Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Keep getting redirected to "online.bbt.com/auth/pwd.tb" [Solve

Redirect wrong password banking site

  • This topic is locked This topic is locked

#46
BeachBumBum

BeachBumBum

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

Since I am using Chrome, do you think it would be okay to try and reinstall IE through it?  With this problem still ongoing, I am afraid to download anything like that.  But I don't know how that works, maybe it wouldn't hurt anything even if my computer is infected...I dunno.  Let me know what you think.  Chrome is working, but still will not let me on any bank or pay sites.

 

Sorry...just seen your comment.  No IE just stopped working at all now.  When I go out of it and come back, I can go to only one site, then it freezes up.


Edited by BeachBumBum, 12 October 2014 - 02:23 PM.

  • 0

Advertisements


#47
BeachBumBum

BeachBumBum

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

I just downloaded FireFox.  It won't let me on any pay sites either.  :-/  If you will be able to help me with fixing my mom's computer...I will gladly donate money, because I know you have spent much time in working with me on this, and I appreciate it very much!   :)


  • 0

#48
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

I just downloaded FireFox.


Firefox was already on that machine.

Please don't do anything without referring to me first.

For now

Let's just do thinks step by step.

I am trying to narrow down what might be going on. You doing other things confuses the issue and may even reverse things we have already done.

Now

Please do these actions.

Go to Control Panel > Uninstall a program and uninstall:

HitmanPro 3.7
Malwarebytes Anti-Malware
SUPERAntiSpyware


You can re-install them later if you wish but for now let's remove them in case there is some conflict going on.

After that

Please download Rkill by Grinler and save it to your desktop.

  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
  • When the scan is done Notepad will open with rKill log. Please copy and past that in your reply.

Note: rKill.txt log can also be found on your desktop.

And finally in this post

Please download Security Check by screen317 from here .
 

  •    
  • Save it to your Desktop.
       
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
       
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

So when you return please post

  • rKill.txt
  • checkup.txt

  • 0

#49
BeachBumBum

BeachBumBum

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

:oops: Sorry, I didn't know it would hurt to download another browser, as I couldn't find FireFox on the computer.  Will wait for your instructions from now on.  

 

Here is the rKill.txt log:

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 10/12/2014 04:55:00 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\SysWOW64\UTSCSI.EXE (PID: 2196) [WD-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
 
Program finished at: 10/12/2014 04:56:37 PM
Execution time: 0 hours(s), 1 minute(s), and 37 seconds(s)

  • 0

#50
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

 

Sorry, I didn't know it would hurt to download another browser, as I couldn't find FireFox on the computer.

 

No it doesn't hurt, just not necessary.

 

Look forward to seeing the checkup.txt one when you have run it.


  • 0

#51
BeachBumBum

BeachBumBum

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

Here is log for checkup.txt:

 

