Jump to content

Search the Community

Showing results for tags 'possible virus'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 12 results

  1. Malwarebytes detected phishing incidences identifying svchost and a website domain. See incident reports. Malwarebytes blocked my chrome browser from any website. Setting "ALLOW" c:/windows/system32/svchost enabled Chrome to work after a reboot. This has not happened before so I wanted to make sure nothing was infected or corrupted. The only new website I was accessing at that time was https://www.youtube.com/watch?v=Nm2yxwwd4mc . Please advise. Thank you . - Brad Incident 8.52 am 2.10.20.txt Incident 8.56 am 2.10.20.txt Incident 8.59 am 2.10.20.txt Incident 9.02 am 2.10.20.txt Incident 9.06 am 2.10.20.txt Incident 10.09 am 2.10.20.txt Incident 10.19 am 2.10.20.txt Addition.txt FRST.txt
  2. I was doing a scan today and I found 3 files labled trojan.malpack on my Pc in folders that they shouldn't be in such as Steam and Wallpaper engine and also Spotify. Is this a false positive or a virus hiding itself away inside of secure folders? Also, how could have I gotton this possible malware? I haven't visited any malicious sites or downloaded unsafe programs. I've only installed stuff that is proven by many people as safe and not just the website. Anybody else experiencing this problem?
  3. Hello, Recently i've had my DLL = (Dllhost.exe *32 Surrogate) Behave Strangely, Though it was only one instance of DLL, It was eating up to 130,000KB (so i closed it). When looking at processes from all users in the taskmanager I can only spot 2 instances of DLL running one from "SERVICE" and the other from "LOCAL SERVICE" (Both running at around 500KB) Both file locations lead here "C:\Windows\SysWOW64\dllhost.exe" Is this normal behavior or might this be a virus?? Ps: Pardon my english.
  4. Hello! My computer has been acting very unusual lately. I am a malwarebytes premium user. My computer has been very sluggish, especially when running browsers. It is the most sluggish if running IE. The computer runs better but not perfect while in safe mode. I first noticed a problem while updating Java. It normally removes old version, but didn't this time, so I tried to uninstall it myself through control panel. I restarted the system, only to find the changes had been reverted. I then scanned with several different programs (logs attached, but unable to find malwarebytes scan, which showed system was clean). Other than cookies, suspected pup and "wecarereminder", it didn't seem as though anything serious was found. While scanning with Rogue Killer Premium, it reported about 8 hook.IEAT's, so I posted my results there only to be told they were legitimate. I attempted to uninstall MSE because I wanted to use malwarebytes as my primary antivirus, but after system restart, it was right back on the system as though I did nothing. I have tried to access system restore, installed windows updates, but am unable to, and am only shown some of the results in safe mode. While in regular boot mode, it hangs, then windows explorer closes. Can someone take a look at my logs and advise if there is a problem or not, and if clean up is needed, please assist with that? Thank you so much in advance! Addition.txt FRST.txt HitmanPro_20160308_2242.log rkscan8mar16txtscanresults.txt emisoft scan_160302-030509.txt trend micro scan results.txt
  5. Thanks for taking the time to help if you can. I have odd behavior going on with laptop. I just ran a scan with rootkit enabled from Malwarebytes Premium - clean. Unknown USB Device - uninstalled then after reboot it reinstalled to an uknown device again. After I submit post, I will do a clean boot. New device Microsoft Virtual Wifi miniport - not sure how this became enabled, I didn't do it manually. Virus scans always come back clean. Odd behavior with MSE. - possible conflict with Comodo - uninstalled Comodo today to elminate potential conflict. Downloads always fail and it sometimes gives me an error, says to possibly download to a different folder. Network - The virtual device is alarming - I have too much network traffic to understand what to look for exactly. I tried with various types of network viewers I downloaded. There are more, too many little things to list. Thanks again. Here are the FRST logs- one attached Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Robyn (administrator) on MURPHYSLAW on 26-03-2015 13:54:05 Running from C:\Users\Robyn\Desktop Loaded Profiles: Robyn (Available profiles: Robyn) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (AMD) C:\Windows\System32\atieclxx.exe (Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Secure Backup) C:\Program Files (x86)\Malwarebytes Secure Backup\SAgent.Service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Secure Backup\mbsbscan.