Jump to content

Removing Infected Item Crashes Computer


akmoler
 Share

Recommended Posts

Hello,

 

Apologies if this is in the wrong section. Haven't trawled through the search results as well as I probably should have.  Anyway, here's what's up:

 

Running both a quick scan and a full scan yields the discovery of the following:
 

Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\hola_net (PUP.Optional.Hola) -> No action taken.
 
Files Detected: 2
C:\Users\Alex Moler\AppData\Local\Temp\ct2504091\ism.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Alex Moler\Local Settings\Temporary Internet Files\Content.IE5\X3ENAQ7R\ism[1].exe (PUP.Optional.Conduit.A) -> No action taken.

 

 

Now, I remove the infected item and restart my computer. Windows boots and I log in. Once I log in, I get a black screen with only my active mouse. I can go to the Task Manager via Ctrl Alt Delete and find that no applications are running and nearly all of my Services are stopped. I force shut down, reboot from safemode and reload from a backup point from a few days ago. Everything runs peachy for the most part, except for the occasional momentarily freeze up. I've done this process a few times. I found the Hola installer on my computer, but deleting that didn't change the results of the scan. 

 

So, what's up? False positive? More steps needed to clean it out? I've poked around a bit and found steps for the Conduit issue, but nothing so far with the Hola issue. At one point, I successfully deleted Conduit and restarted with no issue; it seems removing Hola is the problem. 

Link to post
Share on other sites

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin..

Link to post
Share on other sites

Kevin, thanks for the quick response. The results:

 

FRST.txt

 

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Absolute Software) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Adobe Systems Incorporated) c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\CxUtilSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio3.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
(Absolute Software) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Dell Products, LP.) c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2894640 2012-03-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [QuickSet] - c:\Program Files\Dell\QuickSet\QuickSet.exe [5729648 2012-02-07] (Dell Inc.)
HKLM\...\Run: [intelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [smartAudio] - C:\Program Files\CONEXANT\SA3\SACpl.exe [1654400 2012-02-21] (Conexant Systems, Inc.)
HKLM\...\Run: [bLEServicesCtrl] - C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [bTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj [483424 2012-02-01] ()
HKLM\...\Run: [stage Remote] - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [intelliType Pro] - c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [intelliPoint] - c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Alex Moler\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-30] (Google Inc.)
HKCU\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKCU\...\Run: [Facebook Update] - C:\Users\Alex Moler\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-04-06] (Facebook Inc.)
HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19876968 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [HP Officejet 7500 E910 (NET)] - C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [startCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2012-03-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - c:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] ()
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NeroLauncher] - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [66872 2012-03-10] ()
HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj [2835443 2012-02-01] ()
HKLM-x32\...\Run: [Absolute Notifier] - C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe [85672 2011-05-10] (Absolute Software)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [577536 2012-05-09] (Creative Technology Ltd)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
SearchScopes: HKLM - DefaultScope {1B2FBBDA-575C-418C-B771-E9BC62AA4E42} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope {1B2FBBDA-575C-418C-B771-E9BC62AA4E42} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {1B2FBBDA-575C-418C-B771-E9BC62AA4E42} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Chrome IE Tab) - C:\Users\Alex Moler\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\5.8.13.1_0\plugin/blackfishietab.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Alex Moler\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Users\Alex Moler\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0
CHR Extension: (Google Search) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Right-Click Search Wikipedia) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\eikmpmafdimllogceehaijmnlndineje\0.9_0
CHR Extension: (Facebook Disconnect) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0
CHR Extension: (AdBlock) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.7_0
CHR Extension: (IE Tab) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\5.8.13.1_0
CHR Extension: (Reddit Enhancement Suite) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.0.1_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
 
==================== Services (Whitelisted) =================
 
R2 AbsoluteNotifier; C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [10920 2011-05-10] (Absolute Software)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2012-05-18] (Conexant Systems, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-12-27] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [32896 2012-03-20] (Advanced Micro Devices, Inc.)
S1 hola_net; C:\Windows\System32\DRIVERS\hola_net.sys [86512 2013-02-15] (Hola Networks Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-19 09:37 - 2013-09-19 09:37 - 01950594 _____ (Farbar) C:\Users\Alex Moler\Downloads\FRST64.exe
2013-09-19 09:37 - 2013-09-19 09:37 - 00000000 ____D C:\FRST
2013-09-19 01:22 - 2013-09-19 01:35 - 00000000 ____D C:\Users\Alex Moler\Downloads\CCleaner
2013-09-19 01:17 - 2013-09-19 01:35 - 00000000 ____D C:\Program Files\CCleaner
2013-09-13 00:51 - 2013-09-13 00:51 - 04751752 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-09-12 08:37 - 2013-09-12 08:37 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-12 00:49 - 2013-08-10 00:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 00:49 - 2013-08-10 00:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 00:49 - 2013-08-10 00:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 00:49 - 2013-08-09 22:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 00:49 - 2013-08-09 22:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 00:49 - 2013-08-09 22:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 00:49 - 2013-08-09 22:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 00:48 - 2013-08-10 00:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 00:48 - 2013-08-10 00:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 00:48 - 2013-08-10 00:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 00:48 - 2013-08-10 00:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 00:48 - 2013-08-10 00:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 00:48 - 2013-08-10 00:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 00:48 - 2013-08-10 00:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 00:48 - 2013-08-10 00:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 00:48 - 2013-08-10 00:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 00:48 - 2013-08-10 00:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 00:48 - 2013-08-10 00:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 00:48 - 2013-08-09 22:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 00:48 - 2013-08-09 22:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 00:48 - 2013-08-09 22:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 00:48 - 2013-08-09 22:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 00:48 - 2013-08-09 22:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 00:48 - 2013-08-09 22:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 00:48 - 2013-08-09 22:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 00:48 - 2013-08-09 22:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 00:48 - 2013-08-09 22:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 00:48 - 2013-08-09 22:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 00:48 - 2013-08-09 22:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 00:48 - 2013-08-09 21:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 00:48 - 2013-08-09 21:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 00:39 - 2013-08-07 20:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 00:39 - 2013-08-04 21:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 00:39 - 2013-08-01 21:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 00:39 - 2013-08-01 21:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 00:39 - 2013-08-01 21:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 00:39 - 2013-08-01 21:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 00:39 - 2013-08-01 21:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 00:39 - 2013-08-01 21:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 00:39 - 2013-08-01 21:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 00:39 - 2013-08-01 21:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 00:39 - 2013-08-01 21:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 00:39 - 2013-08-01 20:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 00:39 - 2013-08-01 20:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 00:39 - 2013-08-01 20:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 00:39 - 2013-08-01 20:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 00:39 - 2013-08-01 20:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 00:39 - 2013-08-01 19:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 00:39 - 2013-08-01 19:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 00:39 - 2013-08-01 19:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 00:39 - 2013-08-01 19:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 00:39 - 2013-08-01 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 00:39 - 2013-08-01 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 00:39 - 2013-07-25 21:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 00:39 - 2013-07-25 21:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 00:39 - 2013-07-25 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 00:39 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-08-26 20:42 - 2013-08-26 20:43 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-26 20:42 - 2013-08-26 20:43 - 00000000 ____D C:\Program Files\iTunes
2013-08-26 20:42 - 2013-08-26 20:43 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-26 20:42 - 2013-08-26 20:42 - 00000000 ____D C:\Program Files\iPod
2013-08-26 18:44 - 2013-08-26 18:44 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
 
