:24:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17239, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17239, time stamp: 0x53d26078
Exception code: 0xc0000005
Fault offset: 0x003cc2ab
Faulting process id: 0x2254
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

System errors:
=============
Error: (09/02/2014 02:04:47 PM) (Source: DCOM) (EventID: 10016) (User: WORKSTATION003)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}WORKSTATION003CARSS-1-5-21-3776492921-3609242386-4060756468-1002LocalHost (Using LRPC)

Error: (09/02/2014 02:04:47 PM) (Source: DCOM) (EventID: 10016) (User: WORKSTATION003)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}WORKSTATION003CARSS-1-5-21-3776492921-3609242386-4060756468-1002LocalHost (Using LRPC)

Error: (09/02/2014 01:23:49 PM) (Source: Microsoft Antimalware) (EventID: 2004) (User: )
Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

 Signatures Attempted: %24

 Error Code: 0x80070002

 Error description: The system cannot find the file specified.

 Signature version: 0.0.0.0;0.0.0.0

 Engine version: %600

Error: (09/02/2014 09:36:59 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (09/02/2014 07:46:20 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (09/02/2014 07:39:55 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.183.1360.0).

Error: (09/02/2014 07:39:40 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.183.1128.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.5.0216.00

 Source Path: 4.5.0216.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (09/02/2014 07:27:20 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:59:09 AM on ‎9/‎2/‎2014 was unexpected.

Error: (09/02/2014 06:47:07 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (09/02/2014 06:45:33 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Microsoft Office Sessions:
=========================
Error: (09/02/2014 01:24:53 PM) (Source: MsiInstaller) (EventID: 1024) (User: WORKSTATION003)
Description: Adobe Reader XI (11.0.07){AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)

Error: (09/02/2014 10:00:32 AM) (Source: MsiInstaller) (EventID: 1024) (User: WORKSTATION003)
Description: Adobe Reader XI (11.0.07){AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)

Error: (09/02/2014 09:34:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.172392a2001cfc6a6cff7be24558C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (09/02/2014 09:32:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.172393e6c01cfc6b2121e152a139C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (09/02/2014 09:30:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17239178401cfc6a12f61daa15604C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (09/02/2014 09:01:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.172394a5bc6b7MSHTML.dll11.0.9600.1723953d26078c00000050015062f428001cfc6acd200b14fC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll44b9e570-32a1-11e4-8537-a0481c9b876c

Error: (09/02/2014 08:46:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.172394a5bc6b7MSHTML.dll11.0.9600.1723953d26078c000000500136cef1fdc01cfc6aab181f195C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll34ae5e07-329f-11e4-8537-a0481c9b876c

Error: (09/02/2014 08:45:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.172394a5bc6b7MSHTML.dll11.0.9600.1723953d26078c0000005003cc2ab3b5801cfc6aa9fc3c0b3C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dllf999c22c-329e-11e4-8537-a0481c9b876c

Error: (09/02/2014 08:30:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.172394a5bc6b7MSHTML.dll11.0.9600.1723953d26078c000000500136cef14c401cfc6a882f089a5C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dlle0210ceb-329c-11e4-8537-a0481c9b876c

Error: (09/02/2014 08:24:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.172394a5bc6b7MSHTML.dll11.0.9600.1723953d26078c0000005003cc2ab225401cfc6a76e4dfb9aC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll08d5e66e-329c-11e4-8537-a0481c9b876c

==================== Memory info ===========================

Processor: AMD A4-6300B APU with Radeon™ HD Graphics
Percentage of memory in use: 50%
Total physical RAM: 3278.24 MB
Available physical RAM: 1629.07 MB
Total Pagefile: 6554.66 MB
Available Pagefile: 4499.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:455.4 GB) (Free:393.97 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:10.16 GB) (Free:1.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.08 GB) FAT32
Drive g: () (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT
Drive h: (MASSSTORE) (Fixed) (Total:298.02 GB) (Free:254.38 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 09F4FDAF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=455.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=100 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 298.1 GB) (Disk ID: 44FDFE06)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=0C)

========================================================
Disk: 2 (Size: 1.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================


  • 0

#4
CARS Auto

CARS Auto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Also, before I had received your email that you were re-opening the thread I had been researching recent installs on my computer cause the PC itself was only hooked up a few weeks back and hasn't had much of anything put on it yet. There had been 2 Windows system updates dating back to Friday and just this morning apparently the program "Bonjour" had installed, which was listed as an apple product. I did a system restore to go back before the updates and all on Friday and since I have rebooted the computer it hasn't yet launched any of those processes. Granted I know that a lot of times with these things they can beat that and still come back I figured it was helpful info to give you to be able to diagnose the issue.