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Acresso Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHRA.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\GROOVE.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Malwarebytes Secure Backup) C:\Program Files (x86)\Malwarebytes Secure Backup\SMessaging.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-18] (IDT, Inc.) HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-01-20] () HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [sOSUAUI] => C:\Program Files (x86)\Malwarebytes Secure Backup\sosuploadagent.exe [55704 2014-03-19] (Malwarebytes Secure Backup) HKLM-x32\...\Run: [sMessaging] => C:\Program Files (x86)\Malwarebytes Secure Backup\SMessaging.exe [65432 2014-03-19] (Malwarebytes Secure Backup) HKLM-x32\...\Run: [AccountCreatorRunner] => C:\Program Files (x86)\Malwarebytes Secure Backup\AccountCreatorRunner.exe [22424 2014-03-19] (Malwarebytes Secure Backup) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2015-03-23] (Malwarebytes Corporation) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.) HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe, Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3842994564-1242609139-1069319864-1000\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] () HKU\S-1-5-21-3842994564-1242609139-1069319864-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-06-16] (Hewlett-Packard Company) HKU\S-1-5-21-3842994564-1242609139-1069319864-1000\...\Run: [iSUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [210208 2008-10-20] (Acresso Corporation) HKU\S-1-5-21-3842994564-1242609139-1069319864-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHRA.EXE [283232 2015-03-16] (SEIKO EPSON CORPORATION) HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-02-05] (Microsoft Corporation) Lsa: [Notification Packages] DPPassFilter scecli Startup: C:\Users\Robyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files\Microsoft Office\Office15\GROOVE.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3842994564-1242609139-1069319864-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 HKU\S-1-5-21-3842994564-1242609139-1069319864-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1 HKU\S-1-5-21-3842994564-1242609139-1069319864-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKU\S-1-5-21-3842994564-1242609139-1069319864-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie SearchScopes: HKLM -> {5733D657-0093-4CC2-9116-CA425A3B9D1A} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM -> {B5248551-79D9-4A21-8BE9-FFD70CA7C9DD} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM -> {C21E569B-CF91-447C-9258-A00FCC83693C} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {5733D657-0093-4CC2-9116-CA425A3B9D1A} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 -> {B5248551-79D9-4A21-8BE9-FFD70CA7C9DD} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> {C21E569B-CF91-447C-9258-A00FCC83693C} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3842994564-1242609139-1069319864-1000 -> {5733D657-0093-4CC2-9116-CA425A3B9D1A} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKU\S-1-5-21-3842994564-1242609139-1069319864-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear SearchScopes: HKU\S-1-5-21-3842994564-1242609139-1069319864-1000 -> {B5248551-79D9-4A21-8BE9-FFD70CA7C9DD} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-3842994564-1242609139-1069319864-1000 -> {C21E569B-CF91-447C-9258-A00FCC83693C} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-06] (Oracle Corporation) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-01-29] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-06] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-3842994564-1242609139-1069319864-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{44AAF06D-6740-4FC0-9854-950C5C644A8F}: [NameServer] 208.67.220.220,208.67.222.222 FireFox: ======== FF ProfilePath: C:\Users\Robyn\AppData\Roaming\Mozilla\Firefox\Profiles\eo9lte4i.default-1426013463365 FF DefaultSearchEngine.US: Google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-18] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-18] () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-06] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-06] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-15] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation) FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-21] (RocketLife, LLP) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-05-08] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-11-15] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.) FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2014-02-06] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-09-14] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird Chrome: ======= CHR Profile: C:\Users\Robyn\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Robyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-02-25] CHR Extension: (Google Wallet) - C:\Users\Robyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-06] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 CLKMSVC10_C6F09094; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [245232 2010-06-30] (CyberLink) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company) R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-06-16] (Hewlett-Packard Company) [File not signed] R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2015-03-23] (Malwarebytes Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-25] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-25] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed] R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed] R2 sagentservice; C:\Program Files (x86)\Malwarebytes Secure Backup\SAgent.Service.exe [41880 2014-03-19] (Malwarebytes Secure Backup) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36608 2013-12-11] (Advanced Micro Devices, Inc.) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-03-23] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-25] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-26] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-25] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation) R4 RapportCerberus_80128; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80128.sys [844440 2015-02-24] (IBM Corp.) R4 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-26 13:54 - 2015-03-26 13:55 - 00022688 _____ () C:\Users\Robyn\Desktop\FRST.txt 2015-03-26 13:53 - 2015-03-26 13:53 - 02095616 _____ (Farbar) C:\Users\Robyn\Downloads\FRST64.exe 2015-03-26 13:53 - 2015-03-26 13:53 - 02095616 _____ (Farbar) C:\Users\Robyn\Desktop\FRST64.exe 2015-03-26 13:25 - 2015-03-26 13:25 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll 2015-03-26 13:14 - 2015-03-26 13:54 - 00000000 ____D () C:\FRST 2015-03-26 13:01 - 2015-03-26 13:01 - 00027809 _____ () C:\Users\Robyn\Desktop\dds.txt 2015-03-26 12:57 - 2015-03-26 12:57 - 00688992 ____R (Swearware) C:\Users\Robyn\Downloads\dds.com 2015-03-25 12:01 - 2015-03-25 12:01 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-03-25 12:00 - 2015-03-25 12:00 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-03-25 12:00 - 2015-03-25 12:00 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-03-25 12:00 - 2015-03-25 12:00 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-03-25 12:00 - 2015-03-25 12:00 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-03-25 12:00 - 2015-03-25 12:00 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-03-25 12:00 - 2015-03-25 12:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-03-25 11:59 - 2015-03-25 11:59 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-03-25 11:59 - 2015-03-25 11:59 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-03-24 15:52 - 2015-03-24 15:52 - 00102708 _____ () C:\Users\Robyn\Downloads\radWin.aspx 2015-03-24 12:10 - 2015-03-24 12:11 - 07549218 _____ () C:\Users\Robyn\Downloads\DocDisplay(10).aspx 2015-03-24 12:05 - 2015-03-24 12:05 - 00239871 _____ () C:\Users\Robyn\Downloads\DocDisplay(9).aspx 2015-03-24 11:53 - 2015-03-24 11:53 - 04178293 _____ () C:\Users\Robyn\Downloads\DocDisplay(8).aspx 2015-03-24 11:51 - 2015-03-24 11:51 - 00022270 _____ () C:\Users\Robyn\Downloads\DocDisplay(7).aspx 2015-03-24 11:50 - 2015-03-24 11:50 - 01389518 _____ () C:\Users\Robyn\Downloads\DocDisplay(6).aspx 2015-03-24 11:49 - 2015-03-24 11:49 - 01508116 _____ () C:\Users\Robyn\Downloads\DocDisplay(5).aspx 2015-03-24 11:37 - 2015-03-24 11:37 - 02749951 _____ () C:\Users\Robyn\Downloads\DocDisplay(4).aspx 2015-03-23 13:22 - 2015-03-23 13:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-23 13:05 - 2015-03-23 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2015-03-23 13:05 - 2015-03-23 13:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit 2015-03-23 13:04 - 2015-03-23 13:04 - 02967032 _____ (Malwarebytes ) C:\Users\Robyn\Downloads\mbae-setup-1.05.1.1016(2).exe 2015-03-22 14:34 - 2015-03-22 14:34 - 00000000 ____D () C:\Users\Robyn\AppData\OICE_15_974FA576_32C1D314_1E79 2015-03-17 13:09 - 2015-03-17 13:10 - 00000000 ____D () C:\Users\Robyn\Documents\SAMSUNG MARK's FILES 2015-03-11 15:56 - 2015-03-11 15:56 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-03-11 15:56 - 2015-03-11 15:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-03-11 15:56 - 2015-03-11 15:56 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-11 15:56 - 2015-03-11 15:56 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-03-11 15:56 - 2015-03-11 15:56 