==================== One Month Modified Files and Folders =======
 
2013-09-19 09:37 - 2013-09-19 09:37 - 01950594 _____ (Farbar) C:\Users\Alex Moler\Downloads\FRST64.exe
2013-09-19 09:37 - 2013-09-19 09:37 - 00000000 ____D C:\FRST
2013-09-19 09:35 - 2013-05-08 11:23 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-19 09:34 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-19 09:34 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-19 09:31 - 2012-08-30 18:30 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2835968529-593628438-4282775179-1000UA.job
2013-09-19 09:31 - 2009-07-14 00:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-19 09:30 - 2012-07-17 01:48 - 01252683 _____ C:\Windows\WindowsUpdate.log
2013-09-19 09:28 - 2012-09-05 19:50 - 00000000 ____D C:\Users\Alex Moler\AppData\Roaming\Skype
2013-09-19 09:28 - 2012-09-05 10:26 - 00017920 _____ C:\Windows\system32\rpcnetp.exe
2013-09-19 09:27 - 2013-05-08 11:23 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-19 09:27 - 2012-09-05 10:27 - 00017920 _____ C:\Windows\SysWOW64\rpcnetp.dll
2013-09-19 09:27 - 2012-08-30 18:44 - 00069792 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2013-09-19 09:27 - 2012-07-17 02:23 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-09-19 09:27 - 2012-07-17 02:23 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-09-19 09:27 - 2012-07-17 02:16 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-09-19 09:27 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-19 09:27 - 2009-07-13 23:51 - 00068761 _____ C:\Windows\setupact.log
2013-09-19 09:26 - 2012-09-05 10:26 - 00017920 _____ C:\Windows\SysWOW64\rpcnetp.exe
2013-09-19 01:54 - 2012-07-17 01:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-19 01:36 - 2013-04-06 16:29 - 00000948 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2835968529-593628438-4282775179-1000UA.job
2013-09-19 01:36 - 2012-08-30 18:18 - 00000000 ____D C:\Users\Alex Moler
2013-09-19 01:35 - 2013-09-19 01:22 - 00000000 ____D C:\Users\Alex Moler\Downloads\CCleaner
2013-09-19 01:35 - 2013-09-19 01:17 - 00000000 ____D C:\Program Files\CCleaner
2013-09-19 01:35 - 2013-06-14 06:39 - 00000000 ____D C:\Windows\Minidump
2013-09-19 01:35 - 2012-09-25 12:41 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-09-19 01:35 - 2012-09-14 22:59 - 00000000 ____D C:\Users\Alex Moler\AppData\Roaming\Azureus
2013-09-19 01:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-09-19 01:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2013-09-19 01:33 - 2012-09-17 12:41 - 00000000 __RHD C:\MSOCache
2013-09-19 01:21 - 2012-09-22 17:19 - 00000000 ____D C:\Users\Alex Moler\Tracing
2013-09-19 01:20 - 2011-02-10 09:02 - 00000000 ____D C:\Windows\panther
2013-09-19 01:13 - 2010-11-21 02:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-17 00:37 - 2012-09-30 08:24 - 00000000 ____D C:\Users\Alex Moler\Documents\Employment
2013-09-15 15:20 - 2012-08-30 18:30 - 00000876 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2835968529-593628438-4282775179-1000Core.job
2013-09-14 22:34 - 2013-04-06 16:29 - 00000926 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2835968529-593628438-4282775179-1000Core.job
2013-09-14 18:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-09-13 01:26 - 2012-07-17 01:49 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-13 01:25 - 2012-07-17 01:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-13 01:25 - 2012-07-17 01:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-13 00:51 - 2013-09-13 00:51 - 04751752 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-09-12 08:37 - 2013-09-12 08:37 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-12 08:34 - 2012-08-30 18:22 - 00000000 ___RD C:\Users\Alex Moler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 08:34 - 2012-08-30 18:22 - 00000000 ___RD C:\Users\Alex Moler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 08:33 - 2009-07-13 23:45 - 00350664 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 08:31 - 2010-11-20 22:47 - 00075380 _____ C:\Windows\PFRO.log
2013-09-12 00:48 - 2013-08-15 03:01 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 00:47 - 2012-09-05 10:31 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-12 00:46 - 2012-09-17 12:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-26 20:43 - 2013-08-26 20:42 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-26 20:43 - 2013-08-26 20:42 - 00000000 ____D C:\Program Files\iTunes
2013-08-26 20:43 - 2013-08-26 20:42 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-26 20:42 - 2013-08-26 20:42 - 00000000 ____D C:\Program Files\iPod
2013-08-26 18:44 - 2013-08-26 18:44 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2013-08-21 01:53 - 2013-05-17 15:56 - 00000000 ____D C:\Users\Alex Moler\AppData\Roaming\vlc
2013-08-20 20:01 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
 
Files to move or delete:
====================
C:\Users\Alex Moler\CTX.DAT
C:\ProgramData\hash.dat
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
 
