November 2nd, 2014, 11:50 AM
#1
[RESOLVED] Am I infected?
About a week ago some of my Windows 8.1 Tiles disappeared. I arrowed down to re-add and they are not listed. Tried to reinstall app for Mail, Calendar and it installs and opens once. Then I have to do the install again each time I wish to open the app. Tried to do a restore and it failed. I didn't write down the message it gave me. I ran MBAM a few days ago and it found a malware Trojan.Agent.RvGen. I have not received any other threat warnings, so it appears to have removed but I want to make sure my PC is clean. However, the issues with the titles still is unresolved.
Below is the MBAM file, I haven't been able to get DDS to run. It tells me it is not meant to run in compatibility Mode. I'm not sure what that means.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 11/2/2014
Scan Time: 8:15:27 AM
Logfile: MBAM.txt
Administrator: Yes
Version: 2.00.3.1025
Malware Database: v2014.11.02.03
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Patti
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 322249
Time Elapsed: 1 hr, 46 min, 13 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
November 2nd, 2014, 03:18 PM
#2
Please, observe following rules:
Read all of my instructions very carefully . Your mistakes during cleaning process may have very serious consequences, like unbootable computer.If you're stuck, or you're not sure about certain step, always ask before doing anything else. Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest. Never run more than one scan at a time. Keep updating me regarding your computer behavior, good, or bad. The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know. If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum. I close my topics if you have not replied in 5 days . If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
=================================
Download RogueKiller from one of the following links and save it to your Desktop:
Link 1
Link 2
Close all the running programs Windows Vista/7/8 users: right click on RogueKiller.exe , click Run as Administrator Otherwise just double-click on RogueKiller.exe Pre-scan will start. Let it finish. Click on SCAN button. Wait until the Status box shows Scan Finished Click on Delete . Wait until the Status box shows Deleting Finished . Click on Report and copy/paste the content of the Notepad into your next reply. RKreport.txt could also be found on your desktop.If more than one log is produced post all logs. If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/...t-all-windows/
Download Malwarebytes Anti-Rootkit to your desktop.
Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights. Double click on downloaded file. OK self extracting prompt. MBAR will start. Click "Next " to continue. Click in the following screen "Update " to obtain the latest malware definitions. Once the update is complete select "Next " and click "Scan ". When the scan is finished and no malware has been found select "Exit ". If malware was detected, make sure to check all the items and click "Cleanup ". Reboot your computer. Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
"mbar-log-{date} (xx-xx-xx) .txt" "system-log.txt"
November 2nd, 2014, 07:32 PM
#3
RogueKiller V10.0.4.0 [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Patti [Administrator]
Mode : Delete -- Date : 11/02/2014 17:17:13
¤¤¤ Processes : 3 ¤¤¤
[Suspicious.Path] Dashlane.exe -- C:\Users\Patti\AppData\Roaming\Dashlane\Dashlane.exe[7] -> ERROR [12]
[Suspicious.Path] DashlanePlugin.exe -- C:\Users\Patti\AppData\Roaming\Dashlane\DashlanePlugin.exe[7] -> ERROR [12]
[Suspicious.Path] Google+ Auto Backup.exe -- C:\Users\Patti\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe[7] -> ERROR [12]
¤¤¤ Registry : 11 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> Not selected
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-433210996-3121644379-1884139541-1001\Software\Microsoft\Windows\CurrentVersion\Run | Dashlane : "C:\Users\Patti\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup -> ERROR [5]
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-433210996-3121644379-1884139541-1001\Software\Microsoft\Windows\CurrentVersion\Run | Dashlane : "C:\Users\Patti\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup -> ERROR [5]
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.226 -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.0.1 205.171.2.226 -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FDC785E4-B11A-4C66-80FE-444E6C9F1CE4} | DhcpNameServer : 192.168.0.1 205.171.2.226 -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{FDC785E4-B11A-4C66-80FE-444E6C9F1CE4} | DhcpNameServer : 192.168.0.1 205.171.2.226 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
¤¤¤ Tasks : 3 ¤¤¤
[Suspicious.Path] 0614aUpdateInfo.job -- C:\ProgramData\Avg_Update_0614a\0614a_AVG-Secure-Search-Update.exe ( /SETINFO /CMPID=0614a /INFORETRY=3) -> ERROR [0]
[Suspicious.Path] 0814avUpdateInfo.job -- C:\ProgramData\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe ( /SETINFO /CMPID=0814av /INFORETRY=3) -> ERROR [0]
[Suspicious.Path] \\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} -- "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" (/silent $(Arg0)) -> Deleted
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x5]) ¤¤¤
¤¤¤ Web browsers : 2 ¤¤¤
[PUP][FIREFX:Addon] 9b2drf04.default : Dashlane [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}] -> Not selected
[PUM.HomePage][FIREFX:Config] 9b2drf04.default : user_pref("browser.startup.homepage", "http://search.coupons.com"); -> Not selected
¤¤¤ MBR Check : ¤¤¤
============================================
RKreport_SCN_11022014_171648.log
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org
Database version: v2014.11.02.07
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17351
Patti :: PATTI [administrator]
11/2/2014 5:24:49 PM
mbar-log-2014-11-02 (17-24-49).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 328266
Time elapsed: 51 minute(s), 4 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
(c) Malwarebytes Corporation 2011-2012
OS version: 6.3.9200 Windows 8.1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17351
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.896000 GHz
Memory total: 6317957120, free: 2760278016
Downloaded database version: v2014.11.02.07
Downloaded database version: v2014.11.01.02
=======================================
Initializing...
------------ Kernel report ------------
11/02/2014 17:24:22
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\drivers\BootDefragDriver.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\DRIVERS\cmderd.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\DRIVERS\cmdguard.sys
\SystemRoot\system32\DRIVERS\CFRMD.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\system32\DRIVERS\lmimirr.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\hmd.sys
\??\C:\WINDOWS\System32\drivers\GUBootStartup.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\system32\DRIVERS\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\System32\drivers\CLVirtualBus01.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\dc3d.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\NuidFltr.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\point64.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\Drivers\RtsUVStor.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\System32\drivers\btath_rcp.sys
\SystemRoot\System32\drivers\btath_hcrp.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\SystemRoot\System32\drivers\WSDPrint.sys
\SystemRoot\system32\DRIVERS\WSDScan.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffe001185a6060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000002b\
Lower Device Object: 0xffffe0011752e280
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe001185a6060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe001185a6b20, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe001185a6060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe0011752e280, DeviceName: \Device\0000002b\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: FC31AC2F
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 272829194
GPT Header CurrentLba = 1 BackupLba 976773167
GPT Header FirstUsableLba 34 LastUsableLba 976773134
GPT Header Guid 59fbb99e-e8e8-4af1-8272-e8daa0645fce
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 272829194
Backup GPT header CurrentLba = 976773167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 976773134
Backup GPT header Guid 59fbb99e-e8e8-4af1-8272-e8daa0645fce
Backup GPT header Contains 128 partition entries starting at LBA 976773135
Backup GPT header Partition entry size = 128
Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 3817db51-355f-45bb-8d65-221c945d6dbe
FirstLBA 2048 Last LBA 1026047
Attributes 0
Partition Name EFI system partition
GPT Partition 0 is bootable
Partition 1 Type 796badd3-6bbf-4d9f-b631-466eb71a4965
Partition ID 82719055-3d14-4cb6-be1a-a668fb49ff61
FirstLBA 1026048 Last LBA 1107967
Attributes 1
Partition Name Basic data partition
Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID e2ec97b1-bc1f-466d-bd1d-6ca3a78710e4
FirstLBA 1107968 Last LBA 1370111
Attributes 0
Partition Name Microsoft reserved partition
Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 40b37f0b-fefc-4945-b34e-4638278dfe27
FirstLBA 1370112 Last LBA 2373631
Attributes 1
Partition Name Basic data partition
Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 48c98631-6b08-4eb3-81a0-16de9a948114
FirstLBA 2373632 Last LBA 949653503
Attributes 0
Partition Name Basic data partition
Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 784eab85-d8c2-46d5-bcfd-9fd2349fe395
FirstLBA 949653504 Last LBA 950575103
Attributes 1
Partition Name
Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 9b1968ee-80ab-4f94-9e72-49f7f13bb7ba
FirstLBA 950575104 Last LBA 951291903
Attributes 1
Partition Name
Partition 7 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID a24a9e8f-7e12-4387-9e2e-a6c96a2ecb21
FirstLBA 951291904 Last LBA 976771119
Attributes 1
Partition Name Microsoft recovery partition
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Done!
