cannot connect to Internet (resolved)

**Juliet** · March 23, 2014

Don't you give up on me.....

See if you can find any logs related to ComboFix and post those for me.

Edited March 23, 2014 by Juliet
typo

freedom01 · March 23, 2014

I wouldn't give up on you after all you did for me. I'm trying to locate log. It is strange I usually had the log pop up. Nothing happened with combo.

**Juliet** · March 23, 2014

OK

Let's try to just simply run it again and keep notice as to where it places the log.

freedom01 · March 23, 2014

I wouldn't give up on you after all you did for me. I'm trying to locate log. It is strange I usually had the log pop up. Nothing happened with combo.

Would you like me to run Link 1 again and see if I can catch it before it goes into hiding?

**Juliet** · March 23, 2014

http://www.bleepingcomputer.com/download/combofix/

download from this location

First, look for the icon for the previous install, and send it to the recycle bin, then re-download from the link above.

freedom01 · March 23, 2014

http://www.bleepingcomputer.com/download/combofix/

download from this location

First, look for the icon for the previous install, and send it to the recycle bin, then re-download from the link above.

Not quite sure what's happening. It was running and then all of a sudden it's gone.

**Juliet** · March 23, 2014

OK

Let's do this

Please Run TFC by OldTimer to clear temporary files:

Download TFC from here http://oldtimer.geekstogo.com/TFC.exe

and save it to your desktop.

Close any open programs and Internet browsers.

Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

Please be patient as clearing out temp files may take a while.

Once it completes you may be prompted to restart your computer, please do so.

Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

This online scan can take quite a while to run depending on how full your computer is.

Please be patient.

**

Go here to run an online scanner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activeX control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan completes, press the LIST OF THREATS FOUND button
Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
Include the contents of this report in your next reply.
Press the BACK button.
Press Finish

freedom01 · March 23, 2014

Just found it. No matter what I do with it, it just keeps restarting and doing the same run.

**Juliet** · March 23, 2014

if it's stuck in a loop just cancel it.

**Juliet** · March 23, 2014

go to my previous post to do TFC and online Eset.

freedom01 · March 23, 2014

Just found it. No matter what I do with it, it just keeps restarting and doing the same run.

Okay I ran the TFC and it rebooted. Now it is doing system check. Have to way for this finish before I can go to ESET.

freedom01 · March 23, 2014

Okay, looks like system check just finished and hopefully coming back to desktop.

freedom01 · March 23, 2014

Running ESET right now.

freedom01 · March 23, 2014

Running ESET right now.

Boy, this is a longgggg scan.

freedom01 · March 23, 2014

C:\ProgramData\Microsoft\Windows\DRM\A0EF.tmp a variant of Win32/Kryptik.BASK trojan

C:\Users\All Users\Microsoft\Windows\DRM\A0EF.tmp a variant of Win32/Kryptik.BASK trojan

Edited March 23, 2014 by freedom01

**Juliet** · March 23, 2014

We can fix this.

In my script I'm going to have it reboot the machine to remove it completely so don't be alarmed.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

start

C:\ProgramData\Microsoft\Windows\DRM\A0EF.tmp

C:\Users\All Users\Microsoft\Windows\DRM\A0EF.tmp

Reboot:

end

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Post the fixlist.txt when finished.

freedom01 · March 24, 2014

Sorry Juliet it's 1AM and I'm confused on how to accomplish what you need. How have no idea on how to bring these scans together. I need to return this laptop back to the owner this morning so I will post what I have. I thank you so much for everything and I'm sorry I let you down.

start

C:\ProgramData\Microsoft\Windows\DRM\A0EF.tmp

C:\Users\All Users\Microsoft\Windows\DRM\A0EF.tmp

Reboot:

end

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01

Ran by McKnight (administrator) on HOME on 24-03-2014 00:42:41

Running from C:\Users\McKnight\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZ7KCP0S

Microsoft® Windows Vista™ Home Basic Service Pack 1 (X86) OS Language: English(US)

Internet Explorer Version 7

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe

() C:\Windows\System32\WLTRYSVC.EXE

(Dell Inc.) C:\Windows\System32\bcmwltry.exe

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe

(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe

(Wajam) C:\Program Files\Wajam\Updater\WajamUpdaterV3.exe

(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

(Conduit) C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe

() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe

(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe

(Conduit) C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe

(Conduit) C:\Program Files\SearchProtect\UI\bin\cltmngui.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe

(Dell Inc.) C:\Windows\System32\WLTRAY.EXE

(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe

() C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe

(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe

(PC Drivers Headquarters) C:\Program Files\Driver Support\Driver Support\DriverSupport.exe

(Microsoft Corporation) C:\Windows\system32\wuauclt.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe

(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\ieuser.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.391.0\BingApp.exe

(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.391.0\BingBar.exe

(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe

(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe

(Farbar) C:\Users\McKnight\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZ7KCP0S\FRST[1].exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [217088 2009-04-06] (Alps Electric Co., Ltd.)

HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [483428 2009-04-06] (IDT, Inc.)

HKLM\...\Run: [broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [3810304 2008-12-21] (Dell Inc.)

HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [2894928 2009-03-23] (Dell Inc.)

HKLM\...\Run: [Adobe Reader Speed Launcher] - c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)

HKLM\...\Run: [Dell DataSafe Online] - C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe [1779952 2009-07-07] ()

HKLM\...\Run: [Microsoft Default Manager] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [250192 2009-04-24] (Microsoft Corporation)

HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.)

HKLM\...\Run: [dellsupportcenter] - C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-06-03] (SupportSoft, Inc.)

HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [273528 2011-10-20] (RealNetworks, Inc.)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421736 2012-03-06] (Apple Inc.)

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)

HKLM\...\Run: [] - [X]

Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

HKU\S-1-5-21-3684456019-3897411188-896654251-1000\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3882312 2008-12-02] (Microsoft Corporation)

HKU\S-1-5-21-3684456019-3897411188-896654251-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)

HKU\S-1-5-21-3684456019-3897411188-896654251-1000\...\Run: [Driver Support] - C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [4746584 2014-03-13] (PC Drivers Headquarters)

AppInit_DLLs: c:\progra~1\searchprotect\searchprotect\bin\spvc32loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1050912 2014-03-03] (Conduit)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\McKnight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)

SearchScopes: HKLM - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_12_ie&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEyDyCtCyC0C0D0E0B0ByEtN0D0Tzu0SzztCtBtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtByCtD0DtA0D0AtGyB0F0FtCtG0CtA0FtAtG0DyD0D0EtGyD0EyDtDyDyD0FzzyByByD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCzzzzzz0FyDtAtGtD0AyCyEtG0FtA0CyDtG0CtBzytCtGyDzytC0CyDzzyCtCyD0CyCtD2Q&cr=906466661&ir=

SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_12_ie&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEyDyCtCyC0C0D0E0B0ByEtN0D0Tzu0SzztCtBtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtByCtD0DtA0D0AtGyB0F0FtCtG0CtA0FtAtG0DyD0D0EtGyD0EyDtDyDyD0FzzyByByD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCzzzzzz0FyDtAtGtD0AyCyEtG0FtA0CyDtG0CtBzytCtGyDzytC0CyDzzyCtCyD0CyCtD2Q&cr=906466661&ir=

SearchScopes: HKCU - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_12_ie&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEyDyCtCyC0C0D0E0B0ByEtN0D0Tzu0SzztCtBtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtByCtD0DtA0D0AtGyB0F0FtCtG0CtA0FtAtG0DyD0D0EtGyD0EyDtDyDyD0FzzyByByD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCzzzzzz0FyDtAtGtD0AyCyEtG0FtA0CyDtG0CtBzytCtGyDzytC0CyDzzyCtCyD0CyCtD2Q&cr=906466661&ir=

SearchScopes: HKCU - {049D43D6-E112-4CF1-B6E9-4F5712FD018A} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20120727,6900,0,5,0

SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr_14_12_ie&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyEyDyCtCyC0C0D0E0B0ByEtN0D0Tzu0SzztCtBtN1L2XzutBtFtCzztFyBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCtByCtD0DtA0D0AtGyB0F0FtCtG0CtA0FtAtG0DyD0D0EtGyD0EyDtDyDyD0FzzyByByD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyCzzzzzz0FyDtAtGtD0AyCyEtG0FtA0CyDtG0CtBzytCtGyDzytC0CyDzzyCtCyD0CyCtD2Q&cr=906466661&ir=

