gpc007

All is now well. Thank you very much for your superb assistance. I am amazed that such talent is available and willing to help SO QUICKLY. FWIW, my daughter thanks you profusely (this was her PC). Oh, and I also strongly believe in supporting what you do so I took care of the donation step as well ;-). All the best. This issue can be updated to SOLVED.

My bad ... I attached the wrong file. Attached is the Fixlog file. It was generated as you instructed. I simply neglected to attach it to my prior post. Fixlog2.txt

FRST rerun (this time it ran in less than 5 seconds; a reboot was required) ... logs attached. MWB rerun (no threats detected as before; a reboot was not required) ... log attached. Dr. Web run in safe mode (no threats) ... log attached. ADWCleaner run in safe mode (no items listed, but I clicked Clean anyway; a reboot was required (not safe mode this time)) ... log attached. FRST3.txt Addition3.txt MWB-log3.txt cureit.log AdwCleanerS0.txt

Done. Attached are the latest FRST log files. FRST.txt Addition.txt

No worries ... I just hadn't waited long enough. FRST finished shortly after my last post ... about 70 min to run, I figure. I have been wrapping up the rest of your instructed steps. I have attached the 4 log/report files you requested. I also have another MWB scan log from last night that has the files originally cleaned by MWB if you want me to send that (that was from before I started this post). Finally, I have left RogueKiller running ... there are 2 gray-highlighted Registry entries (that start with "PUM"), and an orange-highlighted Task entry (type: suspicious.path). I will leave things be until I hear back. Thank you again! Fixlog.txt MWB-scanlog2.txt mrtlog.txt RKreport_SCN_09242014_130155.log

Thank you for your very quick reply. I have initiated the first step you requested (FRST fix). It has been running for about an hour with "Fixing in progress. Please wait." A Fixlog.txt file has been created, though and ends with "HKU\S-1-5-21... ==> Key not found.". Is this a long process or do you suspect it has finished? Thank you again

