Jump to content

El_Ahrah

Members
  • Posts

    12
  • Joined

  • Last visited

Everything posted by El_Ahrah

  1. Had this issue before and this forum helped me get rid of it--but seems I have been infected again--Malwarebytes Anti-Malware popups keep telling me "Malicious Website Blocked". Ran a Threat Scan but didn't find anything. Appreciate any help getting rid of this- I ran FRST tool, the FRST.txt file and Addition.txt files are attached. Thanks Addition.txt FRST.txt
  2. All set, can considered this topic closed. Thanks again Maurice.
  3. Great, thanks much for the help in quickly resolving this. One last cleanup question-- is there a FRST quarantine folder? Where? Right now I have FRST.exe in a folder on the desktop with FRST.txt, fixlist.txt, fixlog.txt, and Addition.txt all in there as well---just go ahead and delete the entire folder? Thanks again Regards, El_Ahrah
  4. Downloaded and ran Combofix as directed--it actually finished pretty quickly and did not require a reboot. The Combofix.txt log file is attached Everything seems to be running normally-- ComboFix.txt
  5. One question--what do you mean here-- [3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh What do I need to do to "restart the system fresh"?
  6. Completed the ESET online scanner. List of threats found attachedESET_SCAN_list_of_threats_found.txt
  7. No luck.. the message about add-on failing to run stopped appearing, but nothing happens/loads---just see a square blue box with a tiny circle in the upper left corner with a line through it...
  8. Tried the ESET online scan-- but after clicking on start I get the message that "an add-on for this site failed to run"... What security settings do I need to adjust to have it run?
  9. Threat & Root Kit Scan completed-- no malicious items detected. Scan log pasted below. Moving on to the ESET on-line scan. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/18/2014 Scan Time: 8:07:20 PM Logfile: Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.10.18.07 Rootkit Database: v2014.10.17.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Valued Customer Scan Type: Threat Scan Result: Completed Objects Scanned: 338100 Time Elapsed: 23 min, 27 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Warn PUM: Warn Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  10. Yeah, noticed the constant blocking of outbound requests to malicious website has stopped. I will proceed and keep you posted. Thanks
  11. Hi Maurice, Followed your instructions--however after about 5 minutes got a windows message that a problem casued the FRST program to stop working correctly--and only option was to close the program. A fixlog.txt was created and it's attached. Do I need to try and run it again or proceed with your other instructions? Fixlog.txt
  12. Hello, Having an issue with multiple dllhost.exe*32 processes running and the process constantly restarting after ending the process. Malwarebytes is blocking outbound access to malicious websites. The process being blocked is C:\windows\SysWOW64\dllhost.exe .The IP and ports keep changing... I ran an MBAM threat scan and it did not find anything. Appreciate any help getting rid of this. I have downloaded and run FRST64 Here is the log created Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014 Ran by Valued Customer (administrator) on WORLDTRAVELER on 18-10-2014 19:00:12 Running from C:\Users\Valued Customer\Desktop\FRST64Folder Loaded Profiles: Valued Customer & (Available profiles: Valued Customer) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 10 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Windows\System32\CISVC.EXE (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Winstep Software Technologies) C:\Program Files (x86)\Winstep\WsxService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Winstep Software Technologies) C:\Program Files (x86)\Winstep\Nexus.exe (Matsushita Electric Industrial Co., Ltd.) C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (a la mode, inc.) C:\a la mode\WinTOTAL\Winform.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11545192 2010-11-02] (Realtek Semiconductor) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [intelliType Pro] => C:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation) HKLM\...\Run: [intelliPoint] => C:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-29] (NVIDIA Corporation) HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries) HKU\S-1-5-21-3487073523-2465200460-2132845355-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [160328 2011-12-18] (Siber Systems) HKU\S-1-5-21-3487073523-2465200460-2132845355-1000\...\Run: [Nexus] => C:\Program Files (x86)\Winstep\Nexus.exe [13599872 2011-11-18] (Winstep Software Technologies) HKU\S-1-5-21-3487073523-2465200460-2132845355-1000\...