Jump to content

Change Mode

please review

brownhornet

By brownhornet,
in Solved Malware Logs

 Share

Recommended Posts

brownhornet Rookie

brownhornet

Posted
Posted

a friends laptop had a bunch of junk on it including never ending pop-ups so i ran the usual scan and it seems to be ok now. i ran a HJT scan just to be sure,one thing happened before so i attached a pic..

 

1125141148.jpg

 

 

here is log file:

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:56:03 AM, on 11/25/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal

Running processes:
C:\Windows\System32\TiltWheelMouse.exe
C:\Users\Vicente Caastro\AppData\Local\Citrix\GoToAssist Remote Support Expert\758\g2ax_start.exe
C:\Users\Vicente Caastro\AppData\Local\Citrix\GoToAssist Remote Support Expert\758\g2ax_comm_expert.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Vicente Caastro\AppData\Local\Citrix\GoToAssist Remote Support Expert\758\g2ax_user_expert.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Dell Update\DellUpTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SSOIEAddonBHO - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\downloads\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [GoToAssist Remote Support Expert] "C:\Users\Vicente Caastro\AppData\Local\Citrix\GoToAssist Remote Support Expert\758\g2ax_start.exe" "/Trigger RunAtLogon"
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [updateAdmin] C:\Users\Vicente Caastro\AppData\Local\UpdateAdmin\UpdateAdmin.exe /RUN
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKLM\..\Policies\Explorer\Run: [btvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\DOWNLO~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\DOWNLO~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\DOWNLO~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\DOWNLO~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {173D9E48-B527-4AA0-A929-30B446002AA8} (DVRemoteControl Class) - http://bajahacienda.homeunix.com:2200/DVRemoteAx.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\DOWNLO~1\Office12\GRA32A~1.DLL
O20 - Winlogon Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AtherosSvc - Windows ® Win 7 DDK provider - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: Dell Product Registration Manager (DellProdRegManager) - Aviata, Inc. - C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe
O23 - Service: Dell Update Service (DellUpdate) - Dell Inc. - C:\Program Files (x86)\Dell Update\DellUpService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: FAService - Sensible Vision - C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: My Dell Client Framework - Dell Inc. - C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - CyberLink - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: tbaseprovisioning - Advanced Micro Devices, Inc. - C:\WINDOWS\SysWOW64\tbaseprovisioning.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wyse PocketCloud (WysePocketCloud) - Unknown owner - C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
O23 - Service: Wyse RemoteAccess (WyseRemoteAccess) - DELL Inc. - C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe

--
End of file - 10924 bytes

Link to comment
Share on other sites
Juliet Rookie

Juliet

Posted
Posted

Can't use HJT on that version of Windows.

 

 

xlK5Hdb.pngFarbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpgRun as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
Link to comment
Share on other sites
brownhornet Rookie

brownhornet

Posted
  • Author
Posted

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01
Ran by Vicente Caastro at 2014-11-25 17:42:22
Running from C:\Users\Vicente Caastro\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{985A3D13-F551-0AAB-F505-BA9A498AA8AA}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)
Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 4.0.0.0 - Auslogics Labs Pty Ltd)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.63 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{764E68FE-C2F9-410E-90A8-CE7F8B9A36E2}) (Version: 2.03.0204 - Aviata Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.1.2.0 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{E3CECF25-A529-415E-8F9A-D53C40E5E94C}) (Version: 1.3.9000.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DSC/AA Factory Installer (Version: 3.5.6426.22 - PC-Doctor, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Face Recognition (HKLM\...\{35ECC39B-95C8-4556-AECF-D0EC4E7F7699}) (Version: 4.1.221.1 - Sensible Vision)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist Expert 2.2.0.758 (HKU\S-1-5-21-2632285177-1487941020-2454937484-1002\...\GoToAssist Remote Support Expert) (Version: 2.2.0.758 - Citrix Online)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
MiPony 2.0.2 (HKLM-x32\...\MiPony) (Version: 2.0.2 - )
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
My Dell Client Framework (HKLM-x32\...\InstallShield_{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell)
My Dell Client Framework (x32 Version: 1.0.0.3 - Dell) Hidden
OEM Application Profile (HKLM-x32\...\{4AA8C8A9-FEE7-5FD6-FCCA-4A89CC9EC9D3}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Open Install (HKU\S-1-5-21-2632285177-1487941020-2454937484-1002\...\opninstl) (Version: - Open Install)
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.18 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
UpdateAdmin (HKLM-x32\...\{07B4B423-E4DA-47D1-8327-B589EB4BEB58}) (Version: 2.0.1885 - DownloadAdmin)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 05:25 - 2013-08-22 05:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {20BA054E-C3C7-46A4-AFDF-2A30D0D6685E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-14] (Microsoft Corporation)
Task: {261FE26C-28EB-4076-B6B9-7C943A7A4876} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {2BAEA45D-A6DE-4539-B062-DBB2671A03FE} - System32\Tasks\Open Install Udpater => C:\Users\Vicente Caastro\AppData\Local\Open Install\Open Install\1.3.14.5\openinst.exe
Task: {3379E94B-14D8-4604-8061-386615F981AA} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-21] (CyberLink Corp.)
Task: {3BB277CF-A3A3-4BAD-839A-3568C0F2C7E7} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {46E865AB-5166-4D32-A5E5-E617A1EBD78A} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {57A3AD30-D45E-4F38-8DEE-7036545A5EAC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-25] (AVAST Software)
Task: {6438FEE1-D38C-4A17-84A2-A6C16EE92062} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-02-19] (Aviata Inc)
Task: {6D57A7F2-A47A-4B7A-9BDD-0E996FE09EB7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-15] (Google Inc.)
Task: {7BC3FEC0-F12E-44B9-B397-A2B5F47355DE} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {87AC4B97-FCF1-4166-B84F-60297E77F2D0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-15] (Google Inc.)
Task: {9531E06E-F001-4B8C-BF25-7C5C35151DA7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
Task: {961549F4-FF72-437D-A07C-41185449CC69} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {A0511FA5-4901-4FD0-9150-5EED4E072B04} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {D0467090-478F-48A9-8182-ED36073C6015} - System32\Tasks\Open Install => C:\Users\Vicente Caastro\AppData\Local\Open Install\Open Install\1.3.14.5\openinstall.exe
Task: {D883369E-1F4E-4EFD-8ED6-DAACB1DD3836} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {DD5FCBA0-6DA2-4E9E-9948-F1CA5422413F} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {E8008AC0-F475-488F-96A6-2DAB14279A78} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-13] (Synaptics Incorporated)
Task: {E9CE9323-0837-4494-9FFA-3B6225B201C4} - System32\Tasks\UpdateAdmin => C:\Users\Vicente Caastro\AppData\Local\UpdateAdmin\UpdateAdmin.exe [2014-10-16] (DownloadAdmin)
Task: C:\WINDOWS\Tasks\DGQC.job => C:\Users\Vicente Caastro\AppData\Roaming\DGQC.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\DSCBSMD.job => C:\Users\Vicente Caastro\AppData\Roaming\DSCBSMD.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HKKLP.job => C:\Users\Vicente Caastro\AppData\Roaming\HKKLP.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\JULOHG.job => C:\Users\Vicente Caastro\AppData\Roaming\JULOHG.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-02-13 06:15 - 2014-02-13 06:15 - 00127488 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-08-22 10:40 - 2013-08-22 10:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2013-08-22 10:40 - 2013-08-22 10:40 - 00040240 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll
2013-08-22 10:40 - 2013-08-22 10:40 - 00046384 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll
2014-01-10 13:53 - 2014-01-10 13:53 - 00016384 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Interfaces.dll
2014-01-10 13:53 - 2014-01-10 13:53 - 00081408 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Objects.dll
2014-01-10 13:53 - 2014-01-10 13:53 - 00815616 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Resources.dll
2014-01-10 14:24 - 2014-01-10 14:24 - 00052736 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Plugins.SelfUpdate.dll
2014-01-10 14:24 - 2014-01-10 14:24 - 00019968 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Common.dll
2014-11-25 00:26 - 2014-11-25 00:26 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-25 00:26 - 2014-11-25 00:26 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-01-08 00:00 - 2014-01-08 00:00 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-01-07 23:58 - 2014-01-07 23:58 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2014-01-08 00:03 - 2014-01-08 00:03 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2014-02-13 06:15 - 2014-02-13 06:15 - 00102400 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-09-18 10:37 - 2014-07-02 18:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2014-10-29 10:42 - 2014-10-29 10:42 - 00094000 _____ () C:\WINDOWS\SYSTEM32\FAIEExtension.DLL
2013-04-04 14:42 - 2013-04-04 14:42 - 00012424 _____ () C:\Program Files (x86)\Sensible Vision\Fast Access\MFCaptureD3D_2_DLL.dll
2014-11-25 10:10 - 2014-11-25 10:10 - 02903552 _____ () C:\Program Files\AVAST Software\Avast\defs\14112501\algo.dll
2014-11-25 00:26 - 2014-11-25 00:26 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-11-25 00:26 - 2014-11-25 00:26 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-04-10 14:30 - 2014-04-10 14:30 - 00134664 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-09-18 10:37 - 2014-07-30 14:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-06-11 05:23 - 2012-11-25 21:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2014-09-18 10:37 - 2012-11-25 20:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2014-11-01 14:31 - 2014-10-21 20:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-11-01 14:31 - 2014-10-21 20:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-11-01 14:31 - 2014-10-21 20:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-11-01 14:31 - 2014-10-21 20:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-10-17 16:28 - 2014-11-10 20:40 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "QuickSet"
HKU\S-1-5-21-2632285177-1487941020-2454937484-1002\...\StartupApproved\Run: => "SUPERAntiSpyware"