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
November 2nd, 2014, 08:11 PM
#4
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers. Double click on adwcleaner.exe to run the tool. Click on Scan button. When the scan has finished click on Clean button. Your computer will be rebooted automatically. A text file will open after the restart. Please post the contents of that logfile with your next reply. You can find the logfile at C:\AdwCleaner[S1].txt as well.
Please download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message.
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note : You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt ) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt ). Please copy and paste it to your reply.
November 2nd, 2014, 10:31 PM
#5
Below are the AdwCleaner and JRT logs. I ran the FRST64, the scan ran and the text file popped up to save but it was blank, no text. The addition files was also blank, no text. Wasn't sure if I should try running it again.
# AdwCleaner v3.311 - Report created 02/11/2014 at 20:04:38
# Updated 30/09/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Patti - PATTI
# Running from : C:\Users\Patti\Desktop\adwcleaner_3.311.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\WINDOWS\SysWOW64\SearchProtect
Folder Deleted : C:\Users\Patti\AppData\Local\Conduit
Folder Deleted : C:\Users\Patti\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Patti\AppData\Local\PackageAware
Folder Deleted : C:\Users\Patti\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Patti\AppData\LocalLow\Toolbar4
File Deleted : C:\END
File Deleted : C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\9b2drf04.default\searchplugins\bingp.xml
File Deleted : C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\9b2drf04.default\searchplugins\web-search.xml
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.7
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v33.0 (x86 en-US)
[ File : C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\9b2drf04.default\prefs.js ]
-\\ Google Chrome v38.0.2125.111
[ File : C:\Users\Patti\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [6581 octets] - [02/11/2014 19:56:42]
AdwCleaner[S0].txt - [6543 octets] - [02/11/2014 20:04:38]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6603 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows 8.1 x64
Ran by Patti on Sun 11/02/2014 at 20:13:57.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] couponprinterservice
Successfully deleted: [Service] couponprinterservice
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\WINDOWS\couponprinter.ocx"
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
~~~ FireFox
Successfully deleted the following from C:\Users\Patti\AppData\Roaming\mozilla\firefox\profiles\9b2drf04.default\prefs.js
user_pref("browser.startup.homepage", "hxxp://search.coupons.com");
user_pref("extensions.dashlane.safesearchcapable", false);
user_pref("id_couponscom.variablecashedNotifications", "%7B%22hxxp%3A//www.bestbuy.com/%3Fref%3D199%26loc%3DUO85MF6im/8%26siteID%3DUO85MF6im_8-jW5s9PLLBybUiyOspINHeg%22%3A%22%
user_pref("id_couponscom.variables.Var1", "hxxp%3A//cdn.coupons.com/couponbar.coupons.com");
user_pref("id_couponscom.variables.Var2", "hxxp%3A//couponbar.coupons.com");
user_pref("id_couponscom.variables.Var3", "hxxp%3A//www.coupons.com/coupon-codes/");
Emptied folder: C:\Users\Patti\AppData\Roaming\mozilla\firefox\profiles\9b2drf04.default\minidumps [14 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/02/2014 at 21:14:43.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
November 2nd, 2014, 11:28 PM
#6
Maybe bad download of FRST.
Download fresh copy and try again.
November 3rd, 2014, 07:01 AM
#7
1 of 2
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by Patti (administrator) on PATTI on 03-11-2014 05:44:02
Running from C:\Users\Patti\Desktop
Loaded Profile: Patti (Available profiles: Patti)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Carbonite, Inc. (www.carbonite.com )) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(Wyse Technology.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Users\Patti\AppData\Roaming\Dashlane\Dashlane.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go9\CLMLSvc_P2G9.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Comodo Security Solutions, Inc.) C:\Program Files\COMODO\GeekBuddy\unit.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Users\Patti\AppData\Local\Google\Update\GoogleUpdate.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Users\Patti\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdupd.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321176 2013-06-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321176 2013-06-28] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe [64640 2012-12-28] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010952 2012-12-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G9] => C:\Program Files (x86)\CyberLink\Power2Go9\CLMLSvc_P2G9.exe [110344 2014-04-01] (CyberLink)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-02-27] (Comodo Security Solutions, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-433210996-3121644379-1884139541-1001\...\Run: [EPLTarget\P0000000000000003] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-433210996-3121644379-1884139541-1001\...\Run: [Dashlane] => C:\Users\Patti\AppData\Roaming\Dashlane\Dashlane.exe [219832 2014-08-26] ()
HKU\S-1-5-21-433210996-3121644379-1884139541-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-10-27] (Glarysoft Ltd)
HKU\S-1-5-21-433210996-3121644379-1884139541-1001\...\Run: [GoogleChromeAutoLaunch_9C12171D131BF6FF7C9ABE5DE6B78DEB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-21] (Google Inc.)
HKU\S-1-5-21-433210996-3121644379-1884139541-1001\...\Run: [Google Update] => C:\Users\Patti\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-20] (Google Inc.)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - {A87ECD2D-6BE4-462E-AE5B-9DF3F5878CA9} URL = http://cn.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM-x32 - {A87ECD2D-6BE4-462E-AE5B-9DF3F5878CA9} URL = http://cn.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKCU - {A87ECD2D-6BE4-462E-AE5B-9DF3F5878CA9} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Patti\AppData\Roaming\Dashlane\ie\KWIEBar.dll (Dashlane)
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1058
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
Tcpip\..\Interfaces\{91C66A2E-9A24-4158-82FD-12ED39D8AAF2}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{FDC785E4-B11A-4C66-80FE-444E6C9F1CE4}: [NameServer] 156.154.70.22,156.154.71.22
FireFox:
========
FF ProfilePath: C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\9b2drf04.default
FF NewTab: about :blank
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Patti\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Patti\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Patti\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Extension: All-in-One Sidebar - C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\9b2drf04.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2014-02-22]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-03-02]
FF Extension: Dashlane - C:\Users\Patti\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} [2014-08-27]
FF Extension: No Name - e-webprint@epson.com [Not Found]
FF Extension: No Name - {442718d9-475e-452a-b3e1-fb1ee16b8e9f} [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN32063233311391314&UM=2"
CHR Profile: C:\Users\Patti\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Patti\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-16]
CHR Extension: (Google Drive) - C:\Users\Patti\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Patti\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Users\Patti\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-16]
CHR Extension: (Adblock Plus) - C:\Users\Patti\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-16]
CHR Extension: (Google Search) - C:\Users\Patti\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-16]
CHR Extension: (Dashlane) - C:\Users\Patti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2014-03-16]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Patti\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-03-16]
CHR Extension: (WeatherBug) - C:\Users\Patti\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco [2014-03-16]
CHR Extension: (Google Wallet) - C:\Users\Patti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-16]
CHR Extension: (No Name) - C:\Users\Patti\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon [2014-11-02]
CHR Extension: (Gmail) - C:\Users\Patti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-16]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2014-02-27] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-05-21] ()
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-02-27] (Comodo Security Solutions, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-09-24] (Microsoft Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-07-19] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-07-19] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-12-11] (LogMeIn, Inc.)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-09-24] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-09-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-09-24] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-06-21] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1436160 2012-11-29] (Wyse Technology.) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-07-18] (Glarysoft Ltd)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2014-06-26] (Windows (R) Win 7 DDK provider)
R3 CLVirtualBus01; C:\Windows\System32\drivers\CLVirtualBus01.sys [103176 2014-03-12] (CyberLink)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-16] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [748784 2014-04-16] (COMODO)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2014-10-31] (Glarysoft Ltd)
R1 HMD; C:\Windows\system32\DRIVERS\hmd.sys [14888 2014-06-26] ()
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-12-11] (LogMeIn, Inc.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-09-24] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-03 05:44 - 2014-11-03 05:44 - 00024404 _____ () C:\Users\Patti\Desktop\FRST.txt
2014-11-03 05:43 - 2014-11-03 05:43 - 02114560 _____ (Farbar) C:\Users\Patti\Desktop\FRST64.exe
2014-11-02 21:20 - 2014-11-03 05:44 - 00000000 ____D () C:\FRST
2014-11-02 21:14 - 2014-11-02 21:14 - 00001685 _____ () C:\Users\Patti\Desktop\JRT.txt
2014-11-02 20:24 - 2014-11-02 20:24 - 00000000 ___RD () C:\Users\Patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-11-02 20:13 - 2014-11-02 20:13 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-11-02 20:10 - 2014-11-02 20:10 - 01706359 _____ (Thisisu) C:\Users\Patti\Desktop\JRT.exe
2014-11-02 20:09 - 2014-11-02 20:09 - 00006755 _____ () C:\Users\Patti\Desktop\AdwCleaner[S0].txt
2014-11-02 19:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-11-02 19:56 - 2014-11-02 20:04 - 00000000 ____D () C:\AdwCleaner
2014-11-02 19:55 - 2014-11-02 19:55 - 01375089 _____ () C:\Users\Patti\Desktop\adwcleaner_3.311.exe
2014-11-02 18:20 - 2014-11-02 18:20 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-11-02 18:16 - 2014-11-03 05:40 - 00000571 _____ () C:\Users\Patti\Desktop\Am I infected#post1476181.website
2014-11-02 17:24 - 2014-11-02 18:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-02 17:23 - 2014-11-02 18:16 - 00000000 ____D () C:\Users\Patti\Desktop\mbar
2014-11-02 17:23 - 2014-11-02 17:23 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Patti\Desktop\mbar-1.07.0.1012.exe
2014-11-02 17:18 - 2014-11-02 17:18 - 00003895 _____ () C:\Users\Patti\RKreport_DEL_11022014_171713.log
2014-11-02 17:07 - 2014-11-02 17:07 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-02 16:45 - 2014-11-02 16:45 - 00001444 _____ () C:\Users\Patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-02 16:45 - 2014-11-02 16:45 - 00000451 _____ () C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-11-02 16:45 - 2014-11-02 16:45 - 00000020 ___SH () C:\Users\Patti\ntuser.ini
2014-11-02 15:46 - 2014-11-02 18:33 - 00000000 ___DC () C:\WINDOWS\Panther
2014-11-02 15:45 - 2014-11-02 15:45 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-11-02 15:45 - 2014-11-02 15:45 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-11-02 15:45 - 2014-11-02 15:45 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-11-02 15:45 - 2014-11-02 15:45 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-11-02 15:45 - 2014-11-02 15:45 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-11-02 15:45 - 2014-11-02 15:45 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-11-02 15:45 - 2014-11-02 15:45 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-11-02 15:45 - 2014-11-02 15:45 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-11-02 15:45 - 2014-11-02 15:45 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-11-02 15:45 - 2014-11-02 15:45 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-11-02 15:45 - 2014-11-02 15:45 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-11-02 15:45 - 2014-11-02 15:45 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-11-02 15:45 - 2014-11-02 15:45 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-11-02 15:45 - 2014-11-02 15:45 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-11-02 15:45 - 2014-11-02 15:45 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-11-02 15:45 - 2014-11-02 15:45 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-11-02 15:45 - 2014-11-02 15:45 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-11-02 15:45 - 2014-11-02 15:45 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-11-02 15:45 - 2014-11-02 15:45 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-11-02 15:45 - 2014-11-02 15:45 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-11-02 15:45 - 2014-11-02 15:45 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-11-02 15:45 - 2014-11-02 15:45 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-11-02 15:45 - 2014-11-02 15:45 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-11-02 15:45 - 2014-11-02 15:45 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-11-02 15:45 - 2014-11-02 15:45 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-11-02 15:45 - 2014-11-02 15:45 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-11-02 15:45 - 2014-11-02 15:45 - 00000000 ____D () C:\Windows.old
2014-11-02 15:44 - 2014-11-02 15:44 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-11-02 15:44 - 2014-11-02 15:44 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-11-02 15:44 - 2014-11-02 15:44 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-11-02 15:44 - 2014-11-02 15:44 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-11-02 15:44 - 2014-11-02 15:44 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-02 15:43 - 2014-11-02 15:43 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2014-11-02 15:36 - 2014-11-02 15:36 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-11-02 15:36 - 2014-11-02 15:36 - 00000000 ____D () C:\Program Files\MSBuild
2014-11-02 15:36 - 2014-11-02 15:36 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-11-02 15:36 - 2014-11-02 15:36 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-11-02 15:35 - 2013-08-02 23:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2014-11-02 15:35 - 2013-08-02 23:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2014-11-02 15:35 - 2013-08-02 23:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-11-02 15:35 - 2013-08-02 23:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2014-11-02 15:35 - 2013-08-02 23:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-11-02 15:35 - 2013-08-02 23:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-11-02 13:29 - 2014-11-02 21:29 - 00000931 _____ () C:\WINDOWS\Tasks\EPSON XP-310 Series Update {7D012C85-7771-4C1C-9AED-7231AB1DDDD6}.job
2014-11-02 13:29 - 2014-11-02 18:18 - 00000745 _____ () C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {7D012C85-7771-4C1C-9AED-7231AB1DDDD6}.job
2014-11-02 13:29 - 2014-11-02 13:29 - 00003962 _____ () C:\WINDOWS\System32\Tasks\EPSON XP-310 Series Update {7D012C85-7771-4C1C-9AED-7231AB1DDDD6}
2014-11-02 13:29 - 2014-11-02 13:29 - 00003776 _____ () C:\WINDOWS\System32\Tasks\EPSON XP-310 Series Invitation {7D012C85-7771-4C1C-9AED-7231AB1DDDD6}
2014-11-02 13:15 - 2014-11-03 05:39 - 00264316 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-02 13:09 - 2014-11-02 13:09 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-11-02 13:09 - 2014-11-02 13:09 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-11-02 13:09 - 2014-11-02 13:09 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-11-02 13:02 - 2014-11-02 13:02 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate
2014-11-02 13:00 - 2014-11-02 17:18 - 00000000 ____D () C:\Users\Patti
2014-11-02 13:00 - 2014-11-02 13:27 - 00024768 _____ () C:\WINDOWS\diagwrn.xml
2014-11-02 13:00 - 2014-11-02 13:27 - 00024768 _____ () C:\WINDOWS\diagerr.xml
2014-11-02 13:00 - 2014-11-02 13:02 - 00000000 ___RD () C:\Users\Patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-02 13:00 - 2014-11-02 13:02 - 00000000 ___RD () C:\Users\Patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-11-02 13:00 - 2014-09-24 02:23 - 00000369 _____ () C:\Users\Patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-11-02 13:00 - 2014-09-24 02:23 - 00000369 _____ () C:\Users\Patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-11-02 13:00 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-02 13:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Users\Patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-02 12:52 - 2014-11-02 12:52 - 00849474 _____ () C:\WINDOWS\system32\Drivers\rtwavesskdy.dat
2014-11-02 12:52 - 2014-11-02 12:52 - 00188517 _____ () C:\WINDOWS\system32\Drivers\RTWAVES40.dat
2014-11-02 12:52 - 2014-11-02 12:52 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2014-11-02 12:52 - 2014-11-02 12:52 - 00000000 ____D () C:\WINDOWS\system32\SRSLabs
2014-11-02 12:52 - 2014-11-02 12:52 - 00000000 ____D () C:\Program Files\Common Files\Atheros
2014-11-02 12:51 - 2014-11-02 13:06 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-11-02 12:51 - 2014-11-02 12:51 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
2014-11-02 12:51 - 2014-11-02 12:51 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2014-11-02 12:51 - 2014-11-02 12:51 - 00000000 ____D () C:\Program Files\Realtek
2014-11-02 12:50 - 2014-11-02 13:06 - 00000000 ____D () C:\Program Files\Intel
2014-11-02 12:50 - 2014-10-01 19:54 - 00064000 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2014-11-02 12:50 - 2014-10-01 19:54 - 00060416 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2014-11-02 12:49 - 2014-11-02 12:49 - 00000264 _____ () C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
2014-11-02 12:49 - 2014-11-02 12:49 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2014-11-02 12:49 - 2014-11-02 12:49 - 00000000 ____D () C:\Program Files\Synaptics
2014-11-02 11:55 - 2014-11-02 13:27 - 00006626 _____ () C:\WINDOWS\comsetup.log
2014-11-02 10:45 - 2014-11-02 10:45 - 00688992 _____ (Swearware) C:\Users\Patti\Downloads\dds.com
2014-11-02 10:18 - 2014-11-02 10:19 - 00688992 _____ (Swearware) C:\Users\Patti\Downloads\dds.scr
2014-11-02 09:52 - 2014-11-02 09:52 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Patti\Desktop\tdsskiller.exe
2014-11-02 07:48 - 2014-11-02 07:48 - 00057096 _____ (COMODO CA Limited) C:\WINDOWS\system32\certsentry.dll
2014-11-02 07:48 - 2014-11-02 07:48 - 00048392 _____ (COMODO CA Limited) C:\WINDOWS\SysWOW64\certsentry.dll
2014-11-02 07:47 - 2014-11-03 05:41 - 01474832 _____ () C:\WINDOWS\system32\Drivers\sfi.dat
2014-11-02 07:47 - 2014-11-02 07:47 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc71.dll
2014-11-02 07:47 - 2014-11-02 07:47 - 00001888 _____ () C:\Users\Public\Desktop\COMODO Antivirus.lnk
2014-11-02 07:47 - 2014-11-02 07:47 - 00000000 ____D () C:\WINDOWS\System32\Tasks\COMODO
2014-11-02 07:46 - 2014-11-02 07:47 - 00000000 ___SD () C:\ProgramData\Shared Space
2014-11-02 07:45 - 2014-11-02 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-11-02 07:45 - 2014-11-02 07:46 - 00000000 ____D () C:\Program Files\COMODO
2014-11-02 07:45 - 2014-11-02 07:45 - 00002031 _____ () C:\Users\Public\Desktop\GeekBuddy.lnk
2014-11-02 07:45 - 2014-11-02 07:45 - 00001134 _____ () C:\Users\Public\Desktop\Comodo Dragon.lnk
2014-11-02 07:45 - 2014-11-02 07:45 - 00000000 ____D () C:\Users\Patti\AppData\Local\Comodo
2014-11-02 07:44 - 2014-11-02 07:48 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-11-02 07:44 - 2014-11-02 07:44 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-11-02 07:41 - 2014-11-02 07:47 - 00000000 ____D () C:\ProgramData\Comodo
2014-11-02 07:34 - 2014-11-02 07:39 - 218252480 _____ (COMODO) C:\Users\Patti\Downloads\cav_installer_5951_60.exe
2014-11-01 04:02 - 2014-11-01 04:02 - 00000224 _____ () C:\Users\Patti\BullseyeCoverageError.txt
2014-10-31 22:02 - 2014-10-31 22:02 - 00000868 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-433210996-3121644379-1884139541-1001Core1cff58045dfddf6.job
2014-10-31 04:25 - 2014-10-31 04:25 - 14661216 _____ () C:\Users\Patti\Downloads\Glary_Utilities_v5.11.0.23.exe
2014-10-30 05:39 - 2014-10-30 06:25 - 00275080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-10-30 05:05 - 2014-10-30 05:05 - 303796534 _____ () C:\Users\Patti\Desktop\regedit.reg
2014-10-29 20:39 - 2014-10-29 20:41 - 00036147 _____ () C:\Users\Patti\AppData\Local\893686b8
2014-10-29 20:39 - 2014-10-29 20:41 - 00029606 _____ () C:\ProgramData\893686b8
2014-10-29 20:39 - 2014-10-29 20:41 - 00023786 _____ () C:\Users\Patti\AppData\Roaming\893686b8
2014-10-29 06:37 - 2014-10-29 06:37 - 00000017 _____ () C:\Users\Patti\AppData\Local\resmon.resmoncfg
2014-10-29 05:46 - 2014-10-29 05:46 - 00001628 _____ () C:\Users\Patti\Downloads\Desktop-Tile-for-Windows-8-Start-Screen (1).zip
2014-10-29 05:43 - 2014-10-29 05:43 - 00001628 _____ () C:\Users\Patti\Downloads\Desktop-Tile-for-Windows-8-Start-Screen.zip
2014-10-29 05:22 - 2014-10-29 05:23 - 00000000 ____D () C:\Users\Patti\AppData\Roaming\Irnyifu
2014-10-29 05:03 - 2014-10-29 05:03 - 00068883 ____H () C:\Users\Patti\AppData\Local\rnkbfcod
2014-10-25 16:33 - 2014-10-25 16:33 - 00000000 ____D () C:\Users\Patti\Documents\Fax
2014-10-25 08:05 - 2014-10-25 08:05 - 00167937 _____ () C:\Users\Patti\Downloads\SmartFormPDFFrame(1).aspx
2014-10-25 08:04 - 2014-10-25 08:04 - 00167937 _____ () C:\Users\Patti\Downloads\SmartFormPDFFrame.aspx
2014-10-25 07:09 - 2014-10-25 07:09 - 00378801 _____ () C:\Users\Patti\Downloads\retrievedocument(2).go