\MountPoints2: {a2244b4b-ae8d-11e3-8069-002683164295} - F:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-3487073523-2465200460-2132845355-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! HKU\S-1-5-21-3487073523-2465200460-2132845355-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [160328 2011-12-18] (Siber Systems) HKU\S-1-5-21-3487073523-2465200460-2132845355-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Nexus] => C:\Program Files (x86)\Winstep\Nexus.exe [13599872 2011-11-18] (Winstep Software Technologies) HKU\S-1-5-21-3487073523-2465200460-2132845355-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {a2244b4b-ae8d-11e3-8069-002683164295} - F:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk ShortcutTarget: PHOTOfunSTUDIO -viewer-.lnk -> C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsushita Electric Industrial Co., Ltd.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://startpage.com/eng/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB93544F36963CC01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US BHO-x32: No Name -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File DPF: HKLM-x32 {C269D811-8511-44CF-B310-28CDDFFB1B74} http://www.nnerenmls.com/nne/valid/osi_valid9m.ocx DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1083 Tcpip\Parameters: [DhcpNameServer] 209.244.0.3 208.67.222.222 4.2.2.1 FireFox: ======== FF ProfilePath: C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\23g9m2b4.default FF Homepage: www.google.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\23g9m2b4.default\searchplugins\duckduckgo.xml FF SearchPlugin: C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\23g9m2b4.default\searchplugins\startpage-ssl.xml FF Extension: Forecastfox - C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\23g9m2b4.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2012-10-08] FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\23g9m2b4.default\Extensions\elemhidehelper@adblockplus.org.xpi [2011-12-04] FF Extension: Ghostery - C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\23g9m2b4.default\Extensions\firefox@ghostery.com.xpi [2013-08-03] FF Extension: Lightbeam - C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\23g9m2b4.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2013-10-27] FF Extension: Flagfox - C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\23g9m2b4.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-23] FF Extension: Bluhell Firewall - C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\23g9m2b4.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-06-30] FF Extension: NoScript - C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\23g9m2b4.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-08-27] FF Extension: StumbleUpon - C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\23g9m2b4.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2011-08-27] FF Extension: Adblock Plus - C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\23g9m2b4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-08-27] FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox FF Extension: AI Roboform Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2011-12-18] FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2014-06-07] FF Extension: No Name - fmconverter@gmail.com [Not Found] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-06-07] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-10-27] (Atheros Commnucations) [File not signed] R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-06-20] (Hewlett-Packard Company) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R2 MSSQL$ALAMODE; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed] R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-29] (NVIDIA Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed] R2 Winstep Xtreme Service; C:\Program Files (x86)\Winstep\WsxService [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-18] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-29] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-18 18:59 - 2014-10-18 19:00 - 00000000 ____D () C:\FRST 2014-10-18 18:31 - 2014-10-18 19:01 - 00004293 _____ () C:\Windows\_alaRpt.log 2014-10-18 16:44 - 2014-10-18 16:44 - 00061692 _____ () C:\Windows\alaredun.ini 2014-10-18 08:49 - 2014-10-18 08:49 - 00000082 _____ () C:\Users\Valued Customer\Documents\cc_20141018_084942.reg 2014-10-18 00:03 - 2014-10-18 00:03 - 00028908 _____ () C:\Users\Valued Customer\Documents\cc_20141018_000301.reg 2014-10-17 21:48 - 2014-10-17 23:43 - 32601272 _____ (Microsoft Corporation) C:\Users\Valued Customer\Desktop\Windows-KB890830-x64-V5.17.exe 2014-10-17 21:44 - 2014-10-17 21:46 - 00513368 _____ (Thisisu) C:\Users\Valued Customer\Desktop\JRT.exe 2014-10-17 21:42 - 2014-10-17 21:43 - 01976320 _____ () C:\Users\Valued Customer\Desktop\AdwCleaner.exe 2014-10-17 21:29 - 2014-10-17 21:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-17 21:18 - 2014-10-17 21:18 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-10-17 21:18 - 2014-10-17 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-10-17 21:18 - 2014-10-17 21:18 - 00000000 ____D () C:\Program Files (x86)\Java 2014-10-17 21:16 - 2014-10-17 21:16 - 00003228 _____ () C:\Windows\System32\Tasks\{3F3F85F7-D3B5-45FB-A34F-8669B5B7EBA0} 2014-10-17 20:25 - 2014-10-17 18:43 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-10-17 20:25 - 2014-10-17 18:42 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-10-17 20:20 - 2014-10-17 20:52 - 29727656 _____ (Oracle