========================= Accounts: ==========================

Administrator (S-1-5-21-2632285177-1487941020-2454937484-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2632285177-1487941020-2454937484-501 - Limited - Disabled)
Vicente Caastro (S-1-5-21-2632285177-1487941020-2454937484-1002 - Administrator - Enabled) => C:\Users\Vicente Caastro

==================== Faulty Device Manager Devices =============

Name: facap, FastAccess Video Capture
Description: facap, FastAccess Video Capture
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Sensible Vision
Service: facap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/25/2014 05:39:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (11/25/2014 04:48:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (11/25/2014 04:48:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (11/25/2014 04:48:14 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (11/25/2014 04:48:14 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (11/25/2014 04:13:34 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (11/25/2014 04:13:34 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (11/25/2014 01:35:52 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (11/25/2014 01:35:51 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (11/25/2014 01:35:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.


System errors:
=============
Error: (11/25/2014 04:14:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The tbaseprovisioning service terminated unexpectedly. It has done this 1 time(s).

Error: (11/25/2014 04:10:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Super Optimizer service to connect.

Error: (11/25/2014 04:10:21 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with the following service-specific error:
%%0

Error: (11/25/2014 03:53:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Super Optimizer service to connect.

Error: (11/25/2014 03:33:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Super Optimizer service to connect.

Error: (11/25/2014 03:28:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Super Optimizer service to connect.

Error: (11/25/2014 06:13:57 AM) (Source: DCOM) (EventID: 10010) (User: vcastro)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (11/25/2014 06:13:27 AM) (Source: DCOM) (EventID: 10010) (User: vcastro)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (11/25/2014 04:54:31 AM) (Source: DCOM) (EventID: 10010) (User: vcastro)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (11/25/2014 04:54:01 AM) (Source: DCOM) (EventID: 10010) (User: vcastro)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD A4-6210 APU with AMD Radeon R3 Graphics
Percentage of memory in use: 54%
Total physical RAM: 3512.56 MB
Available physical RAM: 1611.33 MB
Total Pagefile: 4152.56 MB
Available Pagefile: 1881.63 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:453.18 GB) (Free:417.69 GB) NTFS
Drive e: (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32
Drive f: () (Removable) (Total:14.63 GB) (Free:13.46 GB) FAT32
Drive x: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.3 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:11.19 GB) (Free:0.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 919DCD51)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 14.6 GB) (Disk ID: EB302EC7)
Partition 1: (Not Active) - (Size=14.6 GB) - (Type=0C)

==================== End Of Log ============================

Link to comment
Share on other sites
brownhornet Rookie

brownhornet

Posted
  • Author
Posted

should have listed this log file first:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by Vicente Caastro (administrator) on VCASTRO on 25-11-2014 17:40:36
Running from C:\Users\Vicente Caastro\Downloads
Loaded Profile: Vicente Caastro (Available profiles: Vicente Caastro & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FACSMon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Dell Inc.) C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe
(Sensible Vision ) C:\Program Files (x86)\Sensible Vision\Fast Access\FAsenmon.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Sensible Vision) C:\Program Files (x86)\Sensible Vision\Fast Access\FAupgradeNoticeOT.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(PC-Doctor, Inc.) C:\Program Files\My Dell\imstrayicon.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [285272 2013-12-30] (Waves Audio Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-16] (Dell Inc.)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-02-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\downloads\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-25] (AVAST Software)
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [FATrayAlert] => C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95536 2014-10-29] (Sensible Vision )
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\FastAccess-x32: C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll (Sensible Vision )
HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [133760 2014-01-08] ( (Qualcomm®Atheros®))
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2632285177-1487941020-2454937484-1002\...\Run: [GoToAssist Remote Support Expert] => C:\Users\Vicente Caastro\AppData\Local\Citrix\GoToAssist Remote Support Expert\758\g2ax_start.exe [610888 2014-10-13] (Citrix Online, LLC)
HKU\S-1-5-21-2632285177-1487941020-2454937484-1002\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7777560 2014-11-24] (SUPERAntiSpyware)
HKU\S-1-5-21-2632285177-1487941020-2454937484-1002\...\Run: [updateAdmin] => C:\Users\Vicente Caastro\AppData\Local\UpdateAdmin\UpdateAdmin.exe [225552 2014-10-16] (DownloadAdmin)
HKU\S-1-5-21-2632285177-1487941020-2454937484-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-2632285177-1487941020-2454937484-1002\...\MountPoints2: {64f47a48-5767-11e4-8263-645a046b12ca} - "F:\LaunchU3.exe" -a
Lsa: [Notification Packages] scecli FAPassSync
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> {A65CABAD-ECFC-4B43-BC16-7EF0906B7B3B} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Face recognition web login for FastAccess -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )
BHO-x32: No Name -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Face recognition web login for FastAccess -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2632285177-1487941020-2454937484-1002 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {173D9E48-B527-4AA0-A929-30B446002AA8} http://bajahacienda.homeunix.com:2200/DVRemoteAx.cab
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\downloads\Office12\GrooveSystemServices.dll (Microsoft Corporation)
ShellExecuteHooks-x32: - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ]
Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11

FireFox:
========
FF ProfilePath: C:\Users\Vicente Caastro\AppData\Roaming\Mozilla\Firefox\Profiles\eum7ydtb.default-1416958619752
FF Homepage: https://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @sensiblevision.com/FastAccess,version=4.1.110 -> C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\nprt.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Adblock Plus - C:\Users\Vicente Caastro\AppData\Roaming\Mozilla\Firefox\Profiles\eum7ydtb.default-1416958619752\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-25]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-15]
FF HKLM-x32\...\Firefox\Extensions: [fassoxpcom@sensiblevision.com] - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso
FF Extension: FastAccess Web Login - C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso [2014-11-21]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSearchKeyword: Default -> 8FBCF8846CB29C088040BCF96CB88809902BBBAAC1EE6972F5DE4424CF1FB5C9
CHR DefaultSearchURL: Default -> 43A12AE9AD5B1546D64203367E2E266B7C0A4A687056E361E8CD3A58E9FC0B3A
CHR Profile: C:\Users\Vicente Caastro\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Vicente Caastro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-25]
CHR Extension: (Google Docs) - C:\Users\Vicente Caastro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-15]
CHR Extension: (Google Drive) - C:\Users\Vicente Caastro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Vicente Caastro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-15]
CHR Extension: (YouTube) - C:\Users\Vicente Caastro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-15]
CHR Extension: (Google Search) - C:\Users\Vicente Caastro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-15]
CHR Extension: (AppEnable) - C:\Users\Vicente Caastro\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmcppgbejkngbcpgoeddphchpagiikch [2014-11-13]
CHR Extension: (Google Sheets) - C:\Users\Vicente Caastro\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-25]
CHR Extension: (Google Wallet) - C:\Users\Vicente Caastro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-15]
CHR Extension: (Gmail) - C:\Users\Vicente Caastro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-15]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-02-13] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [318592 2014-01-08] (Windows ® Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-25] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-25] (Avast Software)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [139328 2014-02-19] (Aviata, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [190840 2014-11-13] (Dell Inc.)
S3 Microsoft Office Groove Audit Service; C:\downloads\Office12\GrooveAuditService.exe [65824 2006-10-26] (Microsoft Corporation)
R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1924328 2014-09-18] (SoftThinks SAS)
S2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [51712 2014-02-24] (Advanced Micro Devices, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
S2 cae99edb; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptCrash.dll",ENT

