Jump to content

Search the Community

Showing results for tags 'syswow64'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Hi guys, i was running a FIFA download when a file transfer window popped up followed by numerous incessant SysWow64 command prompts. Scanned with Malwarebytes and Kaspersky, both found nothing. Anything to worried about?
  2. Hello, Im new to this forum and I would be extremely grateful if anyone here could give me some advice on how to remove encrypted syswow64, (possibly zero access rootkit), from several usbs that I got that have been infected when they where inserted in windows computers that I got that were attacked by hackers. The hackers installed a system administration server on my network and attacked my computers with some kind of synzcronization worm/virus that synced and even infected offline devices, (that contained Bluetooth and smartcard etc), like Television, digital TV box, dvd, printer and phones. Programs that I detected on my computers that they were using were among others, syswow64, bluetoothshare, various installation hooks, svchost, microsoft synchronization feeds, keyloggers, infrared, remote Control programs, malicious code and code changer programs etc. When I scan the usbs with regular virus Scans like Kaspersky or Norton they all comes out Clean and no names shows up during the scan but when I scan the usbs with microsoft forefront scanner it also comes out as Clean but during the scan all the rootkit names show up though. The names that comes up includes for example syswow64, catroot, system root: nearby devices, hkmmodule installation hook, netframework installation hook, microsoft feeds synchronization, subsystem spooler system, mobilesynch.exe, tablet/pcsynch.exe, rundll.32.exe and many more. I have run the scan on all photos separately that is stored on the usbs and the same rootkit names shows up during the scan on every single photo and also, when I did a test and removed all files from one usb, so that it was empty, all the names still showed up when I scanned it and I could also see that the rootkit, (although I cant see it as it is encrypted), took up 0,8 gb of space on the usb since there was only 7,2 gb left for me to use although the size of the usb is 8 gb so if the usb were really empty there should be 8 gb space left for me to use, not 7.2 gb. What I would like to know is if anyone here knows if theese types of encrypted rootkits is possible to remove at all fro usbs so that I can get my photos, and if so how? Is there any antivirus website where I can upload the photos that can Clean the rootkit completely out of the usb and photos or should I go visit some computer specialist store instead, or is it enough if I just burn the photos over to a dvd and then the rootkit will dissapear byitself, or is there nothing that can be done at all? Anyone that knows the answer to theese questions please feel free to send me messages either in this thread or you can send me private messages to my profile here on this forum aswell if you like. All answers are extremely appreciated
  3. I've been getting Malicious Website outbound message via Malwarebytes. It stops them, but cannot remove the problem. Have updated MB and Norton Internet Security - they acknowledge an issue, but can't resolve it. Any ideas?
  4. Okay so I have been trying to get rid of this NASTY guy with NO luck. This is crazy. I reinstalleed WINDOWS have downloaded several different checkers (AVast, Bitdefender, Malwarebytes). Once I install them they find it and delete them, but then find out later it renamed itself to an identical Windows file and camouflaged itself I guess. What the hell do I do? Now it looks like my other laptop could have something too....could this booger have 'jumped' to my other laptop? PLEASE HELP!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! derek
  5. So yesterday as i played with my gamepad both my keyboard and gamepad started to press buttons randomly so i started to search for something suspicious in my task manager and found 2 dllhost.exe processes, one was located at C:/Windows/system32 and one at C:/Windows/SySWOW64....now after some research i found out the SySWOW64 one seems to be a trojan but after asking for help and scanning with recommended software at malwaretips.com they said my pc seems clean but i highly doubt it... Heres some logs i got from scanning with FRST: Addition.txt FRST.txt
  6. Dear all, I read in other posts that other people are also having this problem. I went on and downloaded all recommended software, did all the scans and now you can find the logs attached. I ran a scan today with MB (database v2014.12.08.01) but it didn't find anything, and somehow I can't find the scan log inside the program. I also have HitmanPro, and it detected the file and quarantined it once, but it keeps popping up as malicious website blocked on MB. Attached the logs. Thank you for your time and help! Addition.txt AdwCleanerR0.txt FRST.txt HitmanPro.txt MB Daily Protection.txt TDSSKiller.txt
  7. I have been getting constant Malwarebytes Anti-Malware pop-ups for last 12 hours about "Process: C:\WINDOWS\SysWOW64\dllhost.exe" I have tried to run scan from Malwarebytes, but it is not identifying any problems.
  8. My computer is showing signs of infection, again. Saturday evening, the Malwarebytes warning screen started popping up, repeatedly. It stopped popping up, yet the computer has slowed down and is not functioning properly. I've run Malwarebytes Anti-Malware and AVG, and neither indicated a problem. FRST reports: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-12-2014 01 Ran by Teresa (administrator) on TERESA-THINK on 22-12-2014 15:59:25 Running from C:\Users\Teresa\Desktop Loaded Profile: Teresa (Available profiles: Teresa & Guest) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452968 2012-03-13] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916112 2012-04-08] (Synaptics Incorporated) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [382528 2012-02-25] (Lenovo.) HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [290160 2012-06-01] (Lenovo Group Limited) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-25] (CANON INC.) HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-10-22] (Lenovo) HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.) HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-19] (Intel Corporation) HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation) HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo) HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation) HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.) HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1213848 2010-09-14] (CANON INC.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1957507031-1107721793-927113581-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries) HKU\S-1-5-21-1957507031-1107721793-927113581-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-1957507031-1107721793-927113581-1000\...\RunOnce: [Adobe Speed Launcher] => 1419279520 HKU\S-1-5-21-1957507031-1107721793-927113581-1000\...\MountPoints2: {284741f8-fca8-11e2-9901-3c970e3d78f5} - D:\MotorolaDeviceManagerSetup.exe -a HKU\S-1-5-21-1957507031-1107721793-927113581-1000\...\MountPoints2: {6730c835-4b83-11e3-9082-60672042db68} - E:\VMC_PBStarter.exe HKU\S-1-5-21-1957507031-1107721793-927113581-1000\...\MountPoints2: {fb97e8c6-1295-11e2-95be-806e6f6e6963} - Q:\LenovoQDrive.exe HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries) Lsa: [Notification Packages] scecli ACGina Startup: C:\Users\Teresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Teresa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Teresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1957507031-1107721793-927113581-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theguardian.com/uk HKU\S-1-5-21-1957507031-1107721793-927113581-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {F20972D8-62DB-472C-BC3C-B70C6B252138} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1957507031-1107721793-927113581-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS537 SearchScopes: HKU\S-1-5-21-1957507031-1107721793-927113581-1000 -> {F20972D8-62DB-472C-BC3C-B70C6B252138} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3286042&CUI=UN29368714301189483&UM=2 BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKU\S-1-5-21-1957507031-1107721793-927113581-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1957507031-1107721793-927113581-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Teresa\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2012-10-10] FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client Chrome: ======= CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll No File CHR Plugin: (Norton Confidential) - C:\Users\Teresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll No File CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File CHR Profile: C:\Users\Teresa\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Teresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-16] CHR Extension: (Skype Click to Call) - C:\Users\Teresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-21] CHR Extension: (Google Wallet) - C:\Users\Teresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432592 2014-11-04] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.) R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-15] (Lenovo.) R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo) R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation) R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [179568 2012-06-01] (Lenovo Group Limited) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [121144 2013-03-25] (Motorola Mobility LLC) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] () R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed] S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] () R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed] R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [209720 2014-11-04] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-10-17] (AVG Technologies CZ, s.r.o.) S3 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows ® Win 7 DDK provider) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-22] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.) R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility) S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-22 15:59 - 2014-12-22 15:59 - 00027893 _____ () C:\Users\Teresa\Desktop\FRST.txt 2014-12-22 15:59 - 2014-12-22 15:59 - 00000000 ____D () C:\Users\Teresa\Desktop\FRST-OlderVersion 2014-12-19 18:03 - 2014-12-22 15:28 - 00003032 _____ () C:\Windows\setupact.log 2014-12-17 09:58 - 2014-12-17 09:58 - 00000000 ___RD () C:\Users\Teresa\AppData\Roaming\Brother 2014-12-12 16:21 - 2014-12-12 16:22 - 00039943 _____ () C:\Users\Teresa\Downloads\Addition.txt 2014-12-12 16:20 - 2014-12-22 15:59 - 02122240 _____ (Farbar) C:\Users\Teresa\Desktop\FRST64.exe 2014-12-12 16:20 - 2014-12-22 15:59 - 00000000 ____D () C:\FRST 2014-12-12 16:20 - 2014-12-12 16:22 - 00089692 _____ () C:\Users\Teresa\Downloads\FRST.txt 2014-12-12 12:24 - 2014-12-13 08:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-12-12 12:24 - 2014-12-12 12:24 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Teresa\Downloads\mbar-1.08.2.1001 (5).exe 2014-12-12 12:19 - 2014-12-12 12:19 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Teresa\Downloads\mbar-1.08.2.1001 (4).exe 2014-12-12 11:17 - 2014-12-12 11:17 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Teresa\Downloads\mbar-1.08.2.1001 (3).exe 2014-12-11 15:04 - 2014-12-11 15:04 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Teresa\Downloads\mbar-1.08.2.1001 (2).exe 2014-12-11 14:47 - 2014-12-11 14:47 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Teresa\Downloads\mbar-1.08.2.1001 (1).exe 2014-12-11 14:40 - 2014-12-12 12:56 - 00000000 ____D () C:\Users\Teresa\Desktop\mbar 2014-12-11 14:39 - 2014-12-11 14:39 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Teresa\Downloads\mbar-1.08.2.1001.exe 2014-12-11 11:45 - 2014-12-11 11:45 - 00007609 _____ () C:\Users\Teresa\AppData\Local\Resmon.ResmonCfg 2014-12-10 22:01 - 2014-12-10 22:01 - 00000000 __SHD () C:\Users\Teresa\AppData\Local\EmieBrowserModeList 2014-12-10 21:52 - 2014-12-10 21:52 - 00000000 ____D () C:\Windows\system32\appraiser 2014-12-10 21:26 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-12-10 21:26 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-12-10 21:26 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-12-10 21:26 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-12-10 21:26 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-12-10 21:26 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-12-10 21:26 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-12-10 21:26 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2014-12-10 21:26 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2014-12-10 21:26 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2014-12-10 21:19 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-10 21:19 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-10 21:19 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-10 21:19 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-10 21:19 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-10 21:19 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-10 21:19 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-10 21:19 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-10 21:19 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-10 21:19 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-10 21:19 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-10 21:19 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-10 21:19 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-10 21:19 - 2014-11-21 21:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-10 21:19 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-10 21:19 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-10 21:19 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-10 21:19 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-10 21:19 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-10 21:19 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-10 21:19 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-12-10 21:19 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-10 21:19 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-10 21:19 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-10 21:19 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-10 21:19 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-12-10 21:19 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-12-10 21:19 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-10 21:19 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-10 21:19 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-10 21:19 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-12-10 21:19 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-12-10 21:19 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-12-10 21:19 - 2014-11-21 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-10 21:19 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-12-10 21:19 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-10 21:19 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-10 21:19 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-10 21:19 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-10 21:19 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-12-10 21:19 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-10 21:19 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-10 21:19 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-12-10 21:19 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-10 21:19 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-10 21:19 