Corporation) C:\Users\Valued Customer\Downloads\jre-8u25-windows-i586.exe 2014-10-17 19:44 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-10-17 19:44 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-10-17 19:39 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-10-17 19:39 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-10-17 19:39 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-10-17 19:39 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-10-17 19:39 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-10-17 19:39 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-10-17 19:39 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-10-17 19:39 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-10-17 19:17 - 2014-09-20 01:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-17 19:17 - 2014-09-20 01:17 - 02236928 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-17 19:17 - 2014-09-20 01:17 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-17 19:17 - 2014-09-20 01:16 - 19280896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-17 19:17 - 2014-09-20 01:16 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-17 19:17 - 2014-09-20 01:16 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-17 19:17 - 2014-09-20 01:16 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-17 19:17 - 2014-09-20 01:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-10-17 19:17 - 2014-09-20 01:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-17 19:17 - 2014-09-20 01:16 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-17 19:17 - 2014-09-20 01:16 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-17 19:17 - 2014-09-20 01:16 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-17 19:17 - 2014-09-20 01:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-10-17 19:17 - 2014-09-20 01:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-17 19:17 - 2014-09-20 01:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-17 19:17 - 2014-09-20 01:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-17 19:17 - 2014-09-20 01:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-17 19:17 - 2014-09-20 01:15 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-17 19:17 - 2014-09-20 01:15 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-17 19:17 - 2014-09-20 01:15 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-17 19:17 - 2014-09-19 23:57 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-17 19:17 - 2014-09-19 23:57 - 13757952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-17 19:17 - 2014-09-19 23:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-17 19:17 - 2014-09-19 23:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-17 19:17 - 2014-09-19 23:57 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-17 19:17 - 2014-09-19 23:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-17 19:17 - 2014-09-19 23:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-10-17 19:17 - 2014-09-19 23:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-17 19:17 - 2014-09-19 23:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-17 19:17 - 2014-09-19 23:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-17 19:17 - 2014-09-19 23:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-17 19:17 - 2014-09-19 23:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-10-17 19:17 - 2014-09-19 23:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-17 19:17 - 2014-09-19 23:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-17 19:17 - 2014-09-19 23:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-17 19:17 - 2014-09-19 23:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-17 19:17 - 2014-09-19 23:56 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-17 19:17 - 2014-09-19 23:56 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-17 19:17 - 2014-09-19 23:56 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-17 19:17 - 2014-09-19 23:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-17 19:17 - 2014-09-19 23:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-17 19:17 - 2014-09-19 22:43 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-10-17 19:17 - 2014-09-19 22:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-10-17 19:09 - 2014-07-16 22:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-17 19:09 - 2014-07-16 22:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-17 19:09 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-17 19:09 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-17 19:09 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-17 19:09 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-17 19:09 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-17 19:09 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-17 19:09 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-17 19:09 - 2014-07-16 21:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-17 19:09 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-10-17 19:09 - 2014-07-16 21:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2014-10-17 19:09 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-17 19:09 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-17 