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-03-11 15:56 - 2015-03-11 15:56 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-03-11 15:56 - 2015-03-11 15:56 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2015-03-11 15:56 - 2015-03-11 15:56 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-03-11 15:56 - 2015-03-11 15:56 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-03-11 15:56 - 2015-03-11 15:56 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-03-11 15:56 - 2015-03-11 15:56 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-11 15:56 - 2015-03-11 15:56 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-03-11 15:56 - 2015-03-11 15:56 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-03-11 15:56 - 2015-03-11 15:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-11 15:56 - 2015-03-11 15:56 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-03-11 15:56 - 2015-03-11 15:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-03-11 15:56 - 2015-03-11 15:56 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-03-11 15:56 - 2015-03-11 15:56 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2015-03-11 15:56 - 2015-03-11 15:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-03-11 15:56 - 2015-03-11 15:56 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2015-03-11 15:56 - 2015-03-11 15:56 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-03-11 15:56 - 2015-03-11 15:56 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2015-03-11 15:56 - 2015-03-11 15:56 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-03-11 15:56 - 2015-03-11 15:56 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-03-11 15:56 - 2015-03-11 15:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-03-11 15:56 - 2015-03-11 15:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2015-03-11 15:56 - 2015-03-11 15:56 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-03-11 15:55 - 2015-03-11 15:55 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2015-03-11 15:55 - 2015-03-11 15:55 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2015-03-11 15:55 - 2015-03-11 15:55 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-11 15:55 - 2015-03-11 15:55 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll 2015-03-11 15:55 - 2015-03-11 15:55 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2015-03-11 15:54 - 2015-03-11 15:54 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-11 15:54 - 2015-03-11 15:54 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-03-11 15:54 - 2015-03-11 15:54 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-11 15:54 - 2015-03-11 15:54 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-11 15:54 - 2015-03-11 15:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-03-11 15:54 - 2015-03-11 15:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-11 15:54 - 2015-03-11 15:54 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-03-11 15:54 - 2015-03-11 15:54 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-03-11 15:54 - 2015-03-11 15:54 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-11 15:54 - 2015-03-11 15:54 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-11 15:54 - 2015-03-11 15:54 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-11 15:54 - 2015-03-11 15:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-03-11 15:54 - 2015-03-11 15:54 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-03-11 15:54 - 2015-03-11 15:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-03-11 15:54 - 2015-03-11 15:54 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-11 15:54 - 2015-03-11 15:54 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-03-11 15:54 - 2015-03-11 15:54 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-03-11 15:54 - 2015-03-11 15:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-03-11 15:54 - 2015-03-11 15:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-11 15:54 - 2015-03-11 15:54 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-11 15:54 - 2015-03-11 15:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-03-11 15:54 - 2015-03-11 15:54 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-11 15:54 - 2015-03-11 15:54 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-11 15:54 - 2015-03-11 15:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-03-11 15:54 - 2015-03-11 15:54 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-11 15:54 - 2015-03-11 15:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-03-11 15:54 - 2015-03-11 15:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-11 15:54 - 2015-03-11 15:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-03-11 15:54 - 2015-03-11 15:54 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-11 15:54 - 2015-03-11 15:54 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-11 15:54 - 