windows powershell popup and sysWOW64\dllhost.exe blocked by Malwarebytes

stanm · Nov 30, 2014

Please help. I think I'm infected. My system seems to be running slower and takes longer to load web pages. Had to suspend online banking.

TwinHeadedEagle · Dec 1, 2014

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
Please attach all report using

button below. Doing this, you make it easier for me to analyze and fix your problem.
Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

Download

Malwarebytes Anti-Rootkit to your desktop.

Double-click the icon to start the tool.
It will ask you where to extract it, then it will start.
Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
Click in the introduction screen "next" to continue.
Click in the following screen "Update" to obtain the latest malware definitions.
Once the update is complete select "Next" and click "Scan".
When the scan is finished and no malware has been found select "Exit".
If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
Open the MBAR folder and paste the content of the following files in your next reply:
- "mbar-log-{date} (xx-xx-xx).txt"
- "system-log.txt"

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

stanm · Dec 1, 2014

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2014.12.01.03

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16466
johnsmith :: JASONSTORM [administrator]

12/1/2014 7:59:02 AM
mbar-log-2014-12-01 (07-59-02).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 337935
Time elapsed: 55 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKU\S-1-5-21-2762839642-1568754923-376086736-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} (Trojan.Poweliks.B) -> Delete on reboot. [d1d60459d6a63cfaeba244be25db7987]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\johnsmith\Desktop\Software\bestcrypt\crd.exe (TheftMarker.Crude) -> Delete on reboot. [ccdb7ae374083600e207281603ff0ef2]
C:\Users\johnsmith\Desktop\Software\bestcrypt\crd.exe.bak (TheftMarker.Crude) -> Delete on reboot. [bdea3627ee8e61d525c49f9fd032718f]
C:\Users\johnsmith\Desktop\Software\bestcrypt\crd.exe.bak.bak (TheftMarker.Crude) -> Delete on reboot. [f2b54914eb912f0744a54fefd42ee21e]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Malwarebytes Anti-Rootkit BETA 1.08.2.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16466

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 8467005440, free: 6794969088

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16466

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 8467005440, free: 6802513920

Downloaded database version: v2014.12.01.03
Downloaded database version: v2014.12.01.01
=======================================
Initializing...
This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.
Initializing...
======================
------------ Kernel report ------------
12/01/2014 07:58:53
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\drivers\wd.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\RtsBaStor.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\WirelessButtonDriver64.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\WinUSB.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\hitmanpro37.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80096d8060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000047\
Lower Device Object: 0xfffffa8007d6f2b0
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80096d8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80096d8b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80096d8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8008796b10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8007d6f2b0, DeviceName: \Device\00000047\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 4463ED8

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 1465149167

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 4060582503
GPT Header CurrentLba = 1 BackupLba 1465149167
GPT Header FirstUsableLba 34 LastUsableLba 1465149134
GPT Header Guid db36cdd8-6a1-4593-82f7-fe8be9635ce3
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 4060582503
Backup GPT header CurrentLba = 1465149167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1465149134
Backup GPT header Guid db36cdd8-6a1-4593-82f7-fe8be9635ce3
Backup GPT header Contains 128 partition entries starting at LBA 1465149135
Backup GPT header Partition entry size = 128

Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID cc93694e-549f-490e-b691-2744edbc3472
FirstLBA 2048 Last LBA 821247
Attributes 1
Partition Name Basic data partition

Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 59e6ba52-631b-42dd-856d-9d753560f97b
FirstLBA 821248 Last LBA 1353727
Attributes 0
Partition Name EFI system partition

GPT Partition 1 is bootable
Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID 9a4c6918-cf88-492b-84ee-b13ab7aa249f
FirstLBA 1353728 Last LBA 1615871
Attributes 0
Partition Name Microsoft reserved partition

Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 318bc6ab-44d7-469d-9893-cca19ba3d3a
FirstLBA 1615872 Last LBA 1409910783
Attributes 0
Partition Name Basic data partition

Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID fafe7be9-88d0-424f-8a61-d41894123c
FirstLBA 1409910784 Last LBA 1465135103
Attributes 1
Partition Name Basic data partition

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Done!
Infected: C:\Users\johnsmith\Desktop\Software\bestcrypt\crd.exe --> [TheftMarker.Crude]
Infected: C:\Users\johnsmith\Desktop\Software\bestcrypt\crd.exe.bak --> [TheftMarker.Crude]
Infected: C:\Users\johnsmith\Desktop\Software\bestcrypt\crd.exe.bak.bak --> [TheftMarker.Crude]
Infected: HKU\S-1-5-21-2762839642-1568754923-376086736-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} --> [Trojan.Poweliks.B]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-11-2014 01
Ran by johnsmith (administrator) on JASONSTORM on 01-12-2014 09:52:05
Running from C:\Users\johnsmith\Desktop\removal tools
Loaded Profile: johnsmith (Available profiles: johnsmith)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
() C:\Windows\System32\valWBFPolicyService.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\plugin-nm-server.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-31] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2762839642-1568754923-376086736-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2762839642-1568754923-376086736-1001\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1330008 2012-12-11] (Comfort Software Group)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2762839642-1568754923-376086736-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-2762839642-1568754923-376086736-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2762839642-1568754923-376086736-1001 -> DefaultScope {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2762839642-1568754923-376086736-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKU\S-1-5-21-2762839642-1568754923-376086736-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2762839642-1568754923-376086736-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-01]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-01]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-01]