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Search Assistant BHO - {9641d095-2c78-400e-bbb0-c20f3108358b} - C:\Program Files\GasGlance_5i\bar\1.bin\5iSrcAs.dll No File

BHO: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)

BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)

DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 208.104.244.45 208.104.2.36 208.104.2.85

Chrome:

=======

CHR HomePage: http:\/\/search.conduit.com\/?ctid=CT3325809&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=5&UP=SPBE210FC7-3512-4199-B60C-9C84C940F2D2&SSPV=

CHR DefaultSearchKeyword: conduit.search

CHR DefaultSearchURL: http:\/\/search.conduit.com\/Results.aspx?ctid=CT3325809&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SPBE210FC7-3512-4199-B60C-9C84C940F2D2&q={searchTerms}&SSPV=

CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\McKnight\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-07-11]

CHR Extension: (Google Wallet) - C:\Users\McKnight\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-22]

CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-10-20]

CHR HKLM\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\McKnight\AppData\Local\Wajam\Chrome\wajam.crx [2014-03-06]

========================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [81920 2009-04-06] (Andrea Electronics Corporation)

R2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2454816 2014-03-03] (Conduit)

R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation)

R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)

R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2009-06-03] (SupportSoft, Inc.)

R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe [254042 2009-04-06] (IDT, Inc.)

R2 vToolbarUpdater18.0.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe [1771032 2014-03-23] (AVG Secure Search)

R2 WajamUpdaterV3; C:\Program Files\Wajam\Updater\WajamUpdaterV3.exe [114176 2013-10-25] (Wajam)

R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-12-21] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-21] (Broadcom Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)

S3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2010-10-24] (Microsoft Corporation)

S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-03-23] ()

U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-24 00:29 - 2014-03-24 00:29 - 00000176 _____ () C:\Users\McKnight\Desktop\fixlist.txt

2014-03-23 17:58 - 2014-03-23 17:58 - 00000176 _____ () C:\Users\McKnight\Desktop\ESETSCAN.txt

2014-03-23 16:15 - 2014-03-23 16:24 - 00000000 ___SD () C:\32788R22FWJFW

2014-03-23 14:40 - 2014-03-23 14:42 - 00000000 ____D () C:\Windows\system32\MRT

2014-03-23 14:28 - 2014-03-23 14:28 - 00000000 ____D () C:\Users\McKnight\AppData\Roaming\LibreOffice

2014-03-23 14:26 - 2014-03-23 14:26 - 00000961 _____ () C:\Users\Public\Desktop\LibreOffice 3.5.lnk

2014-03-23 14:24 - 2014-03-23 14:26 - 00000000 ____D () C:\Program Files\LibreOffice 3.5

2014-03-23 13:43 - 2014-03-23 13:43 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin

2014-03-23 13:43 - 2014-03-23 13:43 - 00000000 ____D () C:\ProgramData\W3i

2014-03-23 13:43 - 2014-03-23 13:43 - 00000000 ____D () C:\Program Files\W3i

2014-03-23 12:48 - 2014-03-23 12:48 - 00000000 ____D () C:\Qoobox

2014-03-23 12:47 - 2014-03-23 12:47 - 00000000 ____D () C:\Windows\erdnt

2014-03-23 12:28 - 2014-03-23 12:28 - 00000000 ____D () C:\ProgramData\AVG Secure Search

2014-03-23 12:28 - 2014-03-23 12:28 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar

2014-03-23 12:28 - 2014-03-23 12:28 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search

2014-03-23 12:28 - 2014-03-23 12:28 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar

2014-03-23 12:24 - 2014-03-23 12:24 - 00000000 ____D () C:\Users\McKnight\AppData\Local\SearchProtect

2014-03-23 12:24 - 2014-03-23 12:24 - 00000000 ____D () C:\Program Files\SearchProtect

2014-03-23 12:22 - 2014-03-23 12:23 - 00000000 ____D () C:\Program Files\Wajam

2014-03-23 12:22 - 2014-03-23 12:22 - 00000000 ____D () C:\Users\McKnight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam

2014-03-23 12:22 - 2014-03-23 12:22 - 00000000 ____D () C:\Users\McKnight\AppData\Local\Wajam

2014-03-23 11:58 - 2014-03-23 11:58 - 00013464 _____ () C:\Windows\system32\Drivers\SWDUMon.sys