2014-10-24 18:50 - 2014-11-02 17:24 - 00128728 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-24 18:50 - 2014-11-02 17:23 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-24 18:50 - 2014-11-02 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-24 18:50 - 2014-10-24 18:50 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-24 18:50 - 2014-10-24 18:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-24 18:50 - 2014-10-24 18:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-24 18:50 - 2014-10-01 10:11 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-10-24 18:50 - 2014-10-01 10:11 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-10-24 18:49 - 2014-10-24 18:49 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Patti\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-24 18:29 - 2014-10-24 18:29 - 04974864 _____ (Piriform Ltd) C:\Users\Patti\Downloads\ccsetup419.exe
2014-10-22 04:24 - 2014-10-30 05:42 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-16 19:09 - 2014-10-16 19:08 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-10-16 19:08 - 2014-11-02 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-16 19:08 - 2014-10-16 19:08 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-10-16 19:08 - 2014-10-16 19:08 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-10-16 19:08 - 2014-10-16 19:08 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-10-16 19:08 - 2014-10-16 19:08 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-08 18:45 - 2014-10-08 18:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
November 3rd, 2014, 07:03 AM
#8
2 of 2
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-03 05:39 - 2013-12-25 15:02 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-11-03 05:39 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-02 21:32 - 2013-12-25 08:30 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-433210996-3121644379-1884139541-1001
2014-11-02 21:31 - 2014-01-19 09:18 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-02 21:05 - 2014-03-02 19:05 - 00000931 _____ () C:\WINDOWS\Tasks\EPSON XP-310 Series Update {F1007B5D-D9C9-400E-9D6A-64244C364117}.job
2014-11-02 21:05 - 2014-03-02 19:05 - 00000745 _____ () C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {F1007B5D-D9C9-400E-9D6A-64244C364117}.job
2014-11-02 21:03 - 2014-03-16 06:38 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-02 20:21 - 2014-09-02 20:45 - 00004962 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for PATTI-Patti Patti
2014-11-02 20:14 - 2014-09-24 02:15 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-02 20:10 - 2014-01-01 22:02 - 00000000 __RDO () C:\Users\Patti\SkyDrive
2014-11-02 20:09 - 2014-05-18 05:56 - 00000344 _____ () C:\WINDOWS\Tasks\GlaryInitialize 5.job
2014-11-02 20:08 - 2014-05-18 05:56 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-11-02 20:07 - 2014-04-22 19:14 - 00001022 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-11-02 20:07 - 2014-04-22 19:14 - 00001006 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-11-02 20:06 - 2014-09-24 02:03 - 00003182 _____ () C:\WINDOWS\PFRO.log
2014-11-02 20:06 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-02 20:05 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-02 17:20 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\restore
2014-11-02 16:57 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-11-02 16:53 - 2014-02-13 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-11-02 16:50 - 2013-12-25 08:17 - 00000000 ____D () C:\Users\Patti\AppData\Local\Packages
2014-11-02 16:48 - 2013-12-25 08:19 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2014-11-02 15:46 - 2014-01-01 18:09 - 00000000 __SHD () C:\Recovery
2014-11-02 15:45 - 2013-08-22 10:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2014-11-02 15:45 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-11-02 15:45 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-11-02 15:44 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-11-02 13:37 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-11-02 13:29 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Registration
2014-11-02 13:27 - 2014-01-01 15:38 - 00022840 _____ () C:\WINDOWS\system32\emptyregdb.dat
2014-11-02 13:27 - 2013-08-22 09:46 - 00289981 _____ () C:\WINDOWS\setupact.log
2014-11-02 13:22 - 2013-08-22 10:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-11-02 13:21 - 2013-08-22 10:36 - 00000000 __RHD () C:\Users\Public\Libraries
2014-11-02 13:19 - 2013-09-21 05:44 - 00880342 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2014-11-02 13:15 - 2014-04-22 19:14 - 00001024 _____ () C:\.rnd
2014-11-02 13:13 - 2013-08-22 09:44 - 00493472 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-02 13:11 - 2014-09-27 13:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-11-02 13:11 - 2014-09-20 09:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor 2
2014-11-02 13:11 - 2014-09-20 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink LabelPrint 2.5
2014-11-02 13:11 - 2014-09-20 09:15 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go 9
2014-11-02 13:11 - 2014-09-20 09:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 14
2014-11-02 13:11 - 2014-08-28 06:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
2014-11-02 13:11 - 2014-07-06 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-11-02 13:11 - 2014-05-18 05:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-11-02 13:11 - 2014-04-26 09:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2014-11-02 13:11 - 2014-04-20 07:56 - 00000000 ____D () C:\Users\Patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
2014-11-02 13:11 - 2014-04-20 07:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-11-02 13:11 - 2014-03-16 06:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-02 13:11 - 2014-03-14 04:38 - 00000000 ____D () C:\Users\Patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2014-11-02 13:11 - 2014-03-09 07:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wyse
2014-11-02 13:11 - 2014-03-09 07:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-11-02 13:11 - 2014-03-02 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-11-02 13:11 - 2014-03-02 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2014-11-02 13:11 - 2014-02-16 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software995
2014-11-02 13:11 - 2014-01-25 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2014
2014-11-02 13:11 - 2014-01-11 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2013
2014-11-02 13:11 - 2013-12-27 07:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Family Tree Maker 2012
2014-11-02 13:11 - 2013-12-27 07:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
2014-11-02 13:11 - 2013-09-21 05:50 - 00000000 ____D () C:\WINDOWS\en
2014-11-02 13:11 - 2013-09-21 05:42 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
2014-11-02 13:11 - 2013-09-21 05:40 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-11-02 13:11 - 2013-09-21 05:35 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-11-02 13:11 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-11-02 13:11 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-11-02 13:09 - 2014-09-24 01:33 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN
2014-11-02 13:09 - 2014-09-24 01:33 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep
2014-11-02 13:09 - 2014-09-24 01:33 - 00000000 ____D () C:\WINDOWS\system32\WCN
2014-11-02 13:09 - 2013-09-21 05:35 - 00000000 ____D () C:\WINDOWS\SysWOW64\sda
2014-11-02 13:09 - 2013-08-22 10:37 - 00004893 _____ () C:\WINDOWS\DtcInstall.log
2014-11-02 13:09 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2014-11-02 13:09 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2014-11-02 13:09 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME
2014-11-02 13:09 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\spool
2014-11-02 13:09 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-11-02 13:09 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\MUI
2014-11-02 13:09 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\IME
2014-11-02 13:09 - 2013-08-22 08:36 - 00000000 __RHD () C:\Users\Default
2014-11-02 13:09 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI
2014-11-02 13:09 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-11-02 13:09 - 2013-08-22 08:36 - 00000000 ____D () C:\Users\Default.migrated
2014-11-02 13:07 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\InputMethod