2015-03-11 15:54 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-11 15:54 - 2015-03-11 15:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-03-11 15:54 - 2015-03-11 15:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-11 15:54 - 2015-03-11 15:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-03-11 15:53 - 2015-03-11 15:54 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-11 15:53 - 2015-03-11 15:53 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-11 15:53 - 2015-03-11 15:53 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-03-11 15:53 - 2015-03-11 15:53 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-03-11 15:53 - 2015-03-11 15:53 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-11 15:53 - 2015-03-11 15:53 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-11 15:53 - 2015-03-11 15:53 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-03-11 15:53 - 2015-03-11 15:53 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-03-11 15:53 - 2015-03-11 15:53 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-03-11 15:53 - 2015-03-11 15:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-03-11 15:53 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-11 15:53 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-03-11 15:52 - 2015-03-11 15:52 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-11 15:52 - 2015-03-11 15:52 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-03-10 14:51 - 2015-03-10 14:51 - 00000000 ____D () C:\Users\Robyn\Desktop\Old Firefox Data 2015-03-10 12:25 - 2015-03-10 12:25 - 00027851 _____ () C:\Users\Robyn\Downloads\BenefitVerificationLetter(1).do 2015-03-10 12:24 - 2015-03-10 12:24 - 00028202 _____ () C:\Users\Robyn\Downloads\BenefitVerificationLetter.do 2015-03-05 20:36 - 2015-03-05 20:36 - 00083453 _____ () C:\Users\Robyn\Downloads\session(10).cgi 2015-03-05 14:11 - 2015-03-05 14:11 - 03206189 _____ () C:\Users\Robyn\Downloads\Full Comprehensive plan.pdf.part 2015-03-05 14:09 - 2015-03-05 14:10 - 02944373 _____ () C:\Users\Robyn\Downloads\Land Use.pdf.part 2015-03-04 20:39 - 2015-03-04 20:39 - 02967032 _____ (Malwarebytes ) C:\Users\Robyn\Downloads\mbae-setup-1.05.1.1016(1).exe 2015-03-04 20:38 - 2015-03-04 20:38 - 00000000 _____ () C:\Users\Robyn\Downloads\mbae-setup-1.05.1.1016.exe 2015-03-03 17:44 - 2015-03-03 17:44 - 00025762 _____ () C:\Users\Robyn\Downloads\W-2Print.aspx 2015-02-28 21:28 - 2015-02-28 21:28 - 00002380 _____ () C:\DelFix.txt 2015-02-26 12:07 - 2015-02-26 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote 2015-02-25 13:07 - 2015-02-25 13:07 - 00880208 _____ (Google Inc.) C:\Users\Robyn\Downloads\ChromeSetup(1).exe 2015-02-25 13:05 - 2015-02-25 13:05 - 00880208 _____ (Google Inc.) C:\Users\Robyn\Downloads\ChromeSetup.exe 2015-02-25 00:40 - 2015-02-25 00:40 - 04572466 _____ () C:\Users\Robyn\Downloads\DocDisplay(1).aspx 2015-02-25 00:40 - 2015-02-25 00:40 - 01508116 _____ () C:\Users\Robyn\Downloads\DocDisplay(2).aspx 2015-02-25 00:40 - 2015-02-25 00:40 - 00210837 _____ () C:\Users\Robyn\Downloads\DocDisplay(3).aspx 2015-02-25 00:39 - 2015-02-25 00:39 - 00000000 _____ () C:\Users\Robyn\Downloads\DocDisplay.aspx 2015-02-24 16:54 - 2015-01-08 19:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls 2015-02-24 16:54 - 2015-01-08 19:43 - 00419936 _____ () C:\Windows\system32\locale.nls ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-26 13:52 - 2010-12-03 15:22 - 01229468 _____ () C:\Windows\WindowsUpdate.log 2015-03-26 13:50 - 2014-06-19 10:48 - 00000490 _____ () C:\Windows\Tasks\Online Backup Update Notifier.job 2015-03-26 13:46 - 2014-02-04 01:49 - 00129184 _____ () C:\Users\Robyn\AppData\Local\GDIPFONTCACHEV1.DAT 2015-03-26 13:46 - 2009-07-14 00:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-26 13:46 - 2009-07-14 00:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-26 13:45 - 2014-09-22 12:32 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-26 13:45 - 2014-09-18 14:05 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit 2015-03-26 13:41 - 2015-01-17 17:18 - 00000000 ____D () C:\ProgramData\Comodo 2015-03-26 13:41 - 2014-11-30 17:27 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS 2015-03-26 13:41 - 2014-09-27 13:18 - 00004966 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MurphysLaw-Robyn MurphysLaw 2015-03-26 13:38 - 2010-12-03 15:25 - 01588008 _____ () C:\Windows\PFRO.log 2015-03-26 13:38 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-26 13:38 - 2009-07-14 00:51 - 00080170 _____ () C:\Windows\setupact.log 2015-03-26 13:09 - 2014-02-04 17:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-26 13:01 - 2014-12-06 16:21 - 00014865 _____ () C:\Users\Robyn\Desktop\attach.txt 2015-03-26 11:42 - 2014-02-05 17:23 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2015-03-26 11:22 - 2014-05-07 