This PC became infected before MalwareBytes was installed. It was runnint ESET antivirus software. The original symptom is CPU being completely maxed with MANY instances of dllhost / COM Surrogate running. These only get generated when connected to a network. With WIFI disabled, the PC does not generate these. After installing MalwareBytes Premium, numerous files were detected and cleaned, but the problem persists. In addition, every 3-5 seconds, MalwareBytes detects and blocks a "malicious website". These sites vary, but I see a lot of "95.215.1.57" and "fffsee.com". I ran FRST and below are the logs requested. Thank you for any help you are able to provide. FRST.TXT: =============================================================================================== Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2014 Ran by Nikki (administrator) on LAPTOP-NIKKI on 24-09-2014 03:57:30 Running from H:\ Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe (APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (Pro Softnet Corporation) C:\IDrive\IDriveE Service.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (O2Micro International) C:\Windows\System32\drivers\o2flash.exe (Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe (Rosetta Stone Ltd.) C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe ( ) C:\IDrive\IDrivePlugin.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe () C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Pro Softnet Corp.) C:\IDrive\IDriveETray.exe (Pro-SoftNet Corp, U.S.A) C:\IDrive\IDriveEBackground.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officec2rclient.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [505720 2011-07-20] (Alps Electric Co., Ltd.) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [536668 2011-01-24] (IDT, Inc.) HKLM\...\Run: [FreeFallProtection] => C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] () HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5110672 2013-09-12] (ESET) HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2602784 2013-12-04] () HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1942424 2014-08-29] (APN) Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.) HKU\S-1-5-21-475017880-3412151489-2877756071-1003\...\Run: [iDriveE Startup] => C:\IDrive\IDrvieEStartup.exe [185800 2011-06-24] (Pro Softnet Corporation) HKU\S-1-5-21-475017880-3412151489-2877756071-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-08-18] (Google Inc.) HKU\S-1-5-21-475017880-3412151489-2877756071-1003\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! HKU\S-1-5-21-475017880-3412151489-2877756071-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iDriveE Startup] => C:\IDrive\IDrvieEStartup.exe [185800 2011-06-24] (Pro Softnet Corporation) HKU\S-1-5-21-475017880-3412151489-2877756071-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-08-18] (Google Inc.) AppInit_DLLs: C:\Windows\system32\nvinit.dll => C:\Windows\system32\nvinit.dll [156256 2013-12-04] (NVIDIA Corporation) Lsa: [Authentication Packages] msv1_0 wvauth Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.) Startup: C:\Users\Nikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDrive Tray.lnk ShortcutTarget: IDrive Tray.lnk -> C:\IDrive\IDriveEReg2ini.exe (Pro Softnet Corp.) ShellIconOverlayIdentifiers: EnabledUnlockedFDEIconOverlay -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.) ShellIconOverlayIdentifiers: UninitializedFdeIconOverlay -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/webhp?sourceid=navclient&ie=UTF-8&gws_rd=ssl SearchScopes: HKCU - DefaultScope {09CE4A42-A9A2-49DD-A0E0-06D95FCBB159} URL = http://www.search.ask.com/web?tpid=ORJ-ST-SPE&o=APN11460&pf=V7&p2=^BE6^OSJ000^YY^US&gct=&itbv=12.16.2.54&apn_uid=1F10A509-ADE8-4C22-8355-BB14ED0C6DA0&apn_ptnrs=BE6&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.17280&doi=2014-09-17&trgb=IE&q={searchTerms}&psv=&pt=tb SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP1B2D0F91-D6D0-4410-902F-EED2BE72CC0B&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} SearchScopes: HKCU - {01D17C2A-FD50-4CE9-B069-076D6DF7C0A5} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {09CE4A42-A9A2-49DD-A0E0-06D95FCBB159} URL = http://www.search.ask.com/web?tpid=ORJ-ST-SPE&o=APN11460&pf=V7&p2=^BE6^OSJ000^YY^US&gct=&itbv=12.16.2.54&apn_uid=1F10A509-ADE8-4C22-8355-BB14ED0C6DA0&apn_ptnrs=BE6&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.17280&doi=2014-09-17&trgb=IE&q={searchTerms}&psv=&pt=tb BHO: Shopping App by Ask -> {4F524A2D-5354-2D53-5045-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport.dll (APN LLC.) BHO: Ask Toolbar -> {4F524A2D-5637-4300-76A7-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll (APN LLC.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM - Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll (APN LLC.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - Shopping App by Ask - {4F524A2D-5354-2D53-5045-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport.dll (APN LLC.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\zlrlv7md.default FF SelectedSearchEngine: Google FF Homepage: https://www.google.com/?gws_rd=ssl FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-03-08] Chrome: ======= CHR HomePage: Default -> FD2CDB8F12BBBE701DB84B78126884CB69BD9F81538EA0F5E6E30AB95EF6433F CHR DefaultSearchKeyword: Default -> E9A44F1AD69990680DA158AFFDC8E360E82408F199F222DF9436CB027365880C CHR DefaultSearchURL: Default -> 1FD560904E47B2C529B14DD7DC7181515BE594723CF5014D573428705F485C23 CHR CustomProfile: C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-18] CHR Extension: (Google Drive) - C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-18] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-19] CHR Extension: (YouTube) - C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-18] CHR Extension: (Google Search) - C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-18] CHR Extension: (Google Wallet) - C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-18] CHR Extension: (Gmail) - C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-18] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-08-29] (APN LLC.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1626800 2014-07-31] (Microsoft Corporation) R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [826272 2010-10-25] (Broadcom Corporation) R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [32160 2010-10-25] (Broadcom Corporation) R2 dcpsysmgrsvc; C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2011-01-20] (Dell Inc.) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1337752 2013-09-12] (ESET) R2 IDriveE Service; C:\IDrive\IDriveE Service.exe [157128 2011-11-21] (Pro Softnet Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-01-18] (Hewlett-Packard) [File not signed] R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [72296 2010-02-10] (O2Micro International) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-01-18] (Hewlett-Packard) [File not signed] R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [605168 2014-02-19] (Paramount Software UK Ltd) R2 RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [1646608 2012-06-19] (Rosetta Stone Ltd.) S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1477632 2010-11-03] (Wave Systems Corp.) [File not signed] R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2011-01-24] (IDT, Inc.) S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed] R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2337136 2011-03-04] (Wave Systems Corp.