 
Some content of TEMP:
====================
C:\Users\Alex Moler\AppData\Local\Temp\EAD70CB.exe
C:\Users\Alex Moler\AppData\Local\Temp\EAD7C6F.exe
C:\Users\Alex Moler\AppData\Local\Temp\EADAD1F.exe
C:\Users\Alex Moler\AppData\Local\Temp\EADFC77.exe
C:\Users\Alex Moler\AppData\Local\Temp\i4jdel0.exe
C:\Users\Alex Moler\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Alex Moler\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Alex Moler\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Alex Moler\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Alex Moler\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Alex Moler\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Alex Moler\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Alex Moler\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Alex Moler\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Alex Moler\AppData\Local\Temp\sonarinst.exe
C:\Users\Alex Moler\AppData\Local\Temp\UninstallEADM.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-09-11 11:26
 
==================== End Of Log ============================
 
 
Addition.txt
 
 
 
==================== Installed Programs =======================
 
Absolute Notifier (x32 Version: 1.4.3.10)
Accidental Damage Services Agreement (x32 Version: 2.0.0)
Adobe AIR (x32 Version: 2.6.0.19120)
Adobe Community Help (x32 Version: 3.5.23)
Adobe Digital Editions 2.0 (x32 Version: 2.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.174)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Photoshop Elements 9 (x32 Version: 9.0)
Adobe Premiere Elements 9 (x32 Version: 9.0)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133)
Advanced Audio FX Engine (x32 Version: 1.12.05)
Airline Tycoon - Deluxe (x32)
AMD Accelerated Video Transcoding (Version: 2.00.0002)
AMD APP SDK Runtime (Version: 10.0.898.1)
AMD AVIVO64 Codecs (Version: 12.3.103.20326)
AMD Catalyst Install Manager (Version: 3.0.868.0)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
ArcSoft Panorama Maker 5 (x32 Version: 5.0.1.25)
Banctec Service Agreement (x32 Version: 2.0.0)
Battlefield 3™ (x32 Version: 1.5.0.0)
Battlelog Web Plugins (x32 Version: 2.1.4)
Blio (x32 Version: 2.3.7140)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.0326.310.3601)
Catalyst Control Center InstallProxy (x32 Version: 2012.0326.310.3601)
Catalyst Control Center Localization All (x32 Version: 2012.0326.310.3601)
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0326.310.3601)
CCC Help Chinese Standard (x32 Version: 2012.0326.0309.3601)
CCC Help Chinese Traditional (x32 Version: 2012.0326.0309.3601)
CCC Help Danish (x32 Version: 2012.0326.0309.3601)
CCC Help Dutch (x32 Version: 2012.0326.0309.3601)
CCC Help English (x32 Version: 2012.0326.0309.3601)
CCC Help Finnish (x32 Version: 2012.0326.0309.3601)
CCC Help French (x32 Version: 2012.0326.0309.3601)
CCC Help German (x32 Version: 2012.0326.0309.3601)
CCC Help Italian (x32 Version: 2012.0326.0309.3601)
CCC Help Japanese (x32 Version: 2012.0326.0309.3601)
CCC Help Korean (x32 Version: 2012.0326.0309.3601)
CCC Help Norwegian (x32 Version: 2012.0326.0309.3601)
CCC Help Portuguese (x32 Version: 2012.0326.0309.3601)
CCC Help Russian (x32 Version: 2012.0326.0309.3601)
CCC Help Spanish (x32 Version: 2012.0326.0309.3601)
CCC Help Swedish (x32 Version: 2012.0326.0309.3601)
ccc-utility64 (Version: 2012.0326.310.3601)
Complete Care Business Service Agreement (x32 Version: 2.0.0)
Conexant Maxx Preset (Version: 1.4.0.0)
Conexant SmartAudio HD (Version: 8.54.37.0)
Consumer In-Home Service Agreement (x32 Version: 2.0.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dell Audio (Version: 1.72.0.0)
Dell DataSafe Local Backup - Support Software (x32 Version: 9.4.67)
Dell DataSafe Local Backup (x32 Version: 9.4.67)
Dell DataSafe Online (x32 Version: 2.1.19634)
Dell Digital Delivery (x32 Version: 2.7.1000.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (x32 Version: 1.00.0000)
Dell Home Systems Service Agreement (x32 Version: 2.0.0)
Dell MusicStage (x32 Version: 1.6.225.0)
Dell PhotoStage (x32 Version: 1.5.0.130)
Dell Stage (x32 Version: 1.7.209.0)
Dell Stage Remote (x32 Version: 2.0.0.43)
Dell Support Center (Version: 3.1.5907.16)
Dell Touchpad (Version: 10.3.2.2)
Dell VideoStage  (x32 Version: 1.3.0.2513)
Dell Webcam Central (x32 Version: 2.01.17)
Elements 9 Organizer (x32 Version: 9.0)
Elements STI Installer (x32 Version: 1.0)
ESN Sonar (x32 Version: 0.70.4)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Football Manager 2012 (x32)
Football Manager 2012 Editor (x32)
Google Chrome (HKCU Version: 29.0.1547.66)
Google Drive (x32 Version: 1.11.4865.2530)
Google Update Helper (x32 Version: 1.3.21.153)
High-Definition Video Playback (x32 Version: 7.3.10000.0.0)
HP Officejet 7500 E910 Basic Device Software (Version: 28.0.1315.0)
HP Photo Creations (x32 Version: 1.0.0.9572)
HP Update (x32 Version: 5.005.000.002)
HPDiagnosticAlert (x32 Version: 1.00.0000)
I.R.I.S. OCR (x32 Version: 12.3.4.0)
Install LoJack for Laptops (x32 Version: 1.0.0.39)
Intel PROSet Wireless
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Display Audio Driver (x32 Version: 6.14.00.3090)
Intel® Management Engine Components (x32 Version: 8.0.1.1399)
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed (Version: 15.0.0.0059)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 2.1.1.0191)
Intel® Rapid Storage Technology (x32 Version: 11.1.0.1006)
Intel® Turbo Boost Technology Monitor 2.0 (Version: 2.1.23.0)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.225)
Intel® WiDi (x32 Version: 3.0.13.0)
Intel® Wireless Display
Intel® PROSet/Wireless WiFi Software (Version: 15.00.0000.0642)
Intel® Trusted Connect Service Client (Version: 1.23.219.2)
iTunes (Version: 11.0.5.5)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Mouse and Keyboard Center (Version: 1.1.500.0)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10200.0.0)
Nero Control Center 10 (x32 Version: 10.6.12800.0.8)
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800)
Nero Core Components 10 (x32 Version: 2.0.20500.9.16)
Nero Update (x32 Version: 1.0.0018)
Origin (x32 Version: 9.1.3.2637)
Picture Control Utility (x32 Version: 1.2.2)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
PowerXpressHybrid (x32 Version: 1.00.0000)
Premium Service Agreement (x32 Version: 2.0.0)
PunkBuster Services (x32 Version: 0.991)
Puzzle Pirates (HKCU)
PX Profile Update (x32 Version: 1.00.1.)
QualxServ Service Agreement (x32 Version: 2.0.0)
Quickset64 (Version: 10.14.010)
QuickTime (x32 Version: 7.74.80.86)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7601.39019)
Skype Click to Call (x32 Version: 6.11.13348)
Skype™ 6.6 (x32 Version: 6.6.106)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090)
Steam (x32 Version: 1.0.0.0)
swMSM (x32 Version: 12.0.0.1)
SyncUP (x32 Version: 1.12.11500.11.105)
SyncUP (x32 Version: 10.2.16500)
TrustedID IDMonitor Identity Protection (x32 Version: 1.1.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
VLC media player 2.0.6 (x32 Version: 2.0.6)
Vuze (x32 Version: 5.0.0.0)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
Zinio Reader 4 (x32 Version: 4.2.4164)
 