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-10 21:19 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-10 21:19 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-10 21:19 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-10 21:19 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-12-10 21:19 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-10 21:19 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-10 21:19 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-10 21:19 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-10 21:19 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-10 21:19 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-10 21:05 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-12-10 21:05 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-12-10 21:05 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-12-10 21:05 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-12-10 21:05 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-12-10 21:05 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-12-10 21:05 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-12-10 21:05 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-12-10 21:04 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2014-12-10 21:04 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2014-12-10 21:04 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-12-10 21:04 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2014-12-10 21:04 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-12-10 21:04 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2014-12-10 21:04 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-12-10 21:04 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2014-12-10 21:04 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-12-10 21:04 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-12-10 21:04 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2014-12-10 21:04 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-12-10 21:04 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2014-12-10 21:04 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2014-12-10 21:04 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-12-10 21:04 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2014-12-10 21:04 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-12-10 21:04 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2014-12-10 21:04 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2014-12-10 21:04 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-12-10 21:04 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-12-10 21:04 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-12-10 21:04 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-12-10 21:04 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-12-10 21:04 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-12-10 21:04 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-12-10 21:04 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-12-10 21:04 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-12-10 21:04 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-12-10 21:04 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-12-10 21:04 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-12-10 21:04 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-12-10 21:04 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-12-10 21:04 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-12-10 21:04 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-12-10 21:03 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-10 21:03 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-10 21:03 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-12-10 21:03 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-12-10 21:03 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-12-10 21:03 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-12-10 21:03 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-12-10 21:02 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2014-12-10 21:02 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2014-12-10 21:02 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-12-10 21:02 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-12-10 21:02 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-12-10 21:02 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-12-10 21:02 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-12-10 21:02 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-12-10 21:02 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-12-10 21:02 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-12-10 21:02 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-12-10 21:02 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-12-10 21:02 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-12-10 21:02 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-12-10 21:02 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-12-10 21:02 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-12-10 21:01 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2014-12-10 21:01 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-12-10 21:01 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-12-10 21:01 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-12-10 21:01 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-12-02 17:35 - 2014-12-02 17:35 - 00000000 ____D () C:\Users\Teresa\AppData\Local\{9BAD0070-2CF0-4A1F-A5BB-87CF06753A2F} 2014-12-02 07:37 - 2014-12-02 07:43 - 00000000 ____D () C:\Users\Teresa\Desktop\WFM 2014-12-02 07:34 - 2014-12-02 07:42 - 00000000 ____D () C:\Users\Teresa\Desktop\Stores 2014-11-30 19:48 - 2014-12-19 17:58 - 00000000 ____D () C:\Users\Teresa\Desktop\Surya Brasil 2014-11-30 19:47 - 2014-11-30 19:48 - 00000000 ____D () C:\Users\Teresa\Desktop\ILHWA Ginseng ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-22 15:58 - 2014-04-12 21:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-22 15:55 - 2014-02-11 09:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-22 15:48 - 2012-10-10 00:12 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-22 15:33 - 2014-02-21 11:59 - 00000568 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1957507031-1107721793-927113581-1000.job 2014-12-22 15:25 - 2009-07-13 23:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-22 15:25 - 2009-07-13 23:45 - 00034432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-22 15:24 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-22 15:23 - 2013-06-18 09:59 - 00000000 ____D () C:\ProgramData\MFAData 2014-12-22 15:21 - 2012-10-09 23:54 - 01441264 _____ () C:\Windows\WindowsUpdate.log 2014-12-22 15:20 - 2013-05-24 21:30 - 00000000 ____D () C:\Users\Teresa\AppData\Roaming\Skype 2014-12-22 15:19 - 2013-05-28 17:44 - 00000000 ___RD () C:\Users\Teresa\Dropbox 2014-12-22 15:19 - 2013-05-28 17:42 - 00000000 ____D () C:\Users\Teresa\AppData\Roaming\Dropbox 2014-12-22 15:18 - 2013-08-03 22:25 - 00000000 ____D () C:\Temp 2014-12-22 15:18 - 2012-10-10 00:12 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-22 15:17 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-21 10:16 - 2014-02-21 11:59 - 00003604 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1957507031-1107721793-927113581-1000 2014-12-21 09:04 - 2013-06-27 07:33 - 00000000 ____D () C:\Users\Teresa\AppData\Local\CrashDumps 2014-12-20 22:26 - 2014-09-20 19:18 - 00000000 ____D () C:\Users\Teresa\AppData\Roaming\LSC 2014-12-20 10:13 - 2012-10-10 00:20 - 00000000 ____D () C:\Windows\System32\Tasks\TVT 2014-12-19 17:58 - 2014-06-02 10:41 - 00000000 ____D () C:\Users\Teresa\Desktop\Personal 2014-12-19 17:58 - 2014-06-02 06:47 - 00000000 ____D () C:\Users\Teresa\Desktop\Herb Pharm 2014-12-19 17:58 - 2014-04-03 11:09 - 00000000 ____D () C:\Users\Teresa\Desktop\Nordic Naturals 2014-12-19 17:57 - 2014-06-02 06:58 - 00000000 ____D () C:\Users\Teresa\Desktop\Himalaya 2014-12-19 17:57 - 2014-06-02 06:45 - 00000000 ____D () C:\Users\Teresa\Desktop\Bluebonnet 2014-12-19 09:33 - 2013-12-01 21:22 - 00000000 ____D () C:\Windows\Minidump 2014-12-18 19:24 - 2013-05-24 21:30 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-12-18 19:24 - 2013-05-24 21:30 - 00000000 ____D () C:\ProgramData\Skype 2014-12-17 09:58 - 2014-01-07 12:00 - 00000426 _____ () C:\Windows\BRWMARK.INI 2014-12-17 09:52 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache 2014-12-16 19:11 - 2013-05-27 09:59 - 00000000 ____D () C:\Users\Teresa\AppData\Local\Adobe 2014-12-16 19:10 - 2014-02-11 09:16 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-16 19:10 - 2013-05-30 08:09 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-16 19:10 - 2013-05-30 08:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-13 08:16 - 2013-05-28 17:44 - 00001036 _____ () C:\Users\Teresa\Desktop\Dropbox.lnk 2014-12-13 08:16 - 2013-05-28 17:43 - 00000000 ____D () C:\Users\Teresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-12-12 12:24 - 2014-04-12 21:18 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-11 09:40 - 2012-10-10 00:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2014-12-10 21:54 - 2009-07-13 23:45 - 00348168 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-12-10 21:52 - 2014-07-27 11:19 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-12-10 21:52 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-10 21:52 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat 2014-12-10 21:41 - 2013-09-13 22:14 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-04 22:02 - 2014-04-12 21:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-12-04 22:02 - 2014-04-12 21:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-12-04 22:02 - 2013-06-13 14:09 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-12-02 17:35 - 2014-07-01 16:14 - 00000000 ____D () C:\Users\Teresa\AppData\Local\Windows Live 2014-12-01 16:53 - 2014-08-08 09:39 - 00000000 ____D () C:\Users\Teresa\Desktop\BMC 2014-11-27 16:40 - 2013-06-01 08:51 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-24 22:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\LiveKernelReports 2014-11-24 12:04 - 2013-06-03 07:14 - 00000000 ____D () C:\Users\Teresa\Documents\BMC 2014-11-22 13:22 - 2013-05-28 08:36 - 00000000 ____D () C:\Program Files\Microsoft Office 15 Some content of TEMP: ==================== C:\Users\Teresa\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprvdwgv.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-17 09:45 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-12-2014 01 Ran by Teresa at 2014-12-22 16:00:04 Running from C:\Users\Teresa\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG Internet Security 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG Internet Security 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} FW: AVG Internet Security 2013 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated) Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3495 - AVG Technologies) AVG 2013 (Version: 13.0.3495 - AVG Technologies) Hidden AVG 2013 (Version: 13.0.4253 - AVG Technologies) Hidden BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.) BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - ) Canon MP Navigator EX 4.1 (HKLM-x32\...\MP Navigator EX 4.1) (Version: - ) Canon MX420 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX420_series) (Version: - ) Canon MX420 series User Registration (HKLM-x32\...\Canon MX420 series User Registration) (Version: - ) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - ) Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: - ) Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix) Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation) Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation) Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.385 - Corel Inc.) Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - ) Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc) Dropbox (HKU\S-1-5-21-1957507031-1107721793-927113581-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.) Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.) Garmin Communicator Plugin (HKLM-x32\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries) Garmin Communicator Plugin x64 (HKLM\...\{AFA301E1-B410-4F1B-B1C0-2E92FDCD94AD}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) GoToMeeting 7.0.5.2130 (HKU\S-1-5-21-1957507031-1107721793-927113581-1000\...\GoToMeeting) (Version: 7.0.5.2130 - CitrixOnline) H&R Block North Carolina 2013 (HKLM-x32\...\{C4C6B98D-F022-46B1-8932-63F76A6B7817}) (Version: 1.13.4001 - HRB Technology, LLC.) H&R Block Premium + Efile + State 2013 (HKLM-x32\...\{7304A91F-F4AF-41B3-85B6-C5923EDBF899}) (Version: 13.07.6502 - HRB Technology, LLC.) Integrated Camera Driver Installer Package Ver.1.2.1.16 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.16 - RICOH) Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation) Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2696 - Intel Corporation) Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation) Intel® WiDi (HKLM\...\{728985C5-A04B-457C-9D62-15360F3EAF85}) (Version: 3.1.29.0 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (HKLM\...\{E97F409F-9E1C-42A0-B72D-765A78DF3696}) (Version: 15.01.0000.0830 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - ) Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited) Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden Lenovo Patch Utility 64 bit (HKLM\...\{0369F866-2CE0-4EB9-B426-88FA122C6E82}) (Version: 1.3.0.9 - Lenovo Group Limited) Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.04 - ) Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.) Lenovo SimpleTap (HKLM\...\{BF601122-9F0A-41A9-BA06-3158D9FB4B80}) (Version: 3.2.0004.00 - Lenovo Group Limited) Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited) Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0016 - Lenovo) Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited) Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo) Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0020.00 - Lenovo Group Limited) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited) Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-1957507031-1107721793-927113581-1000\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.3.9 - Motorola Mobility) Motorola Device Software Update (x32 Version: 13.02.1402 - Motorola Mobility) Hidden Motorola Mobile Drivers Installation 6.0.0 (Version: 6.0.0 - Motorola Inc.) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Nalpeiron License Management (x32 Version: 6.3.9.1 - Nalpeiron) Hidden Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.42.20 - ) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.32 - ) RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 1.00.0802 - Lenovo) RapidBoot Shield (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.23 - Lenovo) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6591 - Realtek Semiconductor Corp.) Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - ) RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.) ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.1.1.0 - ) ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.11 - Lenovo) ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.76 - Lenovo) ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.34.0 - Lenovo) VIP Access (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.5.13 - VeriSign) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) Vodafone Mobile Connect Lite Runtime Components (HKLM-x32\...\{CFA76A76-03CF-43AC-AAB4-E2E3DACE4E02}) (Version: 2.2.2.1 - Vodafone) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Driver Package - Intel (e1cexpress) Net (01/11/2012 11.15.16.0) (HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0 - Intel) Windows Driver Package - Intel System (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel) Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel) Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel) Windows Driver Package - Intel USB (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel) Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Driver Package - Synaptics (SynTP) Mouse (04/06/2012 16.1.1.0) (HKLM\...