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [43888 2010-12-13] (ST Microelectronics) R3 BTWAMPFL; C:\Windows\System32\DRIVERS\btwampfl.sys [300584 2014-02-18] (Broadcom Corporation.) R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2010-08-24] (Broadcom Corporation) R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [358224 2012-08-10] (Intel Corporation) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [188808 2013-09-17] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [122376 2013-09-17] (ESET) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-24] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) S3 MEI; C:\Windows\system32\drivers\HECI.sys [41088 2010-10-19] (Intel Corporation) R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7434240 2010-12-21] (Intel Corporation) S3 nusb3hub; C:\Windows\system32\drivers\nusb3hub.sys [62208 2010-11-19] (Renesas Electronics Corporation) S3 nusb3xhc; C:\Windows\system32\drivers\nusb3xhc.sys [141568 2010-11-19] (Renesas Electronics Corporation) R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [208672 2013-12-04] (NVIDIA Corporation) R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [27936 2013-12-04] (NVIDIA Corporation) R3 O2MDFRDR; C:\Windows\System32\DRIVERS\O2MDFxp.sys [60192 2011-01-04] (O2Micro ) S3 O2MDRRDR; C:\Windows\system32\drivers\O2MDRw7.sys [62440 2011-01-04] (O2Micro ) R3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjvst.sys [63976 2011-03-23] (O2Micro ) R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc) R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16504 2013-06-28] (Macrium Software) S3 ST7007; C:\Windows\system32\drivers\ST7007.sys [62576 2011-06-20] (STMicroelectronics) R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17648 2010-08-20] (ST Microelectronics) S3 tcm; C:\Windows\system32\drivers\tcm.sys [12952 2009-04-17] () ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-24 03:55 - 2014-09-24 03:57 - 00000000 ____D () C:\FRST 2014-09-24 03:07 - 2014-09-24 03:39 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-24 03:06 - 2014-09-24 03:06 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-09-24 03:06 - 2014-09-24 03:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-24 03:06 - 2014-09-24 03:06 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-24 03:06 - 2014-09-24 03:06 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-09-24 03:06 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-24 03:06 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-24 03:06 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-24 02:45 - 2014-09-24 02:45 - 00003288 ____N () C:\bootsqm.dat 2014-09-24 02:20 - 2014-03-04 05:17 - 00868352 _____ (Microsoft Corporation) C:\ProgramData\wsesfqh.dll 2014-09-24 02:20 - 2013-08-28 21:50 - 01289096 _____ (Microsoft Corporation) C:\ProgramData\qwypnms.dll 2014-09-23 23:00 - 2014-09-23 23:00 - 00048640 _____ () C:\Windows\system32\wosyw.dll 2014-09-23 23:00 - 2014-09-23 23:00 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage 2014-09-23 23:00 - 2014-09-23 23:00 - 00000000 _____ () C:\Windows\system32\xitpi.dll 2014-09-22 11:51 - 2014-09-22 11:51 - 00000000 ___RD () C:\Program Files\Skype 2014-09-22 11:51 - 2014-09-22 11:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-09-22 11:51 - 2014-09-22 11:51 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-09-21 02:27 - 2014-09-21 02:27 - 00049673 _____ () C:\Users\Nikki\Documents\SAB2.pptx 2014-09-21 00:09 - 2014-09-21 01:58 - 00044040 _____ () C:\Users\Nikki\Documents\SAB.pptx 2014-09-17 19:37 - 2014-09-17 19:37 - 00004477 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log 2014-09-17 19:37 - 2014-09-17 19:37 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-09-16 21:29 - 2014-09-16 21:29 - 00157639 _____ () C:\Users\Nikki\Documents\Spanish II 2.05.wma 2014-09-14 19:05 - 2014-09-14 19:05 - 00001351 _____ () C:\Users\Nikki\Desktop\Sticky Notes.lnk 2014-09-14 02:22 - 2014-09-24 00:24 - 00042462 _____ () C:\Users\Nikki\Documents\TTI IP.pptx 2014-09-13 23:35 - 2014-09-17 13:17 - 00592384 _____ () C:\Users\Nikki\Documents\rectangle2.pptx 2014-09-13 21:56 - 2014-09-13 21:57 - 00153088 _____ () C:\Users\Nikki\Documents\rectangle1.pptx 2014-09-13 13:06 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-13 13:06 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-13 13:06 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-13 13:06 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-13 13:06 - 2014-08-18 17:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-13 13:06 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-13 13:06 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-13 13:06 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-13 13:06 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-13 13:06 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-13 13:06 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-13 13:06 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-13 13:06 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-13 13:06 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-13 13:06 - 2014-08-18 17:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-13 13:06 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-13 13:06 - 2014-08-18 17:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-13 13:06 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-13 13:06 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-13 13:06 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-13 13:06 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-13 13:06 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-13 13:06 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-13 13:06 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-13 13:06 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-13 13:06 - 2014-08-18 17:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-13 13:06 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-13 13:06 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-13 13:06 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-13 13:06 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-13 13:06 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-11 22:09 - 2014-07-06 21:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-11 22:09 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-11 22:09 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-11 22:08 - 2014-09-04 21:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-11 22:08 - 2014-09-04 21:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-11 22:08 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-10 19:50 - 2014-09-10 21:09 - 00048347 _____ () C:\Users\Nikki\Documents\!.pptx 2014-09-08 14:16 - 2014-09-08 14:16 - 00031357 _____ () C:\Users\Nikki\Documents\kh.pptx 2014-09-08 00:01 - 2014-09-08 00:01 - 00363678 _____ () C:\Users\Nikki\Documents\FW2.pptx 2014-09-07 17:08 - 2014-09-07 17:08 - 00376320 _____ () C:\Users\Nikki\Documents\FW.pptx 2014-09-05 12:30 - 2014-09-05 17:59 - 02697294 _____ () C:\Users\Nikki\Documents\USH 1.05H.pptx 2014-09-03 21:19 - 2014-09-03 21:19 - 00630206 _____ () C:\Users\Nikki\Documents\English II 1.04(2).pptx 2014-09-03 12:29 - 2014-09-03 12:29 - 00000000 ____D () C:\Users\Nikki\Documents\Bluetooth Exchange Folder 2014-08-30 21:23 - 2014-09-03 21:19 - 00630231 _____ () C:\Users\Nikki\Documents\English II 1.04.pptx 2014-08-29 13:56 - 2014-08-29 13:56 - 00005844 _____ () C:\Users\Nikki\Documents\Algebra II 1.05 Grid.ggb 2014-08-28 11:16 - 2014-08-22 21:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-28 11:16 - 2014-08-22 20:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-24 03:57 - 2014-09-24 03:55 - 00000000 ____D () C:\FRST 2014-09-24 03:56 - 2009-07-14 00:34 - 00030896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-24 03:56 - 2009-07-14 00:34 - 00030896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-24 03:46 - 2010-11-20 17:01 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-24 03:39 - 2014-09-24 03:07 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-24 03:39 - 2014-08-18 12:26 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfbb013a16b54f.job 2014-09-24 03:39 - 2014-04-01 14:01 - 00000000 ____D () C:\IDrive 2014-09-24 03:38 - 2014-05-20 22:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-24 03:38 - 2014-02-18 18:07 - 01728290 _____ () C:\Windows\WindowsUpdate.log 2014-09-24 03:38 - 2010-11-20 17:48 - 00161328 _____ () C:\Windows\PFRO.log 2014-09-24 03:38 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-24 03:38 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\twain_32 2014-09-24 03:38 - 2009-07-14 00:39 - 00042432 _____ () C:\Windows\setupact.log 2014-09-24 03:37 - 2014-08-18 12:32 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfbb01ef80f922.job 2014-09-24 03:06 - 2014-09-24 03:06 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-09-24 03:06 - 2014-09-24 03:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-24 03:06 - 2014-09-24 03:06 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-24 03:06 - 2014-09-24 03:06 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-09-24 03:05 - 2014-03-08 02:28 - 00000000 ____D () C:\_Installs 2014-09-24 02:45 - 2014-09-24 02:45 - 00003288 ____N () C:\bootsqm.dat 2014-09-24 00:24 - 2014-09-14 02:22 - 00042462 _____ () C:\Users\Nikki\Documents\TTI IP.pptx 2014-09-23 23:00 - 2014-09-23 23:00 - 00048640 _____ () C:\Windows\system32\wosyw.dll 2014-09-23 23:00 - 2014-09-23 23:00 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage 2014-09-23 23:00 - 2014-09-23 23:00 - 00000000 _____ () C:\Windows\system32\xitpi.dll 2014-09-23 21:55 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-09-22 13:13 - 2014-03-08 06:50 - 00000000 ____D () C:\Users\Nikki\AppData\Roaming\Skype 2014-09-22 12:52 - 2014-03-08 16:42 - 00000000 ____D () C:\Users\Nikki\Documents\Personal 2014-09-22 11:51 - 2014-09-22 11:51 - 00000000 ___RD () C:\Program Files\Skype 2014-09-22 11:51 - 2014-09-22 11:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-09-22 11:51 - 2014-09-22 11:51 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-09-22 11:51 - 2014-03-08 06:50 - 00002503 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-09-22 11:51 - 2014-03-08 06:50 - 00000000 ____D () C:\ProgramData\Skype 2014-09-21 02:27 - 2014-09-21 02:27 - 00049673 _____ () C:\Users\Nikki\Documents\SAB2.pptx 2014-09-21 01:58 - 2014-09-21 00:09 - 00044040 _____ () C:\Users\Nikki\Documents\SAB.pptx 2014-09-17 21:07 - 2014-03-08 16:42 - 00000000 ____D () C:\Users\Nikki\Documents\myss 2014-09-17 19:40 - 2014-03-08 04:19 - 00000000 ____D () C:\ProgramData\Oracle 2014-09-17 19:37 - 2014-09-17 19:37 - 00004477 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log 2014-09-17 19:37 - 2014-09-17 19:37 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-09-17 19:37 - 2014-03-08 04:22 - 00000000 ____D () C:\Program Files\Java 2014-09-17 13:17 - 2014-09-13 23:35 - 00592384 _____ () C:\Users\Nikki\Documents\rectangle2.pptx 2014-09-16 22:53 - 2014-03-08 16:43 - 00000000 ____D () C:\Users\Nikki\Documents\Spanish I 2014-09-16 21:29 - 2014-09-16 21:29 - 00157639 _____ () C:\Users\Nikki\Documents\Spanish II 2.05.wma 2014-09-15 09:06 - 2014-03-08 02:24 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-09-14 20:51 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-09-14 19:38 - 2014-03-08 04:14 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-09-14 19:38 - 2014-03-08 04:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-09-14 19:05 - 2014-09-14 19:05 - 00001351 _____ () C:\Users\Nikki\Desktop\Sticky Notes.lnk 2014-09-13 21:57 - 2014-09-13 21:56 - 00153088 _____ () C:\Users\Nikki\Documents\rectangle1.pptx 2014-09-13 13:06 - 2014-03-08 16:21 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-13 13:04 - 2014-04-30 16:45 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-13 13:04 - 2014-03-08 16:21 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-11 22:11 - 2014-08-18 12:27 - 00002135 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-09-10 21:09 - 2014-09-10 19:50 - 00048347 _____ () C:\Users\Nikki\Documents\!.pptx 2014-09-10 17:08 - 2014-08-19 09:53 - 00118076 _____ () C:\Users\Nikki\Documents\English II Pace Chart.xlsx 2014-09-08 14:16 - 2014-09-08 14:16 - 00031357 _____ () C:\Users\Nikki\Documents\kh.pptx 2014-09-08 00:01 - 2014-09-08 00:01 - 00363678 _____ () C:\Users\Nikki\Documents\FW2.pptx 2014-09-07 17:08 - 2014-09-07 17:08 - 00376320 _____ () C:\Users\Nikki\Documents\FW.pptx 2014-09-05 17:59 - 2014-09-05 12:30 - 02697294 _____ () C:\Users\Nikki\Documents\USH 1.05H.pptx 2014-09-04 21:52 - 2014-09-11 22:08 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-04 21:47 - 2014-09-11 22:08 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-03 21:20 - 2014-04-09 16:54 - 01536000 ___SH () C:\Users\Nikki\Documents\Thumbs.db 2014-09-03 21:19 - 2014-09-03 21:19 - 00630206 _____ () C:\Users\Nikki\Documents\English II 1.04(2).pptx 2014-09-03 21:19 - 2014-08-30 21:23 - 00630231 _____ () C:\Users\Nikki\Documents\English II 1.04.pptx 2014-09-03 12:29 - 2014-09-03 12:29 - 00000000 ____D () C:\Users\Nikki\Documents\Bluetooth Exchange Folder 2014-09-03 12:28 - 2014-03-08 04:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-09-03 12:28 - 2009-07-14 00:33 - 00321192 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-30 18:01 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache 2014-08-30 14:54 - 2014-04-03 16:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-08-29 13:56 - 2014-08-29 13:56 - 00005844 _____ () C:\Users\Nikki\Documents\Algebra II 1.05 Grid.ggb 2014-08-29 11:48 - 2014-03-08 02:40 - 00000000 ____D () C:\Program Files\Microsoft Office 15 Files to move or delete: ==================== C:\ProgramData\qwypnms.dll C:\ProgramData\wsesfqh.dll Some content of TEMP: ==================== C:\Users\Nikki\AppData\Local\Temp\APNSetup.exe C:\Users\Nikki\AppData\Local\Temp\emsxocl.dll C:\Users\Nikki\AppData\Local\Temp\Foxit Reader Updater.exe C:\Users\Nikki\AppData\Local\Temp\InstHelper.exe C:\Users\Nikki\AppData\Local\Temp\MSNCDCB.exe C:\Users\Nikki\AppData\Local\Temp\prmouyy.dll C:\Users\Nikki\AppData\Local\Temp\ucfpooo.dll C:\Users\Nikki\AppData\Local\Temp\ygnvvtu.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-16 13:18 ==================== End Of Log ============================ ADDITION.TXT: =============================================================================================== Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-09-2014 Ran by Nikki at 2014-09-24 04:00:30 Running from H:\ Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 32 Bit HP CIO Components Installer (Version: 7.1.4 - Hewlett-Packard) Hidden AccelerometerP11 (HKLM\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.22 - STMicroelectronics) Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Ask Toolbar (HKLM\...\{4F524A2D-5637-4300-76A7-A758B70C1002}) (Version: 12.16.2.57 - APN, LLC) <==== ATTENTION BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version: 7.80.4.0 - Conexant) Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Dell ControlVault Host Components Installer (Version: 2.0.20.159 - Broadcom Corporation) Hidden Dell Data Protection | Access (HKLM\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.0.00001.000 - Dell Inc.) Dell Data Protection | Access (Version: 01.00.01.000 - Wave Systems Corp) Hidden Dell Data Protection | Access | Drivers (HKLM\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 1.00.011 - Dell Inc.) Dell Data Protection | Access | Middleware (HKLM\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 1.00.005 - Dell Inc.) Dell System Manager (HKLM\...\{43CFE88C-A97B-4875-9BCC-E93EC0EEEEA4}) (Version: 1.6.00000 - Dell Inc.) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.124 - ALPS ELECTRIC CO., LTD.) DellAccess (Version: 01.00.00.078 - Wave Systems Corp.) Hidden EMBASSY Security Center (Version: 04.02.00.072 - Wave Systems Corp.) Hidden ESET NOD32 Antivirus (HKLM\...\{1BE7C1D9-06A8-466D-ADEA-B07F68BDEFB5}) (Version: 7.0.302.26 - ESET, spol s r. o.) Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.0.5.618 - Foxit Corporation) FreeMind (HKLM\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0 - ) Gemalto (Version: 01.01.01.0000 - Wave Systems Corp) Hidden GeoGebra 4.4 (HKLM\...\GeoGebra 4.4) (Version: 4.4.22.0 - International GeoGebra Institute) Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden IDrive version 3.4.1 January 03, 2012 (HKLM\...\IDrive_is1) (Version: 3.4.1 - ProSoftnet Corp) Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation) Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.) Macrium Reflect Free Edition (Version: 5.2.6474 - Paramount Software (UK) Ltd.) Hidden Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation) Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NTRU TCG Software Stack (Version: 2.1.34 - Security Innovation) Hidden NVIDIA Control Panel 327.62 (Version: 327.62 - NVIDIA Corporation) Hidden NVIDIA Graphics Driver 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.141.953 - NVIDIA Corporation) Hidden NVIDIA nView 140.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.75 - NVIDIA Corporation) NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden Office 15 Click-to-Run Extensibility Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden PC-CCID (Version: 2.0.0 - Gemalto) Hidden Preboot Manager (Version: 03.02.00.066 - Wave Systems Corp.) Hidden Private Information Manager (Version: 07.00.00.026 - Wave Systems Corp.) Hidden Rosetta Stone Ltd Services (HKLM\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.) Rosetta Stone TOTALe (HKLM\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd) Search Protect (HKLM\...\SearchProtect) (Version: 2.11.11.7 - Conduit) <==== ATTENTION Shopping App by Ask (HKLM\...\{4F524A2D-5354-2D53-5045-A758B70C1002}) (Version: 12.16.2.54 - APN, LLC) Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.) SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden Stellarium 0.12.4 (HKLM\...\Stellarium_is1) (Version: 0.12.4 - Stellarium team) Trusted Drive Manager (Version: 4.0.5.8 - Wave Systems Corp.) Hidden Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden Wave Infrastructure Installer (Version: 07.02.40.0008 - Wave Systems Corp) Hidden Wave Support Software Installer (Version: 05.12.00.012 - Wave Systems Corp) Hidden WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6900 - Broadcom Corporation) Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.) Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-475017880-3412151489-2877756071-1003_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Nikki\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-475017880-3412151489-2877756071-1003_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Nikki\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-475017880-3412151489-2877756071-1003_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Nikki\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-475017880-3412151489-2877756071-1003_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? CustomCLSID: HKU\S-1-5-21-475017880-3412151489-2877756071-1003_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Nikki\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-475017880-3412151489-2877756071-1003_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Nikki\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-475017880-3412151489-2877756071-1003_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Nikki\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-475017880-3412151489-2877756071-1003_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Nikki\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\FileSyncApi.dll (Microsoft Corporation) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0CDB2C79-CAE5-468E-9E2D-4189D7879701} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2014-07-31] (Microsoft Corporation) Task: {3E124A1D-E97D-42DD-B565-CB02F622EE3B} - System32\Tasks\{9678620C-B7FF-D3EA-61BE-4E6BDD97CD72} => C:\Windows\system32\wosyw.dll [2014-09-23] () Task: {5B87279C-2CA5-4793-8CC5-331E71905A9A} - System32\Tasks\GoogleUpdateTaskMachineUA1cfbb01ef80f922 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-18] (Google Inc.) Task: {6AB08C04-688B-49A7-B94C-3D73445E1FD7} - System32\Tasks\GoogleUpdateTaskMachineCore1cfbb013a16b54f => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-18] (Google Inc.) Task: {6CAE4A3E-ADE6-4CF7-86CA-7F8CCF6B3988} - System32\Tasks\Time Trigger Test Task => C:\Users\Nikki\AppData\Local\Temp\yiivdqo.exe <==== ATTENTION Task: {FAF5FD9A-FD08-4431-94D6-CE7B46BEC4E3} - System32\Tasks\Microsoft Office 15 Sync Maintenance for LAPTOP-NIKKI-Nikki Laptop-Nikki => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-08-26] (Microsoft Corporation) Task: {FDF0D188-9609-4169-AFC2-5A0400F84111} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-14] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfbb013a16b54f.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfbb01ef80f922.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-03-08 16:17 - 2013-10-28 19:22 - 00088864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll 2014-03-08 02:40 - 2014-05-20 03:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll 2010-10-15 20:14 - 2010-10-15 20:14 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll 2014-02-18 19:50 - 2011-06-10 13:36 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll 2014-02-18 18:09 - 2010-12-17 12:24 - 00686704 _____ () C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe 2014-06-20 17:48 - 2014-06-20 17:48 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/24/2014 03:56:41 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 11.0.9600.17280, time stamp: 0x4a5bc6b7 Faulting module name: MSHTML.dll, version: 11.0.9600.17280, time stamp: 0x53f27d67 Exception code: 0xc0000005 Fault offset: 0x00140273 Faulting process id: 0x2960 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Error: (09/24/2014 03:54:04 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x013d1138 Faulting process id: 0x2e50 Faulting application start time: 0xsvchost.exe0 Faulting application path: svchost.exe1 Faulting module path: svchost.exe2 Report Id: svchost.exe3 Error: (09/24/2014 03:41:03 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x008e1138 Faulting process id: 0x212c Faulting application start time: 0xsvchost.exe0 Faulting application path: svchost.exe1 Faulting module path: svchost.exe2 Report Id: svchost.exe3 Error: (09/24/2014 03:39:37 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x007f1138 Faulting process id: 0x1294 Faulting application start time: 0xsvchost.exe0 Faulting application path: svchost.exe1 Faulting module path: svchost.exe2 Report Id: svchost.exe3 Error: (09/24/2014 03:39:34 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/24/2014 03:36:37 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x004c1138 Faulting process id: 0x26a0 Faulting application start time: 0xsvchost.exe0 Faulting application path: svchost.exe1 Faulting module path: svchost.exe2 Report Id: svchost.exe3 Error: (09/24/2014 03:21:02 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x012b1138 Faulting process id: 0x1104 Faulting application start time: 0xsvchost.exe0 Faulting application path: svchost.exe1 Faulting module path: svchost.exe2 Report Id: svchost.exe3 Error: (09/24/2014 03:14:04 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/24/2014 02:55:47 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x004c1138 Faulting process id: 0x2d90 Faulting application start time: 0xsvchost.exe0 Faulting application path: svchost.exe1 Faulting module path: svchost.exe2 Report Id: svchost.exe3 Error: (09/24/2014 02:46:27 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (09/24/2014 03:40:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (09/24/2014 03:40:06 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (09/24/2014 03:38:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: %%0 Error: (09/24/2014 03:15:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (09/24/2014 03:14:35 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (09/24/2014 03:13:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: %%0 Error: (09/24/2014 02:47:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (09/24/2014 02:46:39 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (09/24/2014 02:46:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (09/24/2014 02:45:55 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: %%0 Microsoft Office Sessions: ========================= Error: (09/24/2014 03:56:41 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe11.0.9600.172804a5bc6b7MSHTML.dll11.0.9600.1728053f27d67c000000500140273296001cfd7ccc08d0cb1C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll5168a9fa-43c0-11e4-8ecd-d0df9a3b4321 Error: (09/24/2014 03:54:04 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005013d11382e5001cfd7cc71e836f6C:\Windows\system32\svchost.exeunknownf4044896-43bf-11e4-8ecd-d0df9a3b4321 Error: (09/24/2014 03:41:03 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005008e1138212c01cfd7cae18192c2C:\Windows\system32\svchost.exeunknown221cf317-43be-11e4-8ecd-d0df9a3b4321 Error: (09/24/2014 03:39:37 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005007f1138129401cfd7cab03f0adaC:\Windows\system32\svchost.exeunknownef425be2-43bd-11e4-8ecd-d0df9a3b4321 Error: (09/24/2014 03:39:34 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/24/2014 03:36:37 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005004c113826a001cfd7ca425d2cdaC:\Windows\system32\svchost.exeunknown8369c1ec-43bd-11e4-a2a7-d0df9a3b4321 Error: (09/24/2014 03:21:02 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005012b1138110401cfd7c72096cbf7C:\Windows\system32\svchost.exeunknown5616a442-43bb-11e4-a2a7-d0df9a3b4321 Error: (09/24/2014 03:14:04 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/24/2014 02:55:47 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005004c11382d9001cfd7c4793cc1d8C:\Windows\system32\svchost.exeunknowncfa8f17b-43b7-11e4-8ed8-d0df9a3b4321 Error: (09/24/2014 02:46:27 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Processor: Intel® Core i5-2520M CPU @ 2.50GHz Percentage of memory in use: 95% Total physical RAM: 3241.02 MB Available physical RAM: 155.8 MB Total Pagefile: 7408.45 MB Available Pagefile: 1118.56 MB Total Virtual: 2047.88 MB Available Virtual: 1922.06 MB ==================== Drives ================================ Drive c: (OSDisk) (Fixed) (Total:232.88 GB) (Free:192.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive h: () (Removable) (Total:29.91 GB) (Free:29.89 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 000CD844) Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS) Partition 00: (Not Active) - (Size=0) - (Type=00) ATTENTION ===> 0 byte partition bootkit. ======================================================== Disk: 1 (Size: 29.9 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================