==================== Restore Points  =========================
 
03-09-2013 15:15:29 Windows Update
06-09-2013 18:33:26 Windows Update
09-09-2013 21:43:42 Windows Update
12-09-2013 05:41:43 Windows Update
16-09-2013 03:33:07 Windows Update
19-09-2013 06:25:52 Windows Update
19-09-2013 06:46:41 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {23CF54A5-2222-4470-9EAB-337CAC1FA5A9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2835968529-593628438-4282775179-1000Core => C:\Users\Alex Moler\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-30] (Google Inc.)
Task: {24FE7EE9-A2B2-4C89-9F27-C50A7617EB42} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)
Task: {2871CD53-2398-41ED-8CAA-8FE874C99C67} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-08] (Google Inc.)
Task: {2A389F95-0F77-4AAA-9ECD-2971D51DBEA9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2835968529-593628438-4282775179-1000UA => C:\Users\Alex Moler\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-30] (Google Inc.)
Task: {4908993A-DE5F-4669-A6D4-6771710564B8} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {4D54B0E3-44C1-4CA4-AA30-5AB11728EBC7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2835968529-593628438-4282775179-1000UA => C:\Users\Alex Moler\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-06] (Facebook Inc.)
Task: {5D981CD5-BAE5-4331-8992-E05C81E16A8F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {96974084-A7C2-4645-AE72-5F0697EB04F3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-13] (Adobe Systems Incorporated)
Task: {99B0A9A4-B959-451E-9726-B6A07D9C604D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation)
Task: {A0AF16DA-860D-4A68-ABB8-2FA802F77788} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)
Task: {ADA35AC4-DD52-4363-9BCF-D7323FAB4939} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C14CAF0C-2836-443C-BE71-33C77680D214} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CEB074D1-0E07-44B3-B650-DE627A0C7348} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation)
Task: {D444FAAC-648C-48DF-BC42-D4EA259D111E} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft)
Task: {EA1E85A7-C084-4E9F-A522-5A6F88333A55} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-08] (Google Inc.)
Task: {FFFF682D-03BE-4B02-A2E6-C0A93EAC70F5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2835968529-593628438-4282775179-1000Core => C:\Users\Alex Moler\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-06] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2835968529-593628438-4282775179-1000Core.job => C:\Users\Alex Moler\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2835968529-593628438-4282775179-1000UA.job => C:\Users\Alex Moler\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2835968529-593628438-4282775179-1000Core.job => C:\Users\Alex Moler\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2835968529-593628438-4282775179-1000UA.job => C:\Users\Alex Moler\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-05-08 10:27 - 2008-09-27 11:52 - 00060928 _____ (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcBmhE.dll
2012-07-17 03:28 - 2012-03-19 18:16 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrENU.lrc
2012-07-17 03:27 - 2012-03-19 18:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-17 02:04 - 2012-04-10 14:42 - 00323712 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio.Core.dll
2012-07-17 02:04 - 2012-03-16 11:50 - 00125568 _____ ( ) C:\Program Files\Conexant\SA3\Interop.CxHDAudioAPILib.dll
2012-07-17 02:04 - 2012-03-16 11:50 - 01256576 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\CxHDAudioAPI.dll
2012-07-17 02:03 - 2012-05-18 03:36 - 00011904 _____ ( ) C:\Program Files\Conexant\SA3\Interop.CxUtilSvcLib.dll
2012-07-17 02:04 - 2012-04-10 14:42 - 00030208 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio.Creative.dll
2012-07-17 02:04 - 2012-04-10 14:42 - 02783360 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio.Dell.dll
2012-07-17 02:04 - 2012-04-10 14:42 - 00448128 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio.Localization.dll
2012-07-17 02:04 - 2012-04-10 14:42 - 00148608 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio.Waves.dll
2012-07-17 02:03 - 2012-04-10 11:38 - 00364544 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\Languages\en-US\SmartAudio.resources.dll
2012-07-17 02:04 - 2012-04-05 14:55 - 00035456 _____ ( ) C:\Program Files\Conexant\SA3\Interop.MaxxAudioWrapperLib.dll
2012-07-17 02:04 - 2012-04-05 14:55 - 00164992 _____ () C:\Program Files\Conexant\SA3\MaxxAudioWrapper.dll
2012-07-17 02:04 - 2012-05-18 03:36 - 00986456 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2012-10-17 04:28 - 2012-10-17 04:28 - 02965096 _____ (TODO: <Company name>) C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationUI.dll
2009-01-20 14:51 - 2009-01-20 14:51 - 00007168 _____ ( ) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atixclib.dll
2012-03-26 03:03 - 2012-03-26 03:03 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-12-13 16:10 - 2011-12-13 16:10 - 00016384 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-03-16 20:28 - 2010-03-16 20:28 - 01926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
2010-03-22 15:52 - 2010-03-22 15:52 - 06776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
2010-03-16 20:28 - 2010-03-16 20:28 - 00635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
2010-03-16 20:28 - 2010-03-16 20:28 - 00326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
2011-06-29 08:52 - 2011-06-29 08:52 - 00077376 _____ (ArcSoft Inc.) C:\Program Files (x86)\Dell\Stage Remote\DMSAdapter.dll
2011-06-27 19:25 - 2011-06-27 19:25 - 00491968 _____ (ArcSoft Inc.) C:\Program Files (x86)\Dell\Stage Remote\DHServerAgent.dll
2011-06-27 19:26 - 2011-06-27 19:26 - 00715400 _____ (ArcSoft Inc.) C:\Program Files (x86)\Dell\Stage Remote\UMediaManager.dll
2011-06-24 23:19 - 2011-06-24 23:19 - 00043584 _____ (ArcSoft Inc.) C:\Program Files (x86)\Dell\Stage Remote\ASDBTool.dll
