Jim Brown

Members

View Profile See their activity

Posts
4
Joined
August 24, 2010
Last visited
November 5, 2014

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by Jim Brown

add to real time monitoring

Jim Brown posted a topic in Malwarebytes for Windows

Just had a client infected with CryptoWall 2.0. While discussing with a colleague it came up that it would be nice if you could monitor for processes that start generating and then deleting all the files in a folder. Perhaps something the real time scanning could look for.
- November 5, 2014
- 1 reply
Malicious website blocked

Jim Brown replied to Jim Brown's topic in Resolved Malware Removal Logs

She is having me reload the system. Thank you
Malicious website blocked

Jim Brown replied to Jim Brown's topic in Resolved Malware Removal Logs

OK, I will contact the owner.
Malicious website blocked

Jim Brown posted a topic in Resolved Malware Removal Logs

Working on a friends system which is infected. I installed MalwareBytes and ran several full scans. It found and cleaned up a number of things. However the realtime web protection is still popping up with multiple outgoing attempts. The process is: c:\windows\syswow64\dllhost.exe and the IP addresses include: 95.215.1.57 ; 31.184.192.90; 66.45.56.109 Here are the FarBar results, I will attach as files as well; I will leave the system alone for now. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014 Ran by jalockma (administrator) on ACERLAPTOP on 17-10-2014 11:20:24 Running from C:\Users\jalockma\Desktop\Jbrown Recovery Loaded Profile: jalockma (Available profiles: jalockma) Platform: Windows 8 (X64) OS Language: English (United States) Internet Explorer Version 10 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Dritek System INC.) C:\Windows\RfBtnSvc64.exe (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (McAfee, Inc.) C:\Program Files\mcafee\msm\McSmtFwk.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (McAfee, Inc.) C:\Program Files\mcafee\virusscan\McVsShld.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\Core\mchost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-20] (ELAN Microelectronics Corp.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor) HKLM\...\Run: [btPreLoad] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe [64640 2013-01-28] () HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.) HKLM-x32\...\Run: [LManager] => [X] HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation) HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1942424 2014-09-22] (APN) HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Qualcomm Atheros Commnucations)) HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-19\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-2604008792-1424924497-987845697-1001\...\Run: [spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1193176 2013-01-26] () HKU\S-1-5-21-2604008792-1424924497-987845697-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2604008792-1424924497-987845697-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! HKU\S-1-5-18\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\jalockma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) SearchScopes: HKLM - DefaultScope {27B34BBB-E4E0-4349-8F67-C6821D16BFBB} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM - {27B34BBB-E4E0-4349-8F67-C6821D16BFBB} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM-x32 - DefaultScope {27B34BBB-E4E0-4349-8F67-C6821D16BFBB} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM-x32 - {27B34BBB-E4E0-4349-8F67-C6821D16BFBB} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKCU - DefaultScope {27B34BBB-E4E0-4349-8F67-C6821D16BFBB} URL = SearchScopes: HKCU - {27B34BBB-E4E0-4349-8F67-C6821D16BFBB} URL = BHO: Ask Toolbar -> {4F524A2D-5637-006A-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport_x64.dll (APN LLC.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) BHO-x32: Ask Toolbar -> {4F524A2D-5637-006A-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll (APN LLC.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM - Ask Toolbar - {4F524A2D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport_x64.dll (APN LLC.) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - Ask Toolbar - {4F524A2D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll (APN LLC.) Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) FireFox: ======== FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll No File FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-12-20] FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-04-30] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-12-20] Chrome: ======= CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-11] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-11] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-09-22] (APN LLC.) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-26] (Acer Incorporated) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated) S3 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2012-11-20] (ELAN Microelectronics Corp.) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.) S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.) R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation) S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation) R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2013-01-26] (Dritek System INC.) S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation) S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation) R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-17] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.) R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.) S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.) R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-01-26] (Dritek System Inc.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-17 11:20 - 2014-10-17 11:20 - 00000000 ____D () C:\FRST 2014-10-17 11:19 - 2014-10-17 11:20 - 00000000 ____D () C:\Users\jalockma\Desktop\Jbrown Recovery 2014-10-17 07:58 - 2014-10-17 07:59 - 00002186 _____ () C:\Users\jalockma\Desktop\Rkill.txt 2014-10-17 07:56 - 2014-10-17 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-10-17 07:55 - 2014-10-17 07:59 - 00000000 ____D () C:\temp 2014-10-16 14:54 - 2014-10-17 08:01 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-16 14:54 - 2014-10-16 14:54 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-16 14:54 - 2014-10-16 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-16 14:53 - 2014-10-16 14:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-16 14:53 - 2014-10-16 14:53 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-16 14:53 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-16 14:53 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-16 14:53 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-12 22:12 - 2014-10-16 16:16 - 00000000 ____D () C:\Users\jalockma\AppData\Roaming\Lekuaxuc 2014-10-12 22:12 - 2014-10-16 16:13 - 00000000 ____D () C:\Users\jalockma\AppData\Roaming\Isaholy 2014-10-12 22:11 - 2014-10-12 22:11 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage 2014-10-07 21:57 - 2014-10-07 21:57 - 00008224 _____ () C:\Users\jalockma\DECRYPT_INSTRUCTION.HTML 2014-10-07 21:57 - 2014-10-07 21:57 - 00004156 _____ () C:\Users\jalockma\DECRYPT_INSTRUCTION.TXT 2014-10-07 21:57 - 2014-10-07 21:57 - 00000276 _____ () C:\Users\jalockma\DECRYPT_INSTRUCTION.URL 2014-10-07 21:33 - 2014-10-07 21:33 - 00008224 _____ () C:\Users\jalockma\Downloads\DECRYPT_INSTRUCTION.HTML 2014-10-07 21:33 - 2014-10-07 21:33 - 00008224 _____ () C:\Users\jalockma\Documents\DECRYPT_INSTRUCTION.HTML 2014-10-07 21:33 - 2014-10-07 21:33 - 00004156 _____ () C:\Users\jalockma\Downloads\DECRYPT_INSTRUCTION.TXT 2014-10-07 21:33 - 2014-10-07 21:33 - 00004156 _____ () C:\Users\jalockma\Documents\DECRYPT_INSTRUCTION.TXT 2014-10-07 21:33 - 2014-10-07 21:33 - 00000276 _____ () C:\Users\jalockma\Downloads\DECRYPT_INSTRUCTION.URL 2014-10-07 21:33 - 2014-10-07 21:33 - 00000276 _____ () C:\Users\jalockma\Documents\DECRYPT_INSTRUCTION.URL 2014-10-07 21:29 - 2014-10-07 21:29 - 00008224 _____ () C:\Users\jalockma\AppData\Roaming\DECRYPT_INSTRUCTION.HTML 2014-10-07 21:29 - 2014-10-07 21:29 - 00008224 _____ () C:\Users\jalockma\AppData\Local\DECRYPT_INSTRUCTION.HTML 2014-10-07 21:29 - 2014-10-07 21:29 - 00008224 _____ () C:\Users\jalockma\AppData\DECRYPT_INSTRUCTION.HTML 2014-10-07 21:29 - 2014-10-07 21:29 - 00004156 _____ () C:\Users\jalockma\AppData\Roaming\DECRYPT_INSTRUCTION.TXT 2014-10-07 21:29 - 2014-10-07 21:29 - 00004156 _____ () C:\Users\jalockma\AppData\Local\DECRYPT_INSTRUCTION.TXT 2014-10-07 21:29 - 2014-10-07 21:29 - 00004156 _____ () C:\Users\jalockma\AppData\DECRYPT_INSTRUCTION.TXT 2014-10-07 21:29 - 2014-10-07 21:29 - 00000276 _____ () C:\Users\jalockma\AppData\Roaming\DECRYPT_INSTRUCTION.URL 2014-10-07 21:29 - 2014-10-07 21:29 - 00000276 _____ () C:\Users\jalockma\AppData\Local\DECRYPT_INSTRUCTION.URL 2014-10-07 21:29 - 2014-10-07 21:29 - 00000276 _____ () C:\Users\jalockma\AppData\DECRYPT_INSTRUCTION.URL 2014-10-07 21:26 - 2014-10-07 21:26 - 00008224 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML 2014-10-07 21:26 - 2014-10-07 21:26 - 00004156 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT 2014-10-07 21:26 - 2014-10-07 21:26 - 00000276 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL 2014-09-25 18:14 - 2014-10-07 21:30 - 00000000 ____D () C:\Users\jalockma\Documents\Gardening and Growing 2014-09-25 18:12 - 2014-10-07 21:29 - 00000000 ____D () C:\Users\jalockma\Documents\Bishop McCarthy 2014-09-25 18:08 - 2014-10-07 21:33 - 00000000 ____D () C:\Users\jalockma\Documents\NJ FamilyCare Info ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-17 10:26 - 2014-04-08 21:26 - 00000941 _____ () C:\Windows\Tasks\EPSON XP-310 Series Update {901D3D34-B261-4978-B173-D1F87C7D7DE3}.job 2014-10-17 10:26 - 2014-04-08 21:26 - 00000755 _____ () C:\Windows\Tasks\EPSON XP-310 Series Invitation {901D3D34-B261-4978-B173-D1F87C7D7DE3}.job 2014-10-17 10:00 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru 2014-10-17 08:28 - 2013-04-02 06:02 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2604008792-1424924497-987845697-1001 2014-10-17 07:56 - 2012-12-20 06:30 - 00001848 _____ () C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk 2014-10-17 07:55 - 2013-01-26 09:56 - 01244872 _____ () C:\Windows\WindowsUpdate.log 2014-10-17 07:48 - 2013-05-06 14:38 - 00000000 ____D () C:\Users\jalockma\AppData\Local\CrashDumps 2014-10-16 22:28 - 2012-12-20 05:31 - 00098780 _____ () C:\Windows\PFRO.log 2014-10-16 22:28 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\PLA 2014-10-16 22:28 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-16 22:28 - 2012-07-26 01:26 - 00524288 ___SH () C:\Windows\system32\config\BBI 2014-10-16 20:36 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\rescache 2014-10-16 17:43 - 2013-04-05 11:43 - 00001607 _____ () C:\Users\jalockma\Desktop\ACERLAPTOP - Shortcut.lnk 2014-10-16 17:27 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-10-16 16:16 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\schemas 2014-10-16 15:31 - 2012-12-20 06:28 - 00000000 ____D () C:\Program Files (x86)\McAfee 2014-10-16 15:31 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-10-16 15:19 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\Performance 2014-10-16 15:17 - 2012-07-25 22:16 - 00000000 __SHD () C:\Users\jalockma\AppData\Roaming\chwhhwdd 2014-10-16 14:54 - 2012-07-26 03:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-16 14:53 - 2012-07-26 03:21 - 00028847 _____ () C:\Windows\setupact.log 2014-10-12 21:55 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\NDF 2014-10-12 12:43 - 2014-01-13 15:03 - 00007602 _____ () C:\Users\jalockma\AppData\Local\resmon.resmoncfg 2014-10-08 13:30 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-10-08 13:29 - 2013-04-02 05:55 - 00000000 ____D () C:\Users\jalockma\AppData\Local\Packages 2014-10-08 13:28 - 2013-04-02 09:11 - 00000000 ____D () C:\Users\jalockma\AppData\Local\clear.fi 2014-10-07 21:57 - 2013-04-02 05:55 - 00000000 ____D () C:\Users\jalockma 2014-10-07 21:33 - 2014-04-30 13:40 - 00000000 ____D () C:\Users\jalockma\Documents\Recipes 2014-10-07 21:33 - 2013-12-01 11:21 - 00000000 ____D () C:\Users\jalockma\Documents\NJ Unemployment Claim 2014-10-07 21:33 - 2013-09-17 15:06 - 00000000 ____D () C:\Users\jalockma\Documents\Obamacare Info 2014-10-07 21:33 - 2013-04-12 11:10 - 00000000 ____D () C:\Users\jalockma\Documents\PA Unemployment Claim 2014-10-07 21:33 - 2013-04-11 22:56 - 00000000 ____D () C:\Users\jalockma\Documents\Phonebook 2014-10-07 21:33 - 2013-04-11 22:56 - 00000000 ____D () C:\Users\jalockma\Documents\Performance Objectives and Committments 2014-10-07 21:32 - 2013-04-11 22:56 - 00000000 ____D () C:\Users\jalockma\Documents\My Stuff 2014-10-07 21:32 - 2013-04-11 22:56 - 00000000 ____D () C:\Users\jalockma\Documents\Lockheed 2014-10-07 21:31 - 2014-06-12 17:27 - 00000000 ____D () C:\Users\jalockma\Documents\Jokes 2014-10-07 21:31 - 2013-04-11 22:54 - 00000000 ____D () C:\Users\jalockma\Documents\Keepers 2014-10-07 21:31 - 2013-04-11 22:54 - 00000000 ____D () C:\Users\jalockma\Documents\Jobs 2014-10-07 21:31 - 2013-04-11 22:54 - 00000000 ____D () C:\Users\jalockma\Documents\Investing 2014-10-07 21:30 - 2013-05-17 19:54 - 00000000 ____D () C:\Users\jalockma\Documents\ED2Go Course Plants for Fun N Profit 2014-10-07 21:30 - 2013-04-11 22:54 - 00000000 ____D () C:\Users\jalockma\Documents\Income Taxes 2014-10-07 21:29 - 2013-09-17 15:10 - 00000000 ____D () C:\Users\jalockma\Documents\Computer Info 2014-10-07 21:29 - 2013-06-06 11:12 - 00000000 ____D () C:\Users\jalockma\Documents\COBRA Conexis 2014-10-07 21:29 - 2013-04-02 05:56 - 00000000 ____D () C:\Users\jalockma\AppData\Roaming\Adobe 2014-10-07 21:26 - 2013-04-09 00:05 - 00000000 ____D () C:\ProgramData\PopCap Games 2014-10-07 21:26 - 2013-01-26 10:30 - 00000000 ____D () C:\ProgramData\Symantec 2014-10-06 14:00 - 2013-05-16 14:21 - 00000000 ____D () C:\Users\jalockma\AppData\Roaming\Spotify 2014-10-06 13:28 - 2012-12-20 06:25 - 00000000 ____D () C:\ProgramData\WildTangent 2014-10-06 13:28 - 2012-12-20 06:25 - 00000000 ____D () C:\Program Files (x86)\WildGames 2014-09-25 18:28 - 2013-04-02 20:45 - 00000000 ____D () C:\Users\jalockma\Documents\Bluetooth Folder ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-06 12:51 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2014 Ran by jalockma at 2014-10-17 11:21:13 Running from C:\Users\jalockma\Desktop\Jbrown Recovery Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) clear.fi SDK - Video 2 (x32 Version: 2.1.2128 - CyberLink Corp.) Hidden clear.fi SDK- Movie 2 (x32 Version: 2.1.2112 - CyberLink Corp.) Hidden Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation) Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated) Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3011 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3012 - Acer Incorporated) AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3125 - Acer Incorporated) AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3204 - Acer Incorporated) Adobe Reader XI (11.0.05) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.) Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-006A-76A7-A758B70C1101}) (Version: 12.17.1.75 - APN, LLC) <==== ATTENTION Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden Bejeweled 2 Deluxe (HKLM-x32\...\Bejeweled 2 Deluxe) (Version: - PopCap Games) Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3112 - Acer Incorporated) clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3109 - Acer Incorporated) CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.) CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3318_45364 - CyberLink Corp.) Hidden Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2433A103-9EC3-49EA-9AD1-58A35F27EE56}) (Version: - Microsoft) Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc) eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM) EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.6.3.0 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{2970697F-2A11-4588-8B7F-97322D1CCF3C}) (Version: 3.10.0017 - Seiko Epson Corporation) Epson E-Web Print (HKLM-x32\...\{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}) (Version: 1.19.0000 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION) ETDWare PS/2-X64 11.6.16.003_WHQL (HKLM\...\Elantech) (Version: 11.6.16.003 - ELAN Microelectronic Corp.) Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation) Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Acer Inc.) Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3006 - Acer Incorporated) LTCM Client (HKLM-x32\...