Well after following your advice to this point, it seems almost silly not to follow your last recommendations. I have upgraded java (and uninstalled the old versions) and Firefox (to v22.0) ... and uninstalled Adobe Reader, replacing it with Foxit Reader (which I agree is much faster!). I uninstalled combofix. For grins, I re-ran SecurityChecker and got: - - - - - Results of screen317's Security Check version 0.99.68 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! ESET NOD32 Antivirus 6.0 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 25 Adobe Flash Player 11.7.700.224 Mozilla Firefox (22.0) ````````Process Check: objlist.exe by Laurent```````` ESET NOD32 Antivirus egui.exe ESET NOD32 Antivirus ekrn.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` - - - - - At one point, I noticed a message flash by that read something like, "HLKMrun.txt file not found" I'll run OTC next.

The log file from AdwCleaner follows ...AdwCleanerS1.txt The results of SecurityCheck are as follows: - - - - - Results of screen317's Security Check version 0.99.68 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! ESET NOD32 Antivirus 6.0 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 6 Update 29 Java version out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader 10.1.1 Adobe Reader out of Date! Mozilla Firefox 16.0.1 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` ESET NOD32 Antivirus egui.exe ESET NOD32 Antivirus ekrn.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` - - - - - Please note that I am aware of the "outdated" Firefox, Java and Flash software. I purposely rolled back some time ago when they couldn't get along and updates rendered one or more of them severely impared. Adobe Reader is just me being lazy.

Here is the AdwCleaner output file ... AdwCleanerR1.txt

OK, here is the result of the ComboFix scan... ComboFix.txt

Yes I did, sorry I neglected to note that. FWIW, I had an active Firewall, active anti-virus (NOD32 from ESET), and Windows Updates (all current) before this situation hit. The fixdamage.exe bothered a couple of older applications which just needed compatibility settings restored, but that's a nit.

Nevermind my last question. I just saw the link at the bottom of your post. I will absolutely contribute. Thank you again.

OK, ran FIX as instructed. Attached is the FixLog.txt file. Fixlog.txt And for the first time, I was able to boot / log in normally ... thank you! I was then able to run Malwarebytes Anti-Rootkit ... it seemed to go in spurts (just when I thought it was hung, it would take off again). 6 malware items were detected. I selected Cleanup and a new restore point. (Does this malware delete restore points as well? I had a bunch until this hit) Here are the 2 log files you requested: mbar-log-2013-07-01 (08-32-51).txt system-log.txt Then I rebooted. I was once again able to boot / log in normally. I re-ran Malwarebytes Anti-Rootkit ... this time no malware items detected. I attached that log file as well: mbar-log-2013-07-01 (08-53-32).txt I can't thank you enough for your help. Is there a URL for contributions to your org? I thought about purchasing the Malwarebytes Anti-Malware PRO, but I'm worried it won't get along with my virus protection SW (ESET), which, yes, did let this one get through.