19:09 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-17 19:09 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-17 19:09 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-10-17 19:09 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-10-17 19:09 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-10-17 19:09 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-10-17 19:09 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-10-17 19:08 - 2014-10-09 22:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-10-17 19:08 - 2014-10-09 22:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-10-17 19:08 - 2014-10-09 22:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-10-17 19:08 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-10-17 19:08 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-10-17 19:07 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-17 19:07 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-17 19:07 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-10-17 19:07 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-10-17 19:07 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-10-17 19:07 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-10-17 19:07 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-17 19:07 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-17 19:07 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-17 19:07 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-17 19:07 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-17 19:07 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-17 19:07 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-10-17 19:07 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-10-17 19:07 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-10-17 19:07 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-10-17 19:07 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-10-17 19:06 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-17 19:06 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-10-17 19:06 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-10-17 19:06 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-17 19:06 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-17 19:06 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-10-17 19:06 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-10-17 19:06 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-10-17 19:04 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-17 19:04 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-17 19:04 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-10-17 19:04 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-10-17 19:04 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-10-17 19:04 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-10-17 18:58 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-10-17 18:58 - 2014-05-14 12:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-10-17 18:58 - 2014-05-14 12:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-10-17 18:58 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-10-17 18:58 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-10-17 18:58 - 2014-05-14 12:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-10-17 18:58 - 2014-05-14 12:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-10-17 18:58 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-10-17 18:58 - 2014-05-14 12:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-10-17 18:58 - 2014-05-14 12:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-10-17 18:57 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-10-17 18:57 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-10-17 18:57 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-10-17 18:57 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-10-17 12:20 - 2014-10-17 12:20 - 00000000 ____D () C:\Users\Valued Customer\AppData\Roaming\tor 2014-10-17 12:01 - 2014-10-17 12:01 - 00000000 ____D () C:\Users\Valued Customer\Desktop\Tor Browser 2014-10-17 11:36 - 2014-10-17 11:49 - 34281550 _____ () C:\Users\Valued Customer\Downloads\torbrowser-install-4.0_en-US.exe 2014-10-17 11:28 - 2014-10-17 18:43 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-10-17 11:19 - 2014-10-18 19:00 - 00000000 ____D () C:\Users\Valued Customer\Desktop\FRST64Folder 2014-10-16 23:07 - 2014-10-16 23:07 - 00007088 _____ () C:\Users\Valued Customer\Documents\cc_20141016_230701.reg 2014-10-15 23:37 - 2014-10-15 23:43 - 00017408 _____ () C:\Users\Valued Customer\Downloads\osipnne (28).xls 2014-10-13 15:26 - 2014-10-13 15:26 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-07 20:10 - 2014-10-07 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron (64-Bit) 2014-10-07 20:09 - 2014-10-07 20:10 - 00000000 ____D () C:\Program Files\SRWare Iron (64-Bit) 2014-10-07 19:26 - 2014-10-07 19:38 - 50155463 _____ (SRWare ) C:\Users\Valued Customer\Downloads\srware_iron64.exe 2014-10-05 13:39 - 2014-10-05 13:41 - 00017408 _____ () C:\Users\Valued Customer\Downloads\osipnne (27).xls 2014-10-05 13:35 - 2014-10-05 13:39 - 00017408 _____ () C:\Users\Valued Customer\Downloads\osipnne (26).xls 2014-09-27 07:48 - 2014-09-27 07:49 - 27301724 _____ () C:\Users\Valued Customer\Downloads\torbrowser-install-3.6.6_en-US.exe 2014-09-26 21:51 - 2014-09-26 21:51 - 00000000 ____D () C:\Users\Valued Customer\Desktop\New folder 2014-09-23 20:58 - 2014-09-23 21:16 - 00018432 _____ () C:\Users\Valued Customer\Downloads\osipnne (25).xls 2014-09-23 20:53 - 2014-09-23 20:55 - 00017920 _____ () C:\Users\Valued Customer\Downloads\osipnne (24).xls 2014-09-23 20:50 - 2014-09-23 20:51 - 00016896 _____ () C:\Users\Valued Customer\Downloads\osipnne (23).xls 2014-09-19 10:42 - 2014-09-19 10:42 - 00158384 _____ () C:\Users\Valued Customer\Downloads\e183044098548389.ics ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-18 18:58 - 2013-08-31 11:09 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-18 18:28 - 2011-08-28 23:32 - 00003083 _____ () C:\Windows\alamode.ini 2014-10-18 18:25 - 2014-05-24 15:39 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-18 16:48 - 2014-05-15 00:26 - 01712854 ____N () C:\Windows\WindowsUpdate.log 2014-10-18 16:44 - 2009-07-14 00:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-18 16:44 - 2009-07-14 00:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-18 16:43 - 2011-12-20 15:23 - 00000000 ____D () C:\ProgramData\alamode 2014-10-18 16:42 - 2009-07-14 01:13 - 00856790 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-18 16:39 - 2014-09-05 07:58 - 00000000 ____D () C:\ProgramData\Mercury 2014-10-18 16:39 - 2011-08-28 23:34 - 00000092 _____ () C:\Windows\MercuryWT.ini 2014-10-18 16:36 - 2013-08-31 11:09 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-18 16:36 - 2012-04-24 14:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-10-18 16:36 - 2011-08-12 12:43 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-10-18 16:36 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-18 16:25 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-10-18 16:19 - 2014-02-21 13:02 - 00000000 ____D () C:\Users\Valued Customer\Desktop\Hazel Pics 2014-10-18 15:08 - 2011-12-17 20:19 - 00002371 _____ () C:\Users\Valued Customer\Desktop\My Documents - Shortcut.lnk 2014-10-18 14:33 - 2011-08-28 00:54 - 00000000 ____D () C:\Users\Valued Customer\AppData\Roaming\vlc 2014-10-18 14:14 - 2014-04-06 07:03 - 00018944 _____ () C:\Users\Valued Customer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-10-18 13:53 - 2014-04-06 06:59 - 00000000 ____D () C:\Users\Valued Customer\Desktop\Dog Training Pics 2014-10-18 13:53 - 2011-12-16 16:33 - 00000000 ____D () C:\Users\Valued Customer\Desktop\PHOTOfunSTUDIO 2014-10-18 12:51 - 2011-12-18 22:27 - 00003986 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{8808FC12-C5EA-42EA-A65D-819C2367DD0D} 2014-10-18 05:07 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache 2014-10-17 23:56 - 2011-08-13 04:10 - 00000000 ____D () C:\Windows\Panther 2014-10-17 21:18 - 2013-10-17 13:02 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-17 20:07 - 2009-07-14 00:45 - 00429792 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-17 20:06 - 2013-03-31 07:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-10-17 20:06 - 2013-03-31 07:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-10-17 20:05 - 2014-06-05 22:28 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-17 19:59 - 2011-08-27 09:21 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-17 19:50 - 2011-08-12 14:11 - 00848912 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-10-17 19:48 - 2012-06-04 22:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-10-17 19:48 - 2011-08-12 14:52 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk 2014-10-17 19:48 - 2011-08-12 14:11 - 00002155 _____ () C:\Windows\epplauncher.mif 2014-10-17 19:48 - 2011-08-12 14:11 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-10-17 19:47 - 2013-03-31 07:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-10-17 19:44 - 2013-08-20 07:59 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-17 00:12 - 2011-12-16 15:54 - 00000000 ____D () C:\Users\Valued Customer\Desktop\Appraisals 2014-10-16 23:08 - 2012-02-17 10:01 - 00000000 ____D () C:\Users\Valued Customer\Desktop\Orders 2014-10-16 22:15 - 2012-04-08 09:00 - 00000000 ____D () C:\Program Files (x86)\uTorrent 2014-10-16 22:14 - 2013-04-22 23:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Passware 2014-10-16 22:13 - 2013-04-22 23:26 - 00000000 ____D () C:\Program Files (x86)\Passware 2014-10-15 11:00 - 2011-08-26 21:03 - 00000000 ____D () C:\ProgramData\TEMP 2014-10-13 15:26 - 2014-05-24 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-13 15:26 - 2014-05-24 15:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-10 23:21 - 2012-06-08 21:10 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-10-10 23:21 - 2011-12-20 14:15 - 00000000 ____D () C:\Users\Valued Customer\AppData\Local\CrashDumps 2014-10-07 10:28 - 2014-08-02 06:08 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys 2014-10-06 20:47 - 2013-10-15 18:25 - 00000000 ____D () C:\Users\Valued Customer\Desktop\Dog Reference 2014-10-03 10:02 - 2011-08-12 13:11 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-01 11:11 - 2014-05-24 15:39 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-01 