 Results of screen317's Security Check version 0.99.88  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
Kaspersky Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 SpywareBlaster 5.0    
 Java 7 Update 65  
 Java version out of Date! 
 Adobe Reader XI  
 Mozilla Firefox (32.0.3) 
 Google Chrome 37.0.2062.124  
 Google Chrome 38.0.2125.101  
````````Process Check: objlist.exe by Laurent````````  
 Kaspersky Lab Kaspersky Anti-Virus 2013 avp.exe  
 Kaspersky Lab Kaspersky Anti-Virus 2013 plugin-nm-server.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 

  • 0

#52
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

I overlooked that you had SpywareBlaster 5.0 on the machine.
 
Please go to Control Panel > Uninstall a program and uninstall SpywareBlaster 5.0
 
After that
 
Your Java is out of date. Older versions are vulnerable to attack.

Please follow these steps:

Note: When installing make sure you untick any boxes that install any other program such as McAfee site advisor, Chrome or some such. They are foistware and you don't need them.

Reboot your computer.
You also need to unininstall older versions of Java.

   

  • Click Start > Control Panel > Uninstall a program
       
  • Remove all Java updates except the latest one you have just installed.

Next

 

1.Open an elevated command prompt. To do this, go to Start > All Programs > Accessories  right-click Command Prompt and click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
2.At the command prompt, type the following command, and then press ENTER:
 
sfc /scannow

The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.
 

Finally in this post

 

Please run another FRST scan with the Addition.txt box ticked and post back the two logs generated - FRST.txt and Addition.txt.

 

Note: Please copy and paste the logs in the topic. This a teaching site and it is easier for students. Also it is easier for me to analyze them. :)


  • 0

#53
BeachBumBum

BeachBumBum

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
I hope I did this right:  I clicked on Scan and then Fix.  Also, I couldn't find any other Java updates.
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 02
Ran by Owner (administrator) on OWNER-PC on 12-10-2014 18:07:41
Running from C:\Users\Owner\Downloads
Loaded Profile: Owner (Available profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
( ) C:\Windows\System32\lxdxcoms.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\plugin-nm-server.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-20] (Logitech, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [282624 2006-09-01] (Apple Computer, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-08] (Dell)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-406159724-1202784234-2680421251-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-406159724-1202784234-2680421251-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Startup: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {E74827C1-2465-4D49-9E13-E83C0775E3AB} URL = https://www.google.c...q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\51y3nh8f.default
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher -> C:\Users\Owner\AppData\Local\Roblox\Versions\version-470c28140c5148c2\\NPRobloxProxy.dll ( Roblox Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013-02-22]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013-02-22]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected]
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013-02-22]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-05-31]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected]
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013-02-22]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013-02-22]
 
Chrome: 
=======
CHR HomePage: Default -> https://google.com/
CHR StartupUrls: Default -> "https://google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Inbox) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\biinjcnafoagaobnopofamhcfcfdiijb [2014-07-28]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2012-02-18]
CHR Extension: (Kaspersky Protection) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2014-05-19]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-12]
CHR Extension: (Anti-Banner) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-10-03]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-05-31]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.googl...dnajaicnklhfplh [2013-05-31]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\ab.crx [2012-10-25]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
R2 lxdx_device; C:\Windows\system32\lxdxcoms.exe [1039872 2009-10-16] ( )
S2 UTSCSI; C:\Windows\SysWOW64\UTSCSI.EXE [45056 2011-09-09] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-10-07] ()
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-10] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-19] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-23] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-22] (Kaspersky Lab ZAO)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-12 18:07 - 2014-10-12 18:07 - 00018325 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-10-12 18:07 - 2014-10-12 18:07 - 00000000 ____D () C:\Users\Owner\Downloads\FRST-OlderVersion
2014-10-12 17:39 - 2014-10-12 17:39 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-12 17:39 - 2014-10-12 17:39 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-12 17:39 - 2014-10-12 17:39 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-12 17:39 - 2014-10-12 17:39 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-12 17:39 - 2014-10-12 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-12 17:37 - 2014-10-12 17:37 - 00918952 _____ (Oracle Corporation) C:\Users\Owner\Downloads\jxpiinstall.exe
2014-10-12 17:00 - 2014-10-12 17:00 - 00854436 _____ () C:\Users\Owner\Downloads\SecurityCheck.exe
2014-10-12 16:55 - 2014-10-12 16:56 - 00002506 _____ () C:\Users\Owner\Desktop\Rkill.txt
2014-10-12 16:54 - 2014-10-12 16:54 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill.com
2014-10-12 16:28 - 2014-10-12 16:28 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-12 16:28 - 2014-10-12 16:28 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-12 16:28 - 2014-10-12 16:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\Mozilla
2014-10-12 16:28 - 2014-10-12 16:28 - 00000000 ____D () C:\ProgramData\Mozilla
2014-10-12 16:28 - 2014-10-12 16:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-12 16:26 - 2014-10-12 16:27 - 35285328 _____ () C:\Users\Owner\Downloads\Firefox Setup 32.0.3.exe
2014-10-12 01:21 - 2014-10-12 01:21 - 00032171 _____ () C:\Users\Owner\Downloads\Addition.txt
2014-10-12 00:33 - 2014-10-12 00:33 - 00000899 _____ () C:\Users\Owner\Downloads\ComboFix - Shortcut.lnk
2014-10-12 00:09 - 2014-10-12 00:09 - 00022993 _____ () C:\ComboFix.txt
2014-10-12 00:02 - 2014-10-12 00:09 - 00000000 ____D () C:\ComboFix
2014-10-12 00:02 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-12 00:02 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-12 00:02 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-12 00:02 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-12 00:02 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-12 00:02 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-12 00:02 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-12 00:02 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-12 00:01 - 2014-10-12 00:09 - 00000000 ____D () C:\Qoobox
2014-10-12 00:01 - 2014-10-12 00:08 - 00000000 ____D () C:\Windows\erdnt
2014-10-11 23:27 - 2014-10-12 16:50 - 00000280 _____ () C:\Windows\setupact.log
2014-10-11 23:27 - 2014-10-11 23:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-11 23:26 - 2014-10-12 00:14 - 00002838 _____ () C:\Windows\PFRO.log
2014-10-11 23:23 - 2014-10-12 18:07 - 02110464 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-10-11 22:53 - 2014-10-11 22:53 - 00002279 _____ () C:\Users\Owner\Desktop\Safe Money.lnk
2014-10-11 22:48 - 2014-10-11 22:48 - 00000010 _____ () C:\Users\Owner\AppData\Local\sponge.last.runtime.cache
2014-10-11 22:43 - 2013-09-02 03:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-10-11 20:33 - 2014-10-11 20:33 - 00000000 ____D () C:\Windows\ERUNT
2014-10-11 18:39 - 2014-10-12 18:07 - 00000000 ____D () C:\FRST
