Jump to content

Search the Community

Showing results for tags 'shell'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 2 results

  1. I did click the Follow This Topic, but did not see where to receive immediate notifications. I've been messing with this, so let me give you the short version so you know where I'm at. Guess I should have started at this forum, but have run my laptop for two years without antivirus. I am pretty careful online. Oddly, I never activated my McAfee software, though it came as part of the package when I bought it, and clicked the nag screen away several times a day for those two years. It's still asking me to activate. Also oddly, its Site Advisor is active, and controlling Firewall, but that's all it does, and it's not from the program that came with my Best Buy Lenovo. I think it attached itself to a browser. AND, it's doing the job of having this malware from connecting.... It's a "risky connection" that McAfee is blocking that I know about where this sucker is: Users/dan2012/AppData/Roaming/Ahetax/dakus.exe And the .exec file fires up because "Bupekiuvfupila" is a "Startup Item" in System Configuration. In safe mode, I unchecked the box so it wouldn't load, but the dakus.exe still tries to run, but McAfee is still blocking it. It was interesting to search for Bupekiuvfupila and for dakus.exe in the reports. They show up not just at the "attention" arrows. Ran MS Safety Scanner for 6 hrs, 1,200,000 files; it cleaned a few things out. PWS:Win32/Zbot.gen!AP (Partially removed. I could not figure out what MS wanted me to do manually in addition, though I clicked to the page.) Trojan:MSIL/Injector.P (removed) TrojanDownloader:Win32/Notodar.A (removed) (I've been at this for 20 hrs straight.) Read an article in an online PC mag which recommended Malwarebytes (but not the forum). Went back to Safe Mode, ran disk cleanup on C: eliminated lots of temp files, as they recommended. Ran Malwarebytes, which found two other trojans, BUT NOT this dakus.exe, which is hanging me up. I changed folder options to see the system files, and found it and tried to rename dakus.exe to "stuff.jpg" (forgive my french) and it magically let me, but cloned itself right there in the directory [Ahetax] as good old dakus.exe. I gave up, found this forum, and here I am. When McAfee blocks these "risky connections" and notifies me, this is what they say. Always seems to be the same IP addresses, too. IP Address: 192.162.19.122 Program: C:\USERS\DAN2012\APPDATA\ROAMING\AHETAX\DAKUS.EXE IP Addr: 5.79.66.43 Program: Host Process for Windows Services IP Addr: 184.164.143.90 Program: COM Surrogate NOTE: I have downloaded MSE to run realtime for now. I'm going today to Best Buy to get a hard drive to back up my files onto. (My other drive is 2000 miles away.) Here's the problem, though: the computer works fine if I turn the wifi off with the mechanical switch. But I can also get online with McAfee blocking the darn thing, which is the only way I can get back to the forum unless I venture into unfamiliar territory, like a library computer or something. That's how I downloaded MSE, FRST64, and Malwarebytes. And that's how I'm posting right now. But the browser works slowly, and sometimes "shell-something" stops working, and sometimes the video driver gives up, recovers, and sometimes crashes and I have to force restart. Only if I'm online. I got screenshots which I cropped on a lot of this stuff and saved in jpg format, if that'll help, but I forgot to take a screenshot of what malwarebytes eliminated. Here's my FRST and Additional txts, if they'll fit in one comment. (The site said not to bump a second comment on here or I might get missed, but I read some of the other threads and I see that sometimes you have to chop them up.) Thanks for whatever you can do to help me squash this bug. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2014 Ran by dan2012 (administrator) on DAN2012-PC on 23-10-2014 13:39:29 Running from C:\Users\dan2012\Desktop Loaded Profile: dan2012 (Available profiles: dan2012) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe (APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe () C:\Users\dan2012\AppData\Roaming\Ahetax\dakus.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe (Egis Technology Inc. ) C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe (Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (Egis Technology Inc. ) C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-05-07] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-05-07] (Lenovo(beijing) Limited) HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-05-07] (Lenovo) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-06-15] (Vimicro) HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.) HKLM-x32\...\Run: [VitaKeyTSR] => C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe [383344 2010-12-13] (Egis Technology Inc. ) HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1675160 2012-03-21] (McAfee, Inc.) HKLM-x32\...\Run: [PLTSR] => C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe [364400 2010-10-22] (Egis Technology Inc. ) HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-05-07] (Lenovo) HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.) HKLM-x32\...\Run: [updateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.) HKLM-x32\...\Run: [updatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1942424 2014-10-10] (APN) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-953073755-2712446163-3435037875-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation) HKU\S-1-5-21-953073755-2712446163-3435037875-1000\...\Run: [bupekiuvfupila] => C:\Users\dan2012\AppData\Roaming\Ahetax\dakus.exe [306301 2014-10-23] () HKU\S-1-5-21-953073755-2712446163-3435037875-1000\...\MountPoints2: {87b828b2-297d-11e2-b5de-f0def1f09e33} - G:\LaunchU3.exe -a HKU\S-1-5-21-953073755-2712446163-3435037875-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll () ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://us-mg6.mail.yahoo.com/neo/launch? HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.facebook.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) SearchScopes: HKCU - DefaultScope {4290B0D9-99DD-4FC6-8507-24073BA000F4} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US714D20140728&p={SearchTerms} SearchScopes: HKCU - {4290B0D9-99DD-4FC6-8507-24073BA000F4} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US714D20140728&p={SearchTerms} SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {E19052A8-9C4B-4F6A-8792-CF274F9E4247} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^TV&apn_dtid=^OSJ000^YY^US&apn_uid=EB6564D0-BEA3-4BA8-AAC2-1B5FF1B65916&apn_sauid=791D8917-788B-42FA-A376-0B0996D5057A BHO: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.) BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120627144916.dll (McAfee, Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.) BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120627144916.dll (McAfee, Inc.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.) Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 FireFox: ======== FF ProfilePath: C:\Users\dan2012\AppData\Roaming\Mozilla\Firefox\Profiles\pvbwf59h.default FF SearchEngineOrder.1: Secure Search FF Homepage: hxxp://www.facebook.com/ FF Keyword.URL: hxxp://search.yahoo.com/search?fr=mcafee&type=A111US714&p= FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy) FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\progra~2\mcafee\msc\npmcsn~1.dll () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\dan2012\AppData\Roaming\Mozilla\Firefox\Profiles\pvbwf59h.default\searchplugins\askcom.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml FF Extension: Ask Toolbar - C:\Users\dan2012\AppData\Roaming\Mozilla\Firefox\Profiles\pvbwf59h.default\Extensions\toolbar@ask.com.xpi [2014-08-05] FF Extension: 1-Click YouTube Video Downloader - C:\Users\dan2012\AppData\Roaming\Mozilla\Firefox\Profiles\pvbwf59h.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2014-09-04] FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt FF Extension: Online Accounts Extension - C:\Program Files (x86)\EgisTec BioExcess\FFExt [2012-05-07] FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-05-07] FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012-05-07] FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN CHR StartupUrls: Default -> "hxxp://www.yahoo.com/", "hxxp://www.facebook.com/" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\dan2012\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\dan2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24] CHR Extension: (YouTube) - C:\Users\dan2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-04] CHR Extension: (Video Downloader professional) - C:\Users\dan2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2014-09-04] CHR Extension: (SiteAdvisor) - C:\Users\dan2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-06-26] CHR Extension: (Google Wallet) - C:\Users\dan2012\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-09-26] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-09-22] (APN LLC.) R2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. ) R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [225216 2011-01-28] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.) R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.) R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [502032 2012-04-19] (McAfee, Inc.) S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.) R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199304 2012-05-25] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [210616 2012-05-25] (McAfee, Inc.) R2 mfevtp; C:\windows\system32\mfevtps.exe [162224 2012-05-25] (McAfee, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.) R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.) U3 mfeavfk01; No ImagePath R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.) R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed] R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [250752 2011-06-14] (Vimicro Corporation) R3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation) U3 BcmSqlStartupSvc; No ImagePath U2 CLKMSVC10_3A60B698; No ImagePath U2 CLKMSVC10_C3B3B687; No ImagePath U2 DriverService; No ImagePath U2 IAStorDataMgrSvc; No ImagePath U2 iATAgentService; No ImagePath U2 idealife Update Service; No ImagePath U3 IGRS; No ImagePath U2 IviRegMgr; No ImagePath U2 nvUpdatusService; No ImagePath U2 Oasis2Service; No ImagePath U2 PCCarerService; No ImagePath U2 ReadyComm.DirectRouter; No ImagePath U2 RichVideo; No ImagePath U2 RtLedService; No ImagePath U2 SeaPort; No ImagePath U2 SoftwareService; No ImagePath U3 SQLWriter; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-23 13:39 - 2014-10-23 13:40 - 00023857 _____ () C:\Users\dan2012\Desktop\FRST.txt 2014-10-23 13:37 - 2014-10-23 13:39 - 00000000 ____D () C:\FRST 2014-10-23 13:33 - 2014-10-23 13:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2014-10-23 13:24 - 2014-10-23 13:24 - 01312616 _____ () C:\windows\Minidump\102314-37892-01.dmp 2014-10-23 12:33 - 2014-10-23 12:35 - 02112000 _____ (Farbar) C:\Users\dan2012\Desktop\FRST64.exe 2014-10-23 11:33 - 2014-10-23 11:38 - 14087848 _____ (Microsoft Corporation) C:\Users\dan2012\Downloads\mseinstall.exe 2014-10-23 10:09 - 2014-10-23 10:09 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-23 10:09 - 2014-10-23 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-23 10:09 - 2014-10-23 10:09 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-23 10:09 - 2014-10-23 10:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-23 10:09 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-10-23 10:09 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-10-23 10:09 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-10-23 09:28 - 2014-10-23 09:28 - 01179192 _____ () C:\windows\Minidump\102314-40139-01.dmp 2014-10-23 09:09 - 2014-10-23 09:10 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\dan2012\Downloads\mbam-setup-2.0.3.1025.exe 2014-10-23 08:52 - 2014-10-23 08:51 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2014-10-23 08:51 - 2014-10-23 08:51 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2014-10-23 08:51 - 2014-10-23 08:51 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2014-10-23 08:51 - 2014-10-23 08:51 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2014-10-23 08:51 - 2014-10-23 08:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-10-23 07:08 - 2014-10-23 07:08 - 01700608 _____ () C:\windows\Minidump\102314-28922-01.dmp 2014-10-23 06:09 - 2014-10-23 06:10 - 01044904 _____ () C:\windows\Minidump\102314-39062-01.dmp 2014-10-22 22:43 - 2014-10-22 22:43 - 01700608 _____ () C:\windows\Minidump\102214-39047-01.dmp 2014-10-22 20:58 - 2014-10-22 20:58 - 00373488 _____ () C:\windows\Minidump\102214-40607-01.dmp 2014-10-22 20:56 - 2014-10-22 21:29 - 119873792 _____ (Microsoft Corporation) C:\Users\dan2012\Downloads\msert.exe 2014-10-22 18:03 - 2014-10-22 18:04 - 01700608 _____ () C:\windows\Minidump\102214-40435-01.dmp 2014-10-22 15:52 - 2014-10-23 08:32 - 00000000 ____D () C:\Users\dan2012\AppData\Roaming\Ahetax 2014-10-22 15:52 - 2014-10-22 15:52 - 00003824 _____ () C:\windows\System32\Tasks\Security Center Update - 296674132 2014-10-22 15:52 - 2014-10-22 15:52 - 00003820 _____ () C:\windows\System32\Tasks\Security Center Update - 2090142891 2014-10-22 15:52 - 2014-10-22 15:52 - 00000000 ____D () C:\Users\dan2012\AppData\Roaming\Hyedosg 2014-10-22 15:47 - 2014-10-22 15:47 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage 2014-10-22 14:19 - 2014-10-22 14:19 - 00373152 _____ () C:\windows\Minidump\102214-27300-01.dmp 2014-10-22 13:08 - 2014-10-22 13:08 - 01313512 _____ () C:\windows\Minidump\102214-33711-01.dmp 2014-10-19 16:55 - 2014-10-19 16:55 - 00000000 ____D () C:\Users\dan2012\Downloads\aint dere no mo 2014-10-18 15:40 - 2014-10-18 15:40 - 00373464 _____ () C:\windows\Minidump\101814-28501-01.dmp 2014-10-18 12:30 - 2014-10-18 12:30 - 01700608 _____ () C:\windows\Minidump\101814-27908-01.dmp 2014-10-18 10:08 - 2014-10-18 10:08 - 01313472 _____ () C:\windows\Minidump\101814-28532-01.dmp 2014-10-15 21:36 - 2014-10-15 21:36 - 00642040 _____ () C:\windows\Minidump\101514-30435-01.dmp 2014-10-15 02:26 - 2014-10-15 02:27 - 00000000 ____D () C:\Users\dan2012\Documents\x former post it notes 2014-10-14 23:33 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-10-14 23:32 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll 2014-10-14 23:32 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll 2014-10-14 23:32 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll 2014-10-14 23:32 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll 2014-10-14 23:32 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll 2014-10-14 23:32 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll 2014-10-14 23:31 - 2014-08-18 23:11 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi 2014-10-14 23:31 - 2014-08-18 23:10 - 00616352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi 2014-10-14 23:31 - 2014-07-06 22:07 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll 2014-10-14 23:31 - 2014-07-06 22:07 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll 2014-10-14 23:31 - 2014-07-06 22:07 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll 2014-10-14 23:31 - 2014-07-06 22:06 - 05551032 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2014-10-14 23:31 - 2014-07-06 22:06 - 04120576 _____ (Microsoft Corporation) C:\windows\system32\mf.dll 2014-10-14 23:31 - 2014-07-06 22:06 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll 2014-10-14 23:31 - 2014-07-06 22:06 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll 2014-10-14 23:31 - 2014-07-06 22:06 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll 2014-10-14 23:31 - 2014-07-06 22:06 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll 2014-10-14 23:31 - 2014-07-06 22:06 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll 2014-10-14 23:31 - 2014-07-06 22:06 - 00679424 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll 2014-10-14 23:31 - 2014-07-06 22:06 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll 2014-10-14 23:31 - 2014-07-06 22:06 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll 2014-10-14 23:31 - 2014-07-06 22:06 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll 2014-10-14 23:31 - 2014-07-06 22:06 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll 2014-10-14 23:31 - 2014-07-06 22:06 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll 2014-10-14 23:31 - 2014-07-06 22:06 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll 2014-10-14 23:31 - 2014-07-06 22:06 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll 2014-10-14 23:31 - 2014-07-06 22:06 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll 2014-10-14 23:31 - 2014-07-06 21:52 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys 2014-10-14 23:31 - 2014-07-06 21:40 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll 2014-10-14 23:31 - 2014-07-06 21:40 - 03208704 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll 2014-10-14 23:31 - 2014-07-06 21:40 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll 2014-10-14 23:31 - 2014-07-06 21:40 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll 2014-10-14 23:31 - 2014-07-06 21:40 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll 2014-10-14 23:31 - 2014-07-06 21:40 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll 2014-10-14 23:31 - 2014-07-06 21:40 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll 2014-10-14 23:31 - 2014-07-06 21:40 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll 2014-10-14 23:31 - 2014-07-06 21:40 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll 2014-10-14 23:31 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll 2014-10-14 23:31 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll 2014-10-14 23:31 - 2014-07-06 21:39 - 03970488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2014-10-14 23:31 - 2014-07-06 21:39 - 03914680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2014-10-14 23:31 - 2014-06-27 20:21 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe 2014-10-14 23:31 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe 2014-10-14 23:31 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll 2014-10-14 23:30 - 2014-08-18 23:08 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll 2014-10-14 23:30 - 2014-08-18 23:08 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll 2014-10-14 23:30 - 2014-08-18 23:08 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll 2014-10-14 23:30 - 2014-08-18 23:07 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe 2014-10-14 23:30 - 2014-08-18 23:07 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe 2014-10-14 23:30 - 2014-08-18 23:07 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll 2014-10-14 23:30 - 2014-08-18 23:07 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll 2014-10-14 23:30 - 2014-08-18 23:07 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe 2014-10-14 23:30 - 2014-08-18 22:41 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll 2014-10-14 23:30 - 2014-08-18 22:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll 2014-10-14 23:30 - 2014-08-18 22:06 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys 2014-10-14 23:30 - 2014-07-06 22:06 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll 2014-10-14 23:30 - 2014-07-06 22:06 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll 2014-10-14 23:30 - 2014-07-06 22:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll 2014-10-14 23:30 - 2014-07-06 22:06 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll 2014-10-14 23:30 - 2014-07-06 22:06 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll 2014-10-14 23:30 - 2014-07-06 22:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe 2014-10-14 23:30 - 2014-07-06 22:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe 2014-10-14 23:30 - 2014-07-06 22:06 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll 2014-10-14 23:30 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx 2014-10-14 23:30 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll 2014-10-14 23:30 - 2014-07-06 22:05 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL 2014-10-14 23:30 - 2014-07-06 22:05 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe 2014-10-14 23:30 - 2014-07-06 22:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll 2014-10-14 23:30 - 2014-07-06 21:40 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll 2014-10-14 23:30 - 2014-07-06 21:40 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll 2014-10-14 23:30 - 2014-07-06 21:40 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll 2014-10-14 23:30 - 2014-07-06 21:40 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll 2014-10-14 23:30 - 2014-07-06 21:40 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll 2014-10-14 23:30 - 2014-07-06 21:40 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll 2014-10-14 23:30 - 2014-07-06 21:40 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll 2014-10-14 23:30 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll 2014-10-14 23:30 - 2014-07-06 21:40 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll 2014-10-14 23:30 - 2014-07-06 21:40 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll 2014-10-14 23:30 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx 2014-10-14 23:30 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll 2014-10-14 23:30 - 2014-07-06 21:39 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL 2014-10-14 23:30 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe 2014-10-14 23:30 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe 2014-10-14 23:30 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll 2014-10-14 23:28 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-10-14 23:28 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2014-10-14 23:28 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-10-14 23:28 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-10-14 23:28 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-10-14 23:28 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-10-14 23:28 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-10-14 23:28 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-10-14 23:28 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-10-14 23:28 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-10-14 23:28 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-10-14 23:28 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-10-14 23:28 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-10-14 23:28 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-10-14 23:28 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-10-14 23:28 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-10-14 23:28 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-10-14 23:28 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-10-14 23:28 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-10-14 23:28 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-10-14 23:28 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-10-14 23:28 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-10-14 23:28 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-10-14 23:28 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-10-14 23:28 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-10-14 23:28 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-10-14 23:28 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-10-14 23:28 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-10-14 23:28 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-10-14 23:28 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-10-14 23:28 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-10-14 23:28 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2014-10-14 23:28 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-10-14 23:28 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-10-14 23:28 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-10-14 23:28 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-10-14 23:28 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-10-14 23:28 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-10-14 23:28 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-10-14 23:28 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-10-14 23:28 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-10-14 23:28 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-10-14 23:28 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-14 23:28 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-10-14 23:28 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-10-14 23:28 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2014-10-14 23:28 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-10-14 23:28 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-10-14 23:28 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-10-14 23:28 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-10-14 23:27 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-10-14 23:27 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-10-14 23:27 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-10-14 23:27 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-10-14 23:27 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-10-14 23:27 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-10-14 23:27 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\windows\system32\msi.dll 2014-10-14 23:27 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll 2014-10-14 23:26 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll 2014-10-14 23:26 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll 2014-10-14 23:26 - 2014-07-16 22:07 - 03722240 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll 2014-10-14 23:26 - 2014-07-16 22:07 - 01118720 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe 2014-10-14 23:26 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll 2014-10-14 23:26 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe 2014-10-14 23:26 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll 2014-10-14 23:26 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll 2014-10-14 23:26 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2014-10-14 23:26 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2014-10-14 23:26 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll 2014-10-14 23:26 - 2014-07-16 21:39 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll 2014-10-14 23:26 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe 2014-10-14 23:26 - 2014-07-16 21:39 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll 2014-10-14 23:26 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll 2014-10-14 23:26 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll 2014-10-14 23:26 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys 2014-10-14 23:26 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys 2014-10-14 23:24 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\packager.dll 2014-10-14 23:24 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll 2014-10-14 13:02 - 2014-10-14 13:03 - 00642056 _____ () C:\windows\Minidump\101414-31527-01.dmp 2014-10-12 14:50 - 2014-10-12 14:50 - 00642040 _____ () C:\windows\Minidump\101214-25272-01.dmp 2014-10-12 06:41 - 2014-10-12 06:41 - 01313488 _____ () C:\windows\Minidump\101214-27736-01.dmp 2014-10-12 00:48 - 2014-10-12 00:48 - 00641888 _____ () C:\windows\Minidump\101214-33009-01.dmp 2014-10-11 19:16 - 2014-10-11 19:16 - 00641736 _____ () C:\windows\Minidump\101114-28875-01.dmp 2014-10-11 04:17 - 2014-10-11 04:18 - 00373520 _____ () C:\windows\Minidump\101114-24726-01.dmp 2014-10-10 16:04 - 2014-10-10 16:04 - 00373488 _____ () C:\windows\Minidump\101014-25053-01.dmp 2014-10-10 07:30 - 2014-10-10 07:30 - 01179208 _____ () C:\windows\Minidump\101014-24164-01.dmp 2014-10-07 09:34 - 2014-10-15 08:17 - 00020876 _____ () C:\Users\dan2012\Documents\captions n info for FB pics.odt 2014-10-07 05:56 - 2014-10-07 05:56 - 00910624 _____ () C:\windows\Minidump\100714-25272-01.dmp 2014-10-06 16:53 - 2014-10-06 16:53 - 01447768 _____ () C:\windows\Minidump\100614-37580-01.dmp 2014-10-06 05:48 - 2014-10-06 05:48 - 00373512 _____ () C:\windows\Minidump\100614-25240-01.dmp 2014-10-03 09:30 - 2014-10-03 09:30 - 00373496 _____ () C:\windows\Minidump\100314-29733-01.dmp 2014-09-30 22:08 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll 2014-09-30 22:08 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll 2014-09-28 03:52 - 2014-09-28 03:53 - 00000000 ____D () C:\Users\dan2012\Documents\0 other books 2014-09-27 15:38 - 2014-09-27 15:38 - 01044616 _____ () C:\windows\Minidump\092714-29998-01.dmp 2014-09-26 21:21 - 2014-09-26 21:21 - 00373456 _____ () C:\windows\Minidump\092614-27534-01.dmp 2014-09-26 13:47 - 2014-09-26 13:47 - 00505112 _____ () C:\windows\Minidump\092614-27846-01.dmp 2014-09-26 10:14 - 2014-09-27 04:26 - 00000000 ____D () C:\Users\dan2012\Downloads\historical 2014-09-26 06:42 - 2014-09-26 06:42 - 01313184 _____ () C:\windows\Minidump\092614-29874-01.dmp 2014-09-24 09:42 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll 2014-09-24 09:42 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll 2014-09-24 03:31 - 2014-09-24 03:31 - 01045912 _____ () C:\windows\Minidump\092414-28563-01.dmp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-23 13:37 - 2009-07-14 00:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-23 13:37 - 2009-07-14 00:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-23 13:35 - 2009-07-14 01:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI 2014-10-23 13:32 - 2012-05-07 15:30 - 01535931 _____ () C:\windows\WindowsUpdate.log 2014-10-23 13:29 - 2012-05-07 16:42 - 00284559 _____ () C:\windows\system32\fastboot.set 2014-10-23 13:29 - 2012-05-07 16:16 - 00000000 ____D () C:\ProgramData\VeriFace 2014-10-23 13:28 - 2012-05-07 16:36 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-23 13:28 - 2012-05-07 16:16 - 07527175 _____ () C:\FaceProv.log 2014-10-23 13:28 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-10-23 13:28 - 2009-07-14 00:51 - 00068964 _____ () C:\windows\setupact.log 2014-10-23 13:24 - 2012-08-16 13:03 - 482342757 _____ () C:\windows\MEMORY.DMP 2014-10-23 13:24 - 2012-08-16 13:03 - 00000000 ____D () C:\windows\Minidump 2014-10-23 13:16 - 2013-10-10 00:18 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-10-23 12:43 - 2012-05-07 16:36 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-23 11:57 - 2014-05-19 04:48 - 00000000 ____D () C:\Users\dan2012\Downloads\00 pw pics, computer 2014-10-23 11:27 - 2010-11-20 23:47 - 00123854 _____ () C:\windows\PFRO.log 2014-10-23 09:00 - 2013-04-29 15:17 - 00000000 ____D () C:\Users\dan2012\Downloads\001 book research 2014-10-23 08:52 - 2013-11-13 02:31 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-23 07:06 - 2013-07-26 20:50 - 00000000 ____D () C:\Users\dan2012\Documents\0 THE POWERS THAT BE rewrite2013 2014-10-23 00:19 - 2012-06-25 22:20 - 00000000 ____D () C:\Users\dan2012\AppData\Local\Apple Computer 2014-10-22 23:33 - 2013-04-04 09:49 - 00000000 ____D () C:\Users\dan2012\Downloads\0 evocative 2014-10-22 23:28 - 2014-07-03 09:31 - 00000000 ____D () C:\Users\dan2012\Downloads\memes for comments 2014-10-22 22:51 - 2014-04-16 11:16 - 00000000 ____D () C:\Users\dan2012\Documents\correspondence 2014-10-22 22:15 - 2013-03-07 10:40 - 00000000 ____D () C:\Users\dan2012\Documents\0 misc writing projects2013 2014-10-22 21:55 - 2012-11-18 09:43 - 00000000 ____D () C:\Users\dan2012\Documents\2012 11 2014-10-22 18:33 - 2013-04-05 09:42 - 00000000 ____D () C:\Users\dan2012\Downloads\portals -- paths tracks roads bridges tunnels 2014-10-22 16:58 - 2013-04-16 13:02 - 00000000 ____D () C:\Users\dan2012\Downloads\00internet nuggets 2014-10-22 16:01 - 2014-07-02 16:14 - 00000000 ____D () C:\Users\dan2012\Downloads\02 familypics 2014-10-22 15:22 - 2013-04-11 10:09 - 00000000 ____D () C:\Users\dan2012\Downloads\writing 2014-10-20 16:16 - 2014-07-26 21:49 - 00000000 ____D () C:\Users\dan2012\Documents\recipes 2014-10-20 14:12 - 2013-07-17 21:06 - 00000000 ____D () C:\Users\dan2012\Downloads\art 2014-10-20 13:39 - 2013-11-25 16:38 - 00000000 ____D () C:\Users\dan2012\Downloads\009 2014-10-20 06:40 - 2013-11-04 04:23 - 00000000 ____D () C:\Users\dan2012\Downloads\women 2014-10-19 23:25 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF 2014-10-18 22:38 - 2012-05-07 16:36 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-18 22:38 - 2012-05-07 16:36 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-18 17:47 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache 2014-10-18 16:06 - 2012-05-07 16:08 - 00000000 ____D () C:\ProgramData\McAfee 2014-10-15 08:02 - 2014-09-08 14:36 - 00000000 ____D () C:\Users\dan2012\Downloads\light - the play of 2014-10-15 07:58 - 2013-06-18 22:02 - 00000000 ____D () C:\Users\dan2012\Downloads\creature 2014-10-15 03:57 - 2009-07-14 00:45 - 00289592 _____ () C:\windows\system32\FNTCACHE.DAT 2014-10-15 03:54 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism 2014-10-15 03:54 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism 2014-10-15 03:19 - 2013-07-18 09:28 - 00000000 ____D () C:\windows\system32\MRT 2014-10-15 03:02 - 2012-07-03 07:33 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-10-15 01:43 - 2013-12-15 15:02 - 00000000 ____D () C:\Users\dan2012\Downloads\not shopped 2014-10-14 12:21 - 2013-07-07 07:43 - 00000000 ____D () C:\Users\dan2012\Downloads\places-I know a place 2014-10-12 04:11 - 2013-04-05 09:24 - 00000000 ____D () C:\Users\dan2012\Downloads\playing w food 2014-10-11 20:23 - 2013-08-15 03:31 - 00000000 ____D () C:\Users\dan2012\Downloads\man machine 2014-10-11 05:41 - 2013-07-20 18:35 - 00000000 ____D () C:\Users\dan2012\Downloads\science 2014-10-11 05:17 - 2014-07-04 20:37 - 00000000 ____D () C:\Users\dan2012\Downloads\grammar spelling 2014-10-11 03:30 - 2013-10-09 12:41 - 00000000 ____D () C:\Users\dan2012\Downloads\holidays 2014-10-11 03:01 - 2013-04-22 00:03 - 00000000 ____D () C:\Users\dan2012\Downloads\by design 2014-10-10 14:21 - 2013-05-23 00:34 - 00000000 ____D () C:\Users\dan2012\Downloads\001 my books images 2014-10-10 10:30 - 2013-04-05 09:30 - 00000000 ____D () C:\Users\dan2012\Downloads\stairs 2014-10-09 18:27 - 2013-04-05 09:43 - 00000000 ____D () C:\Users\dan2012\Downloads\cats 2014-10-09 17:39 - 2013-08-03 12:52 - 00000000 ____D () C:\Users\dan2012\Downloads\adventure 2014-10-09 16:19 - 2013-12-10 16:20 - 00000000 ____D () C:\Users\dan2012\Downloads\wizzy tech 2014-10-08 01:14 - 2013-07-13 19:00 - 00000000 ____D () C:\Users\dan2012\Downloads\design intelligence 2014-10-04 04:33 - 2013-07-14 15:26 - 00000000 ____D () C:\Users\dan2012\Downloads\home 2014-10-04 03:47 - 2012-06-26 16:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-10-04 01:01 - 2013-06-18 21:49 - 00000000 ____D () C:\Users\dan2012\Downloads\garden 2014-10-03 17:54 - 2014-06-18 13:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-02 15:53 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe 2014-09-30 01:44 - 2013-07-15 14:33 - 00000000 ____D () C:\Users\dan2012\Downloads\breath 2014-09-28 04:00 - 2013-04-01 14:05 - 00000000 ____D () C:\Users\dan2012\Documents\novels 2013 2014-09-27 12:30 - 2013-08-16 12:58 - 00000000 ____D () C:\Users\dan2012\Downloads\ireland 2014-09-26 09:48 - 2013-12-07 02:39 - 00000000 ____D () C:\Users\dan2012\Downloads\architecture 2014-09-23 16:27 - 2013-10-10 00:18 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-09-23 16:27 - 2012-06-26 22:03 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-09-23 16:27 - 2012-06-26 22:03 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl Some content of TEMP: ==================== C:\Users\dan2012\AppData\Local\Temp\UpdateFlashPlayer_24f732e4.exe C:\Users\dan2012\AppData\Local\Temp\UpdateFlashPlayer_46bd34b4.exe C:\Users\dan2012\AppData\Local\Temp\UpdateFlashPlayer_877cc315.exe C:\Users\dan2012\AppData\Local\Temp\UpdateFlashPlayer_fc92586d.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-17 17:45 ==================== End Of Log ============================ [and the Additional] Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-10-2014 Ran by dan2012 at 2014-10-23 13:42:04 Running from C:\Users\dan2012\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Reader 9.5.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.3 - Adobe Systems Incorporated) Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon) AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.60628.2255 - ATI Technologies Inc.) Hidden AMD VISION Engine Control Center (x32 Version: 2011.0628.2340.40663 - ATI) Hidden Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ask Shopping Toolbar (HKLM-x32\...\{4F524A00-6A76-A76A-76A7-A758B70C1200}) (Version: 12.18.0.89 - APN, LLC) <==== ATTENTION Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros) ATI AVIVO64 Codecs (Version: 11.6.0.10628 - ATI Technologies Inc.) Hidden ATI Catalyst Install Manager (HKLM\...\{C5E7EB18-8F3A-2192-7435-7D68CB4907CB}) (Version: 3.0.829.0 - ATI Technologies, Inc.) Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden BioExcess (HKLM-x32\...\InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}) (Version: 7.0.67.0 - Egis Technology Inc.) BioExcess (Version: 7.0.67.0 - Egis Technology Inc.) Hidden BioExcess (x32 Version: 7.0.67.0 - Egis Technology Inc.) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0628.2340.40663 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2011.0628.2340.40663 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2011.0628.2340.40663 - ATI) Hidden Catalyst Control Center Profiles Mobile (x32 Version: 2011.0628.2340.40663 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Czech (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Danish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Dutch (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help English (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Finnish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help French (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help German (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Greek (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Hungarian (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Italian (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Japanese (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Korean (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Norwegian (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Polish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Russian (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Spanish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Swedish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Thai (x32 Version: 2011.0628.2339.40663 - ATI) Hidden CCC Help Turkish (x32 Version: 2011.0628.2339.40663 - ATI) Hidden ccc-utility64 (Version: 2011.0628.2340.40663 - ATI) Hidden Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.50 - Conexant) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.) CyberLink YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden EgisTec ES603 WDM Driver (HKLM-x32\...\InstallShield_{AE4167B0-F589-4D2A-BF05-E181D543C49F}) (Version: 3.0.20.0 - Egis Technology Inc.) Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.1 - Lenovo) Energy Management (x32 Version: 6.0.2.1 - Lenovo) Hidden ES603 WDM Driver (x32 Version: 3.0.20.0 - Egis Technology Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden iExplorer 3.2.5.6 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan) iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.) Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) Java Auto Updater (x32 Version: 2.1.71.14 - Oracle, Inc.) Hidden JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.11.616.1 - Vimicro) Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.7 - Lenovo) Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.2525 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 7.0.0.2525 - CyberLink Corp.) Hidden Lenovo Security Suite (HKLM-x32\...\InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}) (Version: 2.0.13.0 - Lenovo) Lenovo Security Suite (x32 Version: 2.0.13.0 - Lenovo) Hidden Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 11.0.678 - McAfee, Inc.) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.143 - McAfee, Inc.) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden Online Bible 12.31 (HKCU\...\OnlineBible) (Version: - ) Online Bible 12.31 (HKLM-x32\...\OnlineBible) (Version: - ) OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation) Port Locker (HKLM-x32\...\InstallShield_{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}) (Version: 1.0.5.24 - Egis Technology Inc.) Port Locker (Version: 1.0.5.24 - Egis Technology Inc.) Hidden Port Locker (x32 Version: 1.0.5.24 - Egis Technology Inc.) Hidden Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.) PowerXpressHybrid (x32 Version: 1.00.0000 - ATI) Hidden QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek) Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated) TSP_CODEC (HKLM-x32\...\{A90C03D6-08E1-4C59-B93B-6919A6C0AC19}) (Version: 1.00.0000 - Bytescribe) UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo) UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1224 - Lenovo) Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo) Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-953073755-2712446163-3435037875-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? ==================== Restore Points ========================= 01-10-2014 07:00:31 Windows Update 09-10-2014 08:33:58 Scheduled Checkpoint 15-10-2014 07:01:00 Windows Update 23-10-2014 11:56:34 Windows Update 23-10-2014 12:49:15 Installed Java 7 Update 71 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {21440AC3-B55A-488E-B7AE-80EEEAF7B3A0} - System32\Tasks\{E1DB34BD-FFDA-CAD4-CDB0-CBB898F8FADD} => C:\Users\dan2012\AppData\Roaming\mjcsesu.dll/s "C:\Users\dan2012\AppData\Roaming\mjcsesu.dll" <==== ATTENTION Task: {2616B4CE-D6AD-4EC4-BC24-D6C3A9F9C13C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated) Task: {46F1F313-A4F1-422D-9D33-F2466B66349F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.) Task: {77847CD6-86A2-47A3-92CE-81903A5AB749} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-28] (CyberLink) Task: {8276AA39-EDEB-457E-BCED-EF457A4F0463} - System32\Tasks\{4A1E4D61-0F33-2B15-1A97-CE3E941048E5} => C:\Users\dan2012\AppData\Roaming\kggpmve.dll/s "C:\Users\dan2012\AppData\Roaming\kggpmve.dll" <==== ATTENTION Task: {A898D5F8-7F4F-49B8-BF1A-3D8FA6D1A084} - System32\Tasks\Security Center Update - 2090142891 => C:\Users\dan2012\AppData\Roaming\Ahetax\dakus.exe [2014-10-23] () <==== ATTENTION Task: {B4D3CEF8-80C1-4D9B-B8C7-6B379F66A38C} - System32\Tasks\Security Center Update - 296674132 => C:\Users\dan2012\AppData\Roaming\Hyedosg\orhim.exe [2014-07-13] () <==== ATTENTION Task: {E31A7306-9F2A-4948-A894-0D719999D82B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.) Task: {F450D10A-B0A0-41A5-9603-EC773D586CF8} - System32\Tasks\{BA918A07-15AA-C50E-B092-889E8A93FDF8} => C:\Users\dan2012\AppData\Roaming\idkqoc.dll/s "C:\Users\dan2012\AppData\Roaming\idkqoc.dll" <==== ATTENTION Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2009-01-21 12:45 - 2009-01-21 12:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec BioExcess\x64\LIBEAY32.dll 2012-05-07 16:16 - 2012-05-07 16:16 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll 2012-05-07 16:16 - 2012-05-07 16:16 - 00628064 _____ () C:\windows\system32\SimpleExt.dll 2008-12-19 23:20 - 2012-05-07 16:39 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll 2008-12-19 23:20 - 2012-05-07 16:39 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll 2014-10-23 08:32 - 2014-10-23 08:32 - 00306301 _____ () C:\Users\dan2012\AppData\Roaming\Ahetax\dakus.exe 2011-03-14 10:21 - 2011-03-14 10:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2011-06-28 19:38 - 2011-06-28 19:38 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2012-05-07 16:16 - 2012-05-07 16:16 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Bupekiuvfupila => C:\Users\dan2012\AppData\Roaming\Ahetax\dakus.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-953073755-2712446163-3435037875-500 - Administrator - Disabled) dan2012 (S-1-5-21-953073755-2712446163-3435037875-1000 - Administrator - Enabled) => C:\Users\dan2012 Guest (S-1-5-21-953073755-2712446163-3435037875-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-953073755-2712446163-3435037875-1002 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/23/2014 01:30:06 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/23/2014 01:25:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/23/2014 11:29:34 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/23/2014 11:01:18 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/23/2014 10:59:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: ) Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object. Details: Could not query the status of the EventSystem service. System Error: A system shutdown is in progress. . Error: (10/23/2014 09:29:25 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/23/2014 08:41:15 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/23/2014 07:46:23 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/23/2014 07:10:23 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/23/2014 06:11:11 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (10/23/2014 01:29:52 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/23/2014 01:26:38 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (10/23/2014 01:25:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (10/23/2014 01:25:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (10/23/2014 01:25:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (10/23/2014 01:25:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (10/23/2014 01:25:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (10/23/2014 01:25:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (10/23/2014 01:25:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (10/23/2014 01:25:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Microsoft Office Sessions: ========================= Error: (10/23/2014 01:30:06 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/23/2014 01:25:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/23/2014 11:29:34 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/23/2014 11:01:18 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/23/2014 10:59:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: ) Description: Details: Could not query the status of the EventSystem service. System Error: A system shutdown is in progress. Error: (10/23/2014 09:29:25 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/23/2014 08:41:15 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/23/2014 07:46:23 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/23/2014 07:10:23 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/23/2014 06:11:11 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Processor: AMD E-450 APU with Radeon HD Graphics Percentage of memory in use: 28% Total physical RAM: 3686.11 MB Available physical RAM: 2639.21 MB Total Pagefile: 7370.4 MB Available Pagefile: 5585.09 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:254.14 GB) (Free:116.3 GB) NTFS Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.16 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 92133C21) Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=254.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12) ==================== End Of Log ============================
  2. Hi team, thanks in advance for your help! I've been trying to remove this coin-miner, but I have so far not succeeded. Please see the attached txt files from the dds script. I am an IT guy, so don't hesitate to ask me to do some advanced things if needed... attach.txt dds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.