\64B3C27E4CF7B6AD920184EFFF6C488C55EF2892) (Version: 04/06/2012 16.1.1.0 - Synaptics) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1957507031-1107721793-927113581-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Teresa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1957507031-1107721793-927113581-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Teresa\AppData\Local\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1957507031-1107721793-927113581-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Teresa\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1957507031-1107721793-927113581-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Teresa\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1957507031-1107721793-927113581-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Teresa\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1957507031-1107721793-927113581-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Teresa\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1957507031-1107721793-927113581-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Teresa\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\FileSyncApi64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1957507031-1107721793-927113581-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Teresa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1957507031-1107721793-927113581-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Teresa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1957507031-1107721793-927113581-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Teresa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1957507031-1107721793-927113581-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Teresa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1957507031-1107721793-927113581-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Teresa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1957507031-1107721793-927113581-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Teresa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1957507031-1107721793-927113581-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Teresa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1957507031-1107721793-927113581-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Teresa\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 30-11-2014 11:42:22 Scheduled Checkpoint 07-12-2014 18:41:09 Scheduled Checkpoint 10-12-2014 21:20:31 Windows Update 12-12-2014 12:55:47 Malwarebytes Anti-Rootkit Restore Point 14-12-2014 08:50:26 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {01EFC7F8-6B5E-4FE8-BF9A-BBC7020B3EEB} - System32\Tasks\{F8ABE6C5-08AB-4091-AC44-4DBCCE208E10} => Chrome.exe http://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsBing Task: {04E5EC21-7D91-49B3-B9FF-A996A9609CB2} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo) Task: {05CCF93F-2773-4BE9-94CE-10B7CFA82FD9} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo) Task: {0FD1A9BB-3C62-4F65-BAEE-4CD02733CEC8} - System32\Tasks\G2MUpdateTask-S-1-5-21-1957507031-1107721793-927113581-1000 => C:\Users\Teresa\AppData\Local\Citrix\GoToMeeting\2130\g2mupdate.exe [2014-12-21] (Citrix Online, a division of Citrix Systems, Inc.) Task: {1E8790EF-A3BA-43FF-8E42-D2F2422FC94F} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] () Task: {299F1A80-CEF6-4B0E-AA8E-26DFBD9DAE8F} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-06-18] () Task: {448E0D76-3C02-4647-BA2F-935C28A5A3D2} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] () Task: {4E5A9823-5064-4F39-BCBC-F1788AB1075F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation) Task: {52C1AA57-0C4F-4551-937E-C340A55F3C98} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] () Task: {5CA5320E-FA7A-4522-81E8-8050C2CA72C3} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-09-25] (Lenovo) Task: {5F256AB5-CA2E-4673-8021-1C601E5AB688} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.) Task: {6D7CFF29-1E18-439B-9263-837E8B3C9572} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo) Task: {76C83814-BE7F-44D3-956F-7B12D240BACA} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] () Task: {828E6D2B-8C9E-4DAC-AF70-5F402AB0347A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {87853799-B8AF-49CA-AE62-21AE25A34940} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-16] (Adobe Systems Incorporated) Task: {8B48B14E-4895-4C24-86CA-1F22B0938C15} - System32\Tasks\{4BAED2AD-18D4-4644-B172-E1976116EB01} => C:\Program Files (x86)\Google\Picasa3\Picasa3.exe [2014-01-06] (Google Inc.) Task: {A95CC089-3D22-47A6-9445-84A66FC009A7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.) Task: {AFAFFE98-8425-4DC6-A1A5-7A4E7E784C8B} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo) Task: {B1E0A303-8C73-4D95-BF24-A049C653C4BC} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] () Task: {C716C941-D941-4761-82D6-87FD6B6C57B7} - System32\Tasks\Lenovo\SimpleTap\Start SimpleTap for Teresa-THINK.Teresa => C:\Program Files\Lenovo\SimpleTap\SimpleTap.exe [2012-05-15] (Lenovo) Task: {CE3C871D-ABBD-4FA0-AA79-1EDFE5BD2968} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] () Task: {DE91DCFA-052D-405F-B118-BF6BD17635CF} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] () Task: {F23ABDCE-F52E-4435-A70A-01B633CE0BC2} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2012-05-15] (Lenovo Group Limited) Task: {FFC9539E-3E96-48E9-841D-36AFD8E83302} - System32\Tasks\{49B1B8F0-DA27-45FD-8790-E78563000394} => C:\Program Files (x86)\Google\Picasa3\Picasa3.exe [2014-01-06] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1957507031-1107721793-927113581-1000.job => C:\Users\Teresa\AppData\Local\Citrix\GoToMeeting\2130\g2mupdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-03-18 19:36 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-11-22 13:21 - 2014-09-23 08:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2012-10-10 00:03 - 2012-05-15 16:32 - 00093696 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL 2012-10-10 00:00 - 2012-03-19 01:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2012-10-10 00:00 - 2010-10-25 23:40 - 00049056 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe 2012-10-10 00:09 - 2012-01-17 01:29 - 00030512 ____N () C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll 2012-10-10 00:04 - 2011-08-02 06:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll 2012-10-10 00:04 - 2011-08-02 06:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll 2013-03-25 14:44 - 2013-03-25 14:44 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll 2013-10-22 16:19 - 2013-10-22 16:19 - 00092456 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll 2012-10-10 00:13 - 2012-07-12 07:59 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll 2012-10-10 00:13 - 2012-07-12 07:59 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll 2012-10-10 00:13 - 2012-07-12 07:59 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll 2012-10-10 00:13 - 2012-07-12 07:59 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll 2012-10-10 00:13 - 2012-07-12 07:59 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll 2012-10-10 00:13 - 2012-07-12 07:59 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll 2012-10-10 00:13 - 2012-07-12 07:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll 2012-10-10 00:13 - 2012-07-12 07:59 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll 2012-10-10 00:13 - 2012-07-12 07:59 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll 2012-10-10 00:13 - 2012-07-12 07:59 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll 2012-10-10 00:13 - 2012-07-12 07:59 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll 2012-10-10 00:13 - 2012-07-12 07:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll 2014-11-22 13:02 - 2014-11-22 13:02 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2012-10-09 23:59 - 2012-02-20 22:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Windows:nlsPreferences ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1957507031-1107721793-927113581-500 - Administrator - Disabled) Guest (S-1-5-21-1957507031-1107721793-927113581-501 - Limited - Enabled) => C:\Users\Guest HomeGroupUser$ (S-1-5-21-1957507031-1107721793-927113581-1002 - Limited - Enabled) Teresa (S-1-5-21-1957507031-1107721793-927113581-1000 - Administrator - Enabled) => C:\Users\Teresa ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/22/2014 03:18:24 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/22/2014 09:37:51 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4244 Error: (12/22/2014 09:37:51 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4244 Error: (12/22/2014 09:37:51 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/22/2014 09:37:50 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3198 Error: (12/22/2014 09:37:50 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3198 Error: (12/22/2014 09:37:50 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/22/2014 09:37:49 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2153 Error: (12/22/2014 09:37:49 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2153 Error: (12/22/2014 09:37:49 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (12/22/2014 03:17:23 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 9:58:31 AM on ‎12/‎22/‎2014 was unexpected. Error: (12/22/2014 08:58:33 AM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error: (12/21/2014 08:42:48 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 6:14:50 PM on ‎12/‎21/‎2014 was unexpected. Error: (12/21/2014 11:26:28 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated with the following error: %%-2147196306 Error: (12/21/2014 11:25:28 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 11:14:15 AM on ‎12/‎21/‎2014 was unexpected. Error: (12/21/2014 09:03:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly. It has done this 1 time(s). Error: (12/21/2014 09:01:20 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 11:35:27 PM on ‎12/‎20/‎2014 was unexpected. Error: (12/20/2014 10:50:31 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (12/20/2014 10:50:30 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (12/19/2014 04:20:34 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service. Microsoft Office Sessions: ========================= Error: (12/22/2014 03:18:24 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/22/2014 09:37:51 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4244 Error: (12/22/2014 09:37:51 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4244 Error: (12/22/2014 09:37:51 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/22/2014 09:37:50 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3198 Error: (12/22/2014 09:37:50 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3198 Error: (12/22/2014 09:37:50 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/22/2014 09:37:49 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2153 Error: (12/22/2014 09:37:49 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2153 Error: (12/22/2014 09:37:49 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second CodeIntegrity Errors: =================================== Date: 2014-12-22 15:19:51.144 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-22 15:19:51.008 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-22 09:02:27.074 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-22 09:02:26.964 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-21 20:45:23.019 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-21 20:45:22.927 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-21 11:27:47.899 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-21 11:27:47.820 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-21 09:03:34.033 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2014-12-21 09:03:33.906 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i5-3320M CPU @ 2.60GHz Percentage of memory in use: 41% Total physical RAM: 7888.79 MB Available physical RAM: 4577.31 MB Total Pagefile: 15775.77 MB Available Pagefile: 12008.07 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (Windows7_OS) (Fixed) (Total:282.95 GB) (Free:194.86 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive q: (Lenovo_Recovery) (Fixed) (Total:13.67 GB) (Free:2.99 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298.1 GB) (Disk ID: 03BD1F5A) Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=283 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  9. Dear all, I read in other posts that other people are also having this problem. I went on and downloaded all recommended software, did all the scans and now you can find the logs attached. I ran a scan today with MB (database v2014.12.08.01) but it didn't find anything, and somehow I can't find the scan log inside the program. Thank you for your time and help! Addition.txt AdwCleanerR0.txt FRST.txt MB Daily Protection.txt TDSSKiller.txt
  10. Hello TwinHeadedEagle or other experts kind enough to help. After reading some other posts, downloading the needed programs I am ready (and grateful) for any support you are willing to offer. A couple of highlights: * I often struggle with laptop issues * I could not download the requested programs and had to download from another computer then place in a folder on the infected computer (I did this in safe mode) Thank you in advanced, Spinn
  11. I keep getting notifications of a malicious website blocked. Domain: e9967a.com IP 31.184.192.92 Port: 62338 Outbound Process: C:\Widoes\SysWOW64\dllhost.exe sometimes the IP changes and sometimes the domain doesn't show up. I get the notification several times per minute. I've run scans on both Avast and Malwarebytes several times even with the rootkit scan but nothing comes up. What should I do?
  12. I have recently ran a Malware scan and I am continuously receiving a notification that a website is being blocked. I have also read some of the other threads regarding the sysWOW64. all help is appreciated.
  13. Have had issues with high CPU and memory usage, multiple dllhost.exe files, and in general some weird stuff. Installed and ran Malwarebytes Anti-Malware, continue to get "Malicious Website Blocked", different domain names, different IP, different ports, always "Outbound", and process is always C:\Windows\SysWOW64\dllhost.exe Ran FRST and attached FRST.txt and Addition.txt. Also attached FixLog.txt Ran Malwarebytes Anti-Malware, and attached scan log entitled ScanLog.txt. Ran AdwCleaner, and attached log entitled AdwCleaner[s0].txt Still getting "Malicious Website Blocked" notices every few seconds. Could use some help continuing to troubleshoot and ensure nothing else is hanging onto my computer. Thanks. FRST.txt Addition.txt ScanLog.txt Fixlog.txt AdwCleanerS0.txt
  14. Hello, my name is Dax. Feel free to refer to me by my user name or my real name or any nicknames you coin for me. Recently my computer has been running very slowly so I took a look at task manager to see what was slowing it down. What I first saw was three or four files named "dllhost.exe *32" with a description of "com surrogate". I got suspicious of it and looked around for information on the internet. From what I read, it seems I have a virus. Looking into a lot of the high running files, one of which being the dllhost.exe *32, I noticed they all fell into one file location: C:\Windows\SysWOW64. When I ran scans from malwarebytes and Avira they reported that nothing was wrong, meanwhile windows defender always says it runs into an error before it can finish scanning. Can anyone help me delete this virus? I'm not very computer savvy so I may get confused easy and be slow in executing your advice. Tell me if you need any more information!
  15. I have been reading the other posts about computers being slowed to a stop by malware in SysWOW64 and I need similar assistance now. Is the name SYSwow64 or SVSwow64? My computer Win7 64bit started slowing two days ago. CPU was being hijacked by processes that just kept taking more memory. Webroot gave no warnings and a very slow Webroot scan found nothing. Ran Norton Power Eraser scan that found nothing. A friend suggested Malwarebytes. First time it ran, it blocked many SysWOW64 malicious websites and quarantined some objects. System was running better until restarted this morning. Now malware is back with a vengence. Cursor is a spinning circle. Powershell failed. Error messages about scripts not running. So I ran MBAM again and it found nothing. I do not know how to get a text version of the items listed in quarantine. Pasted below are MBAM scan logs from yesterday 12/14/14 and today 12/15/14. Any help greatly appreciated. Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 12/14/2014Scan Time: 2:59:22 PMLogfile: MBAM.txtAdministrator: Yes Version: 2.00.4.1028Malware Database: v2014.12.14.06Rootkit Database: v2014.12.08.03License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Harris Family Scan Type: Threat ScanResult: CompletedObjects Scanned: 386627Time Elapsed: 9 min, 20 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 140PUP.Optional.MindSpark, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CouponXplorer_5zService, Quarantined, [823c90d298e41c1a8ab8dee332cffe02], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0297a026-3011-46d3-ad62-bb9a7612aea7}, Quarantined, [f1cdce9485f746f090dd6f9caa5911ef], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{65c72339-fb1d-4155-84e1-9afacee02d6f}, Quarantined, [f1cdce9485f746f090dd6f9caa5911ef], PUP.Optional.MindSpark.A, HKU\S-1-5-21-2251239879-3952495651-2316126211-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{65C72339-FB1D-4155-84E1-9AFACEE02D6F}, Quarantined, [f1cdce9485f746f090dd6f9caa5911ef], PUP.Optional.MindSpark.A, HKU\S-1-5-21-2251239879-3952495651-2316126211-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{65C72339-FB1D-4155-84E1-9AFACEE02D6F}, Quarantined, [f1cdce9485f746f090dd6f9caa5911ef], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{cf91f897-175f-43e3-8369-bd3ba14eee7b}, Quarantined, [f1cdce9485f746f090dd6f9caa5911ef], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{4132189a-73c7-4d3e-a8c2-82ef57842dac}, Quarantined, [f1cdce9485f746f090dd6f9caa5911ef], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{004F2608-3092-40C2-B880-1FD74DDA6B9A}, Quarantined, [f1cdce9485f746f090dd6f9caa5911ef], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1B4CF49B-8B69-4A90-8B51-D2088E1EC1BA}, Quarantined, [f1cdce9485f746f090dd6f9caa5911ef], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{85F06DCB-A179-4732-8BB6-DA65B0243C8A}, Quarantined, [f1cdce9485f746f090dd6f9caa5911ef], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{BCDBD520-9E35-4093-A71F-8033FF14DDEA}, Quarantined, [f1cdce9485f746f090dd6f9caa5911ef], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D0584866-E0CD-41C8-93EC-5CD3E02E0F9D}, Quarantined, [f1cdce9485f746f090dd6f9caa5911ef], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D9581ECE-B29B-45E1-8EB7-F64EEA35D087}, Quarantined, [f1cdce9485f746f090dd6f9caa5911ef], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{004F2608-3092-40C2-B880-1FD74DDA6B9A}, Quarantined, [f1cdce9485f746f090dd6f9caa5911ef], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1B4CF49B-8B69-4A90-8B51-D2088E1EC1BA}, Quarantined, [f1cdce9485f746f090dd6f9caa5911ef], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{85F06DCB-A179-4732-8BB6-DA65B0243C8A}, Quarantined, [f1cdce9485f746f090dd6f9caa5911ef], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BCDBD520-9E35-4093-A71F-8033FF14DDEA}, Quarantined, [f1cdce9485f746f090dd6f9caa5911ef], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D0584866-E0CD-41C8-93EC-5CD3E02E0F9D}, Quarantined, [f1cdce9485f746f090dd6f9caa5911ef], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D9581ECE-B29B-45E1-8EB7-F64EEA35D087}, Quarantined, [f1cdce9485f746f090dd6f9caa5911ef], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{4132189a-73c7-4d3e-a8c2-82ef57842dac}, Quarantined, [f1cdce9485f746f090dd6f9caa5911ef], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\CouponXplorer_5z.SettingsPlugin.1, Quarantined, [f1cdce9485f746f090dd6f9caa5911ef], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\CouponXplorer_5z.SettingsPlugin, Quarantined, [f1cdce9485f746f090dd6f9caa5911ef], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CouponXplorer_5z.SettingsPlugin, Quarantined, [f1cdce9485f746f090dd6f9caa5911ef], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CouponXplorer_5z.SettingsPlugin.1, Quarantined, [f1cdce9485f746f090dd6f9caa5911ef], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{CF91F897-175F-43E3-8369-BD3BA14EEE7B}, Quarantined, [f1cdce9485f746f090dd6f9caa5911ef], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CouponXplorer_5zbar Uninstall Internet Explorer, Quarantined, [f1cdce9485f746f090dd6f9caa5911ef], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{0297A026-3011-46D3-AD62-BB9A7612AEA7}, Quarantined, [f1cdce9485f746f090dd6f9caa5911ef], PUP.Optional.MindSpark.A, HKU\S-1-5-21-2251239879-3952495651-2316126211-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{0297A026-3011-46D3-AD62-BB9A7612AEA7}, Quarantined, [f1cdce9485f746f090dd6f9caa5911ef], PUP.Optional.MindSpark.A, HKU\S-1-5-21-2251239879-3952495651-2316126211-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0297A026-3011-46D3-AD62-BB9A7612AEA7}, Quarantined, [f1cdce9485f746f090dd6f9caa5911ef], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7d69ed06-0171-4379-9528-08df51092727}, Quarantined, [0ab45f0326567fb7f081b45708fb4bb5], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7D69ED06-0171-4379-9528-08DF51092727}, Quarantined, [0ab45f0326567fb7f081b45708fb4bb5], PUP.Optional.MindSpark.A, HKU\S-1-5-21-2251239879-3952495651-2316126211-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7D69ED06-0171-4379-9528-08DF51092727}, Quarantined, [0ab45f0326567fb7f081b45708fb4bb5], PUP.Optional.MindSpark.A, HKU\S-1-5-21-2251239879-3952495651-2316126211-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7D69ED06-0171-4379-9528-08DF51092727}, Quarantined, [0ab45f0326567fb7f081b45708fb4bb5], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CouponXplorer_5z, Quarantined, [eed087db4537ad898adcd6ec3dc732ce], PUP.Optional.MindSpark.A, HKU\S-1-5-21-2251239879-3952495651-2316126211-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CouponXplorer_5z, Quarantined, [00be92d0c9b3b6802542e7dba361e818], PUP.Optional.MindSpark.A, HKU\S-1-5-21-2251239879-3952495651-2316126211-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CouponXplorer_5z, Quarantined, [c3fb144eb7c5db5b58baff782dd6ed13], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{746c749a-528c-4e31-bc96-848c0d909fb4}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{bb925fe4-7161-454f-88ee-7f58c40f549c}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{23905799-4E4E-457F-8EEA-88A514D38DCA}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4B6F98D4-3D4D-4D72-A89B-7B75207AF16D}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E2B831BC-CF08-4227-AEAE-82A1C259F1BC}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{23905799-4E4E-457F-8EEA-88A514D38DCA}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4B6F98D4-3D4D-4D72-A89B-7B75207AF16D}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E2B831BC-CF08-4227-AEAE-82A1C259F1BC}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{bb925fe4-7161-454f-88ee-7f58c40f549c}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\CouponXplorer_5z.ToolbarProtector.1, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\CouponXplorer_5z.ToolbarProtector, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CouponXplorer_5z.ToolbarProtector, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CouponXplorer_5z.ToolbarProtector.1, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{927c6290-8b1f-4673-9046-658843fea0d0}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{9d51d472-88c3-4e12-93ea-8aeafc57b227}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{15F335C1-5CC0-4786-ABB9-06E727FF2D42}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E4E06D99-5021-4A4C-A55F-E3C33E66E74A}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FB9C1615-175B-48E3-813D-212E676B9F9E}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{15F335C1-5CC0-4786-ABB9-06E727FF2D42}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E4E06D99-5021-4A4C-A55F-E3C33E66E74A}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FB9C1615-175B-48E3-813D-212E676B9F9E}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{9d51d472-88c3-4e12-93ea-8aeafc57b227}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{ae1fb1ef-c142-48d2-8bfa-2730b43e8bea}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{b12e159d-74ba-45b7-ae12-f6d1a71f9e50}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{99395F16-43C8-461E-A1AC-36AC80EF13E4}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{99395F16-43C8-461E-A1AC-36AC80EF13E4}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{b12e159d-74ba-45b7-ae12-f6d1a71f9e50}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{76e9f00f-6852-44fc-b406-bb452f232a1b}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{697fa9f6-da51-4f3c-8f01-fd5daafc18e5}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E60D532-F00E-495B-BD0F-75F1B96CC714}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C517F70B-242E-4408-BD38-1C8CAA053C62}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E60D532-F00E-495B-BD0F-75F1B96CC714}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C517F70B-242E-4408-BD38-1C8CAA053C62}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{697fa9f6-da51-4f3c-8f01-fd5daafc18e5}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\CouponXplorer_5z.FeedManager.1, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\CouponXplorer_5z.FeedManager, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CouponXplorer_5z.FeedManager, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CouponXplorer_5z.FeedManager.1, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{BEEED033-0126-4DC6-A531-9060E3410521}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\CouponXplorer_5z.HTMLMenu.1, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\CouponXplorer_5z.HTMLMenu, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CouponXplorer_5z.HTMLMenu, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CouponXplorer_5z.HTMLMenu.1, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{BEEED033-0126-4DC6-A531-9060E3410521}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{48708b86-3672-46f9-89cf-680f8e807b91}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{be1ede40-9c0b-4913-bf21-09f7ab5e270e}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1BCF3F83-F9A0-4075-B0BC-53128BBC228F}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7535D37C-1554-4681-9F4B-055922B2F800}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1BCF3F83-F9A0-4075-B0BC-53128BBC228F}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7535D37C-1554-4681-9F4B-055922B2F800}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{be1ede40-9c0b-4913-bf21-09f7ab5e270e}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{b1c38f5a-506f-4f75-80d7-292903e8f87a}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\CouponXplorer_5z.MultipleButton.1, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\CouponXplorer_5z.MultipleButton, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CouponXplorer_5z.MultipleButton, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CouponXplorer_5z.MultipleButton.1, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{627d42c1-e006-4bf2-bb79-d5fc6e0e01f0}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\CouponXplorer_5z.ScriptButton.1, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\CouponXplorer_5z.ScriptButton, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CouponXplorer_5z.ScriptButton, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CouponXplorer_5z.ScriptButton.1, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{131a1f72-5c50-43cf-ba3e-3ac75df1188b}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{b4685aa8-dbdd-4d8e-9a16-51b64646026a}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0CD246B5-EC5A-4601-9A8F-C6D21742BB86}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8D4ECA6C-82AC-4E26-B86D-E251635FFA72}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{99CA1314-FC92-47C3-916A-9A4C31C13108}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9B500682-83D6-4252-BA71-20AA34A74A06}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0CD246B5-EC5A-4601-9A8F-C6D21742BB86}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8D4ECA6C-82AC-4E26-B86D-E251635FFA72}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{99CA1314-FC92-47C3-916A-9A4C31C13108}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9B500682-83D6-4252-BA71-20AA34A74A06}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{b4685aa8-dbdd-4d8e-9a16-51b64646026a}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{131A1F72-5C50-43CF-BA3E-3AC75DF1188B}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5bb649a4-1c05-4e18-b7a0-80a0fd29d8d7}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\CouponXplorer_5z.PseudoTransparentPlugin.1, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\CouponXplorer_5z.PseudoTransparentPlugin, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CouponXplorer_5z.PseudoTransparentPlugin, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CouponXplorer_5z.PseudoTransparentPlugin.1, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{5BB649A4-1C05-4E18-B7A0-80A0FD29D8D7}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{b32e7dc1-4d99-4480-844a-06c15df31ed4}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{2c76e19a-5b10-4018-92dd-54de302114f9}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{3852ab8e-1ca9-4b29-846f-092ca8d97969}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4025F9A4-91CE-4F20-8486-8A3D95564DB3}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{5128A486-0AED-4F8D-B1C0-1E0FF64CD1D0}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4025F9A4-91CE-4F20-8486-8A3D95564DB3}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{5128A486-0AED-4F8D-B1C0-1E0FF64CD1D0}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{3852ab8e-1ca9-4b29-846f-092ca8d97969}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\CouponXplorer_5z.ThirdPartyInstaller.1, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\CouponXplorer_5z.ThirdPartyInstaller, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CouponXplorer_5z.ThirdPartyInstaller, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CouponXplorer_5z.ThirdPartyInstaller.1, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{2C76E19A-5B10-4018-92DD-54DE302114F9}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{46861ec7-fd7a-4197-b4a2-223196de2dcb}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{8221ac18-699f-46c9-8a89-0916cbdb5005}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{41040243-9338-4C91-9457-AD11F56F48E1}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{97B4338F-DF52-45F6-9EA5-BA99A9883A78}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{41040243-9338-4C91-9457-AD11F56F48E1}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{97B4338F-DF52-45F6-9EA5-BA99A9883A78}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{8221ac18-699f-46c9-8a89-0916cbdb5005}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\CouponXplorer_5z.HTMLPanel.1, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\CouponXplorer_5z.HTMLPanel, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CouponXplorer_5z.HTMLPanel, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CouponXplorer_5z.HTMLPanel.1, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{46861EC7-FD7A-4197-B4A2-223196DE2DCB}, Quarantined, [5e60045e0577a88e67c951d55ea58f71], Registry Values: 5PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{65C72339-FB1D-4155-84E1-9AFACEE02D6F}, Quarantined, [f1cdce9485f746f090dd6f9caa5911ef], PUP.Optional.MindSpark.A, HKU\S-1-5-21-2251239879-3952495651-2316126211-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{9b138bf3-1d40-4e7e-84bb-2975198ad938}, Quarantined, [9c221e445e1ef541ee7b7f8c5fa419e7], PUP.Optional.MindSpark.A, HKU\S-1-5-21-2251239879-3952495651-2316126211-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{9B138BF3-1D40-4E7E-84BB-2975198AD938}, Quarantined, [9c221e445e1ef541ee7b7f8c5fa419e7], PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{65c72339-fb1d-4155-84e1-9afacee02d6f}, Quarantined, [843a134f94e863d379ff907b9c67c040], PUP.Optional.FreeMakeConverter.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|fmconverter@gmail.com, C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\, Quarantined, [a81692d03547082eadbed97d8d7652ae] Registry Data: 0(No malicious items detected) Folders: 22PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z, Delete-on-Reboot, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar, Delete-on-Reboot, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin, Delete-on-Reboot, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\assists, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\assists\ie_default_search_provider, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\assists\ie_enable, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\chrome, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\ThirdPartyInstallers, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\assists, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\gen1, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\Message, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\Settings, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5zEI, Quarantined, [d9e5045e324abb7b6ec246e059aa20e0], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5zEI\Installr, Quarantined, [d9e5045e324abb7b6ec246e059aa20e0], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5zEI\Installr\1.bin, Quarantined, [d9e5045e324abb7b6ec246e059aa20e0], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5zEI\Installr\setups, Quarantined, [d9e5045e324abb7b6ec246e059aa20e0], PUP.Optional.MindSpark.A, C:\Users\Harris Family\AppData\LocalLow\CouponXplorer_5z, Quarantined, [4a7481e113691f171ce3ea42d033e917], PUP.Optional.MindSpark.A, C:\Users\Harris Family\AppData\LocalLow\CouponXplorer_5z\bar, Quarantined, [4a7481e113691f171ce3ea42d033e917], PUP.Optional.MindSpark.A, C:\Users\Harris Family\AppData\LocalLow\CouponXplorer_5z\bar\Settings, Quarantined, [4a7481e113691f171ce3ea42d033e917], PUP.Optional.MindSpark.A, C:\Users\Harris Family\AppData\LocalLow\CouponXplorer_5zEI, Quarantined, [229c31313e3ec175a25d9c909073768a], PUP.Optional.MindSpark.A, C:\Users\Harris Family\AppData\LocalLow\CouponXplorer_5zEI\Installr, Quarantined, [229c31313e3ec175a25d9c909073768a], PUP.Optional.MindSpark.A, C:\Users\Harris Family\AppData\LocalLow\CouponXplorer_5zEI\Installr\Cache, Quarantined, [229c31313e3ec175a25d9c909073768a], Files: 67PUP.Optional.MindSpark, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbarsvc.exe, Delete-on-Reboot, [823c90d298e41c1a8ab8dee332cffe02], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbar.dll, Quarantined, [f1cdce9485f746f090dd6f9caa5911ef], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zSrcAs.dll, Quarantined, [0ab45f0326567fb7f081b45708fb4bb5], PUP.Optional.OpenCandy, C:\$Recycle.Bin\S-1-5-21-2251239879-3952495651-2316126211-1001\$ROERH7S.exe, Quarantined, [a816a4be027a74c2d91d9e8c7b8653ad], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zbprtct.dll, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zdatact.dll, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zdlghk.dll, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zdlghk64.dll, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zfeedmg.dll, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zhighin.exe, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zhkstub.dll, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zhtmlmu.dll, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zhttpct.dll, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zidle.dll, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zmedint.exe, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zmlbtn.dll, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zPlugin.dll, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zreghk.dll, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zregiet.dll, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zscript.dll, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zskin.dll, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zskplay.exe, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zSrchMn.exe, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5zsrchmr.dll, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\5ztpinst.dll, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\APPINTEGRATOR.EXE, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\AppIntegrator64.exe, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\APPINTEGRATORSTUB.DLL, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\AppIntegratorStub64.dll, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\ASSISTMONITOR.DLL, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\ASSISTMONITOR64.DLL, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\BOOTSTRAP.JS, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\CREXT.DLL, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\CrExtP5z.exe, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\DPNMNGR.DLL, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\FF-NativeMessagingDispatcher.dll, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\HKFXMGR.DLL, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\HKFXMGR64.DLL, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\HPG.DLL, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\Hpg64.dll, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\installKeys.js, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\LOGO.BMP, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\T8EPMSUP.DLL, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\T8EXTEX.DLL, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\T8EXTPEX.DLL, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\T8HTML.DLL, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\T8RES.DLL, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\T8TICKER.DLL, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\TOOLBARGUARD.DLL, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\TOOLBARGUARD64.DLL, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\VERIFY.DLL, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\assists\ie_default_search_provider\ARBITER.DLL, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\assists\ie_default_search_provider\ARBITER64.DLL, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\assists\ie_default_search_provider\CONFIG.XML, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\assists\ie_enable\ARBITER.DLL, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\assists\ie_enable\ARBITER64.DLL, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\assists\ie_enable\CONFIG.XML, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\assists\COMMON.T8S, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\gen1\COMMON.T8S, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\Message\COMMON.T8S, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5z\bar\Settings\s_pid.dat, Quarantined, [5e60045e0577a88e67c951d55ea58f71], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5zEI\Installr\1.bin\5zEIPlug.dll, Quarantined, [d9e5045e324abb7b6ec246e059aa20e0], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5zEI\Installr\1.bin\5zEZSETP.dll, Quarantined, [d9e5045e324abb7b6ec246e059aa20e0], PUP.Optional.MindSpark.A, C:\Program Files (x86)\CouponXplorer_5zEI\Installr\1.bin\NP5zEISb.dll, Quarantined, [d9e5045e324abb7b6ec246e059aa20e0], PUP.Optional.MindSpark.A, C:\Users\Harris Family\AppData\LocalLow\CouponXplorer_5zEI\Installr\Cache\006C4C0F.exe, Quarantined, [229c31313e3ec175a25d9c909073768a], PUP.Optional.MindSpark.A, C:\Users\Harris Family\AppData\LocalLow\CouponXplorer_5zEI\Installr\Cache\files.ini, Quarantined, [229c31313e3ec175a25d9c909073768a], Physical Sectors: 0(No malicious items detected) (end)>>>>> Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 12/15/2014Scan Time: 11:00:44 AMLogfile: MBAM scan.txtAdministrator: Yes Version: 2.00.4.1028Malware Database: v2014.12.15.03Rootkit Database: v2014.12.14.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Harris Family Scan Type: Threat ScanResult: CompletedObjects Scanned: 387028Time Elapsed: 13 min, 10 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end)
  16. I kept getting an alert that an attack was blocked. Some quick websearching led me here. I don't see a self help guide for removal of this malware in the other forum. Is this something that I needed to be guided through like the so many others I see you have helped? Thanks Sandy
  17. Recently, Avast! Anti-virus software has been giving me daily threat detections coming from C:\Windows\SysWOW64. Both Malwarebytes and Avast! do not detect any infected files on my system, but from my own research, I know that SysWOW64 is malware. It also looks to be a little tricky to get rid of it, so any help would be greatly appreciated. Thanks! Best regards FRST.txt Addition.txt
  18. Hi, I need some help removing Ad by Notification which I think installed when I somehow got Wajam on my machine. Malwarebytes says it quarantined and removed Wajam and I tried uninstalling it as well, but I think it's still hiding. I ran adwcleaner after that and it removed a number of more files. Now all it finds is a registry file that keeps coming back and which points to a SySWow64 folder. It's completely hijacking my browsers with pop-ups, -unders, or ads in new windows whenever i touch any white space or even click on the scroll bar of my browsers. Ugh. Also, I had Azureus on my machine a while ago but I did uninstall it; not sure why it's still showing in my AppData folder. Here are my FRST logs. --- Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-11-2014 Ran by Sandra (administrator) on SAN-WORKERBEE on 19-11-2014 22:25:28 Running from C:\Users\Sandra\Desktop Loaded Profile: Sandra (Available profiles: boinc_master & Sandra & Guest) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Sony Corporation) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe () C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe () C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe () C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe (Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe () C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe (ALPS) C:\Program Files\Apoint\Apvfb.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe () C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Dropbox, Inc.) C:\Users\Sandra\AppData\Roaming\Dropbox\bin\Dropbox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe (iolo technologies, LLC) C:\Program Files\Sony\VAIO Care\Iolo\ioloTools.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-04-06] (Realtek Semiconductor) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [226160 2010-07-29] (Alps Electric Co., Ltd.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [smartWiHelper] => C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe [89080 2010-07-15] (Sony Electronics Corporation) HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2010-01-21] (Sony Corporation) HKLM-x32\...\Run: [sHTtray.exe] => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe [99696 2010-09-10] (Sony Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-01] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-08] (AVAST Software) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.) HKU\S-1-5-21-1131491842-3702275870-760743972-1006\...\Run: [Google Update] => C:\Users\Sandra\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-01-10] (Google Inc.) HKU\S-1-5-21-1131491842-3702275870-760743972-1006\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.) HKU\S-1-5-21-1131491842-3702275870-760743972-1006\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.) HKU\S-1-5-21-1131491842-3702275870-760743972-1006\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TypeItIn.lnk ShortcutTarget: TypeItIn.lnk -> C:\Program Files (x86)\TypeItIn\TypeItIn.exe (Wavget.com) Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Sandra\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll () ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1131491842-3702275870-760743972-1006\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKU\S-1-5-21-1131491842-3702275870-760743972-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1131491842-3702275870-760743972-1006 -> DefaultScope {BC15A432-5700-4A80-A602-BFA829B87BB9} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms} SearchScopes: HKU\S-1-5-21-1131491842-3702275870-760743972-1006 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1131491842-3702275870-760743972-1006 -> {BC15A432-5700-4A80-A602-BFA829B87BB9} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms} BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: No Name -> {D3C24E2B-C820-4492-9B69-11BF7163F998} -> No File BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-1131491842-3702275870-760743972-1006 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab DPF: HKLM-x32 {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://securevpn.cci.edu/+CSCOL+/csvrloader32.cab DPF: HKLM-x32 {53A8AEF8-5503-4B78-A091-634BB68DEECE} https://securevpn.cci.edu/+CSCO+0075676763663A2F2F31302E35322E32342E313030++/SecureAuth1/-CSCO-39--4430/SecureAuth.cab DPF: HKLM-x32 {A5A5E1FF-FFEF-3FEF-B592-C6D194F4383F} https://securevpn.cci.edu/CACHE/sdesktop/install/binaries/instweb.