Chrome:
=======
CHR Profile: C:\Users\johnsmith\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\johnsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-08]
CHR Extension: (Google Drive) - C:\Users\johnsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\johnsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-23]
CHR Extension: (YouTube) - C:\Users\johnsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-08]
CHR Extension: (Google Search) - C:\Users\johnsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-08]
CHR Extension: (Kaspersky Protection) - C:\Users\johnsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-12-01]
CHR Extension: (Website Logon) - C:\Users\johnsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo [2014-05-08]
CHR Extension: (Google Wallet) - C:\Users\johnsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-08]
CHR Extension: (Gmail) - C:\Users\johnsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-08]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho []
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-07-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [39528 2011-09-16] (ArcSoft Inc.)
S2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2012-12-29] (IvoSoft) [File not signed]
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-10] (Hewlett-Packard Company) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2011-02-04] (Nalpeiron Ltd.) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-21] (IDT, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2014-12-01] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [150536 2014-08-18] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [247480 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [801288 2014-08-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [69816 2014-07-25] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [74424 2014-08-13] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [34808 2014-11-19] ()
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [X]
S1 bcbus; \SystemRoot\System32\drivers\bcbus.sys [X]
R4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-01 09:39 - 2014-12-01 09:39 - 00002330 _____ () C:\Users\johnsmith\Desktop\Safe Money.lnk
2014-12-01 09:38 - 2014-12-01 09:38 - 00002132 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-12-01 09:38 - 2014-12-01 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-12-01 09:38 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2014-12-01 09:36 - 2014-12-01 09:43 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-01 09:36 - 2014-12-01 09:36 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-12-01 09:36 - 2014-08-20 18:04 - 00801288 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-12-01 09:36 - 2014-08-18 14:43 - 00150536 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-12-01 09:36 - 2014-08-12 18:32 - 00247480 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2014-12-01 09:28 - 2014-12-01 09:28 - 05005408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-01 09:25 - 2014-11-20 13:56 - 00713672 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-01 09:25 - 2014-11-20 13:56 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-01 07:58 - 2014-12-01 09:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-01 07:58 - 2014-12-01 07:58 - 00000117 _____ () C:\Windows\system32\netcfg-763703.txt
2014-12-01 07:57 - 2014-12-01 08:59 - 00000000 ____D () C:\Users\johnsmith\Desktop\mbar
2014-12-01 07:56 - 2014-12-01 07:56 - 00000117 _____ () C:\Windows\system32\netcfg-627218.txt
2014-12-01 07:56 - 2014-12-01 07:56 - 00000117 _____ () C:\Windows\system32\netcfg-624156.txt
2014-12-01 07:56 - 2014-12-01 07:56 - 00000117 _____ () C:\Windows\system32\netcfg-618343.txt
2014-12-01 07:51 - 2014-12-01 07:51 - 00001139 _____ () C:\Windows\system32\netcfg-333515.txt
2014-12-01 07:51 - 2014-12-01 07:51 - 00001134 _____ () C:\Windows\system32\netcfg-329937.txt
2014-12-01 07:48 - 2014-12-01 07:48 - 00000117 _____ () C:\Windows\system32\netcfg-157515.txt
2014-12-01 07:47 - 2014-12-01 07:47 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-12-01 07:22 - 2014-12-01 07:37 - 16448208 _____ (Malwarebytes Corp.) C:\Users\johnsmith\Desktop\mbar-1.08.2.1001.exe
2014-12-01 01:34 - 2014-10-08 21:00 - 01519104 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2014-12-01 01:34 - 2014-10-08 21:00 - 01484288 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2014-12-01 01:34 - 2014-10-08 21:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll
2014-12-01 01:34 - 2014-10-08 20:59 - 01195520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2014-12-01 01:34 - 2014-10-08 20:59 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll
2014-12-01 01:34 - 2012-09-19 23:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\eventcls.dll
2014-12-01 01:34 - 2012-09-19 22:53 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eventcls.dll
2014-11-30 23:38 - 2014-06-10 15:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-11-30 23:38 - 2014-06-10 15:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-11-30 23:23 - 2014-10-11 00:44 - 19764736 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-11-30 23:23 - 2014-10-10 22:57 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-11-30 23:23 - 2014-10-08 20:59 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-11-30 23:23 - 2014-10-08 20:59 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-11-30 23:23 - 2014-10-08 20:58 - 00458240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2014-11-30 23:23 - 2014-09-21 22:38 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2014-11-30 23:23 - 2014-09-21 20:56 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-11-30 23:23 - 2014-04-19 02:39 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-11-30 23:23 - 2014-04-19 01:45 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-11-30 23:23 - 2014-04-19 01:45 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-11-30 23:23 - 2014-04-18 23:57 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-11-30 23:23 - 2014-04-18 23:57 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-11-30 23:23 - 2014-01-30 17:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-11-30 23:19 - 2014-10-11 00:45 - 10115072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-11-30 23:19 - 2014-10-11 00:44 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-30 23:19 - 2014-10-11 00:44 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-30 23:19 - 2014-10-11 00:43 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-30 23:19 - 2014-10-10 22:58 - 08858624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-11-30 23:19 - 2014-10-10 22:57 - 02416640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-30 23:19 - 2014-10-10 22:57 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-30 23:19 - 2014-10-10 22:56 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-30 23:19 - 2014-06-12 16:34 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-11-30 23:19 - 2014-06-12 16:29 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-11-30 23:19 - 2013-12-04 16:43 - 00583680 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-11-30 23:19 - 2013-12-04 16:37 - 00451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-11-30 23:19 - 2013-03-02 01:23 - 00375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2014-11-30 23:19 - 2013-03-01 19:44 - 01011200 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2014-11-30 23:19 - 2012-12-14 21:55 - 00443392 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2014-11-30 23:18 - 2013-11-22 23:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-11-30 23:18 - 2013-11-22 22:05 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-11-30 23:18 - 2013-08-23 00:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-11-30 23:18 - 2013-08-22 18:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-11-30 23:18 - 2013-03-21 20:49 - 02382336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2014-11-30 23:18 - 2013-03-21 15:47 - 02851840 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2014-11-30 23:17 - 2014-01-30 17:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-11-30 23:17 - 2014-01-30 17:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-11-30 23:17 - 2013-10-31 22:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-11-30 23:17 - 2013-10-31 20:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-11-30 23:17 - 2013-04-02 16:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2014-11-30 23:17 - 2013-04-02 16:12 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-11-30 23:17 - 2012-12-12 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-11-30 23:17 - 2012-12-12 20:59 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-11-30 23:06 - 2014-10-30 04:25 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-30 21:55 - 2014-11-30 21:55 - 00002362 _____ () C:\Windows\system32\.crusader
2014-11-30 21:38 - 2014-11-30 21:55 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-30 21:38 - 2014-11-30 21:38 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-11-30 21:38 - 2014-11-30 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-11-30 21:38 - 2014-11-30 21:38 - 00000000 ____D () C:\Program Files\HitmanPro
2014-11-30 21:35 - 2014-10-31 23:26 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-30 21:30 - 2014-11-30 21:35 - 32507072 _____ (Microsoft Corporation) C:\Users\johnsmith\Downloads\Windows-KB890830-x64-V5.18.exe
2014-11-30 21:28 - 2014-11-30 21:36 - 11222744 _____ (SurfRight B.V.) C:\Users\johnsmith\Downloads\HitmanPro_x64.exe
2014-11-30 21:06 - 2014-12-01 09:52 - 00000000 ____D () C:\Users\johnsmith\Desktop\removal tools
2014-11-30 21:06 - 2014-12-01 09:52 - 00000000 ____D () C:\FRST
2014-11-30 20:48 - 2014-11-30 20:48 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\johnsmith\Downloads\tdsskiller.exe
2014-11-30 20:34 - 2014-11-30 20:34 - 00000117 _____ () C:\Windows\system32\netcfg-26750.txt
2014-11-30 20:33 - 2014-11-30 20:33 - 00000117 _____ () C:\Windows\system32\netcfg-2834125.txt
2014-11-30 20:23 - 2014-11-30 20:29 - 00000000 ____D () C:\Users\johnsmith\Desktop\ReportMaker
2014-11-30 20:09 - 2014-11-30 20:10 - 06360161 _____ () C:\Users\johnsmith\Downloads\ReportMaker.1417400617.exe
2014-11-30 20:01 - 2014-12-01 09:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-30 20:00 - 2014-12-01 07:57 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-30 20:00 - 2014-11-30 20:00 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-30 20:00 - 2014-11-30 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-30 20:00 - 2014-11-30 20:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-30 20:00 - 2014-11-30 20:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-30 20:00 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-30 20:00 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-30 19:52 - 2014-11-30 19:52 - 00000117 _____ () C:\Windows\system32\netcfg-357703.txt
2014-11-30 19:47 - 2014-11-30 19:47 - 00000117 _____ () C:\Windows\system32\netcfg-96156.txt
2014-11-30 19:46 - 2014-12-01 09:28 - 00005748 _____ () C:\Windows\PFRO.log
2014-11-30 19:43 - 2014-11-30 19:43 - 00000167 _____ () C:\Windows\system32\netcfg-116564500.txt
2014-11-30 19:43 - 2014-11-30 19:43 - 00000117 _____ () C:\Windows\system32\netcfg-116559484.txt
2014-11-30 19:43 - 2014-11-30 19:43 - 00000117 _____ () C:\Windows\system32\netcfg-116556640.txt
2014-11-30 19:33 - 2014-11-30 21:40 - 202839360 _____ (Kaspersky Lab) C:\Users\johnsmith\Downloads\kis15.0.1.415EN_6874.exe
2014-11-30 10:16 - 2014-12-01 06:21 - 00961086 _____ () C:\Windows\WindowsUpdate.log
2014-11-29 12:11 - 2014-11-29 12:11 - 00000117 _____ () C:\Windows\system32\netcfg-3028671.txt
2014-11-29 12:11 - 2014-11-29 12:11 - 00000117 _____ () C:\Windows\system32\netcfg-3022500.txt
2014-11-27 13:22 - 2014-11-27 13:22 - 00000117 _____ () C:\Windows\system32\netcfg-45219796.txt
2014-11-27 13:22 - 2014-11-27 13:22 - 00000117 _____ () C:\Windows\system32\netcfg-45219750.txt
2014-11-27 12:51 - 2014-11-27 12:51 - 00000117 _____ () C:\Windows\system32\netcfg-43350140.txt
2014-11-27 12:51 - 2014-11-27 12:51 - 00000117 _____ () C:\Windows\system32\netcfg-43350078.txt
2014-11-27 11:59 - 2014-11-27 11:59 - 00000117 _____ () C:\Windows\system32\netcfg-40248046.txt
2014-11-27 11:59 - 2014-11-27 11:59 - 00000117 _____ () C:\Windows\system32\netcfg-40247437.txt
2014-11-27 00:48 - 2014-11-27 00:48 - 00000117 _____ () C:\Windows\system32\netcfg-80960203.txt
2014-11-26 18:07 - 2014-11-27 00:48 - 00000000 ____D () C:\Users\johnsmith\AppData\Roaming\Iravbypa
2014-11-26 18:03 - 2014-11-30 20:33 - 00000000 ____D () C:\ProgramData\NicwEsray
2014-11-26 02:23 - 2014-11-26 02:23 - 00000117 _____ () C:\Windows\system32\netcfg-276359.txt
2014-11-26 02:18 - 2014-11-26 02:18 - 00000117 _____ () C:\Windows\system32\netcfg-57643953.txt
2014-11-26 00:23 - 2014-11-26 00:23 - 00000117 _____ () C:\Windows\system32\netcfg-50768500.txt
2014-11-26 00:23 - 2014-11-26 00:23 - 00000117 _____ () C:\Windows\system32\netcfg-50768421.txt
2014-11-25 18:46 - 2014-11-26 02:18 - 00000000 ____D () C:\Users\johnsmith\AppData\Roaming\FrameworkUpdate
2014-11-25 16:44 - 2014-11-25 16:44 - 00000117 _____ () C:\Windows\system32\netcfg-23231437.txt
2014-11-25 16:44 - 2014-11-25 16:44 - 00000117 _____ () C:\Windows\system32\netcfg-23231328.txt
2014-11-25 15:56 - 2014-11-25 15:56 - 00001475 _____ () C:\Users\johnsmith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google.lnk
2014-11-25 10:54 - 2014-11-25 10:54 - 00000117 _____ () C:\Windows\system32\netcfg-2195375.txt
2014-11-25 10:19 - 2014-11-25 10:19 - 00000117 _____ () C:\Windows\system32\netcfg-125890.txt
2014-11-23 17:33 - 2014-11-23 17:33 - 00000117 _____ () C:\Windows\system32\netcfg-109928343.txt
2014-11-23 17:33 - 2014-11-23 17:33 - 00000117 _____ () C:\Windows\system32\netcfg-109928281.txt
2014-11-23 17:32 - 2014-11-23 17:32 - 00000117 _____ () C:\Windows\system32\netcfg-109871812.txt
2014-11-23 17:32 - 2014-11-23 17:32 - 00000117 _____ () C:\Windows\system32\netcfg-109871734.txt
2014-11-23 15:32 - 2014-11-23 15:32 - 00000117 _____ () C:\Windows\system32\netcfg-102657734.txt
2014-11-23 15:32 - 2014-11-23 15:32 - 00000117 _____ () C:\Windows\system32\netcfg-102657562.txt
2014-11-22 17:17 - 2014-11-22 17:17 - 00000117 _____ () C:\Windows\system32\netcfg-22575437.txt
2014-11-22 11:03 - 2014-11-22 11:03 - 00000117 _____ () C:\Windows\system32\netcfg-137015.txt
2014-11-20 09:44 - 2014-11-20 09:44 - 00000117 _____ () C:\Windows\system32\netcfg-53047234.txt
2014-11-20 07:40 - 2014-11-20 07:40 - 00000117 _____ () C:\Windows\system32\netcfg-45565703.txt
2014-11-20 01:14 - 2014-11-08 04:22 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-20 01:14 - 2014-11-08 04:21 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-20 01:14 - 2014-11-07 23:57 - 00187904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-20 01:14 - 2014-11-07 23:56 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-20 01:14 - 2014-10-11 01:35 - 00171840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-20 01:14 - 2014-10-11 00:44 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-11-20 01:14 - 2014-10-11 00:43 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-20 01:14 - 2014-10-10 22:57 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-11-20 01:14 - 2014-05-29 16:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-11-20 01:14 - 2014-04-12 02:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-11-20 01:14 - 2014-04-12 02:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-11-20 01:14 - 2014-04-12 02:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-20 01:14 - 2014-04-12 02:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-20 01:14 - 2014-04-12 02:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-20 01:14 - 2014-04-12 02:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-20 01:14 - 2014-04-12 00:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-11-20 01:14 - 2014-04-12 00:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-20 01:14 - 2014-04-12 00:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-20 01:14 - 2014-04-12 00:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-20 01:14 - 2014-04-12 00:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-20 01:14 - 2014-04-11 23:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