I have a Win 7 laptop that got hit with the FBI virus last night (right after launching a Youtube video on Sumerian texts). I ran frst64.exe and got the following log file. I would hugely appreciate any help. (I replied to another post, but then saw another thread that suggested I post a new topic. I'm sorry for the redundancy. Here are the results of the frst64.exe scan ... Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-06-2013 03 Ran by SYSTEM on 01-07-2013 05:18:17 Running from F:\ Windows 7 Professional Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [592240 2011-01-04] (Alps Electric Co., Ltd.) HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.) HKLM\...\Run: [intelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless [1934608 2010-12-23] (Intel® Corporation) HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] () HKLM\...\Run: [HP LaserJet Professional CM1410 Series Fax] C:\Program Files\HP\HP LaserJet Professional CM1410 Series\Fax Driver\hppfaxprintersrv.exe "HP LaserJet Professional CM1410 Series Fax" [3707704 2010-04-09] (Hewlett-Packard Company) HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [6330568 2013-03-21] (ESET) HKLM\...\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation) Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.) HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$35465bf89a3f4c6679d8a6bdfa308579\n. ATTENTION! ====> ZeroAccess HKLM-x32\...\Run: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [112152 2010-12-03] (Intel Corporation) HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [462993 2010-03-12] (Creative Technology Ltd) HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.) HKLM-x32\...\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-04-29] (CyberLink Corp.) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions) HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] () HKLM-x32\...\Run: [ToolboxFX] "C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on [58936 2010-04-16] (Hewlett-Packard Company) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" [x] HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.) HKU\admin\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19676256 2013-06-06] (Google) HKU\admin\...\Run: [iDriveE Startup] "C:\IDrive\IDrvieEStartup.exe" Hide [185800 2011-06-24] (Pro Softnet Corporation) HKU\admin\...\Winlogon: [shell] explorer.exe,C:\Users\admin\AppData\Roaming\skype.dat [151552 2011-11-16] () <==== ATTENTION AppInit_DLLs: C:\Windows\system32\nvinitx.dll [245872 2013-03-11] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [201576 2013-03-11] (NVIDIA Corporation) Lsa: [Authentication Packages] msv1_0 wvauth Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDrive Tray.lnk ShortcutTarget: IDrive Tray.lnk -> C:\IDrive\IDriveEReg2ini.exe (Pro Softnet Corp.) Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KatMouse.lnk ShortcutTarget: KatMouse.lnk -> C:\Program Files (x86)\KatMouse\KatMouse.exe () Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk ShortcutTarget: RCA Detective.lnk -> (No File) Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk ShortcutTarget: Trillian.lnk -> C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios) Startup: C:\ProgramData\Start Menu\Programs\Startup\Dell System Manager.lnk ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.) ==================== Services (Whitelisted) ================= S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1341664 2013-03-21] (ESET) S2 IDriveE Service; C:\IDrive\IDriveE Service.exe [157128 2011-11-21] (Pro Softnet Corporation) S2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [36352 2009-12-11] () S2 rpcld; C:\ProgramData\Rpcnet\Bin\rpcld.exe [179120 2011-09-28] (Absolute Software Corp.) S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () S2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [992256 2010-12-23] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET) S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET) S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [139768 2013-01-10] (ESET) S3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw00.sys [11518976 2012-12-06] (Intel Corporation) S1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-03-11] (NVIDIA Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-01 05:18 - 2013-07-01 05:18 - 00000000 ____D C:\FRST 2013-06-30 23:47 - 2013-06-30 23:47 - 425363887 ____A C:\Windows\MEMORY.DMP 2013-06-30 23:47 - 2013-06-30 23:47 - 00262144 ____A C:\Windows\Minidump\070113-4024-01.dmp 2013-06-30 23:47 - 2013-06-30 23:47 - 00000000 ____D C:\Windows\Minidump 2013-06-30 23:39 - 2013-07-01 00:07 - 00000004 ____A C:\Users\admin\AppData\Roaming\skype.ini 2013-06-30 15:06 - 2013-06-30 15:06 - 00013831 ____A C:\Users\admin\Downloads\eom_import_xls(1).dtd 2013-06-30 15:05 - 2013-06-30 15:05 - 00013831 ____A C:\Users\admin\Downloads\eom_import_xls.dtd 2013-06-19 20:44 - 2013-06-19 20:44 - 00000000 ____D C:\Program Files\Microsoft IntelliPoint 2013-06-19 00:23 - 2013-05-16 17:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-19 00:23 - 2013-05-16 17:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-19 00:23 - 2013-05-16 17:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-19 00:23 - 2013-05-16 17:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-19 00:23 - 2013-05-16 17:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-19 00:23 - 2013-05-16 17:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-19 00:23 - 2013-05-16 17:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-19 00:23 - 2013-05-16 17:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-19 00:23 - 2013-05-16 16:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-19 00:23 - 2013-05-16 16:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-19 00:23 - 2013-05-16 16:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-19 00:23 - 2013-05-16 16:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-19 00:23 - 2013-05-16 16:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-19 00:23 - 2013-05-16 16:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-19 00:23 - 2013-05-16 16:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-19 00:23 - 2013-05-16 16:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-19 00:23 - 2013-05-16 16:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-19 00:23 - 2013-05-14 04:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-19 00:23 - 2013-05-14 00:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-19 00:21 - 2013-06-08 06:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-19 00:21 - 2013-06-08 06:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-19 00:21 - 2013-06-08 06:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-19 00:21 - 2013-06-08 06:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-19 00:21 - 2013-06-08 06:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-19 00:21 - 2013-06-08 04:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-19 00:21 - 2013-06-08 03:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-19 00:21 - 2013-06-08 03:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-19 00:21 - 2013-06-08 03:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-19 00:21 - 2013-06-08 03:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-19 00:21 - 2013-06-08 03:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-19 00:21 - 2013-06-08 03:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-19 00:20 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-19 00:20 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-19 00:20 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-19 00:20 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-19 00:20 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-19 00:20 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-06-11 14:41 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-11 14:41 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-11 14:41 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-11 14:41 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-11 14:41 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-11 14:41 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-11 14:41 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-11 14:41 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-11 14:41 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-11 14:41 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-11 14:41 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-11 14:41 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-11 14:41 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-05 14:11 - 2011-09-23 19:50 - 00001448 ____A C:\Users\admin\Desktop\Internet Explorer.lnk ==================== One Month Modified Files and Folders ======= 2013-07-01 05:18 - 2013-07-01 05:18 - 00000000 ____D C:\FRST 2013-07-01 00:07 - 2013-06-30 23:39 - 00000004 ____A C:\Users\admin\AppData\Roaming\skype.ini 2013-07-01 00:07 - 2012-05-29 16:19 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-01 00:07 - 2011-09-25 22:43 - 00000000 ____D C:\IDrive 2013-07-01 00:07 - 2011-06-25 00:28 - 00000000 ____D C:\ProgramData\NVIDIA 2013-07-01 00:07 - 2011-06-24 23:03 - 00017920 ____A C:\Windows\System32\rpcnetp.exe 2013-07-01 00:07 - 2011-06-24 23:01 - 00058288 ____A (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll 2013-07-01 00:07 - 2011-06-24 22:59 - 00000000 ____D C:\ProgramData\Sonic 2013-07-01 00:07 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-01 00:07 - 2009-07-13 20:51 - 00067841 ____A C:\Windows\setupact.log 2013-06-30 23:55 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-30 23:55 - 2009-07-13 20:45 - 00021312 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-30 23:52 - 2009-07-13 21:13 - 00784244 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-30 23:49 - 2012-05-29 16:19 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-30 23:47 - 2013-06-30 23:47 - 425363887 ____A C:\Windows\MEMORY.DMP 2013-06-30 23:47 - 2013-06-30 23:47 - 00262144 ____A C:\Windows\Minidump\070113-4024-01.dmp 2013-06-30 23:47 - 2013-06-30 23:47 - 00000000 ____D C:\Windows\Minidump 2013-06-30 23:44 - 2010-11-20 19:47 - 00048482 ____A C:\Windows\PFRO.log 2013-06-30 23:43 - 2009-07-13 20:45 - 00292528 ____A C:\Windows\System32\FNTCACHE.DAT 2013-06-30 23:37 - 2012-08-08 21:23 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-30 23:25 - 1994-07-26 07:41 - 00004035 ____A C:\Windows\notes.ini 2013-06-30 16:12 - 2012-08-23 12:53 - 00000071 __RSH C:\ProgramData\3002.xml 2013-06-30 15:06 - 2013-06-30 15:06 - 00013831 ____A C:\Users\admin\Downloads\eom_import_xls(1).dtd 2013-06-30 15:05 - 2013-06-30 15:05 - 00013831 ____A C:\Users\admin\Downloads\eom_import_xls.dtd 2013-06-30 09:26 - 2011-06-24 22:38 - 01333515 ____A C:\Windows\WindowsUpdate.log 2013-06-26 21:17 - 2011-09-23 20:13 - 00000000 ____D C:\Program Files (x86)\Thumbs7 2013-06-26 11:41 - 2011-09-24 00:12 - 00000000 ____D C:\_Data 2013-06-26 00:59 - 2012-04-29 22:29 - 00000000 ____D C:\ProgramData\PhotoStitch 2013-06-21 00:19 - 2011-09-28 01:44 - 00000000 ____D C:\ProgramData\pdf995 2013-06-20 07:28 - 2011-10-27 04:51 - 00000000 ____D C:\ProgramData\WebEx 2013-06-19 20:52 - 2011-09-23 19:38 - 00070008 ____A C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT 2013-06-19 20:44 - 2013-06-19 20:44 - 00000000 ____D C:\Program Files\Microsoft IntelliPoint 2013-06-19 13:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-06-19 09:11 - 2011-09-23 23:20 - 00000000 ____D C:\Program Files (x86)\Trillian 2013-06-19 09:10 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp 2013-06-19 00:27 - 2011-09-24 01:05 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-06-19 00:24 - 2011-09-23 22:30 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-19 00:23 - 2011-02-10 06:33 - 00778460 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2013-06-17 12:12 - 2011-09-24 01:31 - 00002226 ___AH C:\Users\admin\Documents\Default.rdp 2013-06-12 09:37 - 2012-04-11 21:52 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-12 09:37 - 2011-09-23 19:32 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-10 20:13 - 2011-09-24 00:44 - 00000000 ____D C:\TeachMe 2013-06-08 06:08 - 2013-06-19 00:21 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-08 06:07 - 2013-06-19 00:21 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-08 06:06 - 2013-06-19 00:21 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-08 06:06 - 2013-06-19 00:21 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-08 06:06 - 2013-06-19 00:21 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-08 04:28 - 2013-06-19 00:21 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-08 03:42 - 2013-06-19 00:21 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-08 03:40 - 2013-06-19 00:21 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-08 03:40 - 2013-06-19 00:21 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-08 03:40 - 2013-06-19 00:21 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-08 03:40 - 2013-06-19 00:21 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-08 03:13 - 2013-06-19 00:21 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-07 11:15 - 2011-09-23 22:32 - 00000000 ____D C:\Program Files (x86)\4NT302 2013-06-06 19:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF ZeroAccess: C:\$Recycle.Bin\S-1-5-21-2131540901-2833846099-1037815018-1004\$35465bf89a3f4c6679d8a6bdfa308579 ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$35465bf89a3f4c6679d8a6bdfa308579 Files to move or delete: ==================== C:\Users\admin\AppData\Roaming\skype.dat C:\Users\admin\AppData\Roaming\skype.ini ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 15% Total physical RAM: 3976.93 MB Available physical RAM: 3344.33 MB Total Pagefile: 3975.13 MB Available Pagefile: 3347.1 MB Total Virtual: 8192 MB Available Virtual: 8191.86 MB ==================== Drives ================================ Drive c: (Cdrive) (Fixed) (Total:111.42 GB) (Free:20.5 GB) NTFS (Disk=0 Partition=3) Drive f: () (Removable) (Total:7.51 GB) (Free:7.5 GB) FAT32 (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (RECOVERY) (Fixed) (Total:0.35 GB) (Free:0.13 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 112 GB) (Disk ID: 1E887A09) Partition 1: (Not Active) - (Size=19 MB) - (Type=DE) Partition 2: (Active) - (Size=361 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=111 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 8 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=8 GB) - (Type=0B) LastRegBack: 2013-06-22 20:32 ==================== End Of Log ============================