11:11 - 2014-05-24 15:39 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-01 11:11 - 2012-01-02 11:53 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-25 05:42 - 2012-04-01 15:08 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-25 05:42 - 2011-08-27 23:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-22 12:05 - 2011-08-28 23:32 - 04108288 _____ (a la mode, inc.) C:\Windows\SysWOW64\alarpt5.ocx 2014-09-22 11:24 - 2011-08-28 23:32 - 03938600 _____ (a la mode, inc.) C:\Windows\SysWOW64\filecabinet5.dll 2014-09-22 02:42 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-16 03:48 ==================== End Of Log ============================ Here is the Addition.txt created Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2014 Ran by Valued Customer at 2014-10-18 19:04:42 Running from C:\Users\Valued Customer\Desktop\FRST64Folder Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) 64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden 7-Zip 9.19 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0919-000001000000}) (Version: 9.19.00.0 - Igor Pavlov) Access Remote PC 5.2 (HKLM-x32\...\Access Remote PC 5.2) (Version: 5.2 - http://www.access-remote-pc.com) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) AI RoboForm (All Users) (HKLM-x32\...\AI RoboForm) (Version: - ) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Apex Medina v4 Appraiser (HKLM-x32\...\Apex Medina v4 Appraiser) (Version: - ) ASUS nVidia Driver (x32 Version: 1.00.0000 - ASUSTek) Hidden Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.40 - Atheros Communications) Canon PowerShot G15 Camera User Guide (HKLM-x32\...\CameraUserGuide-PSG15) (Version: 1.0.0.1 - Canon Inc.) Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.9.0.4 - Canon Inc.) Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.0.1.32 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform) CPUID CPU-Z 1.69.2 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) CPUID HWMonitor 1.20 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.) Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden Freemake Video Converter version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation) Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Java Auto Updater (x32 Version: 2.8.25.18 - Oracle Corporation) Hidden LightScribe Applications (HKLM-x32\...\{61F25370-7465-4404-BE28-4629BF808699}) (Version: 1.18.15.1 - LightScribe) LightScribe System Software (HKLM-x32\...\{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}) (Version: 1.18.24.1 - LightScribe) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Mercury Desktop (HKLM-x32\...\{5DC0724E-4DC2-4F5D-AF63-9DBA6C731256}) (Version: 3.00.0017 - a la mode, inc.) Mercury Desktop Supporting Applications (HKLM-x32\...\{3D5094F3-DB26-4CD3-B7EC-BD47B310CBF0}) (Version: 1.00.0005 - a la mode, inc.) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 1.1.500.0 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (Version: 1.1.500.0 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Express Edition (ALAMODE) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden Microsoft SQL Server 2005 Tools Express Edition (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MSInk1.7 (HKLM-x32\...\{3734A505-F740-421A-8865-CACAB05E4E07}) (Version: 1.0.0 - a la mode) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nexus 11.10 (HKLM-x32\...\Winstep Xtreme_is1) (Version: - ) NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - ) NVIDIA 3D Vision Controller Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation) NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation) NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5919 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation) NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden NVIDIA StereoUSB Driver (x32 Version: 1.00.0000 - NVIDIA Corporation) Hidden NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden Pale Moon 24.3.1 (x64 en-US) (HKLM\...\Pale Moon 24.3.1 (x64 en-US)) (Version: 24.3.1 - Mozilla) PDFBinder (HKLM-x32\...\{8BA03AC2-579F-41CD-A250-740137D86F7A}) (Version: 1.0.0 - Malamute.dk) PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version: - Tracker Software) PDF-XChange 3 (HKLM-x32\...\PDF-XChange 3_is1) (Version: - Tracker Software) PHOTOfunSTUDIO -viewer- (HKLM-x32\...\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}) (Version: 2.01.000 - Panasonic) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6235 - Realtek Semiconductor Corp.) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) SpywareBlaster 4.4 (HKLM-x32\...\SpywareBlaster_is1) (Version: 4.4.0 - Javacool Software LLC) SRWare Iron (64-Bit) version SRWare Iron 37.0.2000.0 (HKLM\...\{BA85A29D-B48E-4826-BAEE-817024E52E29}_is1) (Version: SRWare Iron 37.0.2000.0 - SRWare) SRWare Iron version SRWare Iron 26.0.1450.1 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 26.0.1450.1 - SRWare) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios) The Witcher 2 - Assassins of Kings (HKLM-x32\...\The Witcher 2 - Assassins of Kings_is1) (Version: - GOG.com) UAD Reader (HKLM-x32\...\{783E6508-107B-401D-8F7A-64AA111FBCA1}) (Version: 1.100.00700 - a la mode, inc.) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2899475) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{23AE87D8-AB2F-4539-935C-442BC976F469}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3487073523-2465200460-2132845355-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3487073523-2465200460-2132845355-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? CustomCLSID: HKU\S-1-5-21-3487073523-2465200460-2132845355-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3487073523-2465200460-2132845355-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3487073523-2465200460-2132845355-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3487073523-2465200460-2132845355-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3487073523-2465200460-2132845355-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3487073523-2465200460-2132845355-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3487073523-2465200460-2132845355-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-3487073523-2465200460-2132845355-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Valued Customer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 17-10-2014 15:27:13 Installed Java 7 Update 71 17-10-2014 22:57:46 Windows Update 17-10-2014 23:38:43 Windows Update 18-10-2014 00:24:25 Removed Java 7 Update 71 18-10-2014 01:14:28 Removed Java 8 Update 25 18-10-2014 01:16:47 Removed Java 8 Update 25 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {06107AA3-B622-4258-98BB-17D3613521AA} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] () Task: {13B9872D-8CA2-41B8-8890-A3C0EAE57C9D} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation) Task: {3BE5DE79-061D-4057-AF11-CC07F68093CB} - System32\Tasks\alaRunAsStdUser Task => C:\a la mode\WinTOTAL\Utils\alaMapiShell.exe [2011-08-26] (a la mode, inc.) Task: {5326CB01-EDCF-46B2-A22E-E3321FFBDE7B} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMHMLMKMJMMJOMPMMJCNMJNJPMPMCNLMHMLMKMCNHMMJMJKJCNOJGMOJJMIMPMKJIMPMLJLJGMJNJICMJMCNOMPMCNNMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMOMPMGMJNHICMCJOJFJAJNIJNBJCMNLGJDJDJPNOLNJNIOJHJOJCJJNKJCMIIJIBNOJNJNIOJHJOJCJPLCJGIJJOJGJNIPIAJGJBJLIBNBJKJLIJNNICMILAJAJIJDJKJJNDJCMKJBJ" Task: {5562CB1D-631D-49AB-BA41-6478E43CC5D9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd) Task: {64D7809F-EFF2-4EBA-A27B-FBB7A9E46BF3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-31] (Google Inc.) Task: {78274CDB-6698-434D-B999-E41C4CD7CD1C} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2011-12-18] (Siber Systems) Task: {82BB0E14-ECCA-4EE6-AA48-4EA10AE00A85} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft) Task: {861D2D21-76F9-45FE-B0BB-2BCDB04B5BDB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {8F9228F1-F562-4F00-A4F9-F1011EA86836} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-31] (Google Inc.) Task: {A09941F5-25E0-484C-A8B9-CFC587365D75} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/uninstall.html?aaa=KICMHMLMKMJMMJOMPMMJCNMJNJPMPMCNLMHMLMKMCNHMMJMJKJCNOJGMOJJMIMPMKJIMPMLJLJGMJNJICMIMCNLMCNNMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMFMOMPMGMJNHICMCJOJFJAJNIJNBJCMNLGJDJDJPNOLNJNIOJHJOJCJJNKJCMIIJIBNOJNJNIOJHJOJCJPLCJGIJJOJGJNIPIAJGJBJLIBNBJKJLIJNNICMILAJAJIJDJKJJNDJCMKJBJ" Task: {A2EFB231-C2CE-40F4-94CA-DC0786090579} - System32\Tasks\a la mode Assistant => C:\Program Files (x86)\a la mode\Sched\eSched.exe [2012-04-02] (a la mode, inc.) Task: {F973D318-A217-48C8-B6B7-D4F218ABF995} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-11-23 23:31 - 2014-05-19 21:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2011-09-03 08:53 - 2008-05-27 19:30 - 00036864 _____ () C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO -viewer-\RawPictureLib.pcp 2011-08-28 23:32 - 2000-10-11 14:39 - 00160096 _____ () C:\Windows\SysWow64\VSSpell6.ocx 2009-02-26 14:46 - 2009-02-26 14:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll 2011-06-22 12:46 - 2011-06-22 12:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll 2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:12DCF8FC AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" MSCONFIG\startupreg: Garmin Lifetime Updater => C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent MSCONFIG\startupreg: The Assistant => C:\Program Files (x86)\a la mode\Sched\eSched.exe /checkuac ========================= Accounts: ========================== Administrator (S-1-5-21-3487073523-2465200460-2132845355-500 - Administrator - Disabled) Guest (S-1-5-21-3487073523-2465200460-2132845355-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-3487073523-2465200460-2132845355-1003 - Limited - Enabled) Valued Customer (S-1-5-21-3487073523-2465200460-2132845355-1000 - Administrator - Enabled) => C:\Users\Valued Customer ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/17/2014 05:39:00 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program jre-7u71-windows-i586-iftw.exe version 7.0.710.14 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 238c Start Time: 01cfe9edcf81b4f1 Termination Time: 6 Application Path: C:\Users\VALUED~1\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe Report Id: 4d52c65b-55e1-11e4-9ec5-002683164295 Error: (10/17/2014 00:11:31 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program jre-7u71-windows-i586-iftw.exe version 7.0.710.14 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 255c Start Time: 01cfe9bcb11ecafd Termination Time: 0 Application Path: C:\Users\VALUED~1\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe Report Id: Error: (10/16/2014 10:07:05 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Phoebe5.exe version 2.0.8.128 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 18b8 Start Time: 01cfe94a5db52295 Termination Time: 4 Application Path: C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO -viewer-\Phoebe5.exe Report Id: a6a0a066-553d-11e4-9ec5-002683164295 Error: (10/12/2014 08:15:17 PM) (Source: Microsoft Office 12) (EventID: 2000) (User: ) Description: Accepted Safe Mode action : Microsoft Office Outlook. Error: (10/10/2014 10:50:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: palemoon.exe, version: 24.4.0.5201, time stamp: 0x5336e410 Faulting module name: palemoon.exe, version: 24.4.0.5201, time stamp: 0x5336e410 Exception code: 0xc0000005 Fault offset: 0x00000000000028ac Faulting process id: 0x2a78 Faulting application start time: 0xpalemoon.exe0 Faulting application path: palemoon.exe1 Faulting module path: palemoon.exe2 Report Id: palemoon.exe3 Error: (10/09/2014 09:25:00 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program alamode.APD.WFA.exe version 2014.1.1.3 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1b34 Start Time: 01cfe4289f92f2a6 Termination Time: 1 Application Path: C:\Users\VALUED~1\AppData\Local\Temp\RarSFX0\alamode.APD.WFA.exe Report Id: 36ba2298-501c-11e4-b2e5-002683164295 Error: (10/07/2014 08:10:30 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: palemoon.exe, version: 24.4.0.5201, time stamp: 0x5336e410 Faulting module name: palemoon.exe, version: 24.4.0.5201, time stamp: 0x5336e410 Exception code: 0xc0000005 Fault offset: 0x00000000000028ac Faulting process id: 0x2408 Faulting application start time: 0xpalemoon.exe0 Faulting application path: palemoon.exe1 Faulting module path: palemoon.exe2 Report Id: palemoon.exe3 Error: (10/06/2014 05:56:36 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program OUTLOOK.EXE version 12.0.6691.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: c48 Start Time: 01cfe14a534487f9 Termination Time: 0 Application Path: C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE Report Id: 0161b716-4d3f-11e4-b214-002683164295 Error: (09/25/2014 07:23:48 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program firefox.exe version 32.0.2.5373 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1944 Start Time: 01cfd90ddbbdeefb Termination Time: 4 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: f59231dd-450a-11e4-b34c-002683164295 Error: (09/25/2014 08:09:01 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: GoogleUpdate.exe, version: 1.3.21.103, time stamp: 0x4f3c6d6c Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7 Exception code: 0xc0000005 Fault offset: 0x000223e0 Faulting process id: 0x1688 Faulting application start time: 0xGoogleUpdate.exe0 Faulting application path: GoogleUpdate.exe1 Faulting module path: GoogleUpdate.exe2 Report Id: GoogleUpdate.exe3 System errors: ============= Error: (10/18/2014 04:37:59 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/18/2014 07:16:56 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (10/18/2014 03:19:54 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 70. The internal error state is 11. Error: (10/17/2014 08:10:21 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/17/2014 01:07:17 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (10/17/2014 11:34:31 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/17/2014 11:23:59 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 70. The internal error state is 11. Error: (10/17/2014 08:01:14 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (10/17/2014 08:01:14 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (10/17/2014 00:01:37 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 70. The internal error state is 11. Microsoft Office Sessions: ========================= Error: (07/03/2013 07:42:41 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 20 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/14/2013 01:12:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 331 seconds with 180 seconds of active time. This session ended with a crash. Error: (01/05/2013 04:01:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 707 seconds with 0 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: Intel® Core i5-2500 CPU @ 3.30GHz Percentage of memory in use: 38% Total physical RAM: 8168.8 MB Available physical RAM: 5049.77 MB Total Pagefile: 16335.77 MB Available Pagefile: 12568.64 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:221.97 GB) NTFS Drive e: (New Volume) (Fixed) (Total:931.51 GB) (Free:497.71 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3F97FB32) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4C3AC04C) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.