2014-11-20 01:14 - 2014-03-03 16:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-11-19 20:57 - 2014-11-19 20:57 - 00000117 _____ () C:\Windows\system32\netcfg-7000390.txt
2014-11-19 20:52 - 2014-11-19 20:52 - 00000117 _____ () C:\Windows\system32\netcfg-6735375.txt
2014-11-19 19:26 - 2014-11-19 19:26 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-19 19:26 - 2014-11-19 19:26 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-19 13:25 - 2014-11-19 13:25 - 00000117 _____ () C:\Windows\system32\netcfg-14821203.txt
2014-11-19 13:25 - 2014-11-19 13:25 - 00000117 _____ () C:\Windows\system32\netcfg-14820968.txt
2014-11-18 07:57 - 2014-11-18 07:57 - 00000117 _____ () C:\Windows\system32\netcfg-57518609.txt
2014-11-18 07:56 - 2014-11-18 07:56 - 00000117 _____ () C:\Windows\system32\netcfg-57439656.txt
2014-11-14 19:39 - 2014-11-17 15:26 - 00000000 ____D () C:\Users\johnsmith\Downloads\walking-dead-S03
2014-11-14 19:36 - 2014-11-17 15:26 - 00000000 ____D () C:\Users\johnsmith\Downloads\walking-dead-S01
2014-11-14 19:34 - 2014-11-17 10:35 - 00000000 ____D () C:\Users\johnsmith\Downloads\walking-dead-S02
2014-11-14 16:06 - 2014-11-14 16:06 - 00000325 _____ () C:\Users\johnsmith\Desktop\Employee Calendar.url
2014-11-14 13:07 - 2014-11-14 13:07 - 00000117 _____ () C:\Windows\system32\netcfg-696923281.txt
2014-11-13 09:01 - 2014-11-13 09:01 - 00000117 _____ () C:\Windows\system32\netcfg-595764046.txt
2014-11-13 09:01 - 2014-11-13 09:01 - 00000117 _____ () C:\Windows\system32\netcfg-595763968.txt
2014-11-12 09:04 - 2014-11-12 09:04 - 00000117 _____ () C:\Windows\system32\netcfg-509518703.txt
2014-11-12 09:04 - 2014-11-12 09:04 - 00000117 _____ () C:\Windows\system32\netcfg-509518593.txt
2014-11-12 09:04 - 2014-11-12 09:04 - 00000117 _____ () C:\Windows\system32\netcfg-509512187.txt
2014-11-12 09:00 - 2014-11-12 09:00 - 00000117 _____ () C:\Windows\system32\netcfg-509313421.txt
2014-11-12 08:56 - 2014-11-12 08:56 - 00000117 _____ () C:\Windows\system32\netcfg-509068250.txt
2014-11-12 08:56 - 2014-11-12 08:56 - 00000117 _____ () C:\Windows\system32\netcfg-509062265.txt
2014-11-12 02:48 - 2014-09-24 16:29 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 02:48 - 2014-09-24 16:29 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-11-12 02:48 - 2014-09-24 16:01 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 02:48 - 2014-09-24 16:01 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-11-12 02:48 - 2014-08-21 16:56 - 01418752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 02:48 - 2014-08-21 16:27 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 02:48 - 2014-08-09 01:30 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-11-12 02:48 - 2014-08-09 01:29 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2014-11-12 02:47 - 2014-10-23 05:47 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 02:47 - 2014-10-23 04:04 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 02:47 - 2014-10-18 01:44 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 02:47 - 2014-10-18 00:05 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 02:47 - 2014-10-11 00:44 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-12 02:47 - 2014-10-10 22:41 - 00713728 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 02:47 - 2014-10-10 22:41 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 02:47 - 2014-10-10 22:05 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 02:47 - 2014-10-10 22:04 - 00713728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 02:47 - 2014-10-02 18:21 - 00522728 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 02:47 - 2014-10-02 15:29 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 02:47 - 2014-10-02 15:29 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 02:47 - 2014-10-02 15:29 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-11-12 02:47 - 2014-10-01 16:05 - 04068864 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 02:47 - 2014-09-12 23:24 - 02233152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-11-12 02:47 - 2014-05-02 20:34 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-11-12 02:47 - 2012-10-12 01:08 - 00027880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-11-12 02:47 - 2012-10-11 23:14 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2014-11-12 02:46 - 2014-10-25 18:56 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 02:46 - 2014-10-25 18:56 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 02:46 - 2014-10-25 18:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-11-12 02:46 - 2014-10-25 18:56 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-11-12 02:46 - 2014-10-25 18:56 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 02:46 - 2014-10-25 18:55 - 19284480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 02:46 - 2014-10-25 18:55 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 02:46 - 2014-10-25 18:55 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 02:46 - 2014-10-25 18:54 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 02:46 - 2014-10-25 18:54 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 02:46 - 2014-10-25 18:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 02:46 - 2014-10-25 18:54 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 02:46 - 2014-10-25 18:54 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 02:46 - 2014-10-25 18:54 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 02:46 - 2014-10-25 18:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-12 02:46 - 2014-10-25 18:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 02:46 - 2014-10-25 17:36 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 02:46 - 2014-10-25 17:35 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 02:46 - 2014-10-25 17:35 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 02:46 - 2014-10-25 17:35 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-11-12 02:46 - 2014-10-25 17:34 - 13758464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 02:46 - 2014-10-25 17:34 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 02:46 - 2014-10-25 17:34 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 02:46 - 2014-10-25 17:34 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 02:46 - 2014-10-25 17:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 02:46 - 2014-10-25 17:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 02:46 - 2014-10-25 17:34 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-12 02:46 - 2014-10-25 17:34 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 02:46 - 2014-10-25 17:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 02:46 - 2014-10-25 17:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 02:46 - 2014-10-25 14:48 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-11-12 02:46 - 2014-09-21 22:53 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-11-12 02:46 - 2014-09-05 17:46 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-11-12 02:46 - 2014-09-02 19:48 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2014-11-12 02:46 - 2014-09-02 19:22 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2014-11-12 02:46 - 2014-08-28 21:17 - 02043392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-11-12 02:46 - 2014-08-28 21:17 - 00227328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-11-12 02:46 - 2014-08-28 21:04 - 02837504 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-11-12 02:46 - 2014-08-28 21:04 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-11-12 02:46 - 2014-08-27 23:04 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSCOMEX.dll
2014-11-12 02:46 - 2014-08-27 23:04 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-11-12 02:46 - 2014-08-27 22:59 - 00616448 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-11-12 02:46 - 2014-08-27 22:59 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-11-12 02:46 - 2014-08-27 22:59 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\FXSTIFF.dll
2014-11-12 02:46 - 2014-08-27 22:59 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\FXST30.dll
2014-11-12 02:46 - 2014-08-26 15:08 - 00270024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-11-12 02:46 - 2014-07-24 06:12 - 00328512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-11-12 02:45 - 2014-10-25 18:55 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 02:45 - 2014-10-25 18:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 02:45 - 2014-10-25 18:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 02:45 - 2014-10-25 18:54 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 02:45 - 2014-10-25 18:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 02:45 - 2014-10-25 17:35 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 02:45 - 2014-10-25 17:35 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 02:45 - 2014-10-25 17:35 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 02:45 - 2014-10-25 17:34 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 02:45 - 2014-10-25 17:34 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-12 02:45 - 2014-10-25 17:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 02:45 - 2014-10-25 17:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-10 11:28 - 2014-11-10 11:28 - 00000117 _____ () C:\Windows\system32\netcfg-345340312.txt
2014-11-10 11:28 - 2014-11-10 11:28 - 00000117 _____ () C:\Windows\system32\netcfg-345340234.txt
2014-11-10 08:04 - 2014-11-10 08:04 - 00000117 _____ () C:\Windows\system32\netcfg-333130109.txt
2014-11-10 08:04 - 2014-11-10 08:04 - 00000117 _____ () C:\Windows\system32\netcfg-333127046.txt
2014-11-08 23:43 - 2014-11-08 23:43 - 00000117 _____ () C:\Windows\system32\netcfg-216665062.txt
2014-11-08 23:43 - 2014-11-08 23:43 - 00000117 _____ () C:\Windows\system32\netcfg-216664734.txt
2014-11-08 20:51 - 2014-11-08 20:51 - 00000117 _____ () C:\Windows\system32\netcfg-206372718.txt
2014-11-08 20:51 - 2014-11-08 20:51 - 00000117 _____ () C:\Windows\system32\netcfg-206371781.txt
2014-11-08 18:54 - 2014-11-09 23:10 - 00000000 ____D () C:\Users\johnsmith\Downloads\bosch.s01e01.pilot.720p.webrip.x264-w4f-sample.mkv
2014-11-07 09:27 - 2014-11-07 09:27 - 00000117 _____ () C:\Windows\system32\netcfg-78900203.txt
2014-11-07 09:27 - 2014-11-07 09:27 - 00000117 _____ () C:\Windows\system32\netcfg-78898078.txt
2014-11-07 01:42 - 2014-11-14 11:23 - 00000000 ____D () C:\Users\johnsmith\Downloads\polyphonic spree (1)
2014-11-07 01:34 - 2014-11-07 01:37 - 00000000 ____D () C:\Users\johnsmith\Downloads\polyphonic spree
2014-11-06 11:31 - 2014-11-06 11:31 - 00002560 _____ () C:\Users\johnsmith\AppData\Local\6A815FEA01B.exe
2014-11-06 11:26 - 2014-11-06 11:26 - 00002560 _____ () C:\Users\johnsmith\AppData\Local\EB79B990EB2A.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-01 09:38 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-12-01 09:36 - 2012-07-26 01:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-12-01 09:35 - 2014-05-08 13:10 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-01 09:35 - 2012-07-26 00:28 - 00941114 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-01 09:31 - 2014-05-08 13:10 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-01 09:29 - 2012-07-26 00:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-01 09:26 - 2012-07-25 22:37 - 00000000 ____D () C:\Windows\servicing
2014-12-01 09:20 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\WinStore
2014-12-01 09:19 - 2012-07-26 01:12 - 00000000 ___RD () C:\Windows\ToastData
2014-12-01 09:19 - 2012-07-26 01:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-12-01 09:19 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-01 09:19 - 2012-07-25 22:38 - 00000000 ____D () C:\Windows\system32\oobe
2014-12-01 09:18 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-01 09:18 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-01 09:17 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-01 09:17 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-01 09:17 - 2012-07-26 01:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-01 09:17 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-12-01 09:17 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-12-01 09:17 - 2012-07-26 00:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-12-01 09:14 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-12-01 09:14 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-12-01 09:14 - 2012-07-25 22:38 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-12-01 09:14 - 2012-07-25 22:38 - 00000000 ____D () C:\Windows\system32\Dism
2014-12-01 09:00 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\sru
2014-12-01 08:57 - 2012-07-26 00:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-01 08:56 - 2013-01-24 23:13 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2762839642-1568754923-376086736-1001
2014-12-01 08:25 - 2013-01-25 10:20 - 00000000 ____D () C:\Users\johnsmith\AppData\Roaming\vlc
2014-12-01 07:52 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-01 07:51 - 2012-11-21 00:19 - 00002739 _____ () C:\Windows\system32\RaCoInst.log
2014-12-01 07:28 - 2013-01-25 00:49 - 00000000 ____D () C:\Users\johnsmith\Desktop\giganews
2014-12-01 07:19 - 2013-01-31 21:49 - 00000000 ____D () C:\Users\johnsmith\AppData\Local\CrashDumps
2014-11-30 20:33 - 2012-09-12 18:50 - 00000000 ____D () C:\Windows\en
2014-11-30 19:46 - 2012-07-25 22:26 - 00008192 ___SH () C:\Windows\system32\config\BBI
2014-11-30 19:35 - 2014-04-29 05:42 - 00000000 ____D () C:\Users\johnsmith\AppData\Roaming\Binreader
2014-11-30 18:43 - 2014-09-24 20:10 - 00000000 ____D () C:\Users\johnsmith\Desktop\House Ideas
2014-11-29 09:58 - 2014-08-29 23:18 - 00000000 ____D () C:\Users\johnsmith\AppData\Roaming\tixati
2014-11-25 16:39 - 2014-05-08 13:10 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-25 01:39 - 2014-06-08 18:36 - 00000000 ____D () C:\Users\johnsmith\AppData\Roaming\Youtube Downloader HD
2014-11-25 01:38 - 2014-06-08 18:23 - 00001153 _____ () C:\Users\johnsmith\Desktop\Youtube Downloader HD.lnk
2014-11-25 01:38 - 2014-06-08 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youtube Downloader HD
2014-11-25 01:38 - 2014-06-08 18:23 - 00000000 ____D () C:\Program Files (x86)\Youtube Downloader HD
2014-11-24 09:27 - 2013-01-25 11:22 - 00000000 ____D () C:\Users\johnsmith\Documents\Calibre Library
2014-11-23 08:56 - 2014-02-10 11:26 - 00000000 ____D () C:\Users\johnsmith\Desktop\books to load
2014-11-20 09:59 - 2013-02-15 21:16 - 00000000 ____D () C:\Users\johnsmith\AppData\Local\QuickPar
2014-11-19 14:35 - 2013-01-29 23:17 - 00001891 _____ () C:\Users\johnsmith\Desktop\Mirc searches.txt
2014-11-19 14:20 - 2013-01-24 23:03 - 00000000 ____D () C:\Users\johnsmith\AppData\Roaming\mIRC
2014-11-19 14:13 - 2013-02-14 23:18 - 00000000 ____D () C:\Users\johnsmith\Documents\My Kindle Content
2014-11-19 13:39 - 2014-10-10 20:59 - 00000273 _____ () C:\Users\johnsmith\Desktop\Monthly Finances.txt
2014-11-14 15:30 - 2014-05-08 13:10 - 00003900 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 15:30 - 2014-05-08 13:10 - 00003664 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 18:16 - 2013-01-27 22:53 - 00001701 _____ () C:\Users\johnsmith\Desktop\IMDB.url
2014-11-11 04:53 - 2014-07-01 15:43 - 00000000 ____D () C:\Users\johnsmith\Desktop\Nicole's New Job Search
2014-11-09 09:23 - 2014-04-29 09:48 - 00000000 ____D () C:\Users\johnsmith\AppData\Roaming\HandBrake
2014-11-07 10:05 - 2013-09-06 09:47 - 00000000 ____D () C:\Windows\Minidump
2014-11-06 11:33 - 2013-01-24 21:18 - 00000000 ____D () C:\Users\johnsmith

Some content of TEMP:
====================
C:\Users\johnsmith\AppData\Local\Temp\syserrfix.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-23 23:14

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2014 01
Ran by johnsmith at 2014-11-30 21:08:19
Running from C:\Users\johnsmith\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.01) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.01 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-2762839642-1568754923-376086736-1001\...\Amazon Kindle) (Version: - Amazon)
ArcSoft Panorama Maker 6 (HKLM-x32\...\{E9CBC8FA-BF1F-4956-8B75-0D314682FE5F}) (Version: 6.0.0.92 - ArcSoft)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.86 - AuthenTec, Inc.) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Binreader (HKLM-x32\...\{3D47B2C0-8748-4450-99AE-0746A5A74C8E}) (Version: 1.0.0 - Binreader)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
calibre 64bit (HKLM\...\{0F072A3A-7D6F-4CE0-AB44-10DB3A7B3852}) (Version: 1.17.0 - Kovid Goyal)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Classic Shell (HKLM\...\{CB00799C-0E4F-4FD1-A046-BD24321BCDFF}) (Version: 3.6.5 - IvoSoft)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Free Alarm Clock 2.7.1 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 2.7 - Comfort Software Group)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Hard Disk Scrubber 3.4 (Remove Only) (HKLM-x32\...\{DE47ADD1-B82B-4B52-AF29-76AE7EF4E19D}_is1) (Version: - Summit Computer Networks, Inc.)
HDR Efex Pro 2 (HKLM-x32\...\HDR Efex Pro 2) (Version: 2.0.0.0 - Nik Software, Inc.)
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{F244D07D-1876-4CDD-914D-214E15A8D327}) (Version: 4.2.5.1 - Hewlett-Packard Company)
HP Connected Backup (HKLM-x32\...\{6BA5F6E7-6CC1-4117-816D-A549A06CE44E}) (Version: 8.7.0.0 - Autonomy)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{0EF47DBD-7E67-492F-9423-DAF028BEF627}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{609B11CC-8CED-4116-AD8A-A72168894D39}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.244 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{B8019B54-F9BE-490A-9619-6D06F18F129F}) (Version: 7.0.32.44 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2817 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.22 - mIRC Co. Ltd.)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Nero 12 (HKLM-x32\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - Nero AG)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Perfect Resize 7.0.1 Professional Edition (HKLM-x32\...\{FCADA4FF-142C-42A8-B73C-0A54A7F83345}) (Version: 7.0.1 - onOne Software)
Photomatix Pro version 4.2.4 (HKLM\...\PhotomatixPro42x64_is1) (Version: 4.2.4 - HDRsoft Sarl)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Privacy Eraser (HKLM\...\{CB5AC03C-B8AD-980F-998E-51969A6DFC9F}_is1) (Version: 2.8.0.639 - Cybertron Software Co., Ltd.)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27025 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Silver Efex Pro 2 (HKLM-x32\...\Silver Efex Pro 2) (Version: 2.0.0.0 - Nik Software, Inc.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Tixati (HKLM-x32\...\tixati) (Version: - )
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.)
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Welcome App (Start-up experience) (x32 Version: 12.0.14000 - Nero AG) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Youtube Downloader HD v. 2.9.9.16.2 (HKLM-x32\...\Youtube Downloader HD_is1) (Version: - YoutubeDownloaderHD.com)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2762839642-1568754923-376086736-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

==================== Restore Points =========================

29-11-2014 19:44:30 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {44887619-6412-414B-896F-45E47A0080D8} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {5EBFA391-93A2-42F0-8C59-966AFE87038F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-08] (Google Inc.)
Task: {5ED0D22D-A9B4-4852-A748-30F6CA9CC9C0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {727E8D00-4042-4C2E-9218-079ECF9F7AE1} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {72E3FF20-73DF-437C-BF3D-0A8F3877FD7A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-08] (Google Inc.)
Task: {8F075D28-AFF0-4171-AED6-C76737CC070C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
Task: {B3D38C21-AAA2-49A7-956D-33969C76338A} - System32\Tasks\Cybertron\Privacy Eraser\SkipUAC => C:\Program Files\Cybertron\Privacy Eraser\PrivacyEraser.exe [2014-06-16] (Cybertron Software, Co., Ltd.)
Task: {DAFF4139-76A3-4C78-8758-708F3D7C2C2D} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-01-25 11:54 - 2011-03-02 10:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2012-09-06 02:47 - 2012-09-06 02:47 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2012-08-10 02:36 - 2012-08-10 02:36 - 04073320 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2012-07-28 08:31 - 2012-07-28 08:31 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-11-21 00:32 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-11-21 00:15 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKU\S-1-5-21-2762839642-1568754923-376086736-1001\...\StartupApproved\Run: => "FreeAC"

========================= Accounts: ==========================

Administrator (S-1-5-21-2762839642-1568754923-376086736-500 - Administrator - Disabled)
Guest (S-1-5-21-2762839642-1568754923-376086736-501 - Limited - Disabled)
johnsmith (S-1-5-21-2762839642-1568754923-376086736-1001 - Administrator - Enabled) => C:\Users\johnsmith

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/30/2014 09:07:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5094a012
Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x9e8
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (11/30/2014 09:05:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010a5b9
Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x1c54
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (11/30/2014 08:35:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: {d85e723d-4671-ed21-e924-8ceaa2893eb5}.exe, version: 1.2.3.4, time stamp: 0x2a425e19
Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a
Exception code: 0xc0000005
Fault offset: 0x0002076b
Faulting process id: 0xafc
Faulting application start time: 0x{d85e723d-4671-ed21-e924-8ceaa2893eb5}.exe0
Faulting application path: {d85e723d-4671-ed21-e924-8ceaa2893eb5}.exe1
Faulting module path: {d85e723d-4671-ed21-e924-8ceaa2893eb5}.exe2
Report Id: {d85e723d-4671-ed21-e924-8ceaa2893eb5}.exe3
Faulting package full name: {d85e723d-4671-ed21-e924-8ceaa2893eb5}.exe4
Faulting package-relative application ID: {d85e723d-4671-ed21-e924-8ceaa2893eb5}.exe5

Error: (11/30/2014 08:09:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x50109de9
Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x1564
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (11/30/2014 08:09:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010a862
Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a
Exception code: 0xc0000005
Fault offset: 0x0002fb1e
Faulting process id: 0x510
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (11/30/2014 07:49:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: powershell.exe, version: 6.2.9200.16384, time stamp: 0x50109cce
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x034731a0
Faulting process id: 0xd70
Faulting application start time: 0xpowershell.exe0
Faulting application path: powershell.exe1
Faulting module path: powershell.exe2
Report Id: powershell.exe3
Faulting package full name: powershell.exe4
Faulting package-relative application ID: powershell.exe5

Error: (11/30/2014 07:49:02 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: powershell.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
at DynamicClass.CallSite.Target(System.Runtime.CompilerServices.Closure, System.Runtime.CompilerServices.CallSite, System.Object, System.Object, System.Object, Int32, Int32, Int32)
at System.Dynamic.UpdateDelegates.UpdateAndExecute6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Runtime.CompilerServices.CallSite, System.__Canon, System.__Canon, System.__Canon, Int32, Int32, Int32)
at System.Management.Automation.Interpreter.DynamicInstruction`7[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2()
at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action)
at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[])
at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord()
at System.Management.Automation.Cmdlet.DoProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()
at System.Management.Automation.CommandProcessorBase.DoExecute()
at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean)
at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)
at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2()
at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action)
at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])
at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[])
at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord()
at System.Management.Automation.Cmdlet.DoProcessRecord()
at System.Management.Automation.CommandProcessor.ProcessRecord()
at System.Management.Automation.CommandProcessorBase.DoExecute()
at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean)
at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)
at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)
at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)
at System.Management.Automation.DlrScriptCommandProcessor.RunClause(System.Action`1<System.Management.Automation.Language.FunctionContext>, System.Object, System.Object)
at System.Management.Automation.DlrScriptCommandProcessor.Complete()
at System.Management.Automation.CommandProcessorBase.DoComplete()
at System.Management.Automation.Internal.PipelineProcessor.DoCompleteCore(System.Management.Automation.CommandProcessorBase)
at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)
at System.Management.Automation.Runspaces.LocalPipeline.InvokeHelper()
at System.Management.Automation.Runspaces.LocalPipeline.InvokeThreadProc()
at System.Management.Automation.Runspaces.PipelineThread.WorkerProc()
at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()

Error: (11/30/2014 07:39:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010a55f
Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x1f5ec
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (11/30/2014 07:20:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010a862
Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x6c90
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (11/30/2014 07:19:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x2923c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

System errors:
=============
Error: (11/30/2014 09:08:33 PM) (Source: DCOM) (EventID: 10010) (User: JasonStorm)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/30/2014 09:08:02 PM) (Source: DCOM) (EventID: 10010) (User: JasonStorm)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/30/2014 09:07:31 PM) (Source: DCOM) (EventID: 10010) (User: JasonStorm)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/30/2014 09:07:00 PM) (Source: DCOM) (EventID: 10010) (User: JasonStorm)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/30/2014 09:00:52 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.

Error: (11/30/2014 08:56:02 PM) (Source: DCOM) (EventID: 10010) (User: JasonStorm)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/30/2014 08:55:31 PM) (Source: DCOM) (EventID: 10010) (User: JasonStorm)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/30/2014 08:55:00 PM) (Source: DCOM) (EventID: 10010) (User: JasonStorm)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/30/2014 08:54:29 PM) (Source: DCOM) (EventID: 10010) (User: JasonStorm)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/30/2014 08:53:58 PM) (Source: DCOM) (EventID: 10010) (User: JasonStorm)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 28%
Total physical RAM: 8074.77 MB
Available physical RAM: 5737.82 MB
Total Pagefile: 16266.77 MB
Available Pagefile: 13875.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:671.53 GB) (Free:279.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:26.33 GB) (Free:3.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 04463ED8)

Partition: GPT Partition Type.

==================== End Of Log ============================

TwinHeadedEagle · Dec 1, 2014

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on

icon and select

Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

Search

windows powershell popup and sysWOW64\dllhost.exe blocked by Malwarebytes

stanm

New Member

Attachments

TwinHeadedEagle

Level 41

stanm

New Member

TwinHeadedEagle

Level 41

Attachments

Similar threads