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [85704 2014-02-24] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-12] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [230088 2014-02-24] (Advanced Micro Devices, Inc. )
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-25] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-25] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-25] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-25] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-25] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881472 2013-12-12] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-19] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-07] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-06-11] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 facap; C:\Windows\system32\DRIVERS\facap.sys [37888 2012-09-03] (Windows ® Win 7 DDK provider)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2014-11-25] ()
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-25] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-25] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-25 17:40 - 2014-11-25 17:41 - 00020398 _____ () C:\Users\Vicente Caastro\Downloads\FRST.txt
2014-11-25 17:40 - 2014-11-25 17:40 - 00000000 ____D () C:\FRST
2014-11-25 17:39 - 2014-11-25 17:40 - 00001517 _____ () C:\Users\Vicente Caastro\Desktop\FRST64.exe - Shortcut.lnk
2014-11-25 17:39 - 2014-11-25 17:39 - 02118144 _____ (Farbar) C:\Users\Vicente Caastro\Downloads\FRST64.exe
2014-11-25 16:47 - 2014-11-25 16:48 - 02347384 _____ (ESET) C:\Users\Vicente Caastro\Downloads\esetsmartinstaller_enu(2).exe
2014-11-25 16:18 - 2014-11-25 16:18 - 05599228 _____ (Swearware) C:\Users\Vicente Caastro\Downloads\ComboFix.exe
2014-11-25 16:16 - 2014-11-25 16:16 - 00441592 _____ (Bleeping Computer, LLC) C:\Users\Vicente Caastro\Downloads\sc-cleaner.exe
2014-11-25 16:16 - 2014-11-25 16:16 - 00001806 _____ () C:\sc-cleaner.txt
2014-11-25 16:16 - 2014-11-25 16:16 - 00001555 _____ () C:\Users\Vicente Caastro\Desktop\sc-cleaner.exe - Shortcut.lnk
2014-11-25 16:13 - 2014-11-25 16:13 - 00448512 _____ (OldTimer Tools) C:\Users\Vicente Caastro\Downloads\TFC.exe
2014-11-25 16:13 - 2014-11-25 16:13 - 00001486 _____ () C:\Users\Vicente Caastro\Desktop\TFC.exe - Shortcut.lnk
2014-11-25 16:13 - 2014-11-25 16:13 - 00000197 _____ () C:\WINDOWS\system32\2014-11-26-00-13-10.070-AvastVBoxSVC.exe-2268.log
2014-11-25 16:12 - 2014-11-25 16:12 - 00000000 ___RD () C:\Users\Vicente Caastro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-11-25 16:10 - 2014-11-25 16:10 - 00043664 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2014-11-25 16:09 - 2014-11-25 16:09 - 00003784 _____ () C:\WINDOWS\system32\.crusader
2014-11-25 16:00 - 2014-11-25 16:00 - 00001911 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-11-25 16:00 - 2014-11-25 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-11-25 16:00 - 2014-11-25 16:00 - 00000000 ____D () C:\Program Files\HitmanPro
2014-11-25 15:59 - 2014-11-25 16:09 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-25 15:58 - 2014-11-25 15:59 - 11222744 _____ (SurfRight B.V.) C:\Users\Vicente Caastro\Downloads\HitmanPro_x64.exe
2014-11-25 15:55 - 2014-11-25 15:56 - 00000197 _____ () C:\WINDOWS\system32\2014-11-25-23-55-47.064-AvastVBoxSVC.exe-2388.log
2014-11-25 15:37 - 2014-11-25 15:37 - 00000000 ____D () C:\Users\Vicente Caastro\Desktop\Old Firefox Data
2014-11-25 15:35 - 2014-11-25 15:37 - 00000197 _____ () C:\WINDOWS\system32\2014-11-25-23-35-37.029-AvastVBoxSVC.exe-2744.log
2014-11-25 15:30 - 2014-11-25 15:31 - 00000197 _____ () C:\WINDOWS\system32\2014-11-25-23-30-36.052-AvastVBoxSVC.exe-2412.log
2014-11-25 15:27 - 2014-11-25 15:52 - 00000636 _____ () C:\WINDOWS\PFRO.log
2014-11-25 13:35 - 2014-11-25 13:35 - 02347384 _____ (ESET) C:\Users\Vicente Caastro\Downloads\esetsmartinstaller_enu(1).exe
2014-11-25 13:31 - 2014-11-25 13:31 - 00164828 _____ () C:\Users\Vicente Caastro\AppData\Local\ars.cache
2014-11-25 13:31 - 2014-11-25 13:31 - 00141182 _____ () C:\Users\Vicente Caastro\AppData\Local\census.cache
2014-11-25 13:22 - 2014-11-25 13:22 - 00000010 _____ () C:\Users\Vicente Caastro\AppData\Local\sponge.last.runtime.cache
2014-11-25 13:18 - 2013-09-01 23:58 - 00175528 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2014-11-25 13:17 - 2014-11-25 13:17 - 02476596 _____ (Trend Micro Inc.) C:\Users\Vicente Caastro\Downloads\HousecallLauncher64.exe
2014-11-25 13:17 - 2014-11-25 13:17 - 00000036 _____ () C:\Users\Vicente Caastro\AppData\Local\housecall.guid.cache
2014-11-25 11:56 - 2014-11-25 11:56 - 00010926 _____ () C:\Users\Vicente Caastro\Desktop\hijackthis.log
2014-11-25 11:43 - 2014-11-25 11:43 - 00003051 _____ () C:\Users\Vicente Caastro\Desktop\HiJackThis.lnk
2014-11-25 11:43 - 2014-11-25 11:43 - 00000000 ____D () C:\Users\Vicente Caastro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-11-25 11:43 - 2014-11-25 11:43 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-11-25 11:42 - 2014-11-25 11:42 - 01402880 _____ () C:\Users\Vicente Caastro\Downloads\HiJackThis.msi
2014-11-25 07:48 - 2014-11-25 17:14 - 00119381 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-25 05:28 - 2014-11-25 05:28 - 00085034 _____ () C:\Users\Vicente Caastro\Documents\cc_20141125_052803.reg
2014-11-25 05:22 - 2014-11-25 05:22 - 04976456 _____ (Piriform Ltd) C:\Users\Vicente Caastro\Downloads\ccsetup419.exe
2014-11-25 05:22 - 2014-11-25 05:22 - 00002792 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-11-25 05:22 - 2014-11-25 05:22 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-25 05:22 - 2014-11-25 05:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-25 05:22 - 2014-11-25 05:22 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-25 05:18 - 2014-11-25 05:18 - 00012343 _____ () C:\Users\Vicente Caastro\Documents\virus scan.txt
2014-11-25 05:18 - 2014-11-25 05:18 - 00000247 _____ () C:\WINDOWS\system32\2014-11-25-13-18-19.085-aswFe.exe-3728.log
2014-11-25 05:09 - 2014-11-25 05:18 - 00000247 _____ () C:\WINDOWS\system32\2014-11-25-13-09-58.098-aswFe.exe-5304.log
2014-11-25 05:09 - 2014-11-25 05:09 - 00000197 _____ () C:\WINDOWS\system32\2014-11-25-13-09-53.031-AvastVBoxSVC.exe-6616.log
2014-11-25 04:47 - 2014-11-25 04:47 - 00000000 ____D () C:\WINDOWS\SysWOW64\vbox
2014-11-25 04:47 - 2014-11-25 04:47 - 00000000 ____D () C:\WINDOWS\system32\vbox
2014-11-25 03:30 - 2014-11-25 03:30 - 02347384 _____ (ESET) C:\Users\Vicente Caastro\Downloads\esetsmartinstaller_enu.exe
2014-11-25 03:30 - 2014-11-25 03:30 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-25 01:50 - 2014-11-25 01:50 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-11-25 01:50 - 2014-11-25 01:50 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-11-25 01:50 - 2014-11-25 01:50 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-11-25 01:50 - 2014-11-25 01:50 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-11-25 01:50 - 2014-11-25 01:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-25 01:50 - 2014-11-25 01:50 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-25 00:26 - 2014-11-25 00:26 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-11-25 00:26 - 2014-11-25 00:26 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-11-25 00:01 - 2014-11-25 00:01 - 00000634 _____ () C:\Users\Vicente Caastro\Desktop\AdwCleaner.exe - Shortcut.lnk
2014-11-24 23:54 - 2014-11-24 23:54 - 00000000 ____D () C:\InstaShare
2014-11-24 22:58 - 2014-11-25 12:24 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-11-24 22:58 - 2014-11-25 00:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-11-24 22:58 - 2014-11-24 22:58 - 00001822 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-11-24 21:08 - 2014-11-24 21:08 - 00012546 _____ () C:\Users\Vicente Caastro\Desktop\JRT.txt
2014-11-24 18:32 - 2014-11-24 20:01 - 00033280 _____ () C:\Users\Vicente Caastro\Desktop\Flash 11-23-2014.xls
2014-11-24 18:00 - 2014-11-24 18:00 - 00000000 ____D () C:\Program Files (x86)\Dell Update
2014-11-23 10:14 - 2014-11-23 10:14 - 00032768 _____ () C:\Users\Vicente Caastro\Desktop\Labor weekto date Vicente .xls
2014-11-21 18:13 - 2014-11-21 18:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastAccess Facial Recognition
2014-11-21 17:52 - 2014-11-09 15:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-21 17:52 - 2014-11-09 15:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-21 17:52 - 2014-11-09 15:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-21 17:52 - 2014-11-09 15:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-21 17:49 - 2014-11-21 17:49 - 00000000 ____D () C:\Users\Vicente Caastro\AppData\Roaming\FastAccessSup
2014-11-21 17:45 - 2014-11-21 17:45 - 00000000 ____D () C:\Program Files (x86)\Sensible Vision
2014-11-21 14:43 - 2014-11-21 14:43 - 00022528 _____ () C:\Users\Vicente Caastro\AppData\Local\dsisetup5982957652.exe
2014-11-17 19:32 - 2014-11-17 19:32 - 00000000 ____D () C:\Users\Vicente Caastro\AppData\Roaming\BRT
2014-11-17 19:27 - 2014-11-17 19:45 - 00026112 _____ () C:\Users\Vicente Caastro\Desktop\Copy of Flash 11-16-2014.xlsx
2014-11-14 16:30 - 2014-11-21 14:41 - 00001394 _____ () C:\WINDOWS\Tasks\JULOHG.job
2014-11-14 16:30 - 2014-11-21 14:41 - 00001390 _____ () C:\WINDOWS\Tasks\DGQC.job
2014-11-14 16:29 - 2014-11-25 04:50 - 00000000 ____D () C:\Program Files (x86)\fbf94d47-14a9-4508-b80e-8cd8a1a44695
2014-11-14 16:29 - 2014-11-25 04:50 - 00000000 ____D () C:\Program Files (x86)\39f18bdc-e2f8-49b5-934f-7a17aebdaf2d
2014-11-14 16:29 - 2014-11-21 14:41 - 00001740 _____ () C:\WINDOWS\Tasks\DSCBSMD.job
2014-11-14 16:29 - 2014-11-21 14:41 - 00001392 _____ () C:\WINDOWS\Tasks\HKKLP.job
2014-11-14 16:23 - 2014-11-14 16:23 - 01802848 _____ (Double Opt Media Partners LLC) C:\Users\Vicente Caastro\Downloads\update_installer.exe
2014-11-14 15:40 - 2014-11-14 15:40 - 00000000 __SHD () C:\Users\Vicente Caastro\AppData\Local\EmieBrowserModeList
2014-11-14 15:34 - 2014-11-14 15:34 - 00000000 ____D () C:\ProgramData\Sun
2014-11-14 15:34 - 2014-11-14 15:34 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-14 15:28 - 2014-11-14 15:28 - 00003540 _____ () C:\WINDOWS\System32\Tasks\Open Install
2014-11-14 15:28 - 2014-11-14 15:28 - 00003534 _____ () C:\WINDOWS\System32\Tasks\Open Install Udpater
2014-11-14 15:28 - 2014-11-14 15:28 - 00000000 ____D () C:\Users\Vicente Caastro\AppData\Local\Open Install
2014-11-14 15:27 - 2014-11-25 00:08 - 00000000 ____D () C:\ProgramData\bSxnxpTR
2014-11-14 15:27 - 2014-11-24 23:37 - 00000000 ____D () C:\ProgramData\InstaShare
2014-11-14 15:26 - 2014-11-14 15:26 - 00003894 _____ () C:\WINDOWS\System32\Tasks\UpdateAdmin
2014-11-14 15:26 - 2014-11-14 15:26 - 00000000 ____D () C:\Users\Vicente Caastro\AppData\Local\UpdateAdmin
2014-11-14 15:26 - 2014-11-14 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateAdmin
2014-11-14 15:02 - 2014-10-29 16:55 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-14 15:02 - 2014-10-29 16:55 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-14 14:39 - 2014-10-12 18:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-11-14 14:39 - 2014-10-10 16:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-11-14 14:39 - 2014-10-10 16:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-11-14 14:39 - 2014-10-09 17:58 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-11-14 14:39 - 2014-10-09 17:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2014-11-14 14:39 - 2014-10-09 17:44 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-11-14 14:39 - 2014-10-07 23:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-11-14 14:39 - 2014-10-07 23:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2014-11-14 14:39 - 2014-10-07 23:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-11-14 14:39 - 2014-10-07 23:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-11-14 14:39 - 2014-10-07 23:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2014-11-14 14:39 - 2014-10-07 23:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-11-14 14:39 - 2014-10-07 22:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-11-14 14:39 - 2014-10-07 22:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-11-14 14:39 - 2014-10-07 22:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2014-11-14 14:39 - 2014-10-07 22:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-11-14 14:39 - 2014-10-07 22:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-11-14 14:39 - 2014-10-07 22:17 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-11-14 14:39 - 2014-10-07 21:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-11-14 14:39 - 2014-10-07 21:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-11-14 14:39 - 2014-10-07 21:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-11-14 14:39 - 2014-09-26 23:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2014-11-14 14:39 - 2014-09-26 21:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2014-11-14 14:39 - 2014-09-26 19:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-11-14 14:39 - 2014-09-26 19:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2014-11-14 14:39 - 2014-09-26 19:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-11-14 14:39 - 2014-09-21 20:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-11-14 14:39 - 2014-09-21 19:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-11-14 14:39 - 2014-09-21 19:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-11-14 14:39 - 2014-09-21 18:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-11-14 14:39 - 2014-09-18 16:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-11-14 14:39 - 2014-09-02 14:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2014-11-14 14:39 - 2014-09-02 14:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2014-11-14 14:38 - 2014-07-24 07:23 - 00125472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-11-14 14:38 - 2014-07-24 07:16 - 02574208 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2014-11-14 14:38 - 2014-07-24 07:03 - 02141920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-11-14 14:38 - 2014-07-24 07:03 - 00882136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-11-14 14:38 - 2014-07-24 07:03 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2014-11-14 14:38 - 2014-07-24 07:03 - 00233888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-11-14 14:38 - 2014-07-24 07:03 - 00205512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2014-11-14 14:38 - 2014-07-24 05:48 - 02410976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2014-11-14 14:38 - 2014-07-24 05:48 - 00180208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVol.exe
2014-11-14 14:38 - 2014-07-24 05:46 - 00477200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2014-11-14 14:38 - 2014-07-24 05:36 - 02145472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-11-14 14:38 - 2014-07-24 05:36 - 00707536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-11-14 14:38 - 2014-07-24 05:36 - 00355800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2014-11-14 14:38 - 2014-07-24 05:36 - 00180720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2014-11-14 14:38 - 2014-07-24 02:49 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll
2014-11-14 14:38 - 2014-07-24 02:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-11-14 14:38 - 2014-07-24 02:10 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasnap.dll
2014-11-14 14:38 - 2014-07-24 02:05 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-11-14 14:38 - 2014-07-24 01:44 - 16874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-11-14 14:38 - 2014-07-24 01:42 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.cpl
2014-11-14 14:38 - 2014-07-24 01:39 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-11-14 14:38 - 2014-07-24 01:32 - 01048064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpedit.dll
2014-11-14 14:38 - 2014-07-24 01:25 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2014-11-14 14:38 - 2014-07-24 01:24 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-11-14 14:38 - 2014-07-24 01:13 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2014-11-14 14:38 - 2014-07-24 01:11 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2014-11-14 14:38 - 2014-07-24 01:10 - 00540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2014-11-14 14:38 - 2014-07-24 01:04 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2014-11-14 14:38 - 2014-07-24 00:39 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2014-11-14 14:38 - 2014-07-24 00:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-11-14 14:38 - 2014-07-24 00:23 - 01404416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2014-11-14 14:38 - 2014-07-24 00:21 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-11-14 14:38 - 2014-07-24 00:21 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-11-14 14:38 - 2014-07-24 00:16 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2014-11-14 14:38 - 2014-07-24 00:15 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2014-11-14 14:38 - 2014-07-24 00:10 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-11-14 14:38 - 2014-07-24 00:10 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-11-14 14:38 - 2014-07-24 00:08 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2014-11-14 14:38 - 2014-07-24 00:05 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2014-11-14 14:38 - 2014-07-23 23:58 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2014-11-14 14:38 - 2014-07-23 23:54 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2014-11-14 14:38 - 2014-07-23 23:44 - 01057792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.dll
2014-11-14 14:38 - 2014-07-23 23:43 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2014-11-14 14:38 - 2014-07-23 23:41 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2014-11-14 14:38 - 2014-07-23 23:28 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-11-14 14:38 - 2014-07-04 02:20 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2014-11-14 14:38 - 2014-07-04 02:06 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2014-11-14 14:38 - 2014-07-04 01:27 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2014-11-14 14:38 - 2014-06-25 16:32 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-11-14 14:38 - 2014-06-25 16:29 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2014-11-14 14:38 - 2014-06-07 02:20 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-11-14 14:38 - 2014-06-05 01:42 - 00889856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2014-11-14 14:38 - 2014-05-30 20:18 - 01319936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2014-11-14 14:38 - 2014-05-28 21:25 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-11-14 14:38 - 2014-05-05 16:55 - 00391000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2014-11-14 14:37 - 2014-10-30 21:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-11-14 14:37 - 2014-10-30 19:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-11-14 14:36 - 2014-10-30 19:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-11-14 14:35 - 2014-10-30 21:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2014-11-14 14:35 - 2014-10-30 21:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2014-11-14 14:35 - 2014-10-30 21:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2014-11-14 14:35 - 2014-10-30 21:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2014-11-14 14:35 - 2014-10-30 21:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2014-11-14 14:35 - 2014-10-30 21:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-11-14 14:35 - 2014-10-30 21:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-11-14 14:35 - 2014-10-30 21:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-11-14 14:35 - 2014-10-30 21:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-11-14 14:35 - 2014-10-30 21:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-11-14 14:35 - 2014-10-30 21:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-11-14 14:35 - 2014-10-30 21:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-11-14 14:35 - 2014-10-30 20:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-11-14 14:35 - 2014-10-30 20:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-11-14 14:35 - 2014-10-30 20:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2014-11-14 14:35 - 2014-10-30 20:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2014-11-14 14:35 - 2014-10-30 20:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2014-11-14 14:35 - 2014-10-30 20:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-11-14 14:35 - 2014-10-30 20:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-11-14 14:35 - 2014-10-30 20:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-11-14 14:35 - 2014-10-30 20:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-11-14 14:35 - 2014-10-30 20:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-11-14 14:35 - 2014-10-30 20:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-11-14 14:35 - 2014-10-30 20:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-11-14 14:35 - 2014-10-30 20:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-11-14 14:35 - 2014-10-30 20:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-11-14 14:35 - 2014-10-30 20:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2014-11-14 14:35 - 2014-10-30 20:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2014-11-14 14:35 - 2014-10-30 20:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-11-14 14:35 - 2014-10-30 20:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-11-14 14:35 - 2014-10-30 20:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-11-14 14:35 - 2014-10-30 20:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-11-14 14:35 - 2014-10-30 20:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-11-14 14:35 - 2014-10-30 20:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-11-14 14:35 - 2014-10-30 20:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-11-14 14:35 - 2014-10-30 20:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-11-14 14:35 - 2014-10-30 20:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-11-14 14:35 - 2014-10-30 20:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-11-14 14:35 - 2014-10-30 20:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-11-14 14:35 - 2014-10-30 20:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-11-14 14:35 - 2014-10-30 19:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-11-14 14:35 - 2014-10-30 19:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-11-14 14:35 - 2014-10-30 19:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2014-11-14 14:35 - 2014-10-30 19:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-11-14 14:35 - 2014-10-30 19:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2014-11-14 14:35 - 2014-10-30 19:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2014-11-14 14:35 - 2014-10-30 19:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2014-11-14 14:35 - 2014-10-30 19:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2014-11-14 14:35 - 2014-10-30 19:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2014-11-14 14:35 - 2014-10-30 19:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-11-14 14:35 - 2014-10-30 19:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2014-11-14 14:35 - 2014-10-30 19:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-11-14 14:35 - 2014-10-30 19:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-11-14 14:35 - 2014-10-30 19:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-11-14 14:35 - 2014-10-30 19:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-11-14 14:35 - 2014-10-30 19:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-11-14 14:35 - 2014-10-30 19:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-11-14 14:35 - 2014-10-30 19:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-11-14 14:35 - 2014-10-30 19:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-11-14 14:35 - 2014-10-30 19:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2014-11-14 14:35 - 2014-10-30 19:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2014-11-14 