2014-03-23 11:58 - 2014-03-23 11:58 - 00000000 ____D () C:\Users\McKnight\AppData\Local\SlimWare Utilities Inc

2014-03-23 11:53 - 2014-03-23 12:02 - 00000000 ____D () C:\Program Files\DriverUpdate

2014-03-23 11:53 - 2014-03-23 11:53 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers

2014-03-23 10:21 - 2014-03-23 11:14 - 00196608 _____ () C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl

2014-03-23 10:21 - 2014-03-23 11:14 - 00065536 _____ () C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf

2014-03-23 10:21 - 2014-03-23 11:14 - 00065536 _____ () C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx

2014-03-23 08:05 - 2014-03-23 08:05 - 00002168 _____ () C:\Users\Public\Desktop\Driver Support.lnk

2014-03-23 08:05 - 2014-03-23 08:05 - 00000000 ____D () C:\Users\McKnight\Downloads\Driver Support

2014-03-23 08:05 - 2014-03-23 08:05 - 00000000 ____D () C:\Users\McKnight\AppData\Local\PC_Drivers_Headquarters

2014-03-23 08:05 - 2014-03-23 08:05 - 00000000 ____D () C:\ProgramData\UAB

2014-03-23 08:05 - 2014-03-23 08:05 - 00000000 ____D () C:\ProgramData\Driver Support

2014-03-23 08:04 - 2014-03-23 08:04 - 00000000 ____D () C:\Program Files\Driver Support

2014-03-23 07:53 - 2014-03-23 07:53 - 00020924 _____ () C:\FixitRegBackup.reg

2014-03-23 03:55 - 2014-03-23 03:55 - 00000000 ____D () C:\Users\McKnight\AppData\Roaming\Intel Corporation

2014-03-23 03:52 - 2014-03-23 03:52 - 00000000 ____D () C:\Users\McKnight\AppData\Roaming\InstallShield

2014-03-23 03:35 - 2014-03-23 03:35 - 00000000 ____D () C:\Users\McKnight\AppData\Roaming\PCMM2013

2014-03-23 03:35 - 2014-03-23 03:35 - 00000000 ____D () C:\Users\McKnight\AppData\Roaming\PCMM2009

2014-03-23 03:35 - 2014-03-23 03:35 - 00000000 ____D () C:\Users\McKnight\AppData\Roaming\licenses

2014-03-23 00:25 - 2014-03-23 01:12 - 00000000 ____D () C:\Users\McKnight\Desktop\Speclean

2014-03-23 00:21 - 2014-03-23 16:51 - 00000000 ____D () C:\Program Files\ESET

2014-03-23 00:21 - 2014-03-23 00:21 - 00000000 ____D () C:\ProgramData\ESET

2014-03-22 23:50 - 2014-03-22 23:50 - 00000000 ____D () C:\Windows\TempD7356170-E780-639E-B149-872842A1C1ED-Signatures

2014-03-22 23:48 - 2014-03-23 19:03 - 00000304 _____ () C:\Windows\Tasks\UpdaterEX.job

2014-03-22 23:48 - 2014-03-22 23:48 - 00000044 _____ () C:\Users\McKnight\AppData\Roaming\WB.CFG

2014-03-22 23:48 - 2014-03-22 23:48 - 00000000 ____D () C:\Users\McKnight\AppData\Roaming\UpdaterEX

2014-03-22 23:47 - 2014-03-22 23:47 - 11125072 _____ (Microsoft Corporation) C:\Users\McKnight\Downloads\mseinstall.exe

2014-03-22 23:45 - 2014-03-23 18:45 - 00000304 _____ () C:\Windows\Tasks\MySearchDial.job

2014-03-22 21:19 - 2014-03-23 16:28 - 00448512 _____ (OldTimer Tools) C:\Users\McKnight\Desktop\TFC.exe

2014-03-22 20:53 - 2014-03-22 20:53 - 00002389 _____ () C:\Users\McKnight\Desktop\JRT.txt

2014-03-22 20:49 - 2014-03-22 20:49 - 00000000 ____D () C:\Windows\ERUNT

2014-03-22 20:28 - 2014-03-22 20:32 - 00000000 ____D () C:\AdwCleaner

2014-03-22 09:17 - 2014-03-24 00:42 - 00000000 ____D () C:\FRST

2014-03-21 01:25 - 2014-03-22 02:36 - 00000438 _____ () C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk

2014-03-21 01:21 - 2014-03-22 02:33 - 00000099 _____ () C:\Windows\Reimage.ini

2014-03-19 01:25 - 2014-03-19 01:25 - 00000000 ____D () C:\Users\McKnight\AppData\Roaming\Malwarebytes

2014-03-19 01:24 - 2014-03-19 01:24 - 00000908 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-03-19 01:24 - 2014-03-19 01:24 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-03-19 01:24 - 2014-03-19 01:24 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware

2014-03-19 01:24 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-03-18 18:21 - 2014-03-18 18:21 - 00000000 ____D () C:\Quarantine

2014-03-18 18:20 - 2014-03-18 18:21 - 00000000 ____D () C:\Program Files\stinger

==================== One Month Modified Files and Folders =======

2014-03-24 00:42 - 2014-03-22 09:17 - 00000000 ____D () C:\FRST

2014-03-24 00:31 - 2012-04-22 17:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-03-24 00:29 - 2014-03-24 00:29 - 00000176 _____ () C:\Users\McKnight\Desktop\fixlist.txt

2014-03-24 00:22 - 2006-11-02 08:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-03-24 00:22 - 2006-11-02 08:45 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-03-23 19:03 - 2014-03-22 23:48 - 00000304 _____ () C:\Windows\Tasks\UpdaterEX.job

2014-03-23 18:55 - 2011-10-20 17:48 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-03-23 18:45 - 2014-03-22 23:45 - 00000304 _____ () C:\Windows\Tasks\MySearchDial.job

2014-03-23 17:58 - 2014-03-23 17:58 - 00000176 _____ () C:\Users\McKnight\Desktop\ESETSCAN.txt

2014-03-23 17:55 - 2011-10-20 17:48 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-03-23 17:00 - 2012-07-02 19:21 - 00000272 _____ () C:\Windows\Tasks\RGames Updater.job

2014-03-23 16:51 - 2014-03-23 00:21 - 00000000 ____D () C:\Program Files\ESET

2014-03-23 16:48 - 2006-11-02 06:33 - 00694158 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-03-23 16:47 - 2009-08-25 10:53 - 01926286 _____ () C:\Windows\WindowsUpdate.log

2014-03-23 16:46 - 2010-10-25 11:22 - 00000000 ____D () C:\Users\McKnight\Tracing

2014-03-23 16:41 - 2008-01-20 23:02 - 00593202 _____ () C:\Windows\PFRO.log

2014-03-23 16:41 - 2006-11-02 08:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-03-23 16:28 - 2014-03-22 21:19 - 00448512 _____ (OldTimer Tools) C:\Users\McKnight\Desktop\TFC.exe

2014-03-23 16:24 - 2014-03-23 16:15 - 00000000 ___SD () C:\32788R22FWJFW

2014-03-23 14:56 - 2010-10-22 17:00 - 00093296 _____ () C:\Users\McKnight\AppData\Local\GDIPFONTCACHEV1.DAT

2014-03-23 14:55 - 2006-11-02 08:44 - 00371160 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-23 14:54 - 2009-08-25 16:22 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-03-23 14:53 - 2006-11-02 08:58 - 00032590 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-03-23 14:52 - 2006-11-02 06:23 - 00000288 _____ () C:\Windows\win.ini

2014-03-23 14:50 - 2009-08-25 16:14 - 00000000 ____D () C:\Program Files\Microsoft Office

2014-03-23 14:42 - 2014-03-23 14:40 - 00000000 ____D () C:\Windows\system32\MRT

2014-03-23 14:28 - 2014-03-23 14:28 - 00000000 ____D () C:\Users\McKnight\AppData\Roaming\LibreOffice

2014-03-23 14:26 - 2014-03-23 14:26 - 00000961 _____ () C:\Users\Public\Desktop\LibreOffice 3.5.lnk

2014-03-23 14:26 - 2014-03-23 14:24 - 00000000 ____D () C:\Program Files\LibreOffice 3.5

2014-03-23 14:26 - 2011-02-21 16:26 - 00000000 ____D () C:\Windows\SHELLNEW