  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Actually the restore appears to have removed the files, just a task remains

I will use another programme to scour the registry/local folders for the bad boys

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

HKLM\...\Run: [] => [X]
2014-08-30 23:43 - 2014-09-02 13:17 - 00000000 ____D () C:\Users\CARS\AppData\Local\CottonNoteworthy
Task: {BC19A23C-4E95-47C2-9E8F-3635642D4514} - System32\Tasks\{C3CEF35D-9609-D9E2-3338-9CCCAD91C4F6} => C:\Users\CARS\AppData\Roaming\abkar.dll/s "C:\Users\CARS\AppData\Roaming\abkar.dll"
C:\Users\CARS\AppData\Roaming\abkar.dll
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#6
CARS Auto

CARS Auto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

ok I've saved the fixlist to the FRST folder in "c" drive but it keeps saying that it can't find it in there?? I think I'm putting it in the wrong spot??


  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It needs to be on the desktop with FRST to work :)
  • 0

#8
CARS Auto

CARS Auto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Yea I had saved it to the desktop but couldn't find the .exe location. I did find it and it started running it but for some reason it went un responsive so I'm going to try running it again now


  • 0

#9
CARS Auto

CARS Auto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Ok I'm not sure what's going on but now as soon as I run it (as an administrator) it almost instantly says that the program stopped working and windows is closing it and will let me know if there's a solution??? I'm beginning to think I just need about a gallon of gasoline and a match!!!


  • 0

#10
CARS Auto

CARS Auto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Could it have generated a log even if it hadn't completed?? I now find a fix log in where the fixlist was put, I'm going to attach that casue it maybe what you needed!

 

 

Fix log is:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02
Ran by CARS at 2014-09-02 15:27:41 Run:3
Running from C:\Users\CARS\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [] => [X]
2014-08-30 23:43 - 2014-09-02 13:17 - 00000000 ____D () C:\Users\CARS\AppData\Local\CottonNoteworthy
Task: {BC19A23C-4E95-47C2-9E8F-3635642D4514} - System32\Tasks\{C3CEF35D-9609-D9E2-3338-9CCCAD91C4F6} => C:\Users\CARS\AppData\Roaming\abkar.dll/s "C:\Users\CARS\AppData\Roaming\abkar.dll"
C:\Users\CARS\AppData\Roaming\abkar.dll
EmptyTemp:
CMD: bitsadmin /reset /allusers

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
"C:\Users\CARS\AppData\Local\CottonNoteworthy" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC19A23C-4E95-47C2-9E8F-3635642D4514}" => Key not found.
C:\Windows\System32\Tasks\{C3CEF35D-9609-D9E2-3338-9CCCAD91C4F6} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C3CEF35D-9609-D9E2-3338-9CCCAD91C4F6}" => Key not found.
"C:\Users\CARS\AppData\Roaming\abkar.dll" => File/Directory not found.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The log indicates that it ran properly the first time prior to the crash, so that is good. \\i do not expect AdwCleaner to find much but better safe than sorry
  • 0

#12
CARS Auto

CARS Auto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Ok, all that came up with was 2 files under the registry tab. The 1st was: HKLM\SOFTWARE\Classes"AxSHDocVw.AxWebBrowser

 

the 2nd was: HKLM\SOFTWARE\Microsoft\InternetExplorer\ExtensionCompatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}

 

Do I want to clean them out??


  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nope they are false positives.

Are you experiencing any problems now ?
  • 0

#14
CARS Auto

CARS Auto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

No problems really since I did the restore. I did run clean on them and this is the log report:

 

# AdwCleaner v3.308 - Report created 02/09/2014 at 15:55:37
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : CARS - WORKSTATION003
# Running from : C:\Users\CARS\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AxSHDocVw.AxWebBrowser
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239

*************************

AdwCleaner[R0].txt - [853 octets] - [02/09/2014 15:34:25]
AdwCleaner[S0].txt - [779 octets] - [02/09/2014 15:55:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [838 octets] ##########


  • 0

#15
CARS Auto

CARS Auto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

The process have seemed to stop running and there haven't been any other issues that I've seen


  • 0






Similar Topics


Also tagged with one or more of these keywords: browser*32, windows 7, malware, virus, help, virus removal

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP