Jump to content

Search the Community

Showing results for tags 'powelik'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 6 results

  1. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014 Ran by Ryan (administrator) on RYAN-PC on 12-11-2014 16:21:33 Running from C:\Users\Ryan\Downloads Loaded Profile: Ryan (Available profiles: Ryan) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\n360.exe (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe (Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe (Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\n360.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Alcatel-Lucent) C:\Program Files\ATT-SST\pcTrayApp.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (SwapDrive, Inc.) C:\Program Files (x86)\QuickBooks Online Backup\OnlineBackup.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Jing\Jing.exe (Spotify Ltd) C:\Users\Ryan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Dropbox, Inc.) C:\Users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] () HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.) HKLM\...\Run: [ATT-SST_McciTrayApp] => C:\Program Files\ATT-SST\pcTrayApp.exe [2727936 2012-06-07] (Alcatel-Lucent) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard) HKLM-x32\...\RunOnce: [DelTr1171583] => cmd.exe /c rd /s /q "C:\Users\Ryan\AppData\Roaming\WSE_Lasaoren" HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard) HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [OnlineBackupScheduler] => C:\Program Files (x86)\QuickBooks Online Backup\OnlineBackup.exe [610304 2007-11-02] (SwapDrive, Inc.) HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.) HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.) HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [Jing] => C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation) HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [spotify] => C:\Users\Ryan\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-10-08] (Spotify Ltd) HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [spotify Web Helper] => C:\Users\Ryan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-08] (Spotify Ltd) HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [bRS] => C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe -runBRS HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.) HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\RunOnce: [DelTr1171583] => cmd.exe /c rd /s /q "C:\Users\Ryan\AppData\Roaming\WSE_Lasaoren" HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\RunOnce: [WSE_Lasaoren] => [X] HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Online Backup Scheduler.lnk ShortcutTarget: Online Backup Scheduler.lnk -> C:\Windows\Installer\{A9255718-8A40-45F9-B738-93655FBD4F6F}\_C90BDFE323B95CEE248723.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://Lasaoren.com/...cr=90030310&ir= HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.mysearchlinks.com/ SearchScopes: HKLM - DefaultScope {5E6E1618-3BEA-4A6A-AC43-80B3F54CE1CB} URL = http://astromenda.co...=1230190011&ir= SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://Lasaoren.com/...cr=90030310&ir= SearchScopes: HKLM - {5E6E1618-3BEA-4A6A-AC43-80B3F54CE1CB} URL = http://astromenda.co...=1230190011&ir= SearchScopes: HKLM - {CCA70054-9FB7-46C4-A32D-B64843035997} URL = http://www.ask.com/w...}&l=dis&o=ushpd SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {CCA70054-9FB7-46C4-A32D-B64843035997} URL = http://www.ask.com/w...}&l=dis&o=ushpd SearchScopes: HKCU - DefaultScope {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://Lasaoren.com/...cr=90030310&ir= SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://Lasaoren.com/...cr=90030310&ir= SearchScopes: HKCU - {5E6E1618-3BEA-4A6A-AC43-80B3F54CE1CB} URL = http://astromenda.co...=1230190011&ir= SearchScopes: HKCU - {9AD1DDCA-9138-4F37-8542-E774CE72FEDC} URL = http://search.yahoo....rtPage?}&fr=ie8 SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/w...il&geo=US&ver=4 SearchScopes: HKCU - {CCA70054-9FB7-46C4-A32D-B64843035997} URL = http://www.ask.com/w...}&l=dis&o=ushpd SearchScopes: HKCU - {EFBAA18C-764F-4320-A142-84ACC4C3AF65} URL = http://search.usatod...w={searchTerms} BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll () BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.) BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll () Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKU\S-1-5-21-3275123363-4289498944-2812251985-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - No File Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default FF DefaultSearchEngine: Lasaoren FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Lasaoren FF Homepage: hxxp://lasaoren.com/?f=1&a=lrn_dnldstr_14_46_ff&cd=2xzuyetn2y1l1qzu0etd0c0bye0eyb0d0czyydzytbtctbtdtn0d0tzu0stctdyeybtn1l2xzutatfyctftctftdtn1l1czutcyetbzytdyd1v1ttn1l1g1b1v1n2y1l1qzu2syc0c0btayd0fzyyetgzztb0etbtgzzyezztctgybyctcyetgtctatczzzyybtctb0b0b0ftd2qtn1m1f1b2z1v1n2y1l1qzu2stcybzz0byc0byd0atg0dtd0e0ctgyetd0a0etgzyybyezztg0eyd0fta0d0dta0ftdzzzyye2q&cr=90030310&ir= FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @cnw.com/cnwplugin -> C:\Program Files (x86)\AnyMeeting Plug-in\npcnwplugin.dll (AnyMeeting, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3275123363-4289498944-2812251985-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Ryan\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF Plugin HKU\S-1-5-21-3275123363-4289498944-2812251985-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll (Hulu LLC) FF Plugin HKU\S-1-5-21-3275123363-4289498944-2812251985-1000: tdameritrade.com/thinkorswim -> C:\Program Files (x86)\thinkorswim\npthinkorswim.dll (TD Ameritrade) FF Plugin HKU\S-1-5-21-3275123363-4289498944-2812251985-1000: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkorswim\nptossc.dll (TD Ameritrade) FF user.js: detected! => C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Ryan\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC) FF SearchPlugin: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\searchplugins\bingp.xml FF SearchPlugin: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\searchplugins\Lasaoren.xml FF SearchPlugin: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\searchplugins\safesearch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml FF Extension: LastPass - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\Extensions\support@lastpass.com [2014-08-18] FF Extension: Evernote Web Clipper - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-01-10] FF Extension: Firebug - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\Extensions\firebug@software.joehewitt.com.xpi [2012-12-05] FF Extension: Awesome screenshot: Capture and Annotate - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2013-07-30] FF Extension: Yesware Email Tracking - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\Extensions\jid1-T5mdAATMX3urKA@jetpack.xpi [2013-05-20] FF Extension: YSlow - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\Extensions\yslow@yahoo-inc.com.xpi [2012-12-05] FF Extension: Lasaoren - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\Extensions\{0760faf4-8d0b-49d1-bbac-d05eb1ac32c7}.xpi [2014-11-12] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-11-10] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn [2014-11-12] FF Extension: No Name - {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} [Not Found] Chrome: ======= CHR HomePage: Default -> hxxp://Lasaoren.com/?f=1&a=lrn_dnldstr_14_46_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0D0CzyyDzytBtCtBtDtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0C0BtAyD0FzyyEtGzztB0EtBtGzzyEzztCtGyByCtCyEtGtCtAtCzzzyyBtCtB0B0B0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBzz0ByC0ByD0AtG0DtD0E0CtGyEtD0A0EtGzyyByEzztG0EyD0FtA0D0DtA0FtDzzzyyE2Q&cr=90030310&ir= CHR StartupUrls: Default -> "hxxp://Lasaoren.com/?f=7&a=lrn_dnldstr_14_46_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0D0CzyyDzytBtCtBtDtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0C0BtAyD0FzyyEtGzztB0EtBtGzzyEzztCtGyByCtCyEtGtCtAtCzzzyyBtCtB0B0B0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBzz0ByC0ByD0AtG0DtD0E0CtGyEtD0A0EtGzyyByEzztG0EyD0FtA0D0DtA0FtDzzzyyE2Q&cr=90030310&ir=","hxxp://astromenda.com/?f=7&a=ast_frg01_14_49_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0D0CzyyDzytBtCtBtDtN0D0Tzu0SzyyDtDtN1L2XzutAtFtDtFtCtDtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtD0DtBtByEzz0AtGtA0Ezy0DtGtA0EzytBtG0CtA0AtBtGtD0CtAyCtA0C0EtCyE0E0F0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByEyEtAyB0CtB0AtGtBzy0FtDtGyEyE0E0EtGzytAtByCtG0DzzyC0CzzzztByBtD0CyByB2Q&cr=1230190011&ir=" CHR DefaultSearchKeyword: Default -> Lasaoren.com CHR DefaultSearchURL: Default -> http://Lasaoren.com/...cr=90030310&ir= CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-14] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-06] CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-14] CHR Extension: (Google Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-14] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2012-11-17] CHR Extension: (Norton Identity Safe) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-14] CHR Extension: (Norton Security Toolbar) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-11-14] CHR Extension: (Google Wallet) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-14] CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-01] CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files (x86)\LastPass\lpchrome.crx [2012-11-14] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-01] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed] R2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation) R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [361472 2012-06-18] (Alcatel-Lucent) [File not signed] R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [441344 2012-06-18] (Alcatel-Lucent) [File not signed] R2 pcServiceHost; C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [342016 2012-06-14] (Alcatel-Lucent) [File not signed] R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-02-01] (Intuit) [File not signed] S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\BASHDefs\20141107.