2014-10-11 18:14 - 2014-10-11 18:17 - 00000000 ____D () C:\Users\Owner\Desktop\Peggy's Phone
2014-10-07 17:46 - 2014-10-07 17:46 - 00000000 ____D () C:\Windows\pss
2014-10-07 17:30 - 2014-10-07 17:30 - 00000000 ____D () C:\ProgramData\Licenses
2014-10-07 17:30 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2014-10-07 17:02 - 2014-10-07 17:02 - 00000832 _____ () C:\Windows\system32\.crusader
2014-10-07 16:51 - 2014-10-07 17:04 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-10-07 16:50 - 2014-10-07 17:03 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-07 16:15 - 2014-10-11 22:24 - 00000000 ____D () C:\AdwCleaner
2014-10-07 16:15 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-06 19:18 - 2014-10-06 19:18 - 00005180 _____ () C:\Users\Owner\Documents\cc_20141006_191846.reg
2014-10-03 14:48 - 2014-10-03 14:48 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-10-03 13:22 - 2014-10-03 13:22 - 00262144 _____ () C:\Windows\system32\config\elam
2014-10-03 13:16 - 2014-10-06 19:01 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-10-03 13:16 - 2014-10-06 18:59 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Panda Security
2014-10-03 13:16 - 2014-10-06 18:59 - 00000000 ____D () C:\ProgramData\Panda Security
2014-10-03 13:14 - 2014-10-03 13:14 - 00000000 ____D () C:\Program Files\TermTutor
2014-10-03 09:10 - 2014-10-03 09:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
2014-10-02 21:30 - 2013-02-22 17:51 - 00001113 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
2014-10-02 11:01 - 2014-10-02 11:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\Microsoft Help
2014-10-01 07:48 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 07:48 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-28 18:04 - 2014-09-28 18:04 - 00039984 _____ () C:\Users\Owner\Documents\cc_20140928_180408.reg
2014-09-24 11:25 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 11:25 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-12 03:09 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 03:09 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 03:09 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 03:09 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 03:09 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 03:09 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 03:09 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 03:09 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 03:09 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 03:09 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 03:09 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 03:09 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 03:09 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 03:09 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 03:09 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 03:09 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 03:09 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 03:09 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 03:09 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 03:09 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 03:09 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 03:09 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 03:09 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 03:09 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 03:09 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 03:09 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 03:09 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 03:09 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 03:09 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 03:09 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 03:09 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 03:09 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 03:09 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 03:09 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 03:09 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 03:09 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 03:09 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 03:09 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 03:09 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 03:09 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 03:09 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 03:09 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 03:09 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 03:09 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 03:09 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 03:09 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 03:09 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 03:09 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 03:09 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 03:09 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 03:09 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 03:09 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 03:09 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 03:09 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 03:09 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 03:09 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-12 03:01 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 03:01 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-12 18:03 - 2013-11-04 19:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-12 17:39 - 2012-02-23 16:07 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-12 17:27 - 2011-08-26 13:44 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-12 16:58 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-12 16:58 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-12 16:54 - 2012-08-11 20:34 - 02043702 _____ () C:\Windows\WindowsUpdate.log
2014-10-12 16:51 - 2011-06-17 11:25 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-10-12 16:51 - 2011-06-17 11:25 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-10-12 16:51 - 2011-06-17 10:53 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-10-12 16:50 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-12 16:49 - 2011-10-09 12:12 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-10-12 16:28 - 2011-10-09 14:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-12 16:28 - 2011-08-26 14:59 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2014-10-12 00:13 - 2011-06-17 10:56 - 00000000 ____D () C:\ProgramData\Temp
2014-10-12 00:09 - 2011-08-26 08:40 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apps\2.0
2014-10-12 00:07 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-11 22:49 - 2012-07-11 14:07 - 01135618 _____ () C:\Users\Owner\AppData\Local\census.cache
2014-10-11 22:49 - 2012-07-11 14:07 - 00110795 _____ () C:\Users\Owner\AppData\Local\ars.cache
2014-10-11 22:41 - 2011-10-09 13:40 - 00000000 ____D () C:\Users\Owner\Documents\Security
2014-10-11 21:34 - 2011-08-29 05:33 - 00000000 ____D () C:\ProgramData\lx_Cats
2014-10-11 20:48 - 2012-05-23 10:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-11 20:48 - 2009-07-14 01:08 - 00032568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-11 19:36 - 2009-07-14 01:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-07 17:06 - 2013-12-02 03:38 - 01048576 ____R () C:\Users\Public\Documents\ESBK.mbb
2014-10-07 17:06 - 2013-12-02 03:38 - 00478208 ____R () C:\Users\Public\Documents\ESBK.mb
2014-10-07 16:46 - 2013-03-11 14:01 - 01526784 ___SH () C:\Users\Owner\Downloads\Thumbs.db
2014-10-06 19:26 - 2014-01-20 14:39 - 00000000 ____D () C:\SUPERDelete
2014-10-06 19:17 - 2012-02-27 19:30 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-06 19:02 - 2011-08-26 08:36 - 00087320 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-06 19:01 - 2009-07-14 00:45 - 00378656 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-28 22:19 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-09-28 17:34 - 2012-02-27 19:39 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Malwarebytes