10:17 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-03-26 11:21 - 2014-12-10 15:38 - 00000000 ____D () C:\Windows\system32\appraiser 2015-03-26 11:18 - 2014-06-19 10:55 - 00000520 _____ () C:\Windows\Tasks\Malwarebytes Secure Backup - robyn@questsci.net.job 2015-03-25 12:01 - 2014-11-05 16:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-03-25 12:00 - 2014-09-22 12:18 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-25 12:00 - 2014-09-22 12:18 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-25 12:00 - 2014-09-21 13:11 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-24 18:11 - 2014-02-04 16:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-24 14:30 - 2014-12-27 18:31 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForRobyn 2015-03-24 14:30 - 2014-12-27 18:31 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForRobyn.job 2015-03-24 11:08 - 2009-07-14 01:13 - 00917008 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-23 13:15 - 2014-02-05 22:57 - 00000000 ____D () C:\Program Files (x86)\Google 2015-03-23 13:15 - 2014-02-05 18:10 - 00000000 ____D () C:\Users\Robyn\AppData\Local\CrashDumps 2015-03-23 12:53 - 2014-09-27 14:21 - 00000000 ___RD () C:\Users\Robyn\OneDrive for Business 2015-03-20 18:13 - 2015-01-09 10:45 - 00342528 ___SH () C:\Users\Robyn\Documents\Thumbs.db 2015-03-18 21:45 - 2014-08-18 11:12 - 00000000 ____D () C:\Users\Robyn\AppData\Local\Adobe 2015-03-18 21:42 - 2014-02-04 17:07 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-03-18 21:42 - 2014-02-04 17:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-03-18 21:42 - 2014-02-04 17:07 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-03-16 16:19 - 2014-09-12 13:44 - 00000000 ____D () C:\Users\Robyn\Documents\2013 Taxes 2015-03-12 16:27 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache 2015-03-12 15:38 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2015-03-12 15:31 - 2009-07-14 00:45 - 00472368 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-12 15:27 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2015-03-12 15:27 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism 2015-03-12 14:05 - 2014-02-12 18:54 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-03-12 14:04 - 2014-02-12 18:49 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-11 16:03 - 2009-07-13 22:34 - 00000478 _____ () C:\Windows\win.ini 2015-03-11 16:01 - 2014-02-04 15:37 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-11 15:53 - 2014-02-04 15:37 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-03 16:57 - 2014-02-04 17:19 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-02-28 21:28 - 2014-12-07 17:49 - 00000000 ____D () C:\Windows\ERUNT 2015-02-28 21:28 - 2014-12-07 17:42 - 00000000 ____D () C:\Program Files (x86)\Trend Micro 2015-02-26 12:42 - 2014-03-01 19:06 - 00000000 ____D () C:\Users\Robyn\Documents\MARY KAY 2015-02-25 13:43 - 2014-02-13 00:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities 2015-02-25 13:43 - 2014-02-06 15:51 - 00000000 ____D () C:\Program Files (x86)\Canon ==================== Files in the root of some directories ======= 2014-02-04 16:09 - 2015-01-16 18:38 - 0007652 _____ () C:\Users\Robyn\AppData\Local\Resmon.ResmonCfg 2014-11-07 23:56 - 2014-11-07 23:56 - 0000000 _____ () C:\Users\Robyn\AppData\Local\{CD682129-C04F-490F-AE37-6B8907523FAF} 2010-12-03 15:36 - 2010-12-03 15:36 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log 2010-07-15 08:06 - 2010-07-15 08:06 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2010-12-03 15:36 - 2010-12-03 15:36 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log 2010-07-15 08:02 - 2010-07-15 08:03 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2010-12-03 15:35 - 2010-12-03 15:35 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log 2010-12-03 15:36 - 2010-12-03 15:36 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log 2010-07-15 08:02 - 2010-07-15 08:02 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2010-07-15 08:03 - 2010-07-15 08:06 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log 2010-12-03 15:36 - 2010-12-03 15:36 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log Some content of TEMP: ==================== C:\Users\Robyn\AppData\Local\Temp\FRST64.exe C:\Users\Robyn\AppData\Local\Temp\mbae-setup-1.05.1.1016.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-25 12:58 ==================== End Of Log ============================ Addition.txt
  6. over the past month, I've noticed my computer overheating a lot, freezing, crashing, and getting the blue screen of death. Could anyone help me find out if I have a virus or not? because im pretty sure I do, my computer overheats so easily. It takes less than an hour to overheat to the point that my computer screen freezes and crashes.