2014-11-02 13:06 - 2013-12-25 08:17 - 00000000 ____D () C:\ProgramData\PRICache
2014-11-02 13:06 - 2013-09-21 05:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HotSpot
2014-11-02 13:06 - 2013-09-21 05:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atheros Smart Net
2014-11-02 13:06 - 2013-09-21 05:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
2014-11-02 13:06 - 2013-08-22 10:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker
2014-11-02 13:06 - 2013-08-22 10:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar
2014-11-02 13:06 - 2013-08-22 10:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar
2014-11-02 13:06 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Help
2014-11-02 13:06 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-11-02 13:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell
2014-11-02 13:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-11-02 13:06 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\WindowsPowerShell
2014-11-02 13:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2014-11-02 12:52 - 2013-08-22 09:46 - 00000168 _____ () C:\WINDOWS\setuperr.log
2014-11-02 12:26 - 2014-04-19 09:01 - 01590464 _____ () C:\WINDOWS\WindowsUpdate (1).log
2014-11-02 11:50 - 2014-09-24 10:57 - 00000000 ___HD () C:\$Windows.~BT
2014-11-02 07:45 - 2013-12-29 10:09 - 00560128 ___SH () C:\Users\Patti\Desktop\Thumbs.db
2014-10-31 22:02 - 2014-05-07 22:05 - 00000868 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-433210996-3121644379-1884139541-1001Core1cf6a6a653ca4b4.job
2014-10-31 20:14 - 2014-04-19 07:18 - 00000000 ____D () C:\Users\Patti\AppData\Roaming\DiskDefrag
2014-10-31 04:26 - 2014-08-01 05:15 - 00001094 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-10-31 04:26 - 2014-05-18 05:56 - 00020160 _____ (Glarysoft Ltd) C:\WINDOWS\system32\Drivers\GUBootStartup.sys
2014-10-31 04:26 - 2014-05-18 05:56 - 00002966 _____ () C:\WINDOWS\System32\Tasks\GU5SkipUAC
2014-10-31 04:26 - 2014-05-18 05:56 - 00001106 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-10-30 05:42 - 2014-02-09 08:33 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-30 05:39 - 2014-09-20 09:07 - 00000000 ____D () C:\ProgramData\SUPPORTDIR
2014-10-30 05:37 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-10-29 20:24 - 2014-02-16 13:01 - 00000000 ____D () C:\ProgramData\pdf995
2014-10-29 20:24 - 2013-12-25 08:19 - 00000000 ____D () C:\ProgramData\Atheros
2014-10-29 20:18 - 2013-12-27 07:11 - 00000000 ___HD () C:\Users\Patti\AppData\Local\Ancestry.com
2014-10-29 20:18 - 2013-12-25 19:55 - 00000000 ___HD () C:\Users\Patti\AppData\Local\Apps\2.0
2014-10-27 05:22 - 2014-03-11 06:20 - 00011848 _____ () C:\Users\Patti\Desktop\cell.xlsx
2014-10-25 07:41 - 2013-12-26 12:28 - 00000000 ____D () C:\Users\Patti\Documents\My Files
2014-10-24 22:08 - 2013-12-26 12:08 - 00000000 ____D () C:\Users\Patti\Documents\Quicken
2014-10-24 20:48 - 2013-12-25 20:58 - 00000000 ___HD () C:\Users\Patti\AppData\Local\CRE
2014-10-24 05:50 - 2014-04-19 15:24 - 00259072 ___SH () C:\Users\Patti\Downloads\Thumbs.db
2014-10-23 04:58 - 2014-03-16 06:38 - 00003890 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-23 04:58 - 2014-03-16 06:38 - 00003654 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-23 04:58 - 2014-03-16 06:38 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-21 04:48 - 2014-02-13 20:26 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-18 02:26 - 2013-12-25 17:49 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-18 02:14 - 2013-12-25 17:49 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-16 19:38 - 2014-09-20 09:32 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-16 02:53 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-10-12 07:36 - 2014-01-18 14:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-12 07:33 - 2013-12-26 12:23 - 00000000 ____D () C:\Users\Patti\Documents\Patti
2014-10-11 23:01 - 2014-04-30 20:32 - 00000000 ___HD () C:\Users\Patti\AppData\Local\LogMeInIgnition
Some content of TEMP:
====================
C:\Users\Patti\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Patti\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-02 12:48
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014
Ran by Patti at 2014-11-03 05:45:53
Running from C:\Users\Patti\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Enabled - Up to date) {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Antivirus (Enabled - Up to date) {0C2D2636-923D-EE52-2A83-E643204A8275}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.5 build 4151 (Jun-27-2014) - Carbonite)
COMODO Antivirus (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}) (Version: 7.0.55655.4142 - COMODO Security Solutions Inc.)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 33.1.0.0 - COMODO)
CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0.6603 - CyberLink Corp.)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 9 (HKLM-x32\...\InstallShield_{57D68FAE-CB5E-4fd6-AE3B-A0B43375AF18}) (Version: 9.0.1601.0 - CyberLink Corp.)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4028.58 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.0.4203 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dashlane (HKCU\...\Dashlane) (Version: 3.0.6.69630 - Dashlane SAS)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.1.1 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.1.1 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.3.7.0 - Synaptics Incorporated)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DSC/AA Factory Installer (Version: 3.3.6261.27 - PC-Doctor, Inc.) Hidden
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.6.3.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}) (Version: 3.10.0035 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}) (Version: 1.19.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Family Tree Maker 2012 (HKLM-x32\...\Family Tree Maker 2012) (Version: 21.0.452 - Ancestry.com, Inc.)
Family Tree Maker 2012 (x32 Version: 21.0.452 - Ancestry.com, Inc.) Hidden
GeekBuddy (HKLM\...\{C36B3AE4-FCFE-4A0A-AA3D-71E1A51C1F16}) (Version: 4.11.91 - Comodo Security Solutions Inc)
Glary Utilities 5.11 (HKLM-x32\...\Glary Utilities 5) (Version: 5.11.0.23 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.6502 - HRB Technology, LLC.)
H&R Block Ohio 2013 (HKLM-x32\...\{7B655EBC-2183-4EE5-8320-2BE26482FD41}) (Version: 1.13.5201 - HRB Technology, LLC.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
LogMeIn (HKLM-x32\...\{BDC9C8E8-3B05-40DA-813D-FC8B200E7CFA}) (Version: 4.1.4306 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version: - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version: - )
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PocketCloud (HKLM-x32\...\{AAF1E996-6AE6-4684-88A8-41F4E98E2899}) (Version: 2.6.21 - Wyse Technology)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.018 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6959 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Similar Image Finder (HKLM-x32\...\{2E56B8C2-B25C-4B0A-92BE-ACB493CC5048}) (Version: 1.0.0 - Tago Software)
Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-433210996-3121644379-1884139541-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Patti\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-433210996-3121644379-1884139541-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Patti\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-433210996-3121644379-1884139541-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-433210996-3121644379-1884139541-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Patti\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-433210996-3121644379-1884139541-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Patti\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
02-11-2014 22:20:08 11-2-2014
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {035792A1-D4EF-4A78-BF9A-AA9628C281A3} - System32\Tasks\Microsoft\Windows\Setup\SetupCleanupTask
Task: {04DB5BED-C56E-4825-BB86-59038591BE63} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2014-10-27] (Glarysoft Ltd)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {10AD99B1-9990-4C73-B8E9-E6EA376A9E3D} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {1845B30B-2B59-4C02-9873-31CD79660DFA} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WPCRDPVirtualChannelServer.exe
Task: {189CE243-2FD8-4E9A-897E-50A143C3D907} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-16] (Google Inc.)