2014-09-28 17:34 - 2012-02-27 19:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-28 17:34 - 2012-02-27 19:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-09-28 16:47 - 2013-02-01 12:01 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-26 11:04 - 2013-09-16 22:26 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-23 20:08 - 2012-05-23 10:43 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 20:08 - 2011-09-09 08:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-15 09:06 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-12 03:08 - 2011-02-10 12:10 - 00775482 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 03:06 - 2013-07-22 03:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 03:01 - 2011-08-26 13:25 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-12 03:00 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\HitmanPro.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-06 13:30
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-10-2014
Ran by Owner at 2014-10-12 01:21:29
Running from C:\Users\Owner\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Best Buy pc app (Version: 3.1.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.1.0.0 - Best Buy) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CCScore (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.4.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{F336F89D-8C5A-432C-8EA9-DA19377AD591}) (Version: 1.4.162.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.130 - ArcSoft)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.1.1408 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.1.1.1408 - CyberLink Corp.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESSCDBK (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
ESScore (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
ESSgui (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
ESSini (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
ESSSONIC (x32 Version: 6.2.0001.0001 - EASTMAN KODAK Company) Hidden
ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
Garmin Communicator Plugin with myGarmin Agent (HKLM-x32\...\{92A70E71-4F0E-4C05-A777-16424E89F162}) (Version: 2.9.2 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.101 - Google Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Anti-Virus 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
kgcbaby (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcbase (x32 Version: 5.03.0000.0004 - EASTMAN KODAK Company) Hidden
kgchday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgchlwn (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcinvt (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
kgckids (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcmove (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
kgcvday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
KSU (x32 Version: 632.62.0004.0001 - EASTMAN KODAK Company) Hidden
Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech)
magicJack (HKCU\...\magicJack) (Version: 2.0.6073.4252 - magicJack L.P.)
magicJack Recovery Tool 1.0 (HKLM-x32\...\magicJack Recovery Tool_is1) (Version:  - magicJack, L.P.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
netbrdg (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
Notifier (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
OfotoXMI (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
PCDADDIN (x32 Version: 6.02.0001.0003 - EASTMAN KODAK Company) Hidden
PCDHELP (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
QuickTime (HKLM-x32\...\{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}) (Version: 7.1.3.100 - Apple Computer, Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
ROBLOX Player for Owner (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
SFR (x32 Version: 6.02.0001.0001 - Eastman Kodak Company) Hidden
SHASTA (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
SKIN0001 (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
staticcr (x32 Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1108 - SUPERAntiSpyware.com)
tooltips (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
VPRINTOL (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WIRELESS (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-406159724-1202784234-2680421251-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-406159724-1202784234-2680421251-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-406159724-1202784234-2680421251-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-406159724-1202784234-2680421251-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-406159724-1202784234-2680421251-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-406159724-1202784234-2680421251-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-406159724-1202784234-2680421251-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
23-09-2014 14:53:46 Windows Update
25-09-2014 07:00:25 Windows Update
30-09-2014 12:02:31 Windows Update
02-10-2014 07:00:22 Windows Update
07-10-2014 15:24:24 Windows Update
07-10-2014 20:59:57 Checkpoint by HitmanPro
07-10-2014 21:02:32 Checkpoint by HitmanPro
10-10-2014 15:30:56 Windows Update
12-10-2014 04:02:12 ComboFix created restore point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2014-10-12 00:07 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {02F21BF0-874C-4FEF-BDC0-CFB9B2E22625} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {5F5E5332-F264-4317-AB37-AD5BDAC66959} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-09-26 11:03 - 2014-09-26 11:03 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-08-29 05:33 - 2009-10-16 18:12 - 00177664 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdxdrpp.dll
2014-03-18 12:02 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-06-17 10:53 - 2011-08-18 12:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2011-08-29 05:31 - 2009-08-19 14:06 - 01024512 _____ () C:\Windows\system32\lxdxdrs64.dll
2011-08-29 05:31 - 2009-08-19 14:06 - 00025600 _____ () C:\Windows\system32\lxdxcaps64.dll
2011-08-29 05:31 - 2009-08-19 14:00 - 00054784 _____ () C:\Windows\system32\lxdxcnv464.dll
2011-09-09 10:25 - 2011-09-09 10:25 - 00045056 _____ () C:\Windows\SysWOW64\UTSCSI.EXE
2011-06-17 12:29 - 2011-01-27 11:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-17 11:35 - 2010-11-17 11:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2012-02-01 12:50 - 2012-02-01 12:50 - 00968048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
2012-08-17 22:39 - 2013-02-25 09:08 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\kpcengine.2.2.dll
2012-12-02 17:29 - 2012-12-02 17:29 - 00000000 _____ () C:\Windows\system32\igdumdx32.dll
2012-12-02 17:29 - 2012-12-02 17:29 - 00000000 _____ () C:\Windows\system32\igdumd32.dll
2010-11-24 23:44 - 2010-11-24 23:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2012-02-01 12:44 - 2012-02-01 12:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2012-02-01 12:44 - 2012-02-01 12:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2012-12-02 17:29 - 2012-12-02 17:29 - 00000000 _____ () C:\Windows\system32\igd10umd32.dll
2012-08-17 22:38 - 2012-08-17 22:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll
2014-10-11 23:40 - 2014-10-01 01:54 - 01042760 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\38.0.2125.101\libglesv2.dll
2014-10-11 23:40 - 2014-10-01 01:54 - 00211272 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\38.0.2125.101\libegl.dll
2014-10-11 23:40 - 2014-10-01 01:54 - 08911176 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\38.0.2125.101\pdf.dll
2014-10-11 23:40 - 2014-10-01 01:54 - 01681224 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\38.0.2125.101\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk => C:\Windows\pss\Kodak EasyShare software.lnk.CommonStartup
MSCONFIG\startupreg: (default) => 
MSCONFIG\startupreg: Monitor => C:\Windows\PixArt\PAC207\Monitor.exe
MSCONFIG\startupreg: MyGarminAgent => C:\Program Files (x86)\Garmin\MyGarminAgent\MyGarminAgent.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-406159724-1202784234-2680421251-500 - Administrator - Disabled)
Guest (S-1-5-21-406159724-1202784234-2680421251-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-406159724-1202784234-2680421251-1002 - Limited - Enabled)
Owner (S-1-5-21-406159724-1202784234-2680421251-1000 - Administrator - Enabled) => C:\Users\Owner