  7. So I get this message every time I boot my computer: "Windows cannot find 'C:\Program Files(x86)\Search Extensions\Client.exe'. Make sure you typed the name correctly, and then try again." Behind this message is always a blank Command Prompt that disappears when I click the OK on the message's box. I understand that it is a normal error message but I have no idea what it is referring to. Could it be the driver of a virus missing the rest of its files? Thanks for any help!
  8. I use an Opera browser and do not have it set to default and was scrolling down Facebook when IE opened up I did not open it and it went straight to ninemsn (homepage in Australia) It has only happened once and i have run full system scans on MBAM SUPERAntiSpyware and Avast! All have come up with nothing Any help?
  9. Hello I am working on my friends PC and he is unable to download windows updates and firefox. He had multiple malware programs as well as freeware and was unable to get on the internet. He took over 20 seconds to fully load on start up. I've gone into his uninstall and deleted tool bars freeware and obvious malware. Then I ran MB and then ccleaner. Then used Hiren's boot CD to open mini xp and run MB while in that and it found a virus malware. His computer is now able to load in 5 seconds and he is able to get on the internet and play runescape, but I still can't download programs such as firefox and windows updates. His specs are Toshiba Satellite C655 Intel Core i3-2330M CPU @ 2.20 GHz 2.20 GHz 4.0 GB ram 64-bit Windows 7 Home Premium Any help would be appreciated. Addition.txt FRST.txt Malwarebytes Scan Log.txt
  10. I successfully downloaded Malwarebytes, but when i click on anything else on Malwarebytes, like the scan button it goes to the scan page but then immediately freezes, someone please help? thanks
  11. Hi, My wife is having problems with her PC. I am trying to help, but unfortunately I am not that skilled and her PC is in Japanese and has a different windows version from my laptop (making comparing one to the other whilst navigating through menus a little difficult)...I can`t see a similar issue on this forum, so am posting this in want of some help.... Basically every minute or two an application flashes up in the task bar...as it does so it interrupts whatever is being done on the PC...as it happens so fast I have had to video the screen and use slo-mo to get a shot of the icon - looks like some joker has written some malware that pokes fun at you (see attachment for a screen shot). I cannot notice any services that run during / immediately after this thing pops up that were not running before.....is there anything else I should try to identify this? The laptop runs Windows 7, and is relatively clean being only 2 weeks old. Thanks.
  12. contents of DDS.TXT DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_38 Run by Kenneth at 22:23:27 on 2014-03-15 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.2735 [GMT -5:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\SearchIndexer.exe c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uDefault_Page_URL = g.msn.com/USCON/1 mWinlogon: Userinit = userinit.exe, BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" StartupFolder: C:\Users\Kenneth\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe StartupFolder: C:\Users\Kenneth\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll TCP: NameServer = 192.168.1.254 TCP: Interfaces\{1A3D3EBE-DA72-4111-9209-CA781EBFACDC} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{1A3D3EBE-DA72-4111-9209-CA781EBFACDC}\2375942554333333 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{1A3D3EBE-DA72-4111-9209-CA781EBFACDC}\27164786A656E6F52375942554236363 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{1A3D3EBE-DA72-4111-9209-CA781EBFACDC}\7457563747 : DHCPNameServer = 8.8.8.8 151.164.14.201 TCP: Interfaces\{EDC70162-BD55-45CB-951D-72B190AA7AF6} : DHCPNameServer = 192.168.1.254 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-10-27 55280] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-10-27 98208] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-10-27 1692480] R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2010-10-27 20984] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-10-27 172704] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-27 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-10-27 158976] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-27 271872] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-10-27 74280] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-12-28 25928] R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-13 418376] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-13 701512] S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-27 2320920] S3 libusb0;LibUsb-Win32 - Kernel Driver 03/15/2010,1.12.0.1;C:\Windows\System32\drivers\libusb0.sys [2010-10-26 22016] S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-3-14 36680] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-10-27 245792] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] . =============== Created Last 30 ================ . 2014-03-15 03:30:54 36680 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-02-28 13:24:09 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7E8FD53B-2EE9-4E7E-B0EC-E71EA799B4D8}\offreg.dll . ==================== Find3M ==================== . 