\{B38E9B55-7136-4E66-A084-320512FF3F6F}) (Version: 1.20.3792 - Leader Technologies Inc) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) McAfee Internet Security Suite (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.) McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.143 - McAfee, Inc.) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft) Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r - Symantec Corporation) Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9014 - NTI Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.9014 - NTI Corporation) Hidden Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3202 - Acer) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications) Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Qualcomm Atheros Communications Inc.) Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28124 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION) Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{97C39B81-3054-4AB4-B11D-A656DE619982}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{150A0FF0-AF69-4132-BD93-1E34F63FC8A3}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{C633216E-FF30-45B6-B2AB-21922A9353EF}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{24BD08F8-FF6E-4DD8-BE49-3659AE78A819}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{47894754-0FEC-4920-9A65-6C1E732587AC}) (Version: - Microsoft) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version: - Microsoft) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{190EC86F-5867-4D7A-B9F3-D14D82C26F3D}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent) WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2604008792-1424924497-987845697-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? ==================== Restore Points ========================= 25-09-2014 00:23:43 Scheduled Checkpoint 06-10-2014 01:25:19 Scheduled Checkpoint 08-10-2014 14:09:56 Restore Operation 08-10-2014 20:17:22 before dllrepair 16-10-2014 18:44:31 Scheduled Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {08FB183D-EA25-418D-9C44-B3C88CB231CD} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-22] () Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {1CA5824F-E16C-4217-9D91-9EB83FC6C33D} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-11] (Egis Technology Inc.) Task: {20B1DCDB-6B19-4FFF-B643-CCAB878B672E} - System32\Tasks\EPSON XP-310 Series Update {901D3D34-B261-4978-B173-D1F87C7D7DE3} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION) Task: {22CF35EA-EB57-4E66-90C9-5DEA2818D506} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-10-23] (Acer Incorporated) Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {3605355B-5E7F-4866-B77F-145975D92514} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-11-06] () Task: {4C3770B4-6FBD-4A9F-AA90-2A2F43948E15} - System32\Tasks\EPSON XP-310 Series Invitation {901D3D34-B261-4978-B173-D1F87C7D7DE3} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION) Task: {50350250-5281-4567-9FAA-ED2C60157088} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation) Task: {6F383F9A-7EB9-430E-9E58-1EA32C90E00F} - System32\Tasks\Leader Technologies\LTCM Client\New Message Check - jalockma => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2011-04-07] (Leader Technologies Inc.) Task: {80991203-C778-4A39-B0ED-A50B2C3B75D2} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] () Task: {97A9A43C-E344-45D4-876D-D2BD5F4D9CB6} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-19] (CyberLink) Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {C3D4C166-5A10-466B-B24D-212915BA7263} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-22] () Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {E9727A2B-0E3C-4782-B4F4-3E448FA9A8C0} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-11] (Egis Technology Inc.) Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: C:\Windows\Tasks\EPSON XP-310 Series Invitation {901D3D34-B261-4978-B173-D1F87C7D7DE3}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE Task: C:\Windows\Tasks\EPSON XP-310 Series Update {901D3D34-B261-4978-B173-D1F87C7D7DE3}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE ==================== Loaded Modules (whitelisted) ============= 2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2012-06-21 22:12 - 2012-06-21 22:12 - 01407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll 2014-04-16 23:31 - 2014-04-16 23:32 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll 2012-08-22 19:04 - 2012-08-22 19:04 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe 2012-08-22 19:04 - 2012-08-22 19:04 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe 2012-11-02 20:38 - 2012-11-02 20:38 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll 2012-11-02 20:37 - 2012-11-02 20:37 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll 2012-11-02 20:38 - 2012-11-02 20:38 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll 2012-11-02 20:37 - 2012-11-02 20:37 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll 2012-11-02 20:37 - 2012-11-02 20:37 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll 2012-11-02 20:37 - 2012-11-02 20:37 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll 2012-11-02 20:37 - 2012-11-02 20:37 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll 2013-01-26 10:00 - 2012-06-24 22:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll 2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk" HKLM\...\StartupApproved\Run: => "BtPreLoad" HKLM\...\StartupApproved\Run: => "ETDCtrl" HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby" HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run: => "RtHDVCpl" HKLM\...\StartupApproved\Run: => "TelevisionFanatic Home Page Guard 64 bit" HKLM\...\StartupApproved\Run32: => "Dolby Home Theater v4" HKLM\...\StartupApproved\Run32: => "Norton Online Backup" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "BCSSync" HKLM\...\StartupApproved\Run32: => "ApnTBMon" HKLM\...\StartupApproved\Run32: => "mcpltui_exe" HKLM\...\StartupApproved\Run32: => "EEventManager" HKLM\...\StartupApproved\Run32: => "LTCM Client" HKLM\...\StartupApproved\Run32: => "TelevisionFanatic Browser Plugin Loader 64" HKLM\...\StartupApproved\Run32: => "TelevisionFanatic Browser Plugin Loader" HKLM\...\StartupApproved\Run32: => "TelevisionFanatic Search Scope Monitor" HKLM\...\StartupApproved\Run32: => "TelevisionFanatic EPM Support" HKCU\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk" HKCU\...\StartupApproved\Run: => "Spotify Web Helper" HKCU\...\StartupApproved\Run: => "EPLTarget\P0000000000000000" HKCU\...\StartupApproved\Run: => "AppDataLow" ========================= Accounts: ========================== Administrator (S-1-5-21-2604008792-1424924497-987845697-500 - Administrator - Disabled) Guest (S-1-5-21-2604008792-1424924497-987845697-501 - Limited - Disabled) jalockma (S-1-5-21-2604008792-1424924497-987845697-1001 - Administrator - Enabled) => C:\Users\jalockma ==================== Faulty Device Manager Devices ============= Name: Bluetooth USB Module Description: Bluetooth USB Module Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Qualcomm Atheros Communications Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (10/17/2014 11:09:44 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: BtvStack.exe, version: 8.0.0.220, time stamp: 0x51061e13 Faulting module name: audio.dll, version: 8.0.0.220, time stamp: 0x51061de7 Exception code: 0xc0000005 Fault offset: 0x000000000001aed8 Faulting process id: 0x2278 Faulting application start time: 0xBtvStack.exe0 Faulting application path: BtvStack.exe1 Faulting module path: BtvStack.exe2 Report Id: BtvStack.exe3 Faulting package full name: BtvStack.exe4 Faulting package-relative application ID: BtvStack.exe5 Error: (10/17/2014 07:48:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AcerLaptop) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (10/17/2014 07:47:06 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.16688, time stamp: 0x5010888a Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e Exception code: 0xc0000005 Fault offset: 0x000618d0 Faulting process id: 0xf50 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Faulting package full name: iexplore.exe4 Faulting package-relative application ID: iexplore.exe5 Error: (10/17/2014 07:46:03 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.16688, time stamp: 0x5010888a Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e Exception code: 0xc0000005 