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/12/2014 00:58:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/12/2014 00:15:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/11/2014 11:27:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/11/2014 10:27:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/11/2014 09:08:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/11/2014 08:58:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/11/2014 08:49:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (10/12/2014 00:07:57 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (10/12/2014 00:07:33 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (10/12/2014 00:05:59 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (10/11/2014 08:58:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (10/11/2014 08:57:35 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (10/11/2014 08:50:47 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: 
%%1056
 
Error: (10/11/2014 08:50:47 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: 
%%1056
 
Error: (10/11/2014 08:50:47 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: 
%%1056
 
Error: (10/11/2014 08:50:47 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: 
%%1056
 
Error: (10/11/2014 08:49:47 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error: 
%%1056
 
 
Microsoft Office Sessions:
=========================
Error: (10/12/2014 00:58:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/12/2014 00:15:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/11/2014 11:27:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/11/2014 10:27:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/11/2014 09:08:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/11/2014 08:58:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/11/2014 08:49:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-12 00:07:33.573
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-12 00:07:33.495
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-10 13:07:38.667
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-10 13:07:38.651
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-10 13:07:38.651
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-08 11:51:47.148
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-08 11:51:47.148
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-08 11:51:47.148
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-05 13:27:23.231
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-05 13:27:23.230
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 46%
Total physical RAM: 4008.63 MB
Available physical RAM: 2162.79 MB
Total Pagefile: 8015.44 MB
Available Pagefile: 5751.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:863.14 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: A5F905B4)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=919.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#54
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

I clicked on Scan and then Fix.


No we don't want a Fix this time.

You have posted the old Additional Scan.

Please try again. Just follow the instruction exactly. Don't do anything else. :)

Run another FRST scan with the Addition.txt box ticked and post back the two logs generated - FRST.txt and Addition.txt.
  • 0

#55
BeachBumBum

BeachBumBum

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

I am sorry, but I thought I did exactly as you said.  I went to my downloads folder and ticked the only Addition.txt box I had there, then I double clicked FRST to run it and clicked on Scan.  After that, I copied the log that was generated, then went back to Downloads and copied the Addition.txt log.  What am I doing wrong??


  • 0

Advertisements


#56
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Don't know but the Addition.txt reported as the old one see date and time stamps:

 

From the one you posted just now:

 

Ran by Owner at 2014-10-12 01:21:29

 

From the one you attached yesterday:

 

Ran by Owner at 2014-10-12 01:21:29

 

Also some of the programs I asked you to uninstall are showing. They shouldn't be there.

 

Try again and see if you can get an up to date Addition.txt. If not we will see what we can do to work around it. :)


  • 0

#57
BeachBumBum

BeachBumBum

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts

Please tell me step-by-step what to do to get an updated Addition.txt.  I just can't remember all the steps I have already done.  I am confused about the FRST and Addition.txt log.  I really don't know how to get them.  Sorry.

 

Also...I uninstalled the programs as you asked.  I don't know why they are showing up.  They don't show up in the programs list.


Edited by BeachBumBum, 12 October 2014 - 04:49 PM.

  • 0

#58
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

 

Also...I uninstalled the programs as you asked.  I don't know why they are showing up.  They don't show up in the programs list.

 

I know you did. They are showing up because the log is an old one. Done before you uninstalled those programs.

 

 

Please tell me step-by-step what to do to get an updated Addition.txt.  I just can't remember all the steps I have already done.  I am confused about the FRST and Addition.txt log.  I really don't know how to get them.  Sorry.

 

Go to where the FRST64.exe is. I think it is in your Downloads folder.

 

  • Click on FRST64.exe.

 

When the console appears looking like this:

 

xFRSTconsolelatest.jpg.pagespeed.ic.dEJM

 

 

click on and tick the box Addition.txt box, see bottom right.

 

  • Click the Scan box.

 

When finished, two logs will automatically appear. One will be named FRST.txt and the other will be named Addition.txt.

 

Please copy and paste them one by one back here.


  • 0

#59
BeachBumBum

BeachBumBum

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 132 posts
I hope this got it.   :headhurt:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-10-2014 02
Ran by Owner (administrator) on OWNER-PC on 12-10-2014 19:21:04
Running from C:\Users\Owner\Downloads
Loaded Profile: Owner (Available profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
( ) C:\Windows\System32\lxdxcoms.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Windows\SysWOW64\UTSCSI.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\plugin-nm-server.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-20] (Logitech, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\qttask.exe [282624 2006-09-01] (Apple Computer, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-08] (Dell)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-406159724-1202784234-2680421251-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Startup: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {E74827C1-2465-4D49-9E13-E83C0775E3AB} URL = https://www.google.c...q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\51y3nh8f.default
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher -> C:\Users\Owner\AppData\Local\Roblox\Versions\version-470c28140c5148c2\\NPRobloxProxy.dll ( Roblox Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected]
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013-02-22]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013-02-22]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected]
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013-02-22]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-05-31]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected]
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013-02-22]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected]
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013-02-22]
 
Chrome: 
=======
CHR HomePage: Default -> https://google.com/
CHR StartupUrls: Default -> "https://google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Inbox) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\biinjcnafoagaobnopofamhcfcfdiijb [2014-07-28]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2012-02-18]
CHR Extension: (Kaspersky Protection) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2014-05-19]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-12]
CHR Extension: (Anti-Banner) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-10-03]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-05-31]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.googl...dnajaicnklhfplh [2013-05-31]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\ab.crx [2012-10-25]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