14:35 - 2014-10-30 19:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2014-11-14 14:35 - 2014-10-30 19:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-11-14 14:35 - 2014-10-30 19:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-11-14 14:35 - 2014-10-30 19:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-11-14 14:35 - 2014-10-30 19:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2014-11-14 14:35 - 2014-10-30 19:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-11-14 14:35 - 2014-10-30 18:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-14 14:35 - 2014-10-30 18:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2014-11-14 14:35 - 2014-10-30 18:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-11-14 14:35 - 2014-10-30 18:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2014-11-14 14:35 - 2014-10-30 18:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-11-14 14:35 - 2014-10-30 18:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2014-11-14 14:35 - 2014-10-30 18:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-11-14 14:35 - 2014-10-30 18:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-11-14 14:35 - 2014-10-30 18:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-11-14 14:35 - 2014-10-30 18:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2014-11-14 14:35 - 2014-10-30 18:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-11-14 14:35 - 2014-10-30 18:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-11-14 14:35 - 2014-10-30 18:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-11-14 14:35 - 2014-10-30 18:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-11-14 14:35 - 2014-10-30 18:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-11-14 14:35 - 2014-10-30 18:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-11-14 14:35 - 2014-10-30 18:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-11-14 14:35 - 2014-10-30 18:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-11-14 14:35 - 2014-10-30 18:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2014-11-14 14:35 - 2014-10-30 18:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-11-14 14:35 - 2014-10-30 18:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-11-14 14:35 - 2014-10-30 18:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-11-14 14:33 - 2014-10-18 01:55 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-11-14 14:33 - 2014-10-18 00:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-11-14 14:33 - 2014-10-18 00:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-11-14 14:33 - 2014-10-17 23:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-11-14 14:33 - 2014-10-17 22:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-11-14 14:33 - 2014-10-17 22:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-11-14 14:33 - 2014-10-17 22:27 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-11-14 14:33 - 2014-10-17 22:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-11-14 14:33 - 2014-10-17 22:23 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-11-14 14:33 - 2014-10-17 22:23 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-11-14 14:33 - 2014-10-17 22:21 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-11-14 14:33 - 2014-10-17 22:20 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-11-14 14:33 - 2014-10-17 22:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-11-14 14:33 - 2014-10-17 22:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-11-14 14:33 - 2014-10-17 22:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-11-14 14:33 - 2014-10-17 22:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-11-14 14:29 - 2014-10-16 23:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-11-14 14:29 - 2014-10-16 22:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-11-14 14:27 - 2014-11-04 15:38 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-11-14 14:27 - 2014-11-03 16:10 - 00304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-11-14 14:27 - 2014-10-30 20:53 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-11-14 14:27 - 2014-10-30 20:49 - 00537088 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-11-14 14:27 - 2014-10-30 20:24 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-11-14 14:27 - 2014-10-22 21:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-11-14 14:27 - 2014-10-22 21:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-11-14 14:27 - 2014-10-06 19:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-11-14 14:27 - 2014-09-07 19:07 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-11-14 14:27 - 2014-09-04 14:21 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-11-14 14:27 - 2014-09-03 19:05 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-11-14 14:27 - 2014-08-30 16:15 - 21197152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-11-14 14:27 - 2014-08-30 14:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-11-14 14:27 - 2014-08-30 13:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-11-14 14:27 - 2014-08-27 18:55 - 07484224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-11-14 14:27 - 2014-08-22 21:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-11-14 14:27 - 2014-08-22 21:14 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-11-14 14:27 - 2014-08-22 21:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-11-14 14:27 - 2014-08-22 21:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-11-14 14:27 - 2014-08-22 20:50 - 02714112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-11-14 14:26 - 2014-10-06 22:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-11-14 14:26 - 2014-10-06 22:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-11-14 14:26 - 2014-10-06 22:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-11-14 14:26 - 2014-10-06 22:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-11-14 14:26 - 2014-10-06 22:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2014-11-14 14:26 - 2014-10-06 19:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-11-14 14:26 - 2014-10-06 19:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-11-14 14:26 - 2014-10-06 19:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-11-14 14:26 - 2014-10-06 17:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-11-14 14:26 - 2014-10-06 17:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-11-14 14:26 - 2014-09-09 22:25 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-11-14 14:26 - 2014-09-07 19:07 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-11-14 14:26 - 2014-09-07 14:08 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-11-14 14:26 - 2014-09-04 14:30 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-11-14 14:26 - 2014-09-03 18:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-11-14 14:26 - 2014-09-03 17:01 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-11-14 14:26 - 2014-09-03 16:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-11-14 14:26 - 2014-08-30 16:17 - 00148800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-11-14 14:26 - 2014-08-30 14:05 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2014-11-14 14:26 - 2014-08-30 13:58 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2014-11-14 14:26 - 2014-08-30 12:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2014-11-14 14:26 - 2014-08-30 12:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-11-14 14:26 - 2014-08-27 16:21 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-11-14 14:26 - 2014-08-27 16:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-11-14 14:26 - 2014-08-01 16:51 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2014-11-14 14:26 - 2014-08-01 16:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2014-11-14 14:22 - 2014-11-14 14:22 - 00000000 ____D () C:\Program Files (x86)\Dell Digital Delivery
2014-11-13 15:51 - 2014-11-13 15:51 - 00001870 _____ () C:\Users\Vicente Caastro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2014-11-11 18:19 - 2014-11-11 18:19 - 00409088 _____ () C:\Users\Vicente Caastro\Desktop\iWatchDVR.exe
2014-11-11 17:56 - 2014-11-11 17:56 - 00083968 _____ () C:\Users\Vicente Caastro\Downloads\DVRemoteDesktop.exe
2014-11-10 20:44 - 2014-11-25 05:26 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-11-10 20:44 - 2014-11-10 20:44 - 00000000 ____D () C:\Users\Vicente Caastro\AppData\Local\Bluestacks
2014-11-10 20:42 - 2014-11-10 20:42 - 13444288 _____ (BlueStack Systems Inc.) C:\Users\Vicente Caastro\Downloads\WhatsApp [1].exe
2014-11-01 14:40 - 2014-11-01 14:49 - 00000000 ____D () C:\Users\Vicente Caastro\AppData\Roaming\CyberLink
2014-11-01 14:40 - 2014-11-01 14:40 - 00000000 ____D () C:\Users\Vicente Caastro\Documents\CyberLink
2014-11-01 14:40 - 2014-11-01 14:40 - 00000000 ____D () C:\Users\Vicente Caastro\AppData\Local\CyberLink
2014-10-29 10:42 - 2014-10-29 10:42 - 00510256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2014-10-29 10:42 - 2014-10-29 10:42 - 00354608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2014-10-29 10:42 - 2014-10-29 10:42 - 00249648 _____ (Sensible Vision ) C:\WINDOWS\system32\FAPassSync.dll
2014-10-29 10:42 - 2014-10-29 10:42 - 00188208 _____ (Sensible Vision ) C:\WINDOWS\SysWOW64\FAPassSync.dll
2014-10-29 10:42 - 2014-10-29 10:42 - 00094000 _____ () C:\WINDOWS\system32\FAIEExtension.dll
2014-10-29 10:42 - 2014-10-29 10:42 - 00084784 _____ () C:\WINDOWS\SysWOW64\FAIEExtension.dll
2014-10-29 10:42 - 2014-10-29 10:42 - 00060208 _____ () C:\WINDOWS\SysWOW64\FAib.dll
2014-10-29 10:41 - 2014-10-29 10:41 - 08235312 _____ (Sensible Vision ) C:\WINDOWS\system32\FAIESSODlg.dll
2014-10-29 10:41 - 2014-10-29 10:41 - 07623984 _____ (Sensible Vision ) C:\WINDOWS\SysWOW64\FAIESSODlg.dll
2014-10-29 10:41 - 2014-10-29 10:41 - 01392944 _____ (Sensible Vision ) C:\WINDOWS\system32\FACredProv.dll
2014-10-29 10:41 - 2014-10-29 10:41 - 01233712 _____ (Sensible Vision ) C:\WINDOWS\SysWOW64\FACredProv.dll
2014-10-29 10:41 - 2014-10-29 10:41 - 01094448 _____ (Sensible Vision ) C:\WINDOWS\system32\FACredProv2.dll
2014-10-29 10:41 - 2014-10-29 10:41 - 00938800 _____ (Sensible Vision ) C:\WINDOWS\SysWOW64\FACredProv2.dll
2014-10-29 10:41 - 2014-10-29 10:41 - 00591664 _____ () C:\WINDOWS\SysWOW64\FACrashRpt.dll
2014-10-29 10:41 - 2014-10-29 10:41 - 00458032 _____ (Sensible Vision ) C:\WINDOWS\system32\FAConsIfDLL.dll
2014-10-29 10:41 - 2014-10-29 10:41 - 00396080 _____ (Sensible Vision ) C:\WINDOWS\SysWOW64\FAConsIfDLL.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-25 17:29 - 2014-10-15 18:07 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-25 17:00 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-25 16:46 - 2014-10-18 18:29 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-25 16:29 - 2014-10-15 18:07 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-25 16:18 - 2014-06-11 05:23 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-11-25 16:16 - 2014-10-01 07:31 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2632285177-1487941020-2454937484-1002
2014-11-25 16:11 - 2014-06-11 05:23 - 01183795 _____ () C:\WINDOWS\SysWOW64\rootpa.e2e
2014-11-25 16:10 - 2013-08-22 06:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-25 15:52 - 2014-10-18 18:10 - 00000000 ____D () C:\AdwCleaner
2014-11-25 13:09 - 2014-10-17 16:46 - 00000000 ____D () C:\Users\Vicente Caastro\AppData\Local\Adobe
2014-11-25 11:44 - 2014-10-01 07:22 - 00000000 ____D () C:\Users\Vicente Caastro\AppData\Local\VirtualStore
2014-11-25 06:51 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-11-25 06:06 - 2014-10-15 18:17 - 00000000 ____D () C:\Users\Vicente Caastro\AppData\Local\CrashDumps
2014-11-25 05:25 - 2014-10-18 16:37 - 00000000 ____D () C:\WINDOWS\Minidump
2014-11-25 05:25 - 2014-06-11 03:57 - 00000000 ___DC () C:\WINDOWS\Panther
2014-11-25 04:50 - 2014-06-11 05:16 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-11-25 00:27 - 2014-10-15 18:06 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-11-25 00:27 - 2013-08-22 05:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-25 00:26 - 2014-10-15