Fault offset: 0x000618d0 Faulting process id: 0x24c8 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Faulting package full name: iexplore.exe4 Faulting package-relative application ID: iexplore.exe5 Error: (10/17/2014 07:43:06 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.16688, time stamp: 0x5010888a Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e Exception code: 0xc0000005 Fault offset: 0x000618d0 Faulting process id: 0x2b98 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Faulting package full name: iexplore.exe4 Faulting package-relative application ID: iexplore.exe5 Error: (10/17/2014 07:42:48 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.16688, time stamp: 0x5010888a Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e Exception code: 0xc0000005 Fault offset: 0x000618d0 Faulting process id: 0x26a8 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Faulting package full name: iexplore.exe4 Faulting package-relative application ID: iexplore.exe5 Error: (10/17/2014 07:29:07 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: BtvStack.exe, version: 8.0.0.220, time stamp: 0x51061e13 Faulting module name: audio.dll, version: 8.0.0.220, time stamp: 0x51061de7 Exception code: 0xc0000005 Fault offset: 0x000000000001aed8 Faulting process id: 0x464 Faulting application start time: 0xBtvStack.exe0 Faulting application path: BtvStack.exe1 Faulting module path: BtvStack.exe2 Report Id: BtvStack.exe3 Faulting package full name: BtvStack.exe4 Faulting package-relative application ID: BtvStack.exe5 Error: (10/16/2014 10:30:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: BtvStack.exe, version: 8.0.0.220, time stamp: 0x51061e13 Faulting module name: audio.dll, version: 8.0.0.220, time stamp: 0x51061de7 Exception code: 0xc0000005 Fault offset: 0x000000000001aed8 Faulting process id: 0x10dc Faulting application start time: 0xBtvStack.exe0 Faulting application path: BtvStack.exe1 Faulting module path: BtvStack.exe2 Report Id: BtvStack.exe3 Faulting package full name: BtvStack.exe4 Faulting package-relative application ID: BtvStack.exe5 Error: (10/16/2014 05:39:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.16688, time stamp: 0x5010888a Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e Exception code: 0xc0000005 Fault offset: 0x000618d0 Faulting process id: 0x21a4 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Faulting package full name: iexplore.exe4 Faulting package-relative application ID: iexplore.exe5 Error: (10/16/2014 05:36:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.16688, time stamp: 0x5010888a Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e Exception code: 0xc0000005 Fault offset: 0x000618d0 Faulting process id: 0x2108 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Faulting package full name: iexplore.exe4 Faulting package-relative application ID: iexplore.exe5 System errors: ============= Error: (10/17/2014 11:21:28 AM) (Source: DCOM) (EventID: 10010) (User: AcerLaptop) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/17/2014 11:20:57 AM) (Source: DCOM) (EventID: 10010) (User: AcerLaptop) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/17/2014 11:20:08 AM) (Source: DCOM) (EventID: 10010) (User: AcerLaptop) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/17/2014 11:19:15 AM) (Source: DCOM) (EventID: 10010) (User: AcerLaptop) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/17/2014 11:18:43 AM) (Source: DCOM) (EventID: 10010) (User: AcerLaptop) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/17/2014 08:00:20 AM) (Source: DCOM) (EventID: 10010) (User: AcerLaptop) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/17/2014 07:59:48 AM) (Source: DCOM) (EventID: 10010) (User: AcerLaptop) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/17/2014 07:59:17 AM) (Source: DCOM) (EventID: 10010) (User: AcerLaptop) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/17/2014 07:58:45 AM) (Source: DCOM) (EventID: 10010) (User: AcerLaptop) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/17/2014 07:58:14 AM) (Source: DCOM) (EventID: 10010) (User: AcerLaptop) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Microsoft Office Sessions: ========================= Error: (10/17/2014 11:09:44 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: BtvStack.exe8.0.0.22051061e13audio.dll8.0.0.22051061de7c0000005000000000001aed8227801cfea0111472afaC:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exeC:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Audio\audio.dll9fb7403f-560f-11e4-be8b-7054d2a67f49 Error: (10/17/2014 07:48:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AcerLaptop) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141 Error: (10/17/2014 07:47:06 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe10.0.9200.166885010888antdll.dll6.2.9200.16578515fac6ec0000005000618d0f5001cfea0009b7be32C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll5136fee4-55f3-11e4-be8b-7054d2a67f49 Error: (10/17/2014 07:46:03 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe10.0.9200.166885010888antdll.dll6.2.9200.16578515fac6ec0000005000618d024c801cfe9ffe206b2a0C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll2bcb3da0-55f3-11e4-be8b-7054d2a67f49 Error: (10/17/2014 07:43:06 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe10.0.9200.166885010888antdll.dll6.2.9200.16578515fac6ec0000005000618d02b9801cfe9ff7a2e6911C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dllc211d3df-55f2-11e4-be8b-7054d2a67f49 Error: (10/17/2014 07:42:48 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe10.0.9200.166885010888antdll.dll6.2.9200.16578515fac6ec0000005000618d026a801cfe9ff6fe8c9a5C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dllb78f9631-55f2-11e4-be8b-7054d2a67f49 Error: (10/17/2014 07:29:07 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: BtvStack.exe8.0.0.22051061e13audio.dll8.0.0.22051061de7c0000005000000000001aed846401cfe9fd854ef786C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exeC:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Audio\audio.dllcdda008b-55f0-11e4-be8b-7054d2a67f49 Error: (10/16/2014 10:30:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: BtvStack.exe8.0.0.22051061e13audio.dll8.0.0.22051061de7c0000005000000000001aed810dc01cfe9b231253886C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exeC:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Audio\audio.dll8292bb1b-55a5-11e4-be8b-7054d2a67f49 Error: (10/16/2014 05:39:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe10.0.9200.166885010888antdll.dll6.2.9200.16578515fac6ec0000005000618d021a401cfe98993161676C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dlld85da38f-557c-11e4-be8a-2016d8aa05dc Error: (10/16/2014 05:36:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe10.0.9200.166885010888antdll.dll6.2.9200.16578515fac6ec0000005000618d0210801cfe988f85dca86C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll6c17933e-557c-11e4-be8a-2016d8aa05dc CodeIntegrity Errors: =================================== Date: 2014-03-14 17:09:42.065 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\WindowsApps\TuneIn.TuneInRadio_1.0.1.587_neutral__6bhtb546zcxnj\TuneIn.exe) attempted to load \Device\HarddiskVolume4\Program Files\WindowsApps\TuneIn.TuneInRadio_1.0.1.587_neutral__6bhtb546zcxnj\Funq.dll with signing level Unsigned while the system requires signing level 6 or better to load. ==================== Memory info =========================== Processor: Intel® Pentium® CPU B960 @ 2.20GHz Percentage of memory in use: 47% Total physical RAM: 3912.27 MB Available physical RAM: 2065.02 MB Total Pagefile: 15688.27 MB Available Pagefile: 13693.68 MB Total Virtual: 8192 MB Available Virtual: 8191.78 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:447.95 GB) (Free:379.01 GB) NTFS Drive e: () (Removable) (Total:3.72 GB) (Free:1.79 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: F46FED94) Partition: GPT Partition Type. ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: A2ABA2AB) Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B) ==================== End Of Log ============================ FRST.txt Addition.txt

Sign In

Jim Brown

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by Jim Brown

add to real time monitoring

Malicious website blocked

Malicious website blocked

Malicious website blocked

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information