R2 lxdx_device; C:\Windows\system32\lxdxcoms.exe [1039872 2009-10-16] ( )
R2 UTSCSI; C:\Windows\SysWOW64\UTSCSI.EXE [45056 2011-09-09] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-10-07] ()
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-10] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-19] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-10] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-23] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-22] (Kaspersky Lab ZAO)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-12 19:21 - 2014-10-12 19:21 - 00018496 _____ () C:\Users\Owner\Downloads\FRST.txt
2014-10-12 18:07 - 2014-10-12 18:07 - 00000000 ____D () C:\Users\Owner\Downloads\FRST-OlderVersion
2014-10-12 17:39 - 2014-10-12 17:39 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-12 17:39 - 2014-10-12 17:39 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-12 17:39 - 2014-10-12 17:39 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-12 17:39 - 2014-10-12 17:39 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-12 17:39 - 2014-10-12 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-12 17:37 - 2014-10-12 17:37 - 00918952 _____ (Oracle Corporation) C:\Users\Owner\Downloads\jxpiinstall.exe
2014-10-12 17:00 - 2014-10-12 17:00 - 00854436 _____ () C:\Users\Owner\Downloads\SecurityCheck.exe
2014-10-12 16:55 - 2014-10-12 16:56 - 00002506 _____ () C:\Users\Owner\Desktop\Rkill.txt
2014-10-12 16:54 - 2014-10-12 16:54 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill.com
2014-10-12 16:28 - 2014-10-12 16:28 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-12 16:28 - 2014-10-12 16:28 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-12 16:28 - 2014-10-12 16:28 - 00000000 ____D () C:\Users\Owner\AppData\Local\Mozilla
2014-10-12 16:28 - 2014-10-12 16:28 - 00000000 ____D () C:\ProgramData\Mozilla
2014-10-12 16:28 - 2014-10-12 16:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-12 16:26 - 2014-10-12 16:27 - 35285328 _____ () C:\Users\Owner\Downloads\Firefox Setup 32.0.3.exe
2014-10-12 00:33 - 2014-10-12 00:33 - 00000899 _____ () C:\Users\Owner\Downloads\ComboFix - Shortcut.lnk
2014-10-12 00:09 - 2014-10-12 00:09 - 00022993 _____ () C:\ComboFix.txt
2014-10-12 00:02 - 2014-10-12 00:09 - 00000000 ____D () C:\ComboFix
2014-10-12 00:02 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-12 00:02 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-12 00:02 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-12 00:02 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-12 00:02 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-12 00:02 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-12 00:02 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-12 00:02 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-12 00:01 - 2014-10-12 00:09 - 00000000 ____D () C:\Qoobox
2014-10-12 00:01 - 2014-10-12 00:08 - 00000000 ____D () C:\Windows\erdnt
2014-10-11 23:27 - 2014-10-12 18:24 - 00000336 _____ () C:\Windows\setupact.log
2014-10-11 23:27 - 2014-10-11 23:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-11 23:26 - 2014-10-12 00:14 - 00002838 _____ () C:\Windows\PFRO.log
2014-10-11 23:23 - 2014-10-12 18:07 - 02110464 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2014-10-11 22:53 - 2014-10-11 22:53 - 00002279 _____ () C:\Users\Owner\Desktop\Safe Money.lnk
2014-10-11 22:48 - 2014-10-11 22:48 - 00000010 _____ () C:\Users\Owner\AppData\Local\sponge.last.runtime.cache
2014-10-11 22:43 - 2013-09-02 03:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-10-11 20:33 - 2014-10-11 20:33 - 00000000 ____D () C:\Windows\ERUNT
2014-10-11 18:39 - 2014-10-12 19:21 - 00000000 ____D () C:\FRST
2014-10-11 18:14 - 2014-10-11 18:17 - 00000000 ____D () C:\Users\Owner\Desktop\Peggy's Phone
2014-10-07 17:46 - 2014-10-07 17:46 - 00000000 ____D () C:\Windows\pss
2014-10-07 17:30 - 2014-10-07 17:30 - 00000000 ____D () C:\ProgramData\Licenses
2014-10-07 17:30 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2014-10-07 17:02 - 2014-10-07 17:02 - 00000832 _____ () C:\Windows\system32\.crusader
2014-10-07 16:51 - 2014-10-07 17:04 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-10-07 16:50 - 2014-10-07 17:03 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-07 16:15 - 2014-10-11 22:24 - 00000000 ____D () C:\AdwCleaner
2014-10-07 16:15 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-06 19:18 - 2014-10-06 19:18 - 00005180 _____ () C:\Users\Owner\Documents\cc_20141006_191846.reg
2014-10-03 14:48 - 2014-10-03 14:48 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-10-03 13:22 - 2014-10-03 13:22 - 00262144 _____ () C:\Windows\system32\config\elam
2014-10-03 13:16 - 2014-10-06 19:01 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-10-03 13:16 - 2014-10-06 18:59 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Panda Security
2014-10-03 13:16 - 2014-10-06 18:59 - 00000000 ____D () C:\ProgramData\Panda Security
2014-10-03 13:14 - 2014-10-03 13:14 - 00000000 ____D () C:\Program Files\TermTutor
2014-10-03 09:10 - 2014-10-03 09:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
2014-10-02 21:30 - 2013-02-22 17:51 - 00001113 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
2014-10-02 11:01 - 2014-10-02 11:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\Microsoft Help
2014-10-01 07:48 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 07:48 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-28 18:04 - 2014-09-28 18:04 - 00039984 _____ () C:\Users\Owner\Documents\cc_20140928_180408.reg
2014-09-24 11:25 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 11:25 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-12 03:09 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 03:09 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 03:09 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 03:09 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 03:09 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 03:09 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 03:09 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 03:09 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 03:09 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 03:09 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 03:09 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 03:09 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 03:09 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 03:09 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 03:09 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 03:09 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 03:09 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 03:09 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 03:09 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 03:09 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 03:09 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 03:09 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 03:09 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-12 03:09 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 03:09 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 03:09 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-12 03:09 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-12 03:09 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 03:09 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 03:09 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 03:09 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 03:09 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 03:09 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 03:09 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-12 03:09 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-12 03:09 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-12 03:09 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 03:09 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 03:09 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 03:09 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 03:09 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 03:09 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 03:09 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 03:09 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 03:09 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 03:09 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 03:09 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 03:09 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 03:09 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 03:09 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 03:09 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-12 03:09 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 03:09 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 03:09 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 03:09 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 03:09 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-12 03:01 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 03:01 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-12 18:47 - 2011-10-09 13:40 - 00000000 ____D () C:\Users\Owner\Documents\Security