Link to comment
Share on other sites
Juliet Rookie

Juliet

Posted
Posted

The last log looks incomplete but we'll continue.

 

I want to bring something to your attention. Was this already on the machine as pre-installed or did you download it?

 

HKU\S-1-5-21-2632285177-1487941020-2454937484-1002\...\Run: [UpdateAdmin] => C:\Users\Vicente Caastro\AppData\Local\UpdateAdmin\UpdateAdmin.exe [225552 2014-10-16] (DownloadAdmin)

 

http://www.shouldiremoveit.com/updateadmin-140839-program.aspx

It's not been flagged as of yet but let's keep in mind down the road we might need to remove it since it comes bundled with 'advertiser supported'

 

~~~~~~~~~~~~~~~~

 

Make sure you export your passwords and bookmarks first so you still know how to login to sites.

 

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

U5NwUGc.pngBackup Chrome Bookmarks

 

Please download and install Revo Uninstaller 1.95.

Then please run Revo Uninstaller and select Google Chrome

Please click Uninstall icon to uninstall the selected program.

Please choose Advanced.

Then click Next and follow the prompts.

Please click Select All and Delete to delete all registry items, folders and files listed by Revo.

If asked to restart the computer, please do so.

Install the latest stable version from the link below:

Google Chrome 38.0.2125.111 and let me know if the program installed successfully.

 

To download Google Chrome again use the link below after running the script I create.

https://support.google.com/chrome/answer/95346?hl=en

 

 

~~~~~~~~~~~~~~~~~~~~~~~~`

Running from C:\Users\Vicente Caastro\Downloads

We can't use FRST running from this directory very easy, it can be done but several have issues trying so we'll move it.

 

Please go to the downloads folder, locate FRST, right click and select CUT

Now go to an open spot on desktop, right click and select PASTE

FRST should now be on desktop.

 

- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

 

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.

Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the

"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder

and the click the "Select Folder" button. Click OK to get out of the Options menu.

IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and

select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.

NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

start

CloseProcesses:

Task: {3BB277CF-A3A3-4BAD-839A-3568C0F2C7E7} - \TidyNetwork Update No Task File <==== ATTENTION

Task: C:\WINDOWS\Tasks\DGQC.job => C:\Users\Vicente Caastro\AppData\Roaming\DGQC.exe <==== ATTENTION

Task: C:\WINDOWS\Tasks\DSCBSMD.job => C:\Users\Vicente Caastro\AppData\Roaming\DSCBSMD.exe <==== ATTENTION

Task: C:\WINDOWS\Tasks\HKKLP.job => C:\Users\Vicente Caastro\AppData\Roaming\HKKLP.exe <==== ATTENTION

Task: C:\WINDOWS\Tasks\JULOHG.job => C:\Users\Vicente Caastro\AppData\Roaming\JULOHG.exe <==== ATTENTION

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

HKLM\...\Policies\Explorer: [NoFolderOptions] 0

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-2632285177-1487941020-2454937484-1002\...\MountPoints2: {64f47a48-5767-11e4-8263-645a046b12ca} - "F:\LaunchU3.exe" -a

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

SearchScopes: HKLM-x32 -> {A65CABAD-ECFC-4B43-BC16-7EF0906B7B3B} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB

BHO-x32: No Name -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> No File

CHR dev: Chrome dev build detected! <======= ATTENTION

S2 cae99edb; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptCrash.dll",ENT

c:\Program Files (x86)\Super Optimizer\SupOptCrash.dll

2014-11-14 16:30 - 2014-11-21 14:41 - 00001394 _____ () C:\WINDOWS\Tasks\JULOHG.job

2014-11-14 16:30 - 2014-11-21 14:41 - 00001390 _____ () C:\WINDOWS\Tasks\DGQC.job

2014-11-14 16:29 - 2014-11-21 14:41 - 00001740 _____ () C:\WINDOWS\Tasks\DSCBSMD.job

2014-11-14 16:29 - 2014-11-21 14:41 - 00001392 _____ () C:\WINDOWS\Tasks\HKKLP.job

EmptyTemp:

Hosts:

End

Open FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

***************

 

-AdwCleaner-by Xplode

 

Click on this link to download : ADWCleaner

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

 

Do not click on any links in the top Advertisment.

 

 

adwcleaner_download.png

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
  • NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

thisisujrt.gif

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
please post

Fixlog.txt

C:\AdwCleaner.txt

JRT.txt

Link to comment
Share on other sites
brownhornet Rookie

brownhornet

Posted
  • Author
Posted

ix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01
Ran by Vicente Caastro at 2014-11-26 12:15:21 Run:1
Running from C:\Users\Vicente Caastro\Desktop
Loaded Profile: Vicente Caastro (Available profiles: Vicente Caastro & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
Task: {3BB277CF-A3A3-4BAD-839A-3568C0F2C7E7} - \TidyNetwork Update No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\DGQC.job => C:\Users\Vicente Caastro\AppData\Roaming\DGQC.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\DSCBSMD.job => C:\Users\Vicente Caastro\AppData\Roaming\DSCBSMD.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\HKKLP.job => C:\Users\Vicente Caastro\AppData\Roaming\HKKLP.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\JULOHG.job => C:\Users\Vicente Caastro\AppData\Roaming\JULOHG.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2632285177-1487941020-2454937484-1002\...\MountPoints2: {64f47a48-5767-11e4-8263-645a046b12ca} - "F:\LaunchU3.exe" -a
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> {A65CABAD-ECFC-4B43-BC16-7EF0906B7B3B} URL = http://www.bing.com/...=IE11TR&pc=DCJB
BHO-x32: No Name -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> No File
CHR dev: Chrome dev build detected! <======= ATTENTION
S2 cae99edb; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptCrash.dll",ENT
c:\Program Files (x86)\Super Optimizer\SupOptCrash.dll
2014-11-14 16:30 - 2014-11-21 14:41 - 00001394 _____ () C:\WINDOWS\Tasks\JULOHG.job
2014-11-14 16:30 - 2014-11-21 14:41 - 00001390 _____ () C:\WINDOWS\Tasks\DGQC.job
2014-11-14 16:29 - 2014-11-21 14:41 - 00001740 _____ () C:\WINDOWS\Tasks\DSCBSMD.job
2014-11-14 16:29 - 2014-11-21 14:41 - 00001392 _____ () C:\WINDOWS\Tasks\HKKLP.job
EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BB277CF-A3A3-4BAD-839A-3568C0F2C7E7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BB277CF-A3A3-4BAD-839A-3568C0F2C7E7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update" => Key deleted successfully.
C:\WINDOWS\Tasks\DGQC.job => Moved successfully.
C:\WINDOWS\Tasks\DSCBSMD.job => Moved successfully.
C:\WINDOWS\Tasks\HKKLP.job => Moved successfully.
C:\WINDOWS\Tasks\JULOHG.job => Moved successfully.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
"HKU\S-1-5-21-2632285177-1487941020-2454937484-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64f47a48-5767-11e4-8263-645a046b12ca}" => Key deleted successfully.
"HKCR\CLSID\{64f47a48-5767-11e4-8263-645a046b12ca}" => Key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{A65CABAD-ECFC-4B43-BC16-7EF0906B7B3B}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{A65CABAD-ECFC-4B43-BC16-7EF0906B7B3B}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" => Key not found.
"HKCR\Wow6432Node\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" => Key not found.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
cae99edb => Service deleted successfully.
"c:\Program Files (x86)\Super Optimizer\SupOptCrash.dll" => File/Directory not found.
"C:\WINDOWS\Tasks\JULOHG.job" => File/Directory not found.
"C:\WINDOWS\Tasks\DGQC.job" => File/Directory not found.
"C:\WINDOWS\Tasks\DSCBSMD.job" => File/Directory not found.
"C:\WINDOWS\Tasks\HKKLP.job" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 44.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

Link to comment
Share on other sites
brownhornet Rookie

brownhornet

Posted
  • Author
Posted

# AdwCleaner v4.102 - Report created 26/11/2014 at 12:27:22
# Updated 23/11/2014 by Xplode
# Database : 2014-11-26.1 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : Vicente Caastro - VCASTRO
# Running from : C:\Users\Vicente Caastro\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v33.1 (x86 en-US)


*************************

AdwCleaner[R0].txt - [7638 octets] - [18/10/2014 18:10:45]
AdwCleaner[R1].txt - [11860 octets] - [25/11/2014 00:01:19]
AdwCleaner[R2].txt - [994 octets] - [25/11/2014 01:51:07]
AdwCleaner[R3].txt - [2202 octets] - [25/11/2014 15:17:36]
AdwCleaner[R4].txt - [1398 octets] - [25/11/2014 15:47:40]
AdwCleaner[R5].txt - [1354 octets] - [25/11/2014 18:59:34]
AdwCleaner[R6].txt - [1466 octets] - [26/11/2014 12:23:19]
AdwCleaner[s0].txt - [7389 octets] - [18/10/2014 18:15:02]
AdwCleaner[s1].txt - [11409 octets] - [25/11/2014 00:06:04]
AdwCleaner[s2].txt - [1054 octets] - [25/11/2014 03:24:13]
AdwCleaner[s3].txt - [2273 octets] - [25/11/2014 15:25:16]
AdwCleaner[s4].txt - [1461 octets] - [25/11/2014 15:52:00]
AdwCleaner[s5].txt - [1416 octets] - [25/11/2014 19:04:14]
AdwCleaner[s6].txt - [1388 octets] - [26/11/2014 12:27:22]

########## EOF - C:\AdwCleaner\AdwCleaner[s6].txt - [1448 octets] ##########

Link to comment
Share on other sites
brownhornet Rookie

brownhornet

Posted
  • Author
Posted

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.14.2014:1)
OS: Windows 8.1 x64
Ran by Vicente Caastro on Wed 11/26/2014 at 12:32:50.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/26/2014 at 12:39:47.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to comment
Share on other sites
Juliet Rookie

Juliet

Posted
Posted

Did you uninstall and redownload Google?

 

 

Download Malwarebytes' Anti-Malware to your desktop.

  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

MBAMDashboard_zpsddef9b5f.gif

  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Dections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes
Also tell me what the computer is doing now?
Link to comment
Share on other sites
Juliet Rookie

Juliet

Posted
Posted

laptop seems to be doing fine,one thing i noticed was that ''updateadmin'' popped up in system tray asking if i wanted to update IE, i said no. be back soon as scan is done. didnt reinstall chrome because the user said he never uses it

IE is updated through windows updates.
Link to comment
Share on other sites
brownhornet Rookie

brownhornet

Posted
  • Author
Posted

IE is updated through windows updates.

 

 

exactly why i didnt update it,can i remove it?

 

 

log file:

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 11/26/2014

Scan Time: 3:50:12 PM

Logfile: 11.txt

Administrator: Yes

 

Version: 2.00.3.1025

Malware Database: v2014.11.26.07

Rootkit Database: v2014.11.22.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Vicente Caastro

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 357094

Time Elapsed: 23 min, 49 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to comment
Share on other sites
Juliet Rookie

Juliet

Posted
Posted

it's running in the startups folder

O4 - HKCU\..\Run: [updateAdmin] C:\Users\Vicente Caastro\AppData\Local\UpdateAdmin\UpdateAdmin.exe /RUN

 

go to the windows search box on the tool bar

type in msconfig

click on the startup tab at the top

look through the list of items and if found remove the check next to

UpdateAdmin

 

you'll need to reboot.