Task: {1A9D6910-3F1C-4F9B-9936-0C267478A2D2} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {20362FAC-02C8-4777-84E4-462E69C5FC8E} - System32\Tasks\EPSON XP-310 Series Invitation {7D012C85-7771-4C1C-9AED-7231AB1DDDD6} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3540187F-8F60-4BC8-9B07-DD8E97A53837} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {3627F21F-8200-436E-B0B1-5604CB478A4C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-18] (Microsoft Corporation)
Task: {37708282-8E36-43EB-A771-BE49A6ED466E} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {3A5E5292-1FFA-4727-9657-59AC28403ED7} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3E3D4F56-31EA-4898-86CB-116797074230} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-16] (Google Inc.)
Task: {3F9C275B-04FA-49E6-8719-ACE55F9C4367} - System32\Tasks\EPSON XP-310 Series Invitation {F1007B5D-D9C9-400E-9D6A-64244C364117} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {53FC5621-D59E-4A29-8876-47A147C4DD21} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {5E4C19B6-B359-4963-BBD3-DD4054B7661E} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
Task: {64884603-E791-45D2-B825-037460110682} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {65328974-59AD-44CD-A8FA-BB2A78C16FC5} - System32\Tasks\EPSON XP-310 Series Update {F1007B5D-D9C9-400E-9D6A-64244C364117} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6EEED93B-2D7A-496A-8337-2BF727149CF9} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {71307E9E-36B8-4945-9078-4E1AC7DD7848} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7BD9C161-FA5C-4956-8A6B-8CA30E3A91CC} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {7D3C903E-CACE-45CA-B988-B7CA51140890} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {7F79694F-C9F6-43D5-8E03-FB43B77932E8} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PATTI-Patti Patti => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-16] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {897DFA29-FC06-4D75-933C-7AB1EB5CC7DC} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9459E7DB-0B2F-4359-9DB5-3A4A0E8D900C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {97089067-B7A4-420D-888C-87E98252E71A} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {97E8E043-35AB-452F-B762-E89905FECE83} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
Task: {9A823740-E6AF-448A-B61C-3FB16097D69D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {9F62816E-58D7-4A02-B2A7-9D4E2F2E762D} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A44D55AE-F541-412F-B0CF-7D6F15C03858} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {B11C72EE-926E-43B1-853C-1758C30013B4} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {BCBE1605-0A2C-4468-8775-6CB3598C91BA} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2014-10-27] (Glarysoft Ltd)
Task: {BE047287-78E7-4462-977C-556E9E3FB6F3} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-12-21] (Synaptics Incorporated)
Task: {BFD3544A-C1A2-4E0B-94B1-53A9235D1382} - System32\Tasks\EPSON XP-310 Series Update {7D012C85-7771-4C1C-9AED-7231AB1DDDD6} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D3F05C06-C590-4064-ABF3-F4ACEBA742D5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
Task: {D6E6E288-AAE5-44E8-88D5-0A5F846E476D} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E97D4480-F704-4182-BD49-197159EAF3F5} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-09-24] (Microsoft Corporation)
Task: {ECC8AB71-326C-47D1-9A3B-C0B0E0148704} - System32\Tasks\PocketCloud => C:\Program
Task: {F3EC730C-4731-42C5-9844-20B8CFFC5544} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {F4030928-E20B-49CA-AD61-4E656879B85B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\0614aUpdateInfo.job => C:\ProgramData\Avg_Update_0614a\0614a_AVG-Secure-Search-Update.exe
Task: C:\WINDOWS\Tasks\0814avUpdateInfo.job => C:\ProgramData\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {7D012C85-7771-4C1C-9AED-7231AB1DDDD6}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {F1007B5D-D9C9-400E-9D6A-64244C364117}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Update {7D012C85-7771-4C1C-9AED-7231AB1DDDD6}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Update {F1007B5D-D9C9-400E-9D6A-64244C364117}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\WINDOWS\Tasks\GlaryInitialize 5.job => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-433210996-3121644379-1884139541-1001Core1cf6a6a653ca4b4.job => C:\Users\Patti\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-433210996-3121644379-1884139541-1001Core1cff58045dfddf6.job => C:\Users\Patti\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements (1).job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) =============
2014-02-16 13:01 - 2012-04-26 15:51 - 00040448 _____ () C:\WINDOWS\System32\pdf995mon64.dll
2014-03-22 07:36 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-05-21 05:22 - 2014-05-21 05:22 - 02135232 _____ () C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
2013-09-21 05:45 - 2012-04-24 21:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-06-21 19:46 - 2013-06-21 19:46 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2013-06-21 19:35 - 2013-06-21 19:35 - 00032256 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll
2013-06-21 19:31 - 2013-06-21 19:31 - 00035840 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll
2014-03-14 04:38 - 2014-08-26 11:16 - 00219832 _____ () C:\Users\Patti\AppData\Roaming\Dashlane\Dashlane.exe
2014-02-27 12:30 - 2014-02-27 12:30 - 02875600 _____ () C:\Program Files\COMODO\GeekBuddy\QtCore4.dll
2014-02-27 12:30 - 2014-02-27 12:30 - 01283792 _____ () C:\Program Files\COMODO\GeekBuddy\QtNetwork4.dll
2014-02-27 12:30 - 2014-02-27 12:30 - 10451664 _____ () C:\Program Files\COMODO\GeekBuddy\QtGui4.dll
2014-02-27 12:30 - 2014-02-27 12:30 - 00039120 _____ () C:\Program Files\COMODO\GeekBuddy\imageformats\qgif4.dll
2014-02-27 12:30 - 2014-02-27 12:30 - 01529040 _____ () C:\Program Files\COMODO\GeekBuddy\QtScript4.dll
2012-12-28 15:39 - 2012-12-28 15:39 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-12-28 15:36 - 2012-12-28 15:36 - 00084480 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2012-12-28 15:41 - 2012-12-28 15:41 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2013-04-15 18:39 - 2013-04-15 18:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2014-10-21 04:44 - 2014-09-09 09:59 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-08-26 11:14 - 2014-08-26 11:14 - 00277688 _____ () C:\Users\Patti\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.3.0.6.69630.dll
2014-08-26 11:14 - 2014-08-26 11:14 - 00408760 _____ () C:\Users\Patti\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.3.0.6.69630.dll
2014-08-26 11:15 - 2014-08-26 11:15 - 00427192 _____ () C:\Users\Patti\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.3.0.6.69630.dll
2014-08-26 11:14 - 2014-08-26 11:14 - 30333112 _____ () C:\Users\Patti\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.3.0.6.69630.dll
2014-08-26 11:15 - 2014-08-26 11:15 - 00266936 _____ () C:\Users\Patti\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.3.0.6.69630.dll
2014-08-26 11:14 - 2014-08-26 11:14 - 05765304 _____ () C:\Users\Patti\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.3.0.6.69630.dll
2014-08-26 11:14 - 2014-08-26 11:14 - 06068920 _____ () C:\Users\Patti\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.3.0.6.69630.dll
2014-09-20 09:14 - 2013-05-19 22:01 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go9\CLMediaLibrary.dll
2013-05-20 10:02 - 2013-05-20 10:02 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go9\CLMLSvcPS.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-09-21 05:34 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-08-12 17:29 - 2014-08-12 17:29 - 03219456 _____ () C:\Users\Patti\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Patti\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "BtPreLoad"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "PowerDVD14Agent"
HKCU\...\StartupApproved\Run: => "EPLTarget\P0000000000000003"
HKCU\...\StartupApproved\Run: => "Google Update"
HKCU\...\StartupApproved\Run: => "Google+ Auto Backup"
HKCU\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_9C12171D131BF6FF7C9ABE5DE6B78DEB"
HKCU\...\StartupApproved\Run: => "Power2GoExpress9"
========================= Accounts: ==========================
Administrator (S-1-5-21-433210996-3121644379-1884139541-500 - Administrator - Disabled)
Guest (S-1-5-21-433210996-3121644379-1884139541-501 - Limited - Disabled)
Patti (S-1-5-21-433210996-3121644379-1884139541-1001 - Administrator - Enabled) => C:\Users\Patti
==================== Faulty Device Manager Devices =============
Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (11/02/2014 09:31:28 PM) (Source: DCOM) (EventID: 10010) (User: PATTI)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Error: (11/02/2014 09:30:57 PM) (Source: DCOM) (EventID: 10010) (User: PATTI)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Error: (11/02/2014 09:30:27 PM) (Source: DCOM) (EventID: 10010) (User: PATTI)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Error: (11/02/2014 09:29:56 PM) (Source: DCOM) (EventID: 10010) (User: PATTI)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Error: (11/02/2014 09:29:26 PM) (Source: DCOM) (EventID: 10010) (User: PATTI)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Error: (11/02/2014 09:28:56 PM) (Source: DCOM) (EventID: 10010) (User: PATTI)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Error: (11/02/2014 09:28:25 PM) (Source: DCOM) (EventID: 10010) (User: PATTI)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Error: (11/02/2014 09:27:55 PM) (Source: DCOM) (EventID: 10010) (User: PATTI)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-11-02 21:32:09.483
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-02 21:15:21.217
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-02 20:45:29.064
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-02 20:09:48.774
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-02 20:04:28.193
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-02 19:54:32.008
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-02 19:07:17.027
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-02 19:07:00.018
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-02 18:32:34.502
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-02 18:22:07.489
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-3227U CPU @ 1.90GHz
Percentage of memory in use: 31%
Total physical RAM: 6025.27 MB
Available physical RAM: 4131.52 MB
Total Pagefile: 7689.27 MB
Available Pagefile: 5431.79 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:451.7 GB) (Free:365.11 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: FC31AC2F)
Partition: GPT Partition Type.
==================== End Of Log ============================
November 3rd, 2014, 04:27 PM
#9
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt ). Please post it to your reply.
Attached Files
November 3rd, 2014, 09:16 PM
#10
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by Patti at 2014-11-03 20:07:10 Run:1
Running from C:\Users\Patti\Desktop\clean
Loaded Profile: Patti (Available profiles: Patti)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
SearchScopes: HKCU - {A87ECD2D-6BE4-462E-AE5B-9DF3F5878CA9} URL =
FF Extension: No Name - e-webprint@epson.com [Not Found]
FF Extension: No Name - {442718d9-475e-452a-b3e1-fb1ee16b8e9f} [Not Found]
C:\Users\Patti\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Patti\AppData\Local\Temp\Quarantine.exe
CustomCLSID: HKU\S-1-5-21-433210996-3121644379-1884139541-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Patti\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-433210996-3121644379-1884139541-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Patti\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
AlternateDataStreams: C:\Users\Patti\SkyDrive:ms-properties
*****************
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A87ECD2D-6BE4-462E-AE5B-9DF3F5878CA9}" => Key deleted successfully.
"HKCR\CLSID\{A87ECD2D-6BE4-462E-AE5B-9DF3F5878CA9}" => Key not found.
FF Extension: No Name - e-webprint@epson.com [Not Found] not found.
FF Extension: No Name - {442718d9-475e-452a-b3e1-fb1ee16b8e9f} [Not Found] not found.
C:\Users\Patti\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\Patti\AppData\Local\Temp\Quarantine.exe => Moved successfully.
"HKU\S-1-5-21-433210996-3121644379-1884139541-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-433210996-3121644379-1884139541-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"C:\Users\Patti\SkyDrive" => ":ms-properties" ADS not found.
==== End of Fixlog ====
November 3rd, 2014, 10:14 PM
#11
How is computer doing?
Last scans...
Download Security Check from here or here and save it to your Desktop .
Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt ; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
Internet Services Windows Firewall System Restore Security Center Windows Update Windows Defender Other Services Press "Scan ". It will create a log (FSS.txt) in the same directory the tool is run. Please copy and paste the log to your reply.
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program. Click on Start button to begin cleaning process. TFC will close all running programs, and it may ask you to restart computer.
Please run a free online scan with the ESET Online Scanner
Disable your antivirus program Internet Explorer users - Click on this link to open ESET OnlineScan. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop. Double click on the [img=http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png] icon on your desktop. Check "YES, I accept the Terms of Use." Click the Start button. Accept any security warnings from your browser. Check "Enable detection of potentially unwanted applications" . Click Advanced settings and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
Do NOT checkmark "Use custom proxy settings" Click the Start button. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan completes, click List Threats Click Export , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. Click the Back button. Click the Finish button.
November 4th, 2014, 06:29 AM
#12
Computer hasn't given any problems but I haven't done much except what you've been telling me to do.
Security Check - did get Unsupported message restarted and it ran says "Preparing" then a popup window that says AutoIt Error...Line -1: Error: Variable must be of type "Object". Once I closed this error it continued to run.
Results of screen317's Security Check version 0.99.89
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 71
Java version out of Date!
Adobe Flash Player 15.0.0.152
Adobe Reader XI
Mozilla Firefox (33.0)
Google Chrome 38.0.2125.104
Google Chrome 38.0.2125.111
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
Farbar Service Scanner Version: 21-07-2014
Ran by Patti (administrator) on 04-11-2014 at 05:26:51
Running from "C:\Users\Patti\Documents"
Windows 8.1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
LAN connected.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
**** End of log ****
November 4th, 2014, 07:52 AM
#13
ESET is still running and I must leave for work. I'll post results later tonight. Thanks for you help.
November 4th, 2014, 02:35 PM
#14
November 4th, 2014, 07:42 PM
#15
C:\Users\All Users\Comodo\Cis\Quarantine\data\{8A87C1CA-0672-4C0E-9FE8-7B15F7B2ECC0} a variant of Win32/InstallIQ.A potentially unwanted application
C:\Users\All Users\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}\setup.res a variant of Win32/HiddenStart.A potentially unsafe application
C:\Windows.old\Users\All Users\Comodo\Cis\Quarantine\data\{8A87C1CA-0672-4C0E-9FE8-7B15F7B2ECC0} a variant of Win32/InstallIQ.A potentially unwanted application
C:\Windows.old\Users\All Users\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}\setup.res a variant of Win32/HiddenStart.A potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3306061\UninstallerUI.exe.vir a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application deleted - quarantined
C:\ProgramData\Comodo\Cis\Quarantine\data\{8A87C1CA-0672-4C0E-9FE8-7B15F7B2ECC0} a variant of Win32/InstallIQ.A potentially unwanted application deleted - quarantined
C:\ProgramData\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}\setup.res a variant of Win32/HiddenStart.A potentially unsafe application deleted - quarantined
C:\Users\Patti\Downloads\cc_setup.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
Forum Rules