2011-06-24 23:20 - 2011-06-24 23:20 - 00565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
2011-06-27 19:25 - 2011-06-27 19:25 - 00051264 _____ (ArcSoft Inc.) C:\Program Files (x86)\Dell\Stage Remote\ASTransMgr.dll
2011-06-24 23:19 - 2011-06-24 23:19 - 00043584 _____ (ArcSoft Inc.) C:\Program Files (x86)\Dell\Stage Remote\ASXmlTool.dll
2011-06-27 19:25 - 2011-06-27 19:25 - 00058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
2011-06-24 23:21 - 2011-06-24 23:21 - 00322624 _____ () C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll
2010-03-11 19:52 - 2010-03-11 19:52 - 00028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
2010-03-05 15:07 - 2010-03-05 15:07 - 00031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
2010-03-05 15:07 - 2010-03-05 15:07 - 00125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
2010-03-11 19:52 - 2010-03-11 19:52 - 00225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
2011-05-10 13:37 - 2011-05-10 13:37 - 00007168 _____ (Absolute Software) C:\Program Files (x86)\Absolute Software\Absolute Notifier\Com.Absolute.Common.Agent.Remoting.dll
2013-05-11 10:34 - 2010-10-27 13:17 - 00408128 _____ (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Bin\ArcCon.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00053608 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-30 23:05 - 2011-08-30 23:05 - 00085864 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll
2013-05-08 10:27 - 2009-07-06 07:58 - 00035328 _____ (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Bin\MagCore.dll
2013-05-08 10:27 - 2009-07-06 07:59 - 00055808 _____ (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Bin\MagPCMac.dll
2013-05-08 10:27 - 2009-07-06 07:59 - 00203264 _____ (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Bin\MagUICommon.dll
2013-05-08 10:27 - 2009-07-06 07:58 - 00305664 _____ (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Bin\MagUIEngine.dll
2013-05-08 10:27 - 2009-07-06 07:59 - 00154112 _____ (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Bin\MagUICommonET.dll
2013-05-08 10:27 - 2009-07-06 07:58 - 00092672 _____ (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Bin\MagUIInter.dll
2013-05-08 10:27 - 2009-07-06 07:58 - 00104960 _____ (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Bin\MagUIImage.dll
2013-05-08 10:27 - 2008-08-01 08:31 - 00125440 _____ (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Bin\magPltfm.dll
2010-01-06 20:43 - 2010-01-06 20:43 - 00017408 _____ (ArcSoft Inc.) C:\Program Files (x86)\Dell\Stage Remote\EndPointCtrl.dll
2013-09-03 21:32 - 2013-09-02 15:34 - 47074256 _____ (Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\29.0.1547.66\chrome.dll
2013-09-03 21:33 - 2013-09-02 15:35 - 09962960 _____ (The ICU Project) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\29.0.1547.66\icudt.dll
2013-09-03 21:33 - 2013-09-02 13:46 - 03231688 _____ (Microsoft Corporation) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\29.0.1547.66\D3DCompiler_46.dll
2013-09-03 21:33 - 2013-09-02 15:35 - 00709584 _____ () C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
2013-09-03 21:33 - 2013-09-02 15:35 - 00099792 _____ () C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\29.0.1547.66\libegl.dll
2013-09-03 21:33 - 2013-09-02 15:35 - 04053456 _____ () C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll
2013-09-03 21:33 - 2013-09-02 15:35 - 00410576 _____ () C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
2013-09-03 21:33 - 2013-09-02 15:35 - 02110928 _____ (Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\29.0.1547.66\libpeerconnection.dll
2013-09-03 21:33 - 2013-09-02 15:35 - 01604560 _____ () C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
2013-08-15 03:34 - 2013-08-15 03:34 - 00489472 _____ (Intel Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\591b99d5681c59ed6c5e9544d7def0ea\IAStorUtil.ni.dll
2013-07-11 11:37 - 2013-07-11 11:37 - 00014336 _____ (Intel Corp.) C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\45581138b36fd338c87813390775b65f\IAStorCommon.ni.dll
2013-08-14 12:24 - 2013-08-14 12:24 - 00216576 _____ () C:\Users\Alex Moler\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\5.8.13.1_0\plugin\blackfishietab.dll
 
==================== Alternate Data Streams (whitelisted) ==========
 
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/19/2013 09:27:24 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/19/2013 01:37:34 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/19/2013 01:15:43 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/19/2013 01:11:37 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/18/2013 11:51:52 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2996
 
Error: (09/18/2013 11:51:52 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2996
 
Error: (09/18/2013 11:51:52 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/18/2013 11:51:51 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1997
 
Error: (09/18/2013 11:51:51 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1997
 
Error: (09/18/2013 11:51:51 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (09/19/2013 09:27:24 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
hola_net
 
Error: (09/19/2013 02:00:09 AM) (Source: Service Control Manager) (User: )
Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.
 
Error: (09/19/2013 01:58:01 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (09/19/2013 01:37:34 AM) (Source: Service Control Manager) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated with the following error: 
%%-2147196306
 
Error: (09/19/2013 01:36:44 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
hola_net
 
Error: (09/19/2013 01:36:13 AM) (Source: Microsoft Antimalware) (User: )
Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
 
Signatures Attempted: %24
 
Error Code: 0x80070002
 
Error description: The system cannot find the file specified. 
 
Signature version: 0.0.0.0;0.0.0.0
 
Engine version: %600
 
Error: (09/19/2013 01:32:12 AM) (Source: DCOM) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error: (09/19/2013 01:31:55 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (09/19/2013 01:31:55 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (09/19/2013 01:31:55 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (09/19/2013 09:27:24 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/19/2013 01:37:34 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/19/2013 01:15:43 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/19/2013 01:11:37 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/18/2013 11:51:52 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2996
 
Error: (09/18/2013 11:51:52 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2996
 
Error: (09/18/2013 11:51:52 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/18/2013 11:51:51 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1997
 
Error: (09/18/2013 11:51:51 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1997
 
Error: (09/18/2013 11:51:51 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-09-15 09:37:55.124
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-15 09:31:27.945
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-02 20:03:00.303
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-02 20:02:52.665
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-28 22:32:11.463
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-28 22:29:22.199
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-21 21:13:04.611
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-21 21:11:36.201
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-21 20:38:41.375
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-21 20:38:33.206
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 35%
Total physical RAM: 8094.36 MB
Available physical RAM: 5204.95 MB
Total Pagefile: 16186.89 MB
Available Pagefile: 12708.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:678.79 GB) (Free:480.88 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: D83524CC)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=679 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

The header from FRST.txt is not correct, Run FRST once more and post fresh FRST.txt. I would expect the header to look similar to the follow:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 03
Ran by xxxx (administrator) on xxxx-HP on 17-09-2013 20:59:27
Running from C:\Users\xxxx\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

 

Kevin
 

Link to post
Share on other sites

Seems I didn't copy and paste everything. Here's the rerun. Not sure why it downloads/runs from IE, though, as Chrome is my default. Anyway, here are the results:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-09-2013 01
Ran by Alex Moler (administrator) on ALEXMOLER-PC on 19-09-2013 15:53:26
Running from C:\Users\Alex Moler\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CK7VUOTW
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Absolute Software) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Adobe Systems Incorporated) c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\CxUtilSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio3.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
(Absolute Software) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicator.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Dell Products, LP.) c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2894640 2012-03-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [QuickSet] - c:\Program Files\Dell\QuickSet\QuickSet.exe [5729648 2012-02-07] (Dell Inc.)
HKLM\...\Run: [intelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [smartAudio] - C:\Program Files\CONEXANT\SA3\SACpl.exe [1654400 2012-02-21] (Conexant Systems, Inc.)
HKLM\...\Run: [bLEServicesCtrl] - C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [bTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj [483424 2012-02-01] ()
HKLM\...\Run: [stage Remote] - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [intelliType Pro] - c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [intelliPoint] - c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Alex Moler\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-30] (Google Inc.)
HKCU\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKCU\...\Run: [Facebook Update] - C:\Users\Alex Moler\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-04-06] (Facebook Inc.)
HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19876968 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [HP Officejet 7500 E910 (NET)] - C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [startCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2012-03-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - c:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] ()
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NeroLauncher] - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [66872 2012-03-10] ()
HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj [2835443 2012-02-01] ()
HKLM-x32\...\Run: [Absolute Notifier] - C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe [85672 2011-05-10] (Absolute Software)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [577536 2012-05-09] (Creative Technology Ltd)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
SearchScopes: HKLM - DefaultScope {1B2FBBDA-575C-418C-B771-E9BC62AA4E42} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope {1B2FBBDA-575C-418C-B771-E9BC62AA4E42} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {1B2FBBDA-575C-418C-B771-E9BC62AA4E42} URL = 
SearchScopes: HKCU - {1B2FBBDA-575C-418C-B771-E9BC62AA4E42} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (Chrome IE Tab) - C:\Users\Alex Moler\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\5.8.13.1_0\plugin/blackfishietab.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Alex Moler\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Google Update) - C:\Users\Alex Moler\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Drive) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0
CHR Extension: (Google Search) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Right-Click Search Wikipedia) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\eikmpmafdimllogceehaijmnlndineje\0.9_0
CHR Extension: (Facebook Disconnect) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0
CHR Extension: (AdBlock) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.7_0
CHR Extension: (IE Tab) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\5.8.13.1_0
CHR Extension: (Reddit Enhancement Suite) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.0.1_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
 