 

Open Notepad and copy and paste the text in blue

 

 

 

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UpdateAdmin"=-

 

 

Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as to All Files" ..Double click on the delete.reg file and choose Yes to merge/add it to the registry. It will look like this regMiekie.png

.. You may delete the file afterwards.

 

 

*********

 

Copy all text in the code box (below)...to Notepad.

 

@echo off
del /f /s /q "C:\Users\Vicente Caastro\AppData\Local\UpdateAdmin\UpdateAdmin.exe"
del %0
Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"

 

Double click on delfile.bat to execute it.

A black CMD window will flash, then disappear...this is normal.

The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

 

 

~~~~~~~~~~`

 

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.

Most reliable and thorough.

The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.

This scanner can take quite a bit of time to run, depending of course how full your computer is.

 

 

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note:

    For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan.
Link to comment
Share on other sites
brownhornet Rookie

brownhornet

Posted
  • Author
Posted

are these still on computer or are they whats in the quarentine

 

log file:

 

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Framed Display\gagcbogmgkaogoadfcoicjdojbmkegao.crx.vir Win32/BrowseFox.Q potentially unwanted application
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Users\Vicente Caastro\AppData\Roaming\DGQC JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\Vicente Caastro\AppData\Roaming\DSCBSMD JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\Vicente Caastro\AppData\Roaming\HKKLP JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\Vicente Caastro\AppData\Roaming\JULOHG JS/Toolbar.Crossrider.C potentially unwanted application
C:\Users\Vicente Caastro\Downloads\ccsetup419.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows.old\Users\Vicente Caastro\AppData\Roaming\OKLB JS/Toolbar.Crossrider.C potentially unwanted application
C:\Windows.old\Users\Vicente Caastro\AppData\Roaming\QTM JS/Toolbar.Crossrider.C potentially unwanted application

Link to comment
Share on other sites
Juliet Rookie

Juliet

Posted
Posted

1 item was still in quarantine and the another is a backup program installed by dell, the file was installed as a component of a Dell application, I wouldn't be concerned.

 

JS/Toolbar.Crossrider came in through an out dated Java.

 

 

There was a reinstall that held a couple of bad files and folders that we should be able to get out now.

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

start

CloseProcesses:

Folder: C:\Users\Vicente Caastro\AppData\Roaming\DGQC

Folder: C:\Users\Vicente Caastro\AppData\Roaming\DSCBSMD

Folder: C:\Users\Vicente Caastro\AppData\Roaming\HKKLP

Folder: C:\Users\Vicente Caastro\AppData\Roaming\JULOHG

Folder: C:\Users\Vicente Caastro\Downloads\ccsetup419.exe

Folder: C:\Windows.old\Users\Vicente Caastro\AppData\Roaming\OKLB

Folder: C:\Windows.old\Users\Vicente Caastro\AppData\Roaming\QTM

EmptyTemp:

Hosts:

End

Open FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

~~~~~~~~~~~~~~~~~~

 

See this page for instructions on how to clear java's cache.

 

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked

    • Downloaded Applets

      Downloaded Applications

      Installed Applications and Applets

  • Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

  • Click OK to leave the Java Control Panel.
----------

 

When installing Java do not click boxes to install anything extra.

 

Install Java:

 

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close
Link to comment
Share on other sites
brownhornet Rookie

brownhornet

Posted
  • Author
Posted (edited)

i got an almost endless loop when trying to install java,took 20min to install. kept saying i had an outdated version,uninstall,reinstall. hope i got it right. anyways here it is. went to java site and it said i have updated version so i guess i did it right

 

log file:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01
Ran by Vicente Caastro at 2014-11-27 12:26:47 Run:2
Running from C:\Users\Vicente Caastro\Desktop
Loaded Profile: Vicente Caastro (Available profiles: Vicente Caastro & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
Folder: C:\Users\Vicente Caastro\AppData\Roaming\DGQC
Folder: C:\Users\Vicente Caastro\AppData\Roaming\DSCBSMD
Folder: C:\Users\Vicente Caastro\AppData\Roaming\HKKLP
Folder: C:\Users\Vicente Caastro\AppData\Roaming\JULOHG
Folder: C:\Users\Vicente Caastro\Downloads\ccsetup419.exe
Folder: C:\Windows.old\Users\Vicente Caastro\AppData\Roaming\OKLB
Folder: C:\Windows.old\Users\Vicente Caastro\AppData\Roaming\QTM
EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.

========================= Folder: C:\Users\Vicente Caastro\AppData\Roaming\DGQC ========================

The path is not a directory.

========================= Folder: C:\Users\Vicente Caastro\AppData\Roaming\DSCBSMD ========================

The path is not a directory.

========================= Folder: C:\Users\Vicente Caastro\AppData\Roaming\HKKLP ========================

The path is not a directory.

========================= Folder: C:\Users\Vicente Caastro\AppData\Roaming\JULOHG ========================

The path is not a directory.

========================= Folder: C:\Users\Vicente Caastro\Downloads\ccsetup419.exe ========================

The path is not a directory.

========================= Folder: C:\Windows.old\Users\Vicente Caastro\AppData\Roaming\OKLB ========================

The path is not a directory.

========================= Folder: C:\Windows.old\Users\Vicente Caastro\AppData\Roaming\QTM ========================

The path is not a directory.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 23.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

Edited by brownhornet
Link to comment
Share on other sites
Juliet Rookie

Juliet

Posted
Posted

Your going to kill me cause I didn't do that right

 

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.

Paste this into the open notepad. save it to the Desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

 

start

CloseProcesses:

C:\Users\Vicente Caastro\Downloads\ccsetup419.exe

Folder:

C:\Users\Vicente Caastro\AppData\Roaming\DGQC

C:\Users\Vicente Caastro\AppData\Roaming\DSCBSMD

C:\Users\Vicente Caastro\AppData\Roaming\HKKLP

C:\Users\Vicente Caastro\AppData\Roaming\JULOHG

C:\Windows.old\Users\Vicente Caastro\AppData\Roaming\OKLB

C:\Windows.old\Users\Vicente Caastro\AppData\Roaming\QTM

EmptyTemp:

End

Open FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

We ready to remove tools and quarantine folders?

Link to comment
Share on other sites
brownhornet Rookie

brownhornet

Posted
  • Author
Posted

ready to remove when you are,how could one be mad at you? happy turkey day!!!

 

log file:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01
Ran by Vicente Caastro at 2014-11-27 18:36:09 Run:3
Running from C:\Users\Vicente Caastro\Desktop
Loaded Profile: Vicente Caastro (Available profiles: Vicente Caastro & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\Users\Vicente Caastro\Downloads\ccsetup419.exe
Folder:
C:\Users\Vicente Caastro\AppData\Roaming\DGQC
C:\Users\Vicente Caastro\AppData\Roaming\DSCBSMD
C:\Users\Vicente Caastro\AppData\Roaming\HKKLP
C:\Users\Vicente Caastro\AppData\Roaming\JULOHG
C:\Windows.old\Users\Vicente Caastro\AppData\Roaming\OKLB
C:\Windows.old\Users\Vicente Caastro\AppData\Roaming\QTM
EmptyTemp:
End
*****************

Processes closed successfully.
C:\Users\Vicente Caastro\Downloads\ccsetup419.exe => Moved successfully.

========================= Folder: ========================

Directory Not Found
C:\Users\Vicente Caastro\AppData\Roaming\DGQC => Moved successfully.
C:\Users\Vicente Caastro\AppData\Roaming\DSCBSMD => Moved successfully.
C:\Users\Vicente Caastro\AppData\Roaming\HKKLP => Moved successfully.
C:\Users\Vicente Caastro\AppData\Roaming\JULOHG => Moved successfully.
C:\Windows.old\Users\Vicente Caastro\AppData\Roaming\OKLB => Moved successfully.
C:\Windows.old\Users\Vicente Caastro\AppData\Roaming\QTM => Moved successfully.
EmptyTemp: => Removed 81 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

Link to comment
Share on other sites
Juliet Rookie

Juliet

Posted
Posted

Happy Turkey day to you too! gobble gobble

  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked

    Also tick:

  • Create registry backup
  • Click Run
  • Purge system restore
delfix.jpg

 

Any other tools and files found can simply be deleted or uninstall via Add/Remove Programs in the Control Panel etc.

The following programmes come highly recommended in the security community.
  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
  • EG85Vjt.pngMalwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.pngNoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.pngSecuina PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpgSpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...