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\ylvxvd68.default-1415762685010 FF Homepage: google.com FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll No File FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin HKU\S-1-5-21-1131491842-3702275870-760743972-1006: @tools.google.com/Google Update;version=3 -> C:\Users\Sandra\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-1131491842-3702275870-760743972-1006: @tools.google.com/Google Update;version=9 -> C:\Users\Sandra\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Sandra\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC) FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-11-11] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-11-11] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-11-11] FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\e28425c66708a972974c1facecc44d59 [2014-11-11] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-06-04] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-09-30] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-10] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-08] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-23] (Adobe Systems Incorporated) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-08] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-08] (AVAST Software) S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [46080 2010-06-23] () [File not signed] R3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation) S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [74496 2010-09-27] (Sony Corporation) R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation) R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-08] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-08] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-08] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-08] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-08] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-08] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-08] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-08] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-08] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-08] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-19] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader) S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () [File not signed] S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () [File not signed] R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation) U2 IAStorDataMgrSvc; No ImagePath U2 MSSQL$DDNI; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-19 22:25 - 2014-11-19 22:26 - 00027407 _____ () C:\Users\Sandra\Desktop\FRST.txt 2014-11-19 22:25 - 2014-11-19 22:25 - 00000000 ____D () C:\FRST 2014-11-19 22:23 - 2014-11-19 22:23 - 02117120 _____ (Farbar) C:\Users\Sandra\Desktop\FRST64.exe 2014-11-13 00:58 - 2014-11-13 00:59 - 00000000 ____D () C:\ProgramData\iolo 2014-11-13 00:58 - 2014-11-13 00:58 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\iolo 2014-11-11 21:33 - 2014-11-12 16:18 - 00000000 ____D () C:\AdwCleaner 2014-11-11 21:32 - 2014-11-11 21:32 - 02140160 _____ () C:\Users\Sandra\Downloads\adwcleaner_4.101.exe 2014-11-11 20:37 - 2014-11-11 20:37 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\ATI 2014-11-11 20:37 - 2014-11-11 20:37 - 00000000 ____D () C:\Users\Sandra\AppData\Local\ATI 2014-11-11 20:37 - 2014-11-11 20:37 - 00000000 ____D () C:\ProgramData\ATI 2014-11-11 20:13 - 2014-11-11 20:13 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-11-11 20:12 - 2014-11-11 20:12 - 00754564 _____ () C:\Users\Sandra\Downloads\wajam_uninstall.exe 2014-11-11 19:57 - 2014-11-19 20:29 - 00000392 _____ () C:\Windows\setupact.log 2014-11-11 19:57 - 2014-11-11 22:24 - 00002094 _____ () C:\Windows\PFRO.log 2014-11-11 19:57 - 2014-11-11 19:57 - 00000000 _____ () C:\Windows\setuperr.log 2014-11-11 19:46 - 2014-11-11 19:46 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Sandra\Downloads\revosetup.exe 2014-11-11 19:24 - 2014-11-11 19:24 - 00000000 ____D () C:\Users\Sandra\Desktop\Old Firefox Data 2014-11-11 18:33 - 2014-11-07 11:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-11 18:33 - 2014-11-07 11:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-11 18:33 - 2014-11-05 20:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-11 18:33 - 2014-11-05 20:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-11-11 18:33 - 2014-11-05 19:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-11 18:33 - 2014-11-05 19:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-11 18:33 - 2014-11-05 19:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-11 18:33 - 2014-11-05 19:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-11 18:33 - 2014-11-05 19:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-11 18:33 - 2014-11-05 19:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-11 18:33 - 2014-11-05 19:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-11 18:33 - 2014-11-05 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-11 18:33 - 2014-11-05 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-11 18:33 - 2014-11-05 19:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-11 18:33 - 2014-11-05 19:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-11 18:33 - 2014-11-05 19:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-11 18:33 - 2014-11-05 19:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-11 18:33 - 2014-11-05 19:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-11 18:33 - 2014-11-05 19:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-11 18:33 - 2014-11-05 18:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-11 18:33 - 2014-11-05 18:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-11 18:33 - 2014-11-05 18:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-11 18:33 - 2014-11-05 18:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-11 18:33 - 2014-11-05 18:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-11 18:33 - 2014-11-05 18:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-11 18:33 - 2014-11-05 18:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-11 18:33 - 2014-11-05 18:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-11 18:33 - 2014-11-05 18:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-11 18:33 - 2014-11-05 18:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-11 18:33 - 2014-11-05 18:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-11 18:33 - 2014-11-05 18:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-11 18:33 - 2014-11-05 18:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-11 18:33 - 2014-11-05 18:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-11 18:33 - 2014-11-05 18:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-11 18:33 - 2014-11-05 18:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-11 18:33 - 2014-11-05 17:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-11 18:33 - 2014-11-05 17:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-11 18:33 - 2014-11-05 17:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-11 18:33 - 2014-11-05 09:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-11 18:33 - 2014-11-05 09:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-11 18:33 - 2014-11-05 09:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-11 18:33 - 2014-10-13 18:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-11 18:33 - 2014-10-13 18:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-11 18:33 - 2014-10-13 18:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-11 18:33 - 2014-10-13 18:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-11 18:33 - 2014-10-13 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-11 18:33 - 2014-10-13 17:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-11 18:33 - 2014-10-13 17:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-11 18:33 - 2014-10-13 17:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-11 18:33 - 2014-10-13 17:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-11 18:32 - 2014-11-05 20:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-11 18:32 - 2014-11-05 19:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-11 18:32 - 2014-11-05 19:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-11 18:32 - 2014-11-05 19:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-11 18:32 - 2014-11-05 19:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-11 18:32 - 2014-11-05 19:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-11 18:32 - 2014-11-05 19:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-11 18:32 - 2014-11-05 19:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-11 18:32 - 2014-11-05 19:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-11 18:32 - 2014-11-05 19:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-11 18:32 - 2014-11-05 19:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-11 18:32 - 2014-11-05 19:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-11 18:32 - 2014-11-05 19:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-11 18:32 - 2014-11-05 18:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-11-11 18:32 - 2014-11-05 18:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-11 18:32 - 2014-11-05 18:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-11 18:32 - 2014-11-05 18:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-11 18:32 - 2014-11-05 17:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-11 18:32 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-11 18:32 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-11 18:32 - 2014-10-09 16:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-11 18:32 - 2014-10-02 18:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-11 18:32 - 2014-10-02 18:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-11 18:32 - 2014-10-02 18:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-11 18:32 - 2014-10-02 18:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-11 18:32 - 2014-10-02 18:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-11 18:32 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-11 18:32 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-11 18:32 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-11 18:32 - 2014-09-19 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-11 18:32 - 2014-09-19 01:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-11 18:32 - 2014-09-19 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-11 18:32 - 2014-09-19 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-11 18:32 - 2014-09-19 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-11 18:32 - 2014-09-19 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-11 18:32 - 2014-09-19 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-11 18:32 - 2014-09-19 01:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-11 18:32 - 2014-09-19 01:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-11 18:32 - 2014-09-19 01:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-11 18:32 - 2014-09-19 01:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-11 18:32 - 2014-09-19 01:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-11 18:32 - 2014-09-19 01:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-11 18:32 - 2014-09-19 01:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-11 18:32 - 2014-08-20 22:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-11 18:32 - 2014-08-20 22:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-11 18:32 - 2014-08-20 22:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-11 18:32 - 2014-08-20 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-11 18:32 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-11 18:32 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-11 18:31 - 2014-10-17 18:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-11 18:31 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-11 18:31 - 2014-10-13 18:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-11 18:31 - 2014-10-13 17:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-11 17:05 - 2014-11-11 17:05 - 04977216 _____ (Piriform Ltd) C:\Users\Sandra\Downloads\ccsetup419.exe 2014-11-11 16:59 - 2014-11-11 17:00 - 00000000 ____D () C:\Users\Sandra\Downloads\ReceiverCleanupUtility 2014-11-11 16:57 - 2014-11-11 16:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-11 16:49 - 2014-11-11 16:49 - 00001276 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2014-11-08 07:52 - 2014-11-08 07:52 - 00001819 _____ () C:\Users\Guest\Desktop\Microsoft Office - Shortcut.lnk 2014-11-08 07:50 - 2014-11-08 07:50 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\AVAST Software 2014-11-08 07:49 - 2014-11-11 17:01 - 00000000 ____D () C:\Users\Guest\AppData\Local\Citrix 2014-11-08 07:49 - 2014-11-08 09:04 - 00000000 ____D () C:\Users\Guest\AppData\Local\Adobe 2014-11-08 07:49 - 2014-11-08 08:56 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe 2014-11-08 07:49 - 2014-11-08 07:50 - 00000000 ____D () C:\Users\Guest\AppData\Local\TypeItIn 2014-11-08 07:49 - 2014-11-08 07:49 - 00120880 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-08 07:49 - 2014-11-08 07:49 - 00001380 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-11-08 07:49 - 2014-11-08 07:49 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer 2014-11-08 07:48 - 2014-11-08 07:49 - 00000000 ____D () C:\Users\Guest 2014-11-08 07:48 - 2014-11-08 07:48 - 00000020 ___SH () C:\Users\Guest\ntuser.ini 2014-11-08 07:48 - 2014-11-08 07:48 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore 2014-11-08 07:48 - 2012-05-07 17:22 - 00000000 ____D () C:\Users\Guest\AppData\Local\Sony Corporation 2014-11-08 07:48 - 2012-04-22 19:16 - 00000000 ____D () C:\Users\Guest\AppData\Local\Microsoft Help 2014-11-08 07:48 - 2012-02-08 15:12 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia 2014-11-08 07:48 - 2009-07-13 20:54 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-11-08 07:48 - 2009-07-13 20:49 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-11-08 07:21 - 2014-11-11 17:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak 2014-11-08 07:20 - 2014-11-08 07:20 - 00001997 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk 2014-11-08 07:20 - 2014-11-08 07:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2014-11-08 07:17 - 2014-11-08 07:16 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-11-08 07:16 - 2014-11-08 07:17 - 00000000 ____D () C:\Program Files (x86)\Jelbrus Secure Web 2014-11-08 07:16 - 2014-11-08 07:16 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-11-08 07:14 - 2014-11-08 07:14 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys 2014-11-04 14:54 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-11-04 14:54 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-11-04 14:53 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-11-04 14:53 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-11-04 14:53 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-11-04 14:53 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-11-04 14:53 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-11-04 14:53 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-11-04 14:51 - 2014-08-28 18:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-11-04 14:49 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-11-04 14:49 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-11-04 14:49 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-11-04 14:49 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-11-04 14:49 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-11-04 14:48 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-11-04 14:45 - 2014-09-04 18:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-11-04 14:45 - 2014-09-04 17:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-19 22:26 - 2009-07-13 20:45 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-19 22:26 - 2009-07-13 20:45 - 00018928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-19 22:10 - 2014-01-10 20:18 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1131491842-3702275870-760743972-1006UA.job 2014-11-19 21:55 - 2012-10-04 12:48 - 01296545 _____ () C:\Windows\WindowsUpdate.log 2014-11-19 21:39 - 2012-04-01 13:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-19 21:10 - 2014-01-10 20:18 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1131491842-3702275870-760743972-1006Core.job 2014-11-19 20:38 - 2012-09-27 15:54 - 00000000 ___RD () C:\Users\Sandra\Dropbox 2014-11-19 20:37 - 2012-09-27 15:42 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Dropbox 2014-11-19 20:36 - 2012-09-27 15:43 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-11-19 20:35 - 2014-05-07 15:24 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-19 20:33 - 2012-02-08 13:23 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Adobe 2014-11-19 20:31 - 2012-07-08 17:48 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-11-19 20:29 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-13 00:56 - 2012-03-12 15:55 - 00000000 ____D () C:\Users\Sandra\AppData\Local\CrashDumps 2014-11-12 21:05 - 2014-01-10 20:18 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1131491842-3702275870-760743972-1006UA 2014-11-12 21:05 - 2014-01-10 20:18 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1131491842-3702275870-760743972-1006Core 2014-11-12 15:46 - 2012-02-04 18:48 - 00120880 _____ () C:\Users\Sandra\AppData\Local\GDIPFONTCACHEV1.DAT 2014-11-12 15:43 - 2009-07-13 20:45 - 00514560 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-12 15:41 - 2014-04-30 06:26 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-12 01:21 - 2012-02-08 16:15 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-11-12 01:14 - 2013-08-13 20:13 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-12 01:10 - 2012-02-05 20:14 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-11 23:16 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache 2014-11-11 22:15 - 2009-07-13 21:08 - 00032572 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-11-11 18:35 - 2014-09-24 16:54 - 00000000 ____D () C:\Users\Sandra\AppData\Roaming\Azureus 2014-11-11 18:28 - 2012-02-04 19:06 - 00000789 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-11-11 18:28 - 2012-02-04 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-11-11 18:28 - 2012-02-04 19:06 - 00000000 ____D () C:\Program Files\CCleaner 2014-11-11 18:00 - 2012-05-05 08:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-11 18:00 - 2012-02-04 19:01 - 00000000 ____D () C:\Program Files (x86)\Trillian 2014-11-11 17:44 - 2014-09-27 15:32 - 00073728 _____ () C:\Windows\SysWOW64\tasks.dll 2014-11-11 17:36 - 2012-04-01 13:14 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-11 17:36 - 2012-04-01 13:14 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-11 17:36 - 2012-02-08 12:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-11 17:01 - 2013-11-13 13:39 - 00000000 ____D () C:\ProgramData\Citrix 2014-11-11 17:01 - 2013-11-13 13:38 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Citrix 2014-11-11 17:01 - 2013-11-13 13:38 - 00000000 ____D () C:\Program Files (x86)\Citrix 2014-11-11 16:46 - 2011-04-27 08:15 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-11-08 07:32 - 2013-10-17 10:29 - 00000000 ____D () C:\ProgramData\Oracle 2014-11-08 07:27 - 2014-08-22 17:17 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-11-08 07:26 - 2014-08-22 17:17 - 00000000 ____D () C:\Program Files (x86)\Java 2014-11-08 07:16 - 2014-05-05 07:09 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-11-08 07:16 - 2014-01-12 12:04 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-11-08 07:16 - 2013-03-17 15:45 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-11-08 07:16 - 2013-03-17 15:45 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-11-08 07:16 - 2012-06-04 15:44 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-11-08 07:16 - 2012-06-04 15:44 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-11-08 07:16 - 2012-06-04 15:44 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-11-08 07:14 - 2014-07-23 13:15 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2014-11-08 07:14 - 2012-06-04 15:44 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-11-04 16:06 - 2012-04-12 18:57 - 00000000 ____D () C:\Users\Sandra\Documents\Teaching Stuff 2014-11-04 15:52 - 2009-07-13 21:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-04 15:39 - 2014-06-18 14:29 - 00000000 ____D () C:\Program Files (x86)\Google 2014-11-04 14:53 - 2012-10-16 14:23 - 00000000 ____D () C:\Users\Sandra\AppData\Local\Google 2014-11-04 14:30 - 2012-03-12 14:38 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-11-04 14:17 - 2014-05-07 15:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-11-04 14:17 - 2014-05-07 15:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware Some content of TEMP: ==================== C:\Users\Sandra\AppData\Local\Temp\CreativeCloudSet-Up.exe C:\Users\Sandra\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsnn6rc.dll C:\Users\Sandra\AppData\Local\Temp\Quarantine.exe C:\Users\Sandra\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-11 23:01 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-11-2014 Ran by Sandra at 2014-11-19 22:26:48 Running from C:\Users\Sandra\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat XI Pro (HKLM-x32\...\{23D3F585-AE29-4670-8E3E-64A0EFB29240}) (Version: 11.0 - Adobe Systems Incorporated) Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated) Adobe Audition CC (HKLM-x32\...\{DE1E055B-679C-42F8-B114-7B6ED0B8ED95}) (Version: 6.0 - Adobe Systems Incorporated) Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.0.447 - Adobe Systems Incorporated) Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated) Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.) Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.) AMD USB Filter Driver (HKLM-x32\...\{987B04C4-B5AC-4AD6-A7E9-8D681085B850}) (Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Application Manager for VAIO (HKLM-x32\...\Application Manager for VAIO) (Version: - ) ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.368 - ArcSoft) ATI Catalyst Install Manager (HKLM\...\{475672E2-253A-4B55-2E0E-1456A2BFD3E7}) (Version: 3.0.765.0 - ATI Technologies, Inc.) Avast Internet Security (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software) bl (x32 Version: 1.0.0 - Your Company Name) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version: - ) ccc-core-static (x32 Version: 2010.0713.642.10121 - ATI) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform) Click to Disc MergeModules x64 (Version: 1.0.14230 - Sony Corporation) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dropbox (HKU\S-1-5-21-1131491842-3702275870-760743972-1006\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.) Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Guild Wars (HKLM-x32\...\Guild Wars) (Version: - ) iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.) iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Media Gallery (x32 Version: 1.2.0.15040 - Sony Corporation) Hidden Media Gallery MergeModules x64 (Version: 1.0.14250 - Sony Corporation) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Music Manager (HKU\S-1-5-21-1131491842-3702275870-760743972-1006\...\MusicManager) (Version: - Google, Inc.) Oasis2Service 1.0 (HKLM-x32\...\{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}) (Version: 1.0.0 - DDNi) OOBE (x32 Version: 3.20.1018 - Sony Corporation) Hidden PDF reDirect (remove only) (HKLM-x32\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC) ph (x32 Version: 1.0.0 - Your Company Name) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PMB (x32 Version: 5.1.02.03310 - Sony Corporation) Hidden PMB VAIO Edition Guide (x32 Version: 1.1.00.14080 - Sony Corporation) Hidden PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.1.00.15080 - Sony Corporation) Hidden PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.1.00.15040 - Sony Corporation) Hidden PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.1.00.15080 - Sony Corporation) Hidden PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30116 - Realtek Semiconductor Corp.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Setting Utility Series (x32 Version: 5.2.0.15250 - Sony Corporation) Hidden Setup_msm_VCMS_x64 (Version: 2.6.0.06040 - Sony Corporation) Hidden Setup_msm_VOFS_x64 (Version: 2.4.0.16010 - Sony Corporation) Hidden Setup_VEP_x64 (Version: 3.9.30.19080 - Sony Corporation) Hidden Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) SmartWi Connection Utility (HKLM-x32\...\{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}) (Version: 4.11.4.20100722.2739 - Sony Corporation) SOHLib Merge Module (x32 Version: 2.2.0.11240 - Sony Corporation) Hidden Sony Home Network Library (HKLM-x32\...\{A6B90666-2A1F-49E8-A40E-27EAAD11C096}) (Version: 2.2.0.13270 - Sony Corporation) Sony Home Network Library (x32 Version: 2.1.0.14240 - Sony Corporation) Hidden Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform) System Requirements Lab CYRI (HKLM-x32\...\{E362724E-9320-4946-AF34-874E7B6B2927}) (Version: 6.0.7.0 - Husdawg, LLC) Trillian (HKLM-x32\...\Trillian) (Version: - Cerulean Studios, LLC) VAIO Care (HKLM\...\{55A60C1D-BEBF-4249-BFB2-F4E5C2E77988}) (Version: 8.4.1.07021 - Sony Corporation) VAIO Care Recovery (HKLM\...\{6ED1750E-F44F-4635-8F0D-B76B9262B7FB}) (Version: 1.1.1.13230 - Sony Corporation) VAIO Content Monitoring Settings (HKLM-x32\...\{06C05B90-2127-4933-8ABA-61833BDE13FA}) (Version: 2.6.0.13120 - Sony Corporation) VAIO Control Center (x32 Version: 4.2.0.15020 - Sony Corporation) Hidden VAIO Data Restore Tool (x32 Version: 1.3.0.13150 - Sony Corporation) Hidden VAIO DVD Menu Data (x32 Version: 2.1.00.13210 - Sony Corporation) Hidden VAIO Entertainment Platform (HKLM-x32\...\{0489D044-6386-4BDF-9F98-577D60CF79DD}) (Version: 3.9.30.19080 - Sony Corporation) VAIO Event Service (x32 Version: 5.2.0.15020 - Sony Corporation) Hidden VAIO Gate (x32 Version: 2.4.2.02200 - Sony Corporation) Hidden VAIO Gate Default (x32 Version: 2.2.0.07020 - Sony Corporation) Hidden VAIO Hardware Diagnostics (x32 Version: 3.9.1 - Sony Corporation) Hidden VAIO Health Report (HKLM-x32\...\VAIO Health Report1.0) (Version: 1.0 - Sony Electronics) VAIO Help and Support (HKLM-x32\...\{AD3E7141-A22E-40F1-A7A4-55E898AE35E3}) (Version: 12.00.0622 - Sony Corporation) VAIO Manual (x32 Version: 1.0.0.03290 - Sony Corporation) Hidden VAIO Media plus (x32 Version: 2.1.0.15040 - Sony Corporation) Hidden VAIO Media plus Opening Movie (x32 Version: 2.1.0.14080 - Sony Corporation) Hidden VAIO Movie Story MergeModules x64 (Version: 1.0.14240 - Sony Corporation) Hidden VAIO Movie Story Template Data (x32 Version: 2.1.00.14040 - Sony Corporation) Hidden VAIO Original Function Settings (HKLM-x32\...\{04EAE65A-CDCF-480F-B754-5C3A9364239C}) (Version: 2.4.0.19040 - Sony Corporation) VAIO Power Management (x32 Version: 5.1.0.15250 - Sony Corporation) Hidden VAIO Sample Contents (x32 Version: 1.2.0.16080 - Sony Corporation) Hidden VAIO Survey (x32 Version: 6.00.1028 - Sony Corporation) Hidden VAIO Transfer Support (x32 Version: 1.1.2.06030 - Sony Corporation) Hidden VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.0.14270 - Sony Corporation) VAIO Wallpaper Contents (x32 Version: 2.1.0.14090 - Sony Corporation) Hidden VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden VGClientX86 (x32 Version: 1.0.0 - Sony Corporation) Hidden VMp MergeModule x64 (Version: 1.0.0 - Default Company Name) Hidden VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation) Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405) (HKLM\...\930E4792BDAEAFB62A9514EE7578775658A5D07C) (Version: 09/09/2009 6.2.0.9405 - Broadcom) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1131491842-3702275870-760743972-1006_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sandra\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1131491842-3702275870-760743972-1006_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Sandra\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-1131491842-3702275870-760743972-1006_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Sandra\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1131491842-3702275870-760743972-1006_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sandra\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1131491842-3702275870-760743972-1006_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1131491842-3702275870-760743972-1006_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1131491842-3702275870-760743972-1006_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1131491842-3702275870-760743972-1006_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1131491842-3702275870-760743972-1006_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1131491842-3702275870-760743972-1006_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1131491842-3702275870-760743972-1006_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1131491842-3702275870-760743972-1006_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sandra\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 08-11-2014 15:09:05 avast! antivirus system restore point 08-11-2014 15:12:53 Windows Update 08-11-2014 15:19:19 Device Driver Package Install: Avast Network Service 12-11-2014 00:48:24 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 12-11-2014 02:07:39 Windows Update 12-11-2014 09:07:51 Windows Update 20-11-2014 05:01:55 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {04E94B7F-3903-455E-A3C4-AB51EA2EB85A} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation) Task: {0C655B54-D88D-4778-B276-684F5F5DFD4F} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-02-28] (Sony Corporation) Task: {114ADF43-50E6-45A1-9F92-B13BA85573A6} - System32\Tasks\Sony\VAIO Survey => C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe [2009-10-26] () Task: {14028D94-6E9F-4C25-B165-A9149DC45965} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1131491842-3702275870-760743972-1006Core => C:\Users\Sandra\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-10] (Google Inc.) Task: {150DC2E6-C998-48E2-941F-7DEFF9C3EA4D} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation) Task: {1677C79D-6BD8-4968-A38D-3E789ECD2CD2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-08] (AVAST Software) Task: {28D63B00-EA18-4CC1-AA75-F76446903422} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation) Task: {2BA499E8-C60B-4FAC-A5D8-BB7C34CD5E78} - System32\Tasks\VAIO Health Report => C:\Program Files (x86)\Sony\VAIO Health Report\VAIOHealthReport.exe [2013-06-20] (Sony Electronics) Task: {2CBFA808-4C80-4F1A-9771-00DCF230EA78} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation) Task: {2FE21B7B-A3A4-4069-B7CD-3FF2C67A4398} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated) Task: {410908BC-1EEC-4209-AB4F-1FB21853368B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1131491842-3702275870-760743972-1006UA => C:\Users\Sandra\AppData\Local\Google\Update\GoogleUpdate.exe [2014-01-10] (Google Inc.) Task: {472DE93F-8FAA-4CF0-92B2-B7A82A72AB91} - System32\Tasks\AdobeAAMUpdater-1.0-San-gamergirl-Sandra => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated) Task: {64E9EECE-D629-493B-BAAA-2ACB8DD625B7} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation) Task: {6DFB4D17-DECB-4D7C-8C35-BC99A9DF5A96} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-27] (Sony Corporation) Task: {6DFC1F97-DC6F-4D41-8D2F-0232E0E785A9} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-06-25] (Sony Corporation) Task: {72EA0ADD-100D-4A10-BC31-B3F6A91134EB} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation) Task: {75E77F8E-B7FD-42D3-810D-0D872B508F7C} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation) Task: {77F9CFB0-D9BE-4754-8313-C6AD2532F262} - \GPUP No Task File <==== ATTENTION Task: {863AD3F3-D5F2-400B-8AD9-0A2C85A2C9F8} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {8BD8A82A-5DDD-4B0A-86D3-EB3BD95B6AC4} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation) Task: {8EA534DC-ABBC-433D-A296-30F294C8EBDA} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate Restart => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-02-20] (Sony Corporation) Task: {A4A1F0E2-6E31-494E-96D0-69331AB55A25} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {AB083804-F28A-49EA-A158-031B2966A856} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation) Task: {AFD24B35-B956-4E29-A8B3-70D3D840EA25} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2014-01-27] (Sony Corporation) Task: {B47E1B14-E3D8-4D31-90A9-A183D29D77A9} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation) Task: {CC4BB658-A090-4BE0-9FD2-46573D7B3CCC} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation) Task: {CC566349-1272-4E02-B384-6A7DAB9C1960} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs" Task: {DC889518-8FA7-43C7-B875-DD0AA0C9811E} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-07-02] (Sony Corporation) Task: {DF0D255A-0CA1-4485-BBF9-C2D5656205B6} - System32\Tasks\Sony\Java Update => C:\Program Files\Java\jre6\bin\jusched.exe Task: {E397DF39-8104-4471-B5DE-D072854BE09A} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2012-02-20] (Sony Corporation) Task: {F8BB5847-8125-4A23-A4E2-074C7E9B34B9} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-08-25] (Apple Inc.) Task: {FB7E8DD0-7C01-4397-9F84-73C123E45827} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1131491842-3702275870-760743972-1006Core.job => C:\Users\Sandra\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1131491842-3702275870-760743972-1006UA.job => C:\Users\Sandra\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-01-09 20:30 - 2012-09-18 15:27 - 00192512 _____ () C:\Windows\System32\zlhp1020.dll 2010-06-06 06:20 - 2010-06-06 06:20 - 00065344 _____ () C:\Windows\System32\PDFreDirectMon64.dll 2013-01-09 20:31 - 2012-09-18 15:27 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll 2014-09-26 14:41 - 2014-09-26 14:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll 2011-04-27 08:31 - 2010-07-15 10:07 - 00022504 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe 2011-04-27 08:31 - 2010-07-15 10:07 - 00023552 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe 2011-04-27 08:31 - 2010-07-15 10:07 - 00040952 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe 2011-04-27 08:31 - 2010-07-15 10:07 - 00184816 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe 2010-06-23 04:39 - 2010-06-23 04:39 - 00046080 _____ () C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe 2014-11-12 15:44 - 2014-11-12 15:44 - 02902016 _____ () C:\Program Files\AVAST Software\Avast\defs\14111200\algo.dll 2014-11-19 20:31 - 2014-11-19 20:31 - 02902528 _____ () C:\Program Files\AVAST Software\Avast\defs\14111901\algo.dll 2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2010-09-10 07:47 - 2010-09-10 07:47 - 00135168 _____ () C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\Extension\MrsMpegParser.dll 2011-04-27 08:58 - 2010-03-02 15:22 - 00013824 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll 2011-04-27 08:58 - 2010-03-02 15:22 - 00013312 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll 2014-11-08 07:15 - 2014-11-08 07:16 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2011-04-27 08:31 - 2010-07-15 10:07 - 00131072 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\SonyCommonLib.dll 2011-04-27 08:31 - 2010-07-15 10:07 - 00011264 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Resources.dll 2011-04-27 08:31 - 2010-07-15 10:07 - 00007680 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\DebugMsg.dll 2011-04-27 08:31 - 2010-07-15 10:07 - 00015360 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\SharedInterfaces.dll 2011-04-27 08:31 - 2010-07-15 10:07 - 00018944 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\DictionaryLookup.dll 2011-04-27 08:31 - 2010-07-15 10:07 - 00011264 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\MessageXML.dll 2011-04-27 08:31 - 2010-07-15 10:07 - 00005120 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll 2011-04-27 08:31 - 2010-07-15 10:07 - 00023040 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll 2011-04-27 08:31 - 2010-07-15 10:07 - 00027648 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll 2011-04-27 08:31 - 2010-07-15 10:07 - 00005120 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll 2011-04-27 08:31 - 2010-07-15 10:07 - 00015872 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll 2011-04-27 08:31 - 2010-07-15 10:07 - 00009728 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll 2011-04-27 08:31 - 2010-07-15 10:07 - 00006656 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll 2011-04-27 08:31 - 2010-07-15 10:07 - 00004608 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll 2011-04-27 08:31 - 2010-07-15 10:07 - 00109568 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\DevicePanel.dll 2010-06-23 04:39 - 2010-06-23 04:39 - 00049152 _____ () C:\Program Files (x86)\DDNi\Oasis2Service 1.0\DdniCore.dll 2010-06-23 04:39 - 2010-06-23 04:39 - 00033280 _____ () C:\Program Files (x86)\DDNi\Oasis2Service 1.0\AspUpdate.dll 2014-11-19 20:37 - 2014-11-19 20:37 - 00043008 _____ () c:\users\sandra\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsnn6rc.dll 2013-08-23 11:01 - 2013-08-23 11:01 - 25100288 _____ () C:\Users\Sandra\AppData\Roaming\Dropbox\bin\libcef.dll 2014-11-11 16:57 - 2014-11-11 16:58 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-11-11 17:36 - 2014-11-11 17:36 - 16840880 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll 2013-11-01 13:59 - 2013-11-01 13:59 - 00347136 _____ () C:\Program Files\Sony\VAIO Care\Iolo\vosges.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1131491842-3702275870-760743972-500 - Administrator - Disabled) boinc_master (S-1-5-21-1131491842-3702275870-760743972-1000 - Limited - Enabled) => C:\Users\boinc_master boinc_project (S-1-5-21-1131491842-3702275870-760743972-1001 - Limited - Enabled) Guest (S-1-5-21-1131491842-3702275870-760743972-501 - Limited - Disabled) => C:\Users\Guest HomeGroupUser$ (S-1-5-21-1131491842-3702275870-760743972-1007 - Limited - Enabled) Sandra (S-1-5-21-1131491842-3702275870-760743972-1006 - Administrator - Enabled) => C:\Users\Sandra ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/13/2014 00:56:12 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Creative Cloud.exe, version: 2.8.0.447, time stamp: 0x542b1516 Faulting module name: ANSClient.dll, version: 2.8.0.446, time stamp: 0x5428210f Exception code: 0xc0000005 Fault offset: 0x0007ccee Faulting process id: 0xab8 Faulting application start time: 0xCreative Cloud.exe0 Faulting application path: Creative Cloud.exe1 Faulting module path: Creative Cloud.exe2 Report Id: Creative Cloud.exe3 Error: (11/13/2014 00:55:32 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10168052 Error: (11/13/2014 00:55:32 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10168052 Error: (11/13/2014 00:55:32 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (11/12/2014 10:06:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 19048 Error: (11/12/2014 10:06:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 19048 Error: (11/12/2014 10:06:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (11/12/2014 10:06:21 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 17815 Error: (11/12/2014 10:06:21 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 17815 Error: (11/12/2014 10:06:21 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (11/19/2014 09:18:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.189.72.0). Error: (11/19/2014 08:33:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Energy Server Service service terminated with the following error: %%268439612 Error: (11/19/2014 08:25:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrustedInstaller service. Error: (11/19/2014 08:25:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service. Error: (11/12/2014 03:46:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Energy Server Service service terminated with the following error: %%268439612 Error: (11/11/2014 10:27:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Energy Server Service service terminated with the following error: %%268439612 Error: (11/11/2014 10:18:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Energy Server Service service terminated with the following error: %%268439612 Error: (11/11/2014 10:17:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The IKE and AuthIP IPsec Keying Modules service terminated with the following error: %%13876 Error: (11/11/2014 10:15:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Function Discovery Resource Publication service terminated with the following error: %%-2147014874 Error: (11/11/2014 10:15:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The IKE and AuthIP IPsec Keying Modules service terminated with the following error: %%13876 Microsoft Office Sessions: ========================= Error: (11/13/2014 00:56:12 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Creative Cloud.exe2.8.0.447542b1516ANSClient.dll2.8.0.4465428210fc00000050007cceeab801cffed2c3804c72C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exeC:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreExt\ANSClient.dllea43f5e7-6b12-11e4-9560-78843c3214e7 Error: (11/13/2014 00:55:32 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10168052 Error: (11/13/2014 00:55:32 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10168052 Error: (11/13/2014 00:55:32 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (11/12/2014 10:06:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 19048 Error: (11/12/2014 10:06:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 19048 Error: (11/12/2014 10:06:23 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (11/12/2014 10:06:21 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 17815 Error: (11/12/2014 10:06:21 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 17815 Error: (11/12/2014 10:06:21 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second ==================== Memory info =========================== Processor: AMD Athlon II P360 Dual-Core Processor Percentage of memory in use: 56% Total physical RAM: 3834.9 MB Available physical RAM: 1686.07 MB Total Pagefile: 7667.98 MB Available Pagefile: 4650.08 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:456.1 GB) (Free:352.44 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CE16A306) Partition 1: (Not Active) - (Size=9.6 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=456.1 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  19. Hello. This is my first time ever asking for help with malware on a forum. Usually Malwarebytes takes care of any problems. I am constantly getting a pop-up from Malwarebytes: Malicious Website Blocked Type: Outbound Process: Syswow64\dllhost.exe I already ran Malwarebytes several times, my antivirus (AVG), Spybot, Emsisoft, CCleaner and five or six other cleaning programs. All couldn't find anything. Yet the warning keeps popping up for the last week or so (not as often in the last few days, but still does). Is it something I should worry about? Thanks so much in advance for your help!
  20. I am posting my logs here, hopefully, someone can help me with removing this malware. Thanks. c:\windows\syswow64\dllhost.exe Addition.txt FRST.txt
  21. I think my computer is infected with a backdoor virus. An outgoing link gets getting stopped by my Malwarebytes. It wants to go to random websites like fff5ee.com and ip addresses like 92.215.1.57. It says it originates from windows\syswow64\dllhost.exe. Help. I would like to get rid of these annoying pop-ups. Any help would be appreciated. Thanks
  22. I have a possible infection and would appreciate someone looking into this. My computer has very sluggish behavior and seems to take forever to do anything, even when nothing is running. I continually get error messages from Norton on high memory usage by Com Surrogates (Syswow 64) and I also have been getting notices from MalwareBytes on malicious websites being blocked (example attached.) I ran the Farbar recovery scan tool and found the following notation: ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64 I am attaching the complete files for reference. Does this mean I have a rootkit and if so, how do I remove it? Thanks much in advance for your help. FRST.txt Addition.txt
  23. I have a virus of some kind on my computer. I'm getting popups stating that malicious websites are being blocked. It says the process is C:\windows\syswow64\dllhost.exe I have read through some of this forum. I tried to download the Farbar software but it says my security settings won't allow me too. Thanks for any help.
  24. Thank you in advance for being so kind as to help out with this pesky problem. I can't seem to remove sysWOW64 with Malwarebytes 2.0.3.1025. I have tried UnHackMe, Comodo Antivirus, Prevx 3.0, RoguKillerX64, and tdsskiller to no avail. Please help! Attached are the FRST.txt and Addition.txt from Farbar Recovery Tool. FRST.txt Addition.txt
  25. Hi, first of all thanks in advanced for the help you could provide me. I will try to be short but detail. I noticed my laptop Dell Latitude running slow and overheating after a Windows Update and I began to notice pop ups from Norton telling me that COM Surrogate was consuming too much memory. Here began the nightmare. I ran Norton, Viprerescue, Microsoft Scanner, Norton Power eraser, Kaspersky, etc. and all of them no threat found. I contacted Norton support and they performed a remoted session and did something trought de cmd and after all, they told me everything was clear. Great!! But not. The pc was fast as before but many features, programs and shortcuts didn't response to the mouse click. Can't open programs, etc. by the way I am not an IT but I love pc. I was checking under windows/system32 and there is a dllhost.exe file and its properties looks good. But there is another one dllhost.exe under windows/syswow64 and that one looks weird, properties different, permissions and security details looks bad. When the permission under security tab in the prperties of the files are denied works fine but then no response to certainly features and programs but if I change the permission and allow everything those features works but COM Surrogate begin to consume high memory. Also I check the same files on my wife's pc and both dllhost.exe are in those location windows system32 and syswow64 but looks perfect and works perfect. I hope you can understand and appreciate your help and support. Thanks a lot in advanced.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.