==================== Services (Whitelisted) =================
 
R2 AbsoluteNotifier; C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [10920 2011-05-10] (Absolute Software)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2012-05-18] (Conexant Systems, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-12-27] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [32896 2012-03-20] (Advanced Micro Devices, Inc.)
S1 hola_net; C:\Windows\System32\DRIVERS\hola_net.sys [86512 2013-02-15] (Hola Networks Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-19 09:39 - 2013-09-19 09:39 - 00045566 _____ C:\Users\Alex Moler\Downloads\FRST.txt
2013-09-19 09:38 - 2013-09-19 09:39 - 00036817 _____ C:\Users\Alex Moler\Downloads\Addition.txt
2013-09-19 09:37 - 2013-09-19 09:37 - 00000000 ____D C:\FRST
2013-09-19 01:22 - 2013-09-19 01:35 - 00000000 ____D C:\Users\Alex Moler\Downloads\CCleaner
2013-09-19 01:17 - 2013-09-19 01:35 - 00000000 ____D C:\Program Files\CCleaner
2013-09-13 00:51 - 2013-09-13 00:51 - 04751752 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-09-12 08:37 - 2013-09-12 08:37 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-12 00:49 - 2013-08-10 00:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 00:49 - 2013-08-10 00:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 00:49 - 2013-08-10 00:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 00:49 - 2013-08-09 22:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 00:49 - 2013-08-09 22:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 00:49 - 2013-08-09 22:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 00:49 - 2013-08-09 22:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 00:48 - 2013-08-10 00:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 00:48 - 2013-08-10 00:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 00:48 - 2013-08-10 00:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 00:48 - 2013-08-10 00:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 00:48 - 2013-08-10 00:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 00:48 - 2013-08-10 00:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 00:48 - 2013-08-10 00:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 00:48 - 2013-08-10 00:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 00:48 - 2013-08-10 00:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 00:48 - 2013-08-10 00:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 00:48 - 2013-08-10 00:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 00:48 - 2013-08-09 22:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 00:48 - 2013-08-09 22:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 00:48 - 2013-08-09 22:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 00:48 - 2013-08-09 22:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 00:48 - 2013-08-09 22:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 00:48 - 2013-08-09 22:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 00:48 - 2013-08-09 22:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 00:48 - 2013-08-09 22:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 00:48 - 2013-08-09 22:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 00:48 - 2013-08-09 22:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 00:48 - 2013-08-09 22:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 00:48 - 2013-08-09 21:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 00:48 - 2013-08-09 21:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 00:39 - 2013-08-07 20:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 00:39 - 2013-08-04 21:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 00:39 - 2013-08-01 21:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 00:39 - 2013-08-01 21:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 00:39 - 2013-08-01 21:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 00:39 - 2013-08-01 21:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 00:39 - 2013-08-01 21:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 00:39 - 2013-08-01 21:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 00:39 - 2013-08-01 21:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 00:39 - 2013-08-01 21:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 00:39 - 2013-08-01 21:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 00:39 - 2013-08-01 20:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 00:39 - 2013-08-01 20:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 00:39 - 2013-08-01 20:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 00:39 - 2013-08-01 20:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 00:39 - 2013-08-01 20:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 00:39 - 2013-08-01 19:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 00:39 - 2013-08-01 19:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 00:39 - 2013-08-01 19:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 00:39 - 2013-08-01 19:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 00:39 - 2013-08-01 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 00:39 - 2013-08-01 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 00:39 - 2013-07-25 21:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 00:39 - 2013-07-25 21:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 00:39 - 2013-07-25 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 00:39 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-08-26 20:42 - 2013-08-26 20:43 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-26 20:42 - 2013-08-26 20:43 - 00000000 ____D C:\Program Files\iTunes
2013-08-26 20:42 - 2013-08-26 20:43 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-26 20:42 - 2013-08-26 20:42 - 00000000 ____D C:\Program Files\iPod
2013-08-26 18:44 - 2013-08-26 18:44 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
 
==================== One Month Modified Files and Folders =======
 
2013-09-19 15:54 - 2012-07-17 01:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-19 15:35 - 2013-05-08 11:23 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-19 15:31 - 2012-08-30 18:30 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2835968529-593628438-4282775179-1000UA.job
2013-09-19 14:31 - 2012-08-30 18:30 - 00000876 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2835968529-593628438-4282775179-1000Core.job
2013-09-19 13:39 - 2013-04-06 16:29 - 00000948 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2835968529-593628438-4282775179-1000UA.job
2013-09-19 13:39 - 2012-09-05 10:26 - 00017920 _____ C:\Windows\system32\rpcnetp.exe
2013-09-19 12:11 - 2012-07-17 01:48 - 01338813 _____ C:\Windows\WindowsUpdate.log
2013-09-19 11:53 - 2012-09-30 08:24 - 00000000 ____D C:\Users\Alex Moler\Documents\Employment
2013-09-19 09:41 - 2013-05-08 11:23 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-19 09:39 - 2013-09-19 09:39 - 00045566 _____ C:\Users\Alex Moler\Downloads\FRST.txt
2013-09-19 09:39 - 2013-09-19 09:38 - 00036817 _____ C:\Users\Alex Moler\Downloads\Addition.txt
2013-09-19 09:37 - 2013-09-19 09:37 - 00000000 ____D C:\FRST
2013-09-19 09:34 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-19 09:34 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-19 09:31 - 2009-07-14 00:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-19 09:28 - 2012-09-05 19:50 - 00000000 ____D C:\Users\Alex Moler\AppData\Roaming\Skype
2013-09-19 09:27 - 2012-09-05 10:27 - 00017920 _____ C:\Windows\SysWOW64\rpcnetp.dll
2013-09-19 09:27 - 2012-08-30 18:44 - 00069792 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2013-09-19 09:27 - 2012-07-17 02:23 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-09-19 09:27 - 2012-07-17 02:23 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-09-19 09:27 - 2012-07-17 02:16 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-09-19 09:27 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-19 09:27 - 2009-07-13 23:51 - 00068761 _____ C:\Windows\setupact.log
2013-09-19 09:26 - 2012-09-05 10:26 - 00017920 _____ C:\Windows\SysWOW64\rpcnetp.exe
2013-09-19 01:36 - 2012-08-30 18:18 - 00000000 ____D C:\Users\Alex Moler
2013-09-19 01:35 - 2013-09-19 01:22 - 00000000 ____D C:\Users\Alex Moler\Downloads\CCleaner
2013-09-19 01:35 - 2013-09-19 01:17 - 00000000 ____D C:\Program Files\CCleaner
2013-09-19 01:35 - 2013-06-14 06:39 - 00000000 ____D C:\Windows\Minidump
2013-09-19 01:35 - 2012-09-25 12:41 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-09-19 01:35 - 2012-09-14 22:59 - 00000000 ____D C:\Users\Alex Moler\AppData\Roaming\Azureus
2013-09-19 01:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-09-19 01:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2013-09-19 01:33 - 2012-09-17 12:41 - 00000000 __RHD C:\MSOCache
2013-09-19 01:21 - 2012-09-22 17:19 - 00000000 ____D C:\Users\Alex Moler\Tracing
2013-09-19 01:20 - 2011-02-10 09:02 - 00000000 ____D C:\Windows\panther
2013-09-19 01:13 - 2010-11-21 02:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-14 22:34 - 2013-04-06 16:29 - 00000926 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2835968529-593628438-4282775179-1000Core.job
2013-09-14 18:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-09-13 01:26 - 2012-07-17 01:49 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-13 01:25 - 2012-07-17 01:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-13 01:25 - 2012-07-17 01:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-13 00:51 - 2013-09-13 00:51 - 04751752 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-09-12 08:37 - 2013-09-12 08:37 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2013-09-12 08:34 - 2012-08-30 18:22 - 00000000 ___RD C:\Users\Alex Moler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 08:34 - 2012-08-30 18:22 - 00000000 ___RD C:\Users\Alex Moler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 08:33 - 2009-07-13 23:45 - 00350664 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 08:31 - 2010-11-20 22:47 - 00075380 _____ C:\Windows\PFRO.log
2013-09-12 00:48 - 2013-08-15 03:01 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 00:47 - 2012-09-05 10:31 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-12 00:46 - 2012-09-17 12:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-26 20:43 - 2013-08-26 20:42 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-26 20:43 - 2013-08-26 20:42 - 00000000 ____D C:\Program Files\iTunes
2013-08-26 20:43 - 2013-08-26 20:42 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-26 20:42 - 2013-08-26 20:42 - 00000000 ____D C:\Program Files\iPod
2013-08-26 18:44 - 2013-08-26 18:44 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2013-08-21 01:53 - 2013-05-17 15:56 - 00000000 ____D C:\Users\Alex Moler\AppData\Roaming\vlc
2013-08-20 20:01 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
 
Files to move or delete:
====================
C:\Users\Alex Moler\CTX.DAT
C:\ProgramData\hash.dat
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
 
 
Some content of TEMP:
====================
C:\Users\Alex Moler\AppData\Local\Temp\EAD70CB.exe
C:\Users\Alex Moler\AppData\Local\Temp\EAD7C6F.exe
C:\Users\Alex Moler\AppData\Local\Temp\EADAD1F.exe
C:\Users\Alex Moler\AppData\Local\Temp\EADFC77.exe
C:\Users\Alex Moler\AppData\Local\Temp\i4jdel0.exe
C:\Users\Alex Moler\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Alex Moler\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Alex Moler\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Alex Moler\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Alex Moler\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Alex Moler\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Alex Moler\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Alex Moler\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Alex Moler\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Alex Moler\AppData\Local\Temp\sonarinst.exe
C:\Users\Alex Moler\AppData\Local\Temp\UninstallEADM.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-09-11 11:26
 
==================== End Of Log ============================
Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if  Malwarebytes is not installed:

 

Download Malwarebytes from one of the following links and save it to your desktop.:

 

 

http://www.malwarebytes.org/mbam.php 

]

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

 

Double Click mbam-setup.exe to install the application.


Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

 

Let me see those logs...

 

Kevin

fixlist.txt

Link to post
Share on other sites

After completing the AdwCleaner process, I restarted my computer as prompted. However, I can no longer run anything from the Start menu. Furthermore, MSEssentials was disabled and I cannot access Malwarebytes. Here is the Fixlog and the AdwCleaner log. 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-09-2013 01
Ran by Alex Moler at 2013-09-19 16:24:28 Run:1
Running from C:\Users\Alex Moler\Downloads\Malware\FRST
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
S1 hola_net; C:\Windows\System32\DRIVERS\hola_net.sys [86512 2013-02-15] (Hola Networks Ltd.)
C:\Windows\System32\DRIVERS\hola_net.sys
C:\Users\Alex Moler\CTX.DAT
C:\ProgramData\hash.dat
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\Alex Moler\AppData\Local\Temp\EAD70CB.exe
C:\Users\Alex Moler\AppData\Local\Temp\EAD7C6F.exe
C:\Users\Alex Moler\AppData\Local\Temp\EADAD1F.exe
C:\Users\Alex Moler\AppData\Local\Temp\EADFC77.exe
C:\Users\Alex Moler\AppData\Local\Temp\i4jdel0.exe
C:\Users\Alex Moler\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Alex Moler\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Alex Moler\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Alex Moler\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Alex Moler\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Alex Moler\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Alex Moler\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Alex Moler\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Alex Moler\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Alex Moler\AppData\Local\Temp\sonarinst.exe
C:\Users\Alex Moler\AppData\Local\Temp\UninstallEADM.dll
End
 
*****************
 
hola_net => Service deleted successfully.
C:\Windows\System32\DRIVERS\hola_net.sys => Moved successfully.
C:\Users\Alex Moler\CTX.DAT => Moved successfully.
C:\ProgramData\hash.dat => Moved successfully.
C:\ProgramData\PKP_DLes.DAT => Moved successfully.
C:\ProgramData\PKP_DLet.DAT => Moved successfully.
C:\ProgramData\PKP_DLev.DAT => Moved successfully.
C:\Users\Alex Moler\AppData\Local\Temp\EAD70CB.exe => Moved successfully.
C:\Users\Alex Moler\AppData\Local\Temp\EAD7C6F.exe => Moved successfully.
C:\Users\Alex Moler\AppData\Local\Temp\EADAD1F.exe => Moved successfully.
C:\Users\Alex Moler\AppData\Local\Temp\EADFC77.exe => Moved successfully.
C:\Users\Alex Moler\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
C:\Users\Alex Moler\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe => Moved successfully.
C:\Users\Alex Moler\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe => Moved successfully.
C:\Users\Alex Moler\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.
C:\Users\Alex Moler\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\Alex Moler\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\Alex Moler\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Alex Moler\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe => Moved successfully.
C:\Users\Alex Moler\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe => Moved successfully.
C:\Users\Alex Moler\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Alex Moler\AppData\Local\Temp\sonarinst.exe => Moved successfully.
C:\Users\Alex Moler\AppData\Local\Temp\UninstallEADM.dll => Moved successfully.
 
==== End of Fixlog ====
 
# AdwCleaner v3.004 - Report created 19/09/2013 at 16:29:39
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Alex Moler - ALEXMOLER-PC
# Running from : C:\Users\Alex Moler\Downloads\Malware\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\END
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16686
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Alex Moler\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1911 octets] - [19/09/2013 16:25:30]
AdwCleaner[s0].txt - [1803 octets] - [19/09/2013 16:29:39]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1863 octets] ##########
 
Link to post
Share on other sites

Ran MB, cleaned out two PUPs. Had the same issue upon restart where things wouldn't load correctly. Second restart cleared it up and it looks like everything ran fine. Ran MB for a second time and nothing came up. Thanks again for the help. Here's the MB log:

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.19.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Alex Moler :: ALEXMOLER-PC [administrator]
 
Protection: Enabled
 
19-Sep-13 6:18:13 PM
mbam-log-2013-09-19 (18-18-13).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203104
Time elapsed: 3 minute(s), 55 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 2
C:\Users\Alex Moler\AppData\Local\Temp\ct2504091\ism.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Alex Moler\Local Settings\Temporary Internet Files\Content.IE5\X3ENAQ7