2014-10-12 18:31 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-12 18:31 - 2009-07-14 00:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-12 18:28 - 2012-08-11 20:34 - 02051461 _____ () C:\Windows\WindowsUpdate.log
2014-10-12 18:24 - 2011-08-26 13:44 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-12 18:24 - 2011-06-17 11:25 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-10-12 18:24 - 2011-06-17 11:25 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-10-12 18:24 - 2011-06-17 10:53 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-10-12 18:24 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-12 18:03 - 2013-11-04 19:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-12 17:39 - 2012-02-23 16:07 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-12 16:49 - 2011-10-09 12:12 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-10-12 16:28 - 2011-10-09 14:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-12 16:28 - 2011-08-26 14:59 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Mozilla
2014-10-12 00:13 - 2011-06-17 10:56 - 00000000 ____D () C:\ProgramData\Temp
2014-10-12 00:09 - 2011-08-26 08:40 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apps\2.0
2014-10-12 00:07 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-11 22:49 - 2012-07-11 14:07 - 01135618 _____ () C:\Users\Owner\AppData\Local\census.cache
2014-10-11 22:49 - 2012-07-11 14:07 - 00110795 _____ () C:\Users\Owner\AppData\Local\ars.cache
2014-10-11 21:34 - 2011-08-29 05:33 - 00000000 ____D () C:\ProgramData\lx_Cats
2014-10-11 20:48 - 2012-05-23 10:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-11 20:48 - 2009-07-14 01:08 - 00032568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-11 19:36 - 2009-07-14 01:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-07 17:06 - 2013-12-02 03:38 - 01048576 ____R () C:\Users\Public\Documents\ESBK.mbb
2014-10-07 17:06 - 2013-12-02 03:38 - 00478208 ____R () C:\Users\Public\Documents\ESBK.mb
2014-10-07 16:46 - 2013-03-11 14:01 - 01526784 ___SH () C:\Users\Owner\Downloads\Thumbs.db
2014-10-06 19:26 - 2014-01-20 14:39 - 00000000 ____D () C:\SUPERDelete
2014-10-06 19:17 - 2012-02-27 19:30 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-06 19:02 - 2011-08-26 08:36 - 00087320 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-06 19:01 - 2009-07-14 00:45 - 00378656 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-28 22:19 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-09-28 17:34 - 2012-02-27 19:39 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Malwarebytes
2014-09-28 17:34 - 2012-02-27 19:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-28 17:34 - 2012-02-27 19:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-09-28 16:47 - 2013-02-01 12:01 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-26 11:04 - 2013-09-16 22:26 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-23 20:08 - 2012-05-23 10:43 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 20:08 - 2011-09-09 08:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-15 09:06 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-12 03:08 - 2011-02-10 12:10 - 00775482 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 03:06 - 2013-07-22 03:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 03:01 - 2011-08-26 13:25 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-12 03:00 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\HitmanPro.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-06 13:30
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-10-2014 02
Ran by Owner at 2014-10-12 19:21:24
Running from C:\Users\Owner\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Best Buy pc app (Version: 3.1.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.1.0.0 - Best Buy) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
CCScore (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.4.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{F336F89D-8C5A-432C-8EA9-DA19377AD591}) (Version: 1.4.162.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.130 - ArcSoft)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.1.1408 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.1.1.1408 - CyberLink Corp.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESSCDBK (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
ESScore (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
ESSgui (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
ESSini (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
ESSSONIC (x32 Version: 6.2.0001.0001 - EASTMAN KODAK Company) Hidden
ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
Garmin Communicator Plugin with myGarmin Agent (HKLM-x32\...\{92A70E71-4F0E-4C05-A777-16424E89F162}) (Version: 2.9.2 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.101 - Google Inc.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Anti-Virus 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
kgcbaby (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcbase (x32 Version: 5.03.0000.0004 - EASTMAN KODAK Company) Hidden
kgchday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgchlwn (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcinvt (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
kgckids (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcmove (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
kgcvday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
KSU (x32 Version: 632.62.0004.0001 - EASTMAN KODAK Company) Hidden
Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech)
magicJack (HKCU\...\magicJack) (Version: 2.0.6073.4252 - magicJack L.P.)
magicJack Recovery Tool 1.0 (HKLM-x32\...\magicJack Recovery Tool_is1) (Version:  - magicJack, L.P.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
netbrdg (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
Notifier (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden
OfotoXMI (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
PCDADDIN (x32 Version: 6.02.0001.0003 - EASTMAN KODAK Company) Hidden
PCDHELP (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
QuickTime (HKLM-x32\...\{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}) (Version: 7.1.3.100 - Apple Computer, Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
ROBLOX Player for Owner (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
SFR (x32 Version: 6.02.0001.0001 - Eastman Kodak Company) Hidden
SHASTA (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
SKIN0001 (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (x32 Version: 6.02.1001.0001 - EASTMAN KODAK Company) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
staticcr (x32 Version: 5.03.0000.0001 - EASTMAN KODAK Company) Hidden
tooltips (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
VPRINTOL (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WIRELESS (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-406159724-1202784234-2680421251-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-406159724-1202784234-2680421251-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-406159724-1202784234-2680421251-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-406159724-1202784234-2680421251-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-406159724-1202784234-2680421251-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-406159724-1202784234-2680421251-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-406159724-1202784234-2680421251-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