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-24] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-06] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-18] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\IPSDefs\20141111.001\IDSvia64.sys [633560 2014-08-27] (Symantec Corporation) R3 L6TPortB; C:\Windows\System32\Drivers\L6TPortB64.sys [894336 2010-03-09] (Line 6) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [131800 2014-11-12] (Malwarebytes Corporation) S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] R3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA)) R3 NAVENG; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\VirusDefs\20141111.034\ENG64.SYS [129752 2014-10-06] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\VirusDefs\20141111.034\EX64.SYS [2137304 2014-10-06] (Symantec Corporation) R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-10-29] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-05] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation) S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-12 15:45 - 2014-11-12 15:45 - 00042051 _____ () C:\Users\Ryan\Downloads\Addition.txt 2014-11-12 15:43 - 2014-11-12 16:22 - 00034003 _____ () C:\Users\Ryan\Downloads\FRST.txt 2014-11-12 15:43 - 2014-11-12 16:21 - 00000000 ____D () C:\FRST 2014-11-12 15:43 - 2014-11-12 15:43 - 02116096 _____ (Farbar) C:\Users\Ryan\Downloads\FRST64.exe 2014-11-12 13:17 - 2014-11-12 13:17 - 00000044 _____ () C:\Users\Ryan\AppData\Roaming\WB.CFG 2014-11-12 12:22 - 2014-11-12 12:22 - 00001164 _____ () C:\Users\Ryan\Desktop\Continue Free Download Installation.lnk 2014-11-12 12:16 - 2014-11-12 12:17 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\WSE_Lasaoren 2014-11-12 12:16 - 2014-11-12 12:16 - 24489269 _____ () C:\Users\Ryan\Downloads\setup_free.exe 2014-11-12 12:16 - 2014-11-12 12:16 - 00000000 ____D () C:\ProgramData\BoostSoftware 2014-11-12 12:13 - 2014-11-12 12:13 - 00796616 _____ ( ) C:\Users\Ryan\Downloads\Free_Download_Setup(1).exe 2014-11-12 12:12 - 2014-11-12 12:12 - 00796616 _____ ( ) C:\Users\Ryan\Downloads\Free_Download_Setup.exe 2014-11-12 11:25 - 2014-11-12 12:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-11-12 11:21 - 2014-11-12 11:21 - 14439144 _____ (Malwarebytes Corp.) C:\Users\Ryan\Downloads\mbar-1.08.0.1001(1).exe 2014-11-12 11:16 - 2014-11-12 11:17 - 00000000 ____D () C:\Users\Ryan\Desktop\CB Logos 2014-11-12 11:11 - 2014-11-12 11:17 - 00000000 ____D () C:\Users\Ryan\Desktop\New folder 2014-11-12 11:05 - 2014-11-12 11:09 - 00000000 ____D () C:\Users\Ryan\Desktop\mysearchlinkspics 2014-11-12 11:01 - 2014-11-12 12:06 - 00000000 ____D () C:\Users\Ryan\Desktop\mbar 2014-11-12 11:00 - 2014-11-12 11:00 - 14439144 _____ (Malwarebytes Corp.) C:\Users\Ryan\Downloads\mbar-1.08.0.1001.exe 2014-11-12 09:18 - 2014-11-12 09:18 - 04909382 _____ () C:\Users\Ryan\Downloads\mbam-chameleon-3.1.7.0(1).zip 2014-11-12 02:14 - 2014-11-12 11:25 - 00131800 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-12 02:13 - 2014-11-12 11:23 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-12 02:13 - 2014-11-12 02:13 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-11-12 02:13 - 2014-11-12 02:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-11-12 02:13 - 2014-11-12 02:13 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-12 02:13 - 2014-11-12 02:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-11-12 02:13 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-12 02:13 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-12 02:12 - 2014-11-12 02:12 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Ryan\Downloads\mbam-setup-2.0.3.1025.exe 2014-11-12 02:09 - 2014-11-12 02:09 - 04909382 _____ () C:\Users\Ryan\Downloads\mbam-chameleon-3.1.7.0.zip 2014-11-11 16:34 - 2014-11-11 16:34 - 00001624 _____ () C:\Users\Ryan\Desktop\Shortcut to scrapebox.exe.lnk 2014-11-11 16:31 - 2014-11-11 16:31 - 00425984 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Ryan\Downloads\libeay32.dll 2014-11-11 16:31 - 2014-11-11 16:31 - 00232960 _____ (GnuWin32 <http://gnuwin32.sourceforge.net>) C:\Users\Ryan\Downloads\libssl32.dll 2014-11-11 16:31 - 2014-11-11 16:31 - 00200704 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Ryan\Downloads\ssleay32.dll 2014-11-10 08:12 - 2014-11-10 08:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-08 22:23 - 2014-11-08 22:24 - 01701816 _____ () C:\Windows\Minidump\110814-61589-01.dmp 2014-11-07 14:22 - 2014-11-11 16:49 - 00000000 ____D () C:\Users\Ryan\Downloads\Plugins 2014-11-07 14:22 - 2014-11-11 16:49 - 00000000 ____D () C:\Users\Ryan\Downloads\Addons 2014-11-07 14:22 - 2014-11-11 16:31 - 00000000 ____D () C:\Users\Ryan\Downloads\Configuration 2014-11-07 14:22 - 2014-09-02 01:42 - 04072384 _____ (Softtouch Software Design) C:\Users\Ryan\Downloads\scrapebox.exe 2014-11-07 14:22 - 2012-02-17 17:58 - 00000000 ____D () C:\Users\Ryan\Downloads\Blacklist 2014-11-07 14:22 - 2012-02-02 20:43 - 00000000 ____D () C:\Users\Ryan\Downloads\RSS Submission 2014-11-07 14:22 - 2011-05-05 18:42 - 00000000 ____D () C:\Users\Ryan\Downloads\Comment Poster 2014-11-07 14:22 - 2011-04-13 01:21 - 00482760 _____ (Softtouch Software Design) C:\Users\Ryan\Downloads\sbupdate.exe 2014-11-07 14:22 - 2009-12-16 15:36 - 00000000 ____D () C:\Users\Ryan\Downloads\Projects 2014-11-07 14:22 - 2009-11-16 06:54 - 00000000 ____D () C:\Users\Ryan\Downloads\Trackbacks 2014-11-07 14:22 - 2009-11-16 06:54 - 00000000 ____D () C:\Users\Ryan\Downloads\Proxies 2014-11-07 14:22 - 2009-11-16 06:54 - 00000000 ____D () C:\Users\Ryan\Downloads\Ping Mode 2014-11-07 14:21 - 2014-11-07 14:21 - 05230370 _____ () C:\Users\Ryan\Downloads\scrapebox.zip 2014-11-07 14:21 - 2014-11-07 14:21 - 00000000 ____D () C:\Users\Ryan\Downloads\scrapebox 2014-11-07 07:52 - 2014-11-07 07:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2014-11-04 14:03 - 2014-11-04 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-11-03 19:16 - 2014-11-03 19:16 - 00091068 _____ () C:\Users\Ryan\Documents\6 month top 250 stock gainers.xlsx 2014-11-03 19:09 - 2014-11-03 19:10 - 00091654 _____ () C:\Users\Ryan\Documents\3 month percent average top 250.xlsx 2014-11-03 13:04 - 2014-11-03 13:04 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-11-03 13:04 - 2014-11-03 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-11-03 13:04 - 2014-11-03 13:04 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-11-03 13:02 - 2014-11-03 13:02 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-11-03 13:02 - 2014-11-03 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-11-03 12:59 - 2014-11-03 13:00 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2014-11-03 12:59 - 2014-11-03 13:00 - 00000000 ____D () C:\Program Files\iTunes 2014-11-03 12:59 - 2014-11-03 13:00 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-11-03 12:59 - 2014-11-03 12:59 - 00000000 ____D () C:\Program Files\iPod 2014-11-03 12:13 - 2014-11-03 12:13 - 00001034 _____ () C:\Users\Ryan\Desktop\Apple Mobile Device USB Driver - Shortcut.lnk 2014-11-03 12:09 - 2014-11-03 12:09 - 00000000 ____D () C:\Windows\en 2014-11-03 12:08 - 2014-11-03 12:08 - 00001307 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2014-11-03 12:07 - 2014-11-03 12:07 - 00002488 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk 2014-11-03 12:04 - 2014-11-03 12:04 - 00002178 _____ () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2014-11-03 09:46 - 2014-11-03 09:47 - 72331056 _____ (Apple Inc.) C:\Users\Ryan\Downloads\iCloudSetup.exe 2014-10-31 13:34 - 2014-10-31 13:36 - 122418480 _____ (Apple Inc.) C:\Users\Ryan\Downloads\iTunes64Setup.exe 2014-10-14 22:52 - 2014-09-28 16:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-14 22:52 - 2014-08-18 19:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2014-10-14 22:52 - 2014-08-18 19:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2014-10-14 22:52 - 2014-08-18 19:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2014-10-14 22:52 - 2014-08-18 19:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2014-10-14 22:52 - 2014-08-18 19:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2014-10-14 22:52 - 2014-08-18 19:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2014-10-14 22:52 - 2014-08-18 19:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2014-10-14 22:52 - 2014-08-18 19:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2014-10-14 22:52 - 2014-08-18 19:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2014-10-14 22:52 - 2014-08-18 19:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2014-10-14 22:52 - 2014-08-18 18:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2014-10-14 22:52 - 2014-08-18 18:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2014-10-14 22:52 - 2014-08-18 18:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2014-10-14 22:52 - 2014-07-06 18:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-10-14 22:52 - 2014-07-06 18:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2014-10-14 22:52 - 2014-07-06 18:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-10-14 22:52 - 2014-07-06 18:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-10-14 22:52 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-10-14 22:52 - 2014-07-06 18:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2014-10-14 22:52 - 2014-07-06 18:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2014-10-14 22:52 - 2014-07-06 18:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-10-14 22:52 - 2014-07-06 18:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2014-10-14 22:52 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-10-14 22:52 - 2014-07-06 17:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2014-10-14 22:52 - 2014-07-06 17:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2014-10-14 22:52 - 2014-07-06 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2014-10-14 22:52 - 2014-07-06 17:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2014-10-14 22:52 - 2014-07-06 17:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-10-14 22:52 - 2014-07-06 17:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-10-14 22:52 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2014-10-14 22:52 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2014-10-14 22:52 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2014-10-14 22:52 - 2014-06-27 16:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2014-10-14 22:52 - 2014-06-27 16:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2014-10-14 22:52 - 2014-06-27 16:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2014-10-14 22:52 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-14 22:52 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-14 22:52 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-14 22:52 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-14 22:52 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-14 22:52 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-14 22:51 - 2014-10-09 18:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-10-14 22:51 - 2014-10-09 18:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-10-14 22:51 - 2014-10-09 18:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-10-14 22:51 - 2014-10-06 18:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-14 22:51 - 2014-10-06 18:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-14 22:51 - 2014-09-25 14:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-14 22:51 - 2014-09-25 14:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-14 22:51 - 2014-09-25 14:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-14 22:51 - 2014-09-25 14:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-14 22:51 - 2014-09-25 14:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-14 22:51 - 2014-09-25 14:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-14 22:51 - 2014-09-25 14:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-14 22:51 - 2014-09-18 18:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-14 22:51 - 2014-09-18 17:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-14 22:51 - 2014-09-18 17:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-14 22:51 - 2014-09-18 17:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-14 22:51 - 2014-09-18 17:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-14 22:51 - 2014-09-18 17:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-14 22:51 - 2014-09-18 17:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-14 22:51 - 2014-09-18 17:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-14 22:51 - 2014-09-18 17:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-14 22:51 - 2014-09-18 17:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-14 22:51 - 2014-09-18 17:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-14 22:51 - 2014-09-18 17:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-14 22:51 - 2014-09-18 17:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-14 22:51 - 2014-09-18 17:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-14 22:51 - 2014-09-18 17:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-14 22:51 - 2014-09-18 17:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-14 22:51 - 2014-09-18 17:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-14 22:51 - 2014-09-18 17:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-14 22:51 - 2014-09-18 17:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-14 22:51 - 2014-09-18 17:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-14 22:51 - 2014-09-18 17:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-14 22:51 - 2014-09-18 17:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-14 22:51 - 2014-09-18 17:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-14 22:51 - 2014-09-18 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-14 22:51 - 2014-09-18 17:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-14 22:51 - 2014-09-18 17:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-14 22:51 - 2014-09-18 16:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-14 22:51 - 2014-09-18 16:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-14 22:51 - 2014-09-18 16:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-14 22:51 - 2014-09-18 16:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-14 22:51 - 2014-09-18 16:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-14 22:51 - 2014-09-18 16:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-14 22:51 - 2014-09-18 16:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-14 22:51 - 2014-09-18 16:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-14 22:51 - 2014-09-18 16:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-14 22:51 - 2014-09-18 16:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-14 22:51 - 2014-09-18 16:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-14 22:51 - 2014-09-18 16:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-14 22:51 - 2014-09-18 16:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-14 22:51 - 2014-09-18 16:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-14 22:51 - 2014-09-18 16:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-14 22:51 - 2014-09-18 16:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-14 22:51 - 2014-09-18 16:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-14 22:51 - 2014-09-18 15:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-14 22:51 - 2014-09-18 15:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-14 22:51 - 2014-09-18 15:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-14 22:51 - 2014-09-18 15:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-14 22:51 - 2014-09-17 18:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-14 22:51 - 2014-09-17 17:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-14 22:51 - 2014-07-16 18:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-14 22:51 - 2014-07-16 18:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-14 22:51 - 2014-07-16 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-14 22:51 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-14 22:51 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-14 22:51 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-14 22:51 - 2014-07-16 18:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-14 22:51 - 2014-07-16 18:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-14 22:51 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-14 22:51 - 2014-07-16 17:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-14 22:51 - 2014-07-16 17:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-10-14 22:51 - 2014-07-16 17:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2014-10-14 22:51 - 2014-07-16 17:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-14 22:51 - 2014-07-16 17:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-14 22:51 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-14 22:51 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-14 22:50 - 2014-09-12 17:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-14 22:50 - 2014-09-12 17:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-14 22:50 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-14 22:50 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-13 07:47 - 2014-10-13 07:47 - 01652435 _____ () C:\Users\Ryan\Downloads\Files(1).zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-12 16:18 - 2013-01-17 14:19 - 00000000 __HDC () C:\ProgramData\~1 2014-11-12 16:17 - 2011-05-23 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments 2014-11-12 16:16 - 2013-05-25 12:16 - 00000000 __HDC () C:\ProgramData\~0 2014-11-12 16:15 - 2013-06-02 10:37 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line 2014-11-12 16:15 - 2013-06-02 10:37 - 00000000 ____D () C:\Program Files (x86)\Image-Line 2014-11-12 16:15 - 2012-01-27 16:29 - 00000000 ____D () C:\Program Files\Native Instruments 2014-11-12 16:13 - 2013-10-25 14:12 - 00000000 ____D () C:\ProgramData\Camel Audio 2014-11-12 16:13 - 2013-10-25 14:12 - 00000000 ____D () C:\Program Files (x86)\Camel Audio 2014-11-12 16:13 - 2013-10-18 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camel Audio 2014-11-12 16:12 - 2011-09-14 21:32 - 00000000 ____D () C:\Program Files (x86)\Google 2014-11-12 16:06 - 2011-09-14 21:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-12 15:52 - 2012-11-16 20:30 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Skype 2014-11-12 15:50 - 2010-06-24 19:21 - 00000000 ____D () C:\Users\Ryan\AppData\Local\CrashDumps 2014-11-12 15:46 - 2014-04-07 08:59 - 00000536 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3275123363-4289498944-2812251985-1000.job 2014-11-12 15:26 - 2012-04-04 08:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-12 15:02 - 2009-07-13 20:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-12 15:02 - 2009-07-13 20:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-12 14:59 - 2010-02-26 06:30 - 01777953 _____ () C:\Windows\WindowsUpdate.log 2014-11-12 14:55 - 2012-05-18 16:13 - 00000000 ___RD () C:\Users\Ryan\Dropbox 2014-11-12 14:55 - 2012-05-18 16:10 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Dropbox 2014-11-12 14:54 - 2013-12-12 17:00 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Spotify 2014-11-12 14:51 - 2010-01-15 09:10 - 02397924 _____ () C:\Windows\PFRO.log 2014-11-12 14:51 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-12 14:51 - 2009-07-13 20:51 - 00043030 _____ () C:\Windows\setupact.log 2014-11-12 11:18 - 2014-02-14 16:54 - 00000000 ____D () C:\Users\Ryan\Desktop\Pics 2014-11-12 08:09 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Speech 2014-11-12 03:37 - 2010-04-03 16:55 - 00000000 ____D () C:\Program Files (x86)\QuickBooks Online Backup 2014-11-11 17:47 - 2014-09-27 15:37 - 00000000 ____D () C:\Users\Ryan\AppData\Local\NPE 2014-11-11 17:26 - 2014-09-27 15:39 - 00000000 ____D () C:\NPE 2014-11-11 16:48 - 2010-03-20 12:07 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{27FAE3BD-BE82-405C-8E7D-DB50733813FF} 2014-11-11 13:26 - 2012-04-04 08:18 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-11 13:26 - 2012-04-04 08:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-11 13:26 - 2011-05-23 18:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-11 10:38 - 2014-08-14 07:50 - 04246016 ___SH () C:\Users\Ryan\Desktop\Thumbs.db 2014-11-11 10:19 - 2014-08-21 13:42 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForRyan 2014-11-11 10:19 - 2014-08-21 13:42 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForRyan.job 2014-11-11 08:53 - 2014-07-22 18:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-11 08:44 - 2013-12-12 17:00 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Spotify 2014-11-09 01:22 - 2014-04-07 08:59 - 00003562 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3275123363-4289498944-2812251985-1000 2014-11-08 22:23 - 2013-08-22 20:28 - 578582455 _____ () C:\Windows\MEMORY.DMP 2014-11-08 22:23 - 2013-08-22 20:28 - 00000000 ____D () C:\Windows\Minidump 2014-11-07 08:16 - 2010-03-23 11:17 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Adobe 2014-11-07 08:06 - 2010-03-23 11:56 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Apple Computer 2014-11-06 14:56 - 2010-04-04 15:46 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-11-05 12:20 - 2009-07-13 21:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-04 14:03 - 2014-08-26 08:03 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-11-04 14:03 - 2014-08-26 08:03 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-11-04 14:03 - 2012-11-16 20:30 - 00000000 ____D () C:\ProgramData\Skype 2014-11-04 11:22 - 2013-05-19 16:04 - 00000000 ____D () C:\Users\Ryan\.thinkorswim 2014-11-04 11:22 - 2010-05-10 07:52 - 00000000 ____D () C:\Program Files (x86)\thinkorswim 2014-11-03 14:45 - 2012-06-01 17:36 - 04150784 ___SH () C:\Users\Ryan\Downloads\Thumbs.db 2014-11-03 13:40 - 2010-03-20 15:18 - 00000000 ____D () C:\Users\Ryan\Tracing 2014-11-03 12:59 - 2010-03-23 11:54 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-11-03 12:58 - 2013-03-15 14:48 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-11-03 12:10 - 2011-05-23 17:52 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Windows Live 2014-11-03 12:09 - 2011-05-23 17:56 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2014-11-03 12:08 - 2012-11-17 11:26 - 00001376 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2014-11-03 12:07 - 2011-05-23 17:55 - 00001460 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2014-11-03 12:07 - 2010-01-15 09:44 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-11-03 12:06 - 2012-11-17 11:25 - 00000000 ____D () C:\Program Files\Windows Live 2014-11-03 12:04 - 2010-01-15 09:48 - 00033369 _____ () C:\Windows\DirectX.log 2014-11-03 10:49 - 2010-03-19 14:58 - 00000000 ____D () C:\Users\Ryan 2014-11-03 09:49 - 2010-03-23 11:54 - 00000000 ____D () C:\ProgramData\Apple 2014-10-31 09:09 - 2010-03-20 12:25 - 00000544 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job 2014-10-29 01:09 - 2013-06-06 16:09 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-10-28 19:09 - 2011-11-10 12:57 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-10-21 16:01 - 2011-09-14 21:32 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-21 16:01 - 2011-09-14 21:32 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-21 16:01 - 2011-09-14 21:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-16 15:14 - 2012-06-18 21:32 - 00000000 ____D () C:\Program Files (x86)\ATT-SST 2014-10-15 07:27 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-10-15 03:24 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache 2014-10-15 02:46 - 2009-07-13 20:45 - 04981328 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-15 02:43 - 2014-05-06 14:15 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-15 02:43 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-10-15 02:43 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-10-15 02:20 - 2010-03-23 11:06 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-15 02:15 - 2013-08-14 02:02 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-15 02:01 - 2010-03-20 12:19 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Some content of TEMP: ==================== C:\Users\Ryan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxsol3s.dll C:\Users\Ryan\AppData\Local\Temp\ICReinstall_Free_Download_Setup(1).exe C:\Users\Ryan\AppData\Local\Temp\ose00000.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-05 00:31 ==================== End Of Log ============================ **NOTE**malawarebytes.txt Above is the first log, attached is log 1 and 2. I previously posted this same post in error with log 1 plus log 2 as a reply but this is the correction! Thanks!
  2. Hello, my pc is infected. I have a older HP Pavilion dv6 with Norton 360 and Premium Malwarebytes Anti-Malware installed. The attached file are requested per the instructions in the topic "I'm Infected -What do I do now?" Thanks for your help! B FRST.txt Addition.txt
  3. Greetings! I just joined this forum in hope that someone can help me remedy a recent issues with my Windows 7 system. After experiencing a noticeable system performance slowdown, I noticed that there were a bunch of dllhost.exe processes consuming a lot of CPU. A full Norton AV scan did not reveal any issues. Attempts to kill the entire dllhost.exe process tree were minimally effective - I could never kill the top level parent dllhost.exe, and eventually the many dllhost.exe processes would appear. Eventually, the Norton AV runtime did flag some inbound network activity as the Trojan.powelik along with another one I can't recall. After searching around, I found this forum, and associated tool, which looked to be very helpful in resolving similar issues. If it helps, I've followed one of MrCharlies' prior postings and have run and gathered the logs from the first step (Malwarebytes, FRST, RogueKiller). Thanks! Mark
  4. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014 Ran by Ryan (administrator) on RYAN-PC on 12-11-2014 16:21:33 Running from C:\Users\Ryan\Downloads Loaded Profile: Ryan (Available profiles: Ryan) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\n360.exe (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe (Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe (Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\n360.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Alcatel-Lucent) C:\Program Files\ATT-SST\pcTrayApp.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (SwapDrive, Inc.) C:\Program Files (x86)\QuickBooks Online Backup\OnlineBackup.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Jing\Jing.exe (Spotify Ltd) C:\Users\Ryan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Dropbox, Inc.) C:\Users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] () HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.) HKLM\...\Run: [ATT-SST_McciTrayApp] => C:\Program Files\ATT-SST\pcTrayApp.exe [2727936 2012-06-07] (Alcatel-Lucent) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard) HKLM-x32\...\RunOnce: [DelTr1171583] => cmd.exe /c rd /s /q "C:\Users\Ryan\AppData\Roaming\WSE_Lasaoren" HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard) HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [OnlineBackupScheduler] => C:\Program Files (x86)\QuickBooks Online Backup\OnlineBackup.exe [610304 2007-11-02] (SwapDrive, Inc.) HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.) HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.) HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [Jing] => C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation) HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [spotify] => C:\Users\Ryan\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-10-08] (Spotify Ltd) HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [spotify Web Helper] => C:\Users\Ryan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-08] (Spotify Ltd) HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [bRS] => C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe -runBRS HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.) HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\RunOnce: [DelTr1171583] => cmd.exe /c rd /s /q "C:\Users\Ryan\AppData\Roaming\WSE_Lasaoren" HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\RunOnce: [WSE_Lasaoren] => [X] HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Online Backup Scheduler.lnk ShortcutTarget: Online Backup Scheduler.lnk -> C:\Windows\Installer\{A9255718-8A40-45F9-B738-93655FBD4F6F}\_C90BDFE323B95CEE248723.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://Lasaoren.com/?f=1&a=lrn_dnldstr_14_46_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0D0CzyyDzytBtCtBtDtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0C0BtAyD0FzyyEtGzztB0EtBtGzzyEzztCtGyByCtCyEtGtCtAtCzzzyyBtCtB0B0B0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBzz0ByC0ByD0AtG0DtD0E0CtGyEtD0A0EtGzyyByEzztG0EyD0FtA0D0DtA0FtDzzzyyE2Q&cr=90030310&ir= HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.mysearchlinks.com/ SearchScopes: HKLM - DefaultScope {5E6E1618-3BEA-4A6A-AC43-80B3F54CE1CB} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_frg01_14_49_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0D0CzyyDzytBtCtBtDtN0D0Tzu0SzyyDtDtN1L2XzutAtFtDtFtCtDtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtD0DtBtByEzz0AtGtA0Ezy0DtGtA0EzytBtG0CtA0AtBtGtD0CtAyCtA0C0EtCyE0E0F0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByEyEtAyB0CtB0AtGtBzy0FtDtGyEyE0E0EtGzytAtByCtG0DzzyC0CzzzztByBtD0CyByB2Q&cr=1230190011&ir= SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://Lasaoren.com/results.php?f=4&q={searchTerms}&a=lrn_dnldstr_14_46_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0D0CzyyDzytBtCtBtDtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0C0BtAyD0FzyyEtGzztB0EtBtGzzyEzztCtGyByCtCyEtGtCtAtCzzzyyBtCtB0B0B0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBzz0ByC0ByD0AtG0DtD0E0CtGyEtD0A0EtGzyyByEzztG0EyD0FtA0D0DtA0FtDzzzyyE2Q&cr=90030310&ir= SearchScopes: HKLM - {5E6E1618-3BEA-4A6A-AC43-80B3F54CE1CB} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_frg01_14_49_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0D0CzyyDzytBtCtBtDtN0D0Tzu0SzyyDtDtN1L2XzutAtFtDtFtCtDtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtD0DtBtByEzz0AtGtA0Ezy0DtGtA0EzytBtG0CtA0AtBtGtD0CtAyCtA0C0EtCyE0E0F0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByEyEtAyB0CtB0AtGtBzy0FtDtGyEyE0E0EtGzytAtByCtG0DzzyC0CzzzztByBtD0CyByB2Q&cr=1230190011&ir= SearchScopes: HKLM - {CCA70054-9FB7-46C4-A32D-B64843035997} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {CCA70054-9FB7-46C4-A32D-B64843035997} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd SearchScopes: HKCU - DefaultScope {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://Lasaoren.com/results.php?f=4&q={searchTerms}&a=lrn_dnldstr_14_46_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0D0CzyyDzytBtCtBtDtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0C0BtAyD0FzyyEtGzztB0EtBtGzzyEzztCtGyByCtCyEtGtCtAtCzzzyyBtCtB0B0B0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBzz0ByC0ByD0AtG0DtD0E0CtGyEtD0A0EtGzyyByEzztG0EyD0FtA0D0DtA0FtDzzzyyE2Q&cr=90030310&ir= SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://Lasaoren.com/results.php?f=4&q={searchTerms}&a=lrn_dnldstr_14_46_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0D0CzyyDzytBtCtBtDtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0C0BtAyD0FzyyEtGzztB0EtBtGzzyEzztCtGyByCtCyEtGtCtAtCzzzyyBtCtB0B0B0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBzz0ByC0ByD0AtG0DtD0E0CtGyEtD0A0EtGzyyByEzztG0EyD0FtA0D0DtA0FtDzzzyyE2Q&cr=90030310&ir= SearchScopes: HKCU - {5E6E1618-3BEA-4A6A-AC43-80B3F54CE1CB} URL = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_frg01_14_49_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0D0CzyyDzytBtCtBtDtN0D0Tzu0SzyyDtDtN1L2XzutAtFtDtFtCtDtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtD0DtBtByEzz0AtGtA0Ezy0DtGtA0EzytBtG0CtA0AtBtGtD0CtAyCtA0C0EtCyE0E0F0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByEyEtAyB0CtB0AtGtBzy0FtDtGyEyE0E0EtGzytAtByCtG0DzzyC0CzzzztByBtD0CyByB2Q&cr=1230190011&ir= SearchScopes: HKCU - {9AD1DDCA-9138-4F37-8542-E774CE72FEDC} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8 SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=4 SearchScopes: HKCU - {CCA70054-9FB7-46C4-A32D-B64843035997} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd SearchScopes: HKCU - {EFBAA18C-764F-4320-A142-84ACC4C3AF65} URL = http://search.usatoday.com/search/search.aspx?qt=news%2Cyss%2Cweb%2Crel%2Cimg%2Ctop10%2Ckmatch&nr=5&s=sb&kw={searchTerms} BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll () BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll () Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKU\S-1-5-21-3275123363-4289498944-2812251985-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - No File Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default FF DefaultSearchEngine: Lasaoren FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Lasaoren FF Homepage: hxxp://lasaoren.com/?f=1&a=lrn_dnldstr_14_46_ff&cd=2xzuyetn2y1l1qzu0etd0c0bye0eyb0d0czyydzytbtctbtdtn0d0tzu0stctdyeybtn1l2xzutatfyctftctftdtn1l1czutcyetbzytdyd1v1ttn1l1g1b1v1n2y1l1qzu2syc0c0btayd0fzyyetgzztb0etbtgzzyezztctgybyctcyetgtctatczzzyybtctb0b0b0ftd2qtn1m1f1b2z1v1n2y1l1qzu2stcybzz0byc0byd0atg0dtd0e0ctgyetd0a0etgzyybyezztg0eyd0fta0d0dta0ftdzzzyye2q&cr=90030310&ir= FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @cnw.com/cnwplugin -> C:\Program Files (x86)\AnyMeeting Plug-in\npcnwplugin.dll (AnyMeeting, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3275123363-4289498944-2812251985-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Ryan\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF Plugin HKU\S-1-5-21-3275123363-4289498944-2812251985-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll (Hulu LLC) FF Plugin HKU\S-1-5-21-3275123363-4289498944-2812251985-1000: tdameritrade.com/thinkorswim -> C:\Program Files (x86)\thinkorswim\npthinkorswim.dll (TD Ameritrade) FF Plugin HKU\S-1-5-21-3275123363-4289498944-2812251985-1000: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkorswim\nptossc.dll (TD Ameritrade) FF user.js: detected! => C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Ryan\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC) FF SearchPlugin: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\searchplugins\bingp.xml FF SearchPlugin: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\searchplugins\Lasaoren.xml FF SearchPlugin: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\searchplugins\safesearch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml FF Extension: LastPass - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\Extensions\support@lastpass.com [2014-08-18] FF Extension: Evernote Web Clipper - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-01-10] FF Extension: Firebug - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\Extensions\firebug@software.joehewitt.com.xpi [2012-12-05] FF Extension: Awesome screenshot: Capture and Annotate - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2013-07-30] FF Extension: Yesware Email Tracking - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\Extensions\jid1-T5mdAATMX3urKA@jetpack.xpi [2013-05-20] FF Extension: YSlow - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\Extensions\yslow@yahoo-inc.com.xpi [2012-12-05] FF Extension: Lasaoren - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\Extensions\{0760faf4-8d0b-49d1-bbac-d05eb1ac32c7}.xpi [2014-11-12] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-11-10] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn [2014-11-12] FF Extension: No Name - {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} [Not Found] Chrome: ======= CHR HomePage: Default -> hxxp://Lasaoren.com/?f=1&a=lrn_dnldstr_14_46_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0D0CzyyDzytBtCtBtDtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0C0BtAyD0FzyyEtGzztB0EtBtGzzyEzztCtGyByCtCyEtGtCtAtCzzzyyBtCtB0B0B0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBzz0ByC0ByD0AtG0DtD0E0CtGyEtD0A0EtGzyyByEzztG0EyD0FtA0D0DtA0FtDzzzyyE2Q&cr=90030310&ir= CHR StartupUrls: Default -> "hxxp://Lasaoren.com/?f=7&a=lrn_dnldstr_14_46_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0D0CzyyDzytBtCtBtDtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0C0BtAyD0FzyyEtGzztB0EtBtGzzyEzztCtGyByCtCyEtGtCtAtCzzzyyBtCtB0B0B0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBzz0ByC0ByD0AtG0DtD0E0CtGyEtD0A0EtGzyyByEzztG0EyD0FtA0D0DtA0FtDzzzyyE2Q&cr=90030310&ir=","hxxp://astromenda.com/?f=7&a=ast_frg01_14_49_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0D0CzyyDzytBtCtBtDtN0D0Tzu0SzyyDtDtN1L2XzutAtFtDtFtCtDtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtD0DtBtByEzz0AtGtA0Ezy0DtGtA0EzytBtG0CtA0AtBtGtD0CtAyCtA0C0EtCyE0E0F0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByEyEtAyB0CtB0AtGtBzy0FtDtGyEyE0E0EtGzytAtByCtG0DzzyC0CzzzztByBtD0CyByB2Q&cr=1230190011&ir=" CHR DefaultSearchKeyword: Default -> Lasaoren.com CHR DefaultSearchURL: Default -> http://Lasaoren.com/results.php?f=4&q={searchTerms}&a=lrn_dnldstr_14_46_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0D0CzyyDzytBtCtBtDtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0C0BtAyD0FzyyEtGzztB0EtBtGzzyEzztCtGyByCtCyEtGtCtAtCzzzyyBtCtB0B0B0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBzz0ByC0ByD0AtG0DtD0E0CtGyEtD0A0EtGzyyByEzztG0EyD0FtA0D0DtA0FtDzzzyyE2Q&cr=90030310&ir= CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-14] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-06] CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-14] CHR Extension: (Google Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-14] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2012-11-17] CHR Extension: (Norton Identity Safe) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-14] CHR Extension: (Norton Security Toolbar) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-11-14] CHR Extension: (Google Wallet) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-14] CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-01] CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files (x86)\LastPass\lpchrome.crx [2012-11-14] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-01] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed] R2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation) R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [361472 2012-06-18] (Alcatel-Lucent) [File not signed] R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [441344 2012-06-18] (Alcatel-Lucent) [File not signed] R2 pcServiceHost; C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [342016 2012-06-14] (Alcatel-Lucent) [File not signed] R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-02-01] (Intuit) [File not signed] S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\BASHDefs\20141107.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-24] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-06] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-18] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\IPSDefs\20141111.001\IDSvia64.sys [633560 2014-08-27] (Symantec Corporation) R3 L6TPortB; C:\Windows\System32\Drivers\L6TPortB64.sys [894336 2010-03-09] (Line 6) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [131800 2014-11-12] (Malwarebytes Corporation) S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] R3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA)) R3 NAVENG; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\VirusDefs\20141111.034\ENG64.SYS [129752 2014-10-06] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\VirusDefs\20141111.034\EX64.SYS [2137304 2014-10-06] (Symantec Corporation) R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-10-29] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-05] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation) S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-12 15:45 - 2014-11-12 15:45 - 00042051 _____ () C:\Users\Ryan\Downloads\Addition.txt 2014-11-12 15:43 - 2014-11-12 16:22 - 00034003 _____ () C:\Users\Ryan\Downloads\FRST.txt 2014-11-12 15:43 - 2014-11-12 16:21 - 00000000 ____D () C:\FRST 2014-11-12 15:43 - 2014-11-12 15:43 - 02116096 _____ (Farbar) C:\Users\Ryan\Downloads\FRST64.exe 2014-11-12 13:17 - 2014-11-12 13:17 - 00000044 _____ () C:\Users\Ryan\AppData\Roaming\WB.CFG 2014-11-12 12:22 - 2014-11-12 12:22 - 00001164 _____ () C:\Users\Ryan\Desktop\Continue Free Download Installation.lnk 2014-11-12 12:16 - 2014-11-12 12:17 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\WSE_Lasaoren 2014-11-12 12:16 - 2014-11-12 12:16 - 24489269 _____ () C:\Users\Ryan\Downloads\setup_free.exe 2014-11-12 12:16 - 2014-11-12 12:16 - 00000000 ____D () C:\ProgramData\BoostSoftware 2014-11-12 12:13 - 2014-11-12 12:13 - 00796616 _____ ( ) C:\Users\Ryan\Downloads\Free_Download_Setup(1).exe 2014-11-12 12:12 - 2014-11-12 12:12 - 00796616 _____ ( ) C:\Users\Ryan\Downloads\Free_Download_Setup.exe 2014-11-12 11:25 - 2014-11-12 12:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-11-12 11:21 - 2014-11-12 11:21 - 14439144 _____ (Malwarebytes Corp.) C:\Users\Ryan\Downloads\mbar-1.08.0.1001(1).exe 2014-11-12 11:16 - 2014-11-12 11:17 - 00000000 ____D () C:\Users\Ryan\Desktop\CB Logos 2014-11-12 11:11 - 2014-11-12 11:17 - 00000000 ____D () C:\Users\Ryan\Desktop\New folder 2014-11-12 11:05 - 2014-11-12 11:09 - 00000000 ____D () C:\Users\Ryan\Desktop\mysearchlinkspics 2014-11-12 11:01 - 2014-11-12 12:06 - 00000000 ____D () C:\Users\Ryan\Desktop\mbar 2014-11-12 11:00 - 2014-11-12 11:00 - 14439144 _____ (Malwarebytes Corp.) C:\Users\Ryan\Downloads\mbar-1.08.0.1001.exe 2014-11-12 09:18 - 2014-11-12 09:18 - 04909382 _____ () C:\Users\Ryan\Downloads\mbam-chameleon-3.1.7.0(1).zip 2014-11-12 02:14 - 2014-11-12 11:25 - 00131800 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-12 02:13 - 2014-11-12 11:23 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-12 02:13 - 2014-11-12 02:13 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-11-12 02:13 - 2014-11-12 02:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-11-12 02:13 - 2014-11-12 02:13 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-12 02:13 - 2014-11-12 02:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-11-12 02:13 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-12 02:13 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-12 02:12 - 2014-11-12 02:12 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Ryan\Downloads\mbam-setup-2.0.3.1025.exe 2014-11-12 02:09 - 2014-11-12 02:09 - 04909382 _____ () C:\Users\Ryan\Downloads\mbam-chameleon-3.1.7.0.zip 2014-11-11 16:34 - 2014-11-11 16:34 - 00001624 _____ () C:\Users\Ryan\Desktop\Shortcut to scrapebox.exe.lnk 2014-11-11 16:31 - 2014-11-11 16:31 - 00425984 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Ryan\Downloads\libeay32.dll 2014-11-11 16:31 - 2014-11-11 16:31 - 00232960 _____ (GnuWin32 <http://gnuwin32.sourceforge.net>) C:\Users\Ryan\Downloads\libssl32.dll 2014-11-11 16:31 - 2014-11-11 16:31 - 00200704 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Ryan\Downloads\ssleay32.dll 2014-11-10 08:12 - 2014-11-10 08:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-08 22:23 - 2014-11-08 22:24 - 01701816 _____ () C:\Windows\Minidump\110814-61589-01.dmp 2014-11-07 14:22 - 2014-11-11 16:49 - 00000000 ____D () C:\Users\Ryan\Downloads\Plugins 2014-11-07 14:22 - 2014-11-11 16:49 - 00000000 ____D () C:\Users\Ryan\Downloads\Addons 2014-11-07 14:22 - 2014-11-11 16:31 - 00000000 ____D () C:\Users\Ryan\Downloads\Configuration 2014-11-07 14:22 - 2014-09-02 01:42 - 04072384 _____ (Softtouch Software Design) C:\Users\Ryan\Downloads\scrapebox.exe 2014-11-07 14:22 - 2012-02-17 17:58 - 00000000 ____D () C:\Users\Ryan\Downloads\Blacklist 2014-11-07 14:22 - 2012-02-02 20:43 - 00000000 ____D () C:\Users\Ryan\Downloads\RSS Submission 2014-11-07 14:22 - 2011-05-05 18:42 - 00000000 ____D () C:\Users\Ryan\Downloads\Comment Poster 2014-11-07 14:22 - 2011-04-13 01:21 - 00482760 _____ (Softtouch Software Design) C:\Users\Ryan\Downloads\sbupdate.exe 2014-11-07 14:22 - 2009-12-16 15:36 - 00000000 ____D () C:\Users\Ryan\Downloads\Projects 2014-11-07 14:22 - 2009-11-16 06:54 - 00000000 ____D () C:\Users\Ryan\Downloads\Trackbacks 2014-11-07 14:22 - 2009-11-16 06:54 - 00000000 ____D () C:\Users\Ryan\Downloads\Proxies 2014-11-07 14:22 - 2009-11-16 06:54 - 00000000 ____D () C:\Users\Ryan\Downloads\Ping Mode 2014-11-07 14:21 - 2014-11-07 14:21 - 05230370 _____ () C:\Users\Ryan\Downloads\scrapebox.zip 2014-11-07 14:21 - 2014-11-07 14:21 - 00000000 ____D () C:\Users\Ryan\Downloads\scrapebox 2014-11-07 07:52 - 2014-11-07 07:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2014-11-04 14:03 - 2014-11-04 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-11-03 19:16 - 2014-11-03 19:16 - 00091068 _____ () C:\Users\Ryan\Documents\6 month top 250 stock gainers.xlsx 2014-11-03 19:09 - 2014-11-03 19:10 - 00091654 _____ () C:\Users\Ryan\Documents\3 month percent average top 250.xlsx 2014-11-03 13:04 - 2014-11-03 13:04 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-11-03 13:04 - 2014-11-03 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-11-03 13:04 - 2014-11-03 13:04 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-11-03 13:02 - 2014-11-03 13:02 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-11-03 13:02 - 2014-11-03 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-11-03 12:59 - 2014-11-03 13:00 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2014-11-03 12:59 - 2014-11-03 13:00 - 00000000 ____D () C:\Program Files\iTunes 2014-11-03 12:59 - 2014-11-03 13:00 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-11-03 12:59 - 2014-11-03 12:59 - 00000000 ____D () C:\Program Files\iPod 2014-11-03 12:13 - 2014-11-03 12:13 - 00001034 _____ () C:\Users\Ryan\Desktop\Apple Mobile Device USB Driver - Shortcut.lnk 2014-11-03 12:09 - 2014-11-03 12:09 - 00000000 ____D () C:\Windows\en 2014-11-03 12:08 - 2014-11-03 12:08 - 00001307 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2014-11-03 12:07 - 2014-11-03 12:07 - 00002488 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk 2014-11-03 12:04 - 2014-11-03 12:04 - 00002178 _____ () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2014-11-03 09:46 - 2014-11-03 09:47 - 72331056 _____ (Apple Inc.) C:\Users\Ryan\Downloads\iCloudSetup.exe 2014-10-31 13:34 - 2014-10-31 13:36 - 122418480 _____ (Apple Inc.) C:\Users\Ryan\Downloads\iTunes64Setup.exe 2014-10-14 22:52 - 2014-09-28 16:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-14 22:52 - 2014-08-18 19:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2014-10-14 22:52 - 2014-08-18 19:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2014-10-14 22:52 - 2014-08-18 19:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2014-10-14 22:52 - 2014-08-18 19:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2014-10-14 22:52 - 2014-08-18 19:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2014-10-14 22:52 - 2014-08-18 19:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2014-10-14 22:52 - 2014-08-18 19:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2014-10-14 22:52 - 2014-08-18 19:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2014-10-14 22:52 - 2014-08-18 19:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2014-10-14 22:52 - 2014-08-18 19:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2014-10-14 22:52 - 2014-08-18 18:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2014-10-14 22:52 - 2014-08-18 18:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2014-10-14 22:52 - 2014-08-18 18:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2014-10-14 22:52 - 2014-07-06 18:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-10-14 22:52 - 2014-07-06 18:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2014-10-14 22:52 - 2014-07-06 18:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-10-14 22:52 - 2014-07-06 18:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-10-14 22:52 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-10-14 22:52 - 2014-07-06 18:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2014-10-14 22:52 - 2014-07-06 18:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2014-10-14 22:52 - 2014-07-06 18:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-10-14 22:52 - 2014-07-06 18:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2014-10-14 22:52 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-10-14 22:52 - 2014-07-06 17:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2014-10-14 22:52 - 2014-07-06 17:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2014-10-14 22:52 - 2014-07-06 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2014-10-14 22:52 - 2014-07-06 17:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2014-10-14 22:52 - 2014-07-06 17:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-10-14 22:52 - 2014-07-06 17:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-10-14 22:52 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2014-10-14 22:52 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2014-10-14 22:52 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2014-10-14 22:52 - 2014-06-27 16:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2014-10-14 22:52 - 2014-06-27 16:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2014-10-14 22:52 - 2014-06-27 16:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2014-10-14 22:52 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-14 22:52 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-14 22:52 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-14 22:52 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-14 22:52 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-14 22:52 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-14 22:51 - 2014-10-09 18:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-10-14 22:51 - 2014-10-09 18:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-10-14 22:51 - 2014-10-09 18:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-10-14 22:51 - 2014-10-06 18:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-14 22:51 - 2014-10-06 18:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-14 22:51 - 2014-09-25 14:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-14 22:51 - 2014-09-25 14:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-14 22:51 - 2014-09-25 14:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-14 22:51 - 2014-09-25 14:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-14 22:51 - 2014-09-25 14:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-14 22:51 - 2014-09-25 14:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-14 22:51 - 2014-09-25 14:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-14 22:51 - 2014-09-18 18:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-14 22:51 - 2014-09-18 17:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-14 22:51 - 2014-09-18 17:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-14 22:51 - 2014-09-18 17:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-14 22:51 - 2014-09-18 17:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-14 22:51 - 2014-09-18 17:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-14 22:51 - 2014-09-18 17:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-14 22:51 - 2014-09-18 17:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-14 22:51 - 2014-09-18 17:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-14 22:51 - 2014-09-18 17:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-14 22:51 - 2014-09-18 17:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-14 22:51 - 2014-09-18 17:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-14 22:51 - 2014-09-18 17:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-14 22:51 - 2014-09-18 17:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-14 22:51 - 2014-09-18 17:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-14 22:51 - 2014-09-18 17:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-14 22:51 - 2014-09-18 17:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-14 22:51 - 2014-09-18 17:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-14 22:51 - 2014-09-18 17:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-14 22:51 - 2014-09-18 17:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-14 22:51 - 2014-09-18 17:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-14 22:51 - 2014-09-18 17:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-14 22:51 - 2014-09-18 17:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-14 22:51 - 2014-09-18 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-14 22:51 - 2014-09-18 17:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-14 22:51 - 2014-09-18 17:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-14 22:51 - 2014-09-18 16:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-14 22:51 - 2014-09-18 16:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-14 22:51 - 2014-09-18 16:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-14 22:51 - 2014-09-18 16:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-14 22:51 - 2014-09-18 16:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-14 22:51 - 2014-09-18 16:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-14 22:51 - 2014-09-18 16:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-14 22:51 - 2014-09-18 16:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-14 22:51 - 2014-09-18 16:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-14 22:51 - 2014-09-18 16:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-14 22:51 - 2014-09-18 16:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-14 22:51 - 2014-09-18 16:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-14 22:51 - 2014-09-18 16:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-14 22:51 - 2014-09-18 16:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-14 22:51 - 2014-09-18 16:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-14 22:51 - 2014-09-18 16:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-14 22:51 - 2014-09-18 16:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-14 22:51 - 2014-09-18 15:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-14 22:51 - 2014-09-18 15:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-14 22:51 - 2014-09-18 15:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-14 22:51 - 2014-09-18 15:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-14 22:51 - 2014-09-17 18:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-14 22:51 - 2014-09-17 17:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-14 22:51 - 2014-07-16 18:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-14 22:51 - 2014-07-16 18:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-14 22:51 - 2014-07-16 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-14 22:51 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-14 22:51 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-14 22:51 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-14 22:51 - 2014-07-16 18:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-14 22:51 - 2014-07-16 18:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-14 22:51 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-14 22:51 - 2014-07-16 17:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-14 22:51 - 2014-07-16 17:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-10-14 22:51 - 2014-07-16 17:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2014-10-14 22:51 - 2014-07-16 17:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-14 22:51 - 2014-07-16 17:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-14 22:51 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-14 22:51 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-14 22:50 - 2014-09-12 17:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-14 22:50 - 2014-09-12 17:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-14 22:50 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-14 22:50 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-13 07:47 - 2014-10-13 07:47 - 01652435 _____ () C:\Users\Ryan\Downloads\Files(1).zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-12 16:18 - 2013-01-17 14:19 - 00000000 __HDC () C:\ProgramData\~1 2014-11-12 16:17 - 2011-05-23 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments 2014-11-12 16:16 - 2013-05-25 12:16 - 00000000 __HDC () C:\ProgramData\~0 2014-11-12 16:15 - 2013-06-02 10:37 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line 2014-11-12 16:15 - 2013-06-02 10:37 - 00000000 ____D () C:\Program Files (x86)\Image-Line 2014-11-12 16:15 - 2012-01-27 16:29 - 00000000 ____D () C:\Program Files\Native Instruments 2014-11-12 16:13 - 2013-10-25 14:12 - 00000000 ____D () C:\ProgramData\Camel Audio 2014-11-12 16:13 - 2013-10-25 14:12 - 00000000 ____D () C:\Program Files (x86)\Camel Audio 2014-11-12 16:13 - 2013-10-18 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camel Audio 2014-11-12 16:12 - 2011-09-14 21:32 - 00000000 ____D () C:\Program Files (x86)\Google 2014-11-12 16:06 - 2011-09-14 21:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-12 15:52 - 2012-11-16 20:30 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Skype 2014-11-12 15:50 - 2010-06-24 19:21 - 00000000 ____D () C:\Users\Ryan\AppData\Local\CrashDumps 2014-11-12 15:46 - 2014-04-07 08:59 - 00000536 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3275123363-4289498944-2812251985-1000.job 2014-11-12 15:26 - 2012-04-04 08:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-12 15:02 - 2009-07-13 20:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-12 15:02 - 2009-07-13 20:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-12 14:59 - 2010-02-26 06:30 - 01777953 _____ () C:\Windows\WindowsUpdate.log 2014-11-12 14:55 - 2012-05-18 16:13 - 00000000 ___RD () C:\Users\Ryan\Dropbox 2014-11-12 14:55 - 2012-05-18 16:10 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Dropbox 2014-11-12 14:54 - 2013-12-12 17:00 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Spotify 2014-11-12 14:51 - 2010-01-15 09:10 - 02397924 _____ () C:\Windows\PFRO.log 2014-11-12 14:51 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-12 14:51 - 2009-07-13 20:51 - 00043030 _____ () C:\Windows\setupact.log 2014-11-12 11:18 - 2014-02-14 16:54 - 00000000 ____D () C:\Users\Ryan\Desktop\Pics 2014-11-12 08:09 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Speech 2014-11-12 03:37 - 2010-04-03 16:55 - 00000000 ____D () C:\Program Files (x86)\QuickBooks Online Backup 2014-11-11 17:47 - 2014-09-27 15:37 - 00000000 ____D () C:\Users\Ryan\AppData\Local\NPE 2014-11-11 17:26 - 2014-09-27 15:39 - 00000000 ____D () C:\NPE 2014-11-11 16:48 - 2010-03-20 12:07 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{27FAE3BD-BE82-405C-8E7D-DB50733813FF} 2014-11-11 13:26 - 2012-04-04 08:18 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-11 13:26 - 2012-04-04 08:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-11 13:26 - 2011-05-23 18:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-11 10:38 - 2014-08-14 07:50 - 04246016 ___SH () C:\Users\Ryan\Desktop\Thumbs.db 2014-11-11 10:19 - 2014-08-21 13:42 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForRyan 2014-11-11 10:19 - 2014-08-21 13:42 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForRyan.job 2014-11-11 08:53 - 2014-07-22 18:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-11 08:44 - 2013-12-12 17:00 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Spotify 2014-11-09 01:22 - 2014-04-07 08:59 - 00003562 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3275123363-4289498944-2812251985-1000 2014-11-08 22:23 - 2013-08-22 20:28 - 578582455 _____ () C:\Windows\MEMORY.DMP 2014-11-08 22:23 - 2013-08-22 20:28 - 00000000 ____D () C:\Windows\Minidump 2014-11-07 08:16 - 2010-03-23 11:17 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Adobe 2014-11-07 08:06 - 2010-03-23 11:56 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Apple Computer 2014-11-06 14:56 - 2010-04-04 15:46 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-11-05 12:20 - 2009-07-13 21:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-04 14:03 - 2014-08-26 08:03 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-11-04 14:03 - 2014-08-26 08:03 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-11-04 14:03 - 2012-11-16 20:30 - 00000000 ____D () C:\ProgramData\Skype 2014-11-04 11:22 - 2013-05-19 16:04 - 00000000 ____D () C:\Users\Ryan\.thinkorswim 2014-11-04 11:22 - 2010-05-10 07:52 - 00000000 ____D () C:\Program Files (x86)\thinkorswim 2014-11-03 14:45 - 2012-06-01 17:36 - 04150784 ___SH () C:\Users\Ryan\Downloads\Thumbs.db 2014-11-03 13:40 - 2010-03-20 15:18 - 00000000 ____D () C:\Users\Ryan\Tracing 2014-11-03 12:59 - 2010-03-23 11:54 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-11-03 12:58 - 2013-03-15 14:48 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-11-03 12:10 - 2011-05-23 17:52 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Windows Live 2014-11-03 12:09 - 2011-05-23 17:56 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2014-11-03 12:08 - 2012-11-17 11:26 - 00001376 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2014-11-03 12:07 - 2011-05-23 17:55 - 00001460 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2014-11-03 12:07 - 2010-01-15 09:44 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-11-03 12:06 - 2012-11-17 11:25 - 00000000 ____D () C:\Program Files\Windows Live 2014-11-03 12:04 - 2010-01-15 09:48 - 00033369 _____ () C:\Windows\DirectX.log 2014-11-03 10:49 - 2010-03-19 14:58 - 00000000 ____D () C:\Users\Ryan 2014-11-03 09:49 - 2010-03-23 11:54 - 00000000 ____D () C:\ProgramData\Apple 2014-10-31 09:09 - 2010-03-20 12:25 - 00000544 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job 2014-10-29 01:09 - 2013-06-06 16:09 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-10-28 19:09 - 2011-11-10 12:57 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-10-21 16:01 - 2011-09-14 21:32 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-21 16:01 - 2011-09-14 21:32 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-21 16:01 - 2011-09-14 21:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-16 15:14 - 2012-06-18 21:32 - 00000000 ____D () C:\Program Files (x86)\ATT-SST 2014-10-15 07:27 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-10-15 03:24 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache 2014-10-15 02:46 - 2009-07-13 20:45 - 04981328 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-15 02:43 - 2014-05-06 14:15 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-15 02:43 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-10-15 02:43 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-10-15 02:20 - 2010-03-23 11:06 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-15 02:15 - 2013-08-14 02:02 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-15 02:01 - 2010-03-20 12:19 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Some content of TEMP: ==================== C:\Users\Ryan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxsol3s.dll C:\Users\Ryan\AppData\Local\Temp\ICReinstall_Free_Download_Setup(1).exe C:\Users\Ryan\AppData\Local\Temp\ose00000.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-05 00:31 ==================== End Of Log ============================
  5. I have been using Norton Security for Comcast and current version of Malwarebytes. Norton tells me it has blocked an attack by: System infected: Trojan.Powelik Activity. Same thing for Trojan.AdClicker Activity. I'm also notified that PowerShell has stopped working and High Memory usage by Com Surrogate. I'm using Windows 7 Home Premium 64 bit operating system. My system is working at a snails pace, any help would be greatly appreciated. Thanks, Steven
  6. Help! Last evening (10-27-14), Malwarebytes started blocking numerous outgoing IP addresses while I was browsing the internet. I added them to the 'Excluded List', but my browser is S L O W. Checking my Task Manager, there are about 20 instances of DLLHOST.EXE COM Surrogate running and eating up my CPU capacity. After a little checking around, I downloaded the FARBAR RECOVERY SCAN TOOL and ran it. I tried to cut-and-paste the files in this forum, but they will not paste. I am attaching the following files if they can be used: FRST.txt Addition.txt Thanks to whoever could help with removing this annoying creature from my computer. Addition.txt FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.