2014-03-14 18:41:19 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-14 18:41:19 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe . ============= FINISH: 22:23:47.50 =============== contents of attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 12/28/2010 2:59:13 PM System Uptime: 3/15/2014 9:36:46 PM (1 hours ago) . Motherboard: Dell Inc. | | 021CN3 Processor: Intel® Pentium® CPU P6100 @ 2.00GHz | U2E1 | 919/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 451 GiB total, 368.503 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Adobe Flash Player 12 ActiveX Adobe Flash Player 12 Plugin Advanced Audio FX Engine Apple Application Support Apple Mobile Device Support Apple Software Update Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Best Buy pc app Bonjour Canon MX880 series MP Drivers CCleaner dBpoweramp Music Converter Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell Dock Dell Edoc Viewer Dell Getting Started Guide Dell Support Center (Support Software) Dell Webcam Central DW WLAN Card Google Chrome Google Update Helper GoToAssist 8.0.0.514 iCloud Intel® Graphics Media Accelerator Driver Intel® Management Engine Components iTunes Java Auto Updater Java 6 Update 20 (64-bit) Java 6 Update 38 Jawbone Updater Junk Mail filter update Live! Cam Avatar Creator Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 MobileMe Control Panel MP3 Rocket MSVCRT Quickset64 QuickTime Realtek High Definition Audio Driver Roxio Burn Safari Skype Click to Call Skype™ 5.5 Synaptics Pointing Device Driver Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer Windows Media Player Firefox Plugin Yahoo! BrowserPlus 2.9.8 . ==== Event Viewer Messages From Past Week ======== . 3/15/2014 9:56:19 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period. 3/15/2014 9:45:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security Application Local Management Service service to connect. 3/15/2014 9:45:13 PM, Error: Service Control Manager [7001] - The Intel® Management & Security Application User Notification Service service depends on the Intel® Management and Security Application Local Management Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. 3/15/2014 9:45:13 PM, Error: Service Control Manager [7000] - The Intel® Management and Security Application Local Management Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/15/2014 9:43:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect. 3/15/2014 9:43:43 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/15/2014 9:42:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service. 3/15/2014 9:41:13 PM, Error: Service Control Manager [7022] - The Apple Mobile Device service hung on starting. 3/15/2014 9:40:48 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 3/15/2014 9:39:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SeaPort service to connect. 3/15/2014 9:39:30 PM, Error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/15/2014 9:39:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect. 3/15/2014 9:39:00 PM, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/15/2014 9:38:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect. 3/15/2014 9:38:30 PM, Error: Service Control Manager [7000] - The MBAMScheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/15/2014 8:06:29 PM, Error: BROWSER [8019] - The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer. 3/15/2014 4:58:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. 3/15/2014 4:44:25 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: After starting, the service hung in a start-pending state. 3/15/2014 4:44:17 PM, Error: Service Control Manager [7022] - The Function Discovery Provider Host service hung on starting. 3/15/2014 4:37:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service. 3/15/2014 12:43:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SoftThinks Agent Service service to connect. 3/15/2014 12:43:43 PM, Error: Service Control Manager [7000] - The SoftThinks Agent Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/15/2014 10:22:15 PM, Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown. 3/15/2014 10:22:11 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.75. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer. 3/14/2014 9:41:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F} 3/14/2014 9:41:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 3/14/2014 9:23:46 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 3/14/2014 9:23:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 3/14/2014 9:23:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 3/14/2014 9:23:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 3/14/2014 9:23:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 3/14/2014 8:56:49 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 3/14/2014 8:55:04 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21 3/14/2014 8:54:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6 3/14/2014 8:42:43 PM, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/14/2014 8:22:52 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/14/2014 3:52:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service. 3/14/2014 3:52:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service. 3/14/2014 3:52:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service. 3/14/2014 3:51:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 3/14/2014 10:18:45 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.