25-09-2014 07:00:25 Windows Update
30-09-2014 12:02:31 Windows Update
02-10-2014 07:00:22 Windows Update
07-10-2014 15:24:24 Windows Update
07-10-2014 20:59:57 Checkpoint by HitmanPro
07-10-2014 21:02:32 Checkpoint by HitmanPro
10-10-2014 15:30:56 Windows Update
12-10-2014 04:02:12 ComboFix created restore point
12-10-2014 21:38:55 Installed Java 7 Update 67
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2014-10-12 00:07 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {02F21BF0-874C-4FEF-BDC0-CFB9B2E22625} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {5F5E5332-F264-4317-AB37-AD5BDAC66959} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-08-29 05:33 - 2009-10-16 18:12 - 00177664 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdxdrpp.dll
2014-09-26 11:03 - 2014-09-26 11:03 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-18 12:02 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-08-29 05:31 - 2009-08-19 14:06 - 01024512 _____ () C:\Windows\system32\lxdxdrs64.dll
2011-08-29 05:31 - 2009-08-19 14:06 - 00025600 _____ () C:\Windows\system32\lxdxcaps64.dll
2011-08-29 05:31 - 2009-08-19 14:00 - 00054784 _____ () C:\Windows\system32\lxdxcnv464.dll
2011-09-09 10:25 - 2011-09-09 10:25 - 00045056 _____ () C:\Windows\SysWOW64\UTSCSI.EXE
2011-06-17 10:53 - 2011-08-18 12:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2011-06-17 12:29 - 2011-01-27 11:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-02-01 12:50 - 2012-02-01 12:50 - 02195824 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
2010-11-17 11:35 - 2010-11-17 11:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2012-02-01 12:50 - 2012-02-01 12:50 - 00968048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
2012-02-01 12:50 - 2012-02-01 12:50 - 01850224 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
2012-08-17 22:39 - 2013-02-25 09:08 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\kpcengine.2.2.dll
2012-12-02 17:29 - 2012-12-02 17:29 - 00000000 _____ () C:\Windows\system32\igdumdx32.dll
2012-12-02 17:29 - 2012-12-02 17:29 - 00000000 _____ () C:\Windows\system32\igdumd32.dll
2012-02-01 12:44 - 2012-02-01 12:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll
2012-02-01 12:44 - 2012-02-01 12:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll
2012-12-02 17:29 - 2012-12-02 17:29 - 00000000 _____ () C:\Windows\system32\igd10umd32.dll
2010-11-24 23:44 - 2010-11-24 23:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2012-02-01 12:44 - 2012-02-01 12:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2012-02-01 12:44 - 2012-02-01 12:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2012-08-17 22:38 - 2012-08-17 22:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll
2014-10-11 23:40 - 2014-10-01 01:54 - 01042760 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\38.0.2125.101\libglesv2.dll
2014-10-11 23:40 - 2014-10-01 01:54 - 00211272 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\38.0.2125.101\libegl.dll
2014-10-11 23:40 - 2014-10-01 01:54 - 08911176 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\38.0.2125.101\pdf.dll
2014-10-11 23:40 - 2014-10-01 01:54 - 01681224 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\38.0.2125.101\ffmpegsumo.dll
2014-10-11 23:40 - 2014-10-01 01:54 - 14891848 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\38.0.2125.101\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk => C:\Windows\pss\Kodak EasyShare software.lnk.CommonStartup
MSCONFIG\startupreg: (default) => 
MSCONFIG\startupreg: Monitor => C:\Windows\PixArt\PAC207\Monitor.exe
MSCONFIG\startupreg: MyGarminAgent => C:\Program Files (x86)\Garmin\MyGarminAgent\MyGarminAgent.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-406159724-1202784234-2680421251-500 - Administrator - Disabled)
Guest (S-1-5-21-406159724-1202784234-2680421251-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-406159724-1202784234-2680421251-1002 - Limited - Enabled)
Owner (S-1-5-21-406159724-1202784234-2680421251-1000 - Administrator - Enabled) => C:\Users\Owner
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/12/2014 06:24:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/12/2014 04:51:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/12/2014 00:40:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/12/2014 00:58:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/12/2014 00:15:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/11/2014 11:27:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/11/2014 10:27:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/11/2014 09:08:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/11/2014 08:58:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/11/2014 08:49:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (10/12/2014 04:55:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CLCV0 service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/12/2014 03:53:10 PM) (Source: DCOM) (EventID: 10016) (User: Owner-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Owner-PCOwnerS-1-5-21-406159724-1202784234-2680421251-1000LocalHost (Using LRPC)
 
Error: (10/12/2014 03:53:04 PM) (Source: DCOM) (EventID: 10016) (User: Owner-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}Owner-PCOwnerS-1-5-21-406159724-1202784234-2680421251-1000LocalHost (Using LRPC)
 
Error: (10/12/2014 00:07:57 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (10/12/2014 00:07:33 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (10/12/2014 00:05:59 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (10/11/2014 08:58:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (10/11/2014 08:57:35 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (10/11/2014 08:50:47 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: 
%%1056
 
Error: (10/11/2014 08:50:47 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: 
%%1056
 
 
Microsoft Office Sessions:
=========================
Error: (10/12/2014 06:24:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/12/2014 04:51:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/12/2014 00:40:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/12/2014 00:58:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/12/2014 00:15:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/11/2014 11:27:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/11/2014 10:27:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/11/2014 09:08:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/11/2014 08:58:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/11/2014 08:49:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-12 13:53:35.168
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-12 13:53:35.168
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-12 13:53:35.168
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-12 00:07:33.573
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-12 00:07:33.495
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-10-10 13:07:38.667
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-10 13:07:38.651
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-10 13:07:38.651
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-08 11:51:47.148
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-08 11:51:47.148
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 54%
Total physical RAM: 4008.63 MB
Available physical RAM: 1823.97 MB
Total Pagefile: 8015.44 MB
Available Pagefile: 5203.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:863.37 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: A5F905B4)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=919.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#60
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Okay then, we are going to try another fix. :)

Download the attached fixlist.txt file and save it in your Downloads folder.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Go to your Downloads folder and click on FRST64.exe to open it
  • Press the Fix button just once and wait.

The tool will make a log called (Fixlog.txt). Please copy and paste it back here.


  • 0






Similar Topics


Also tagged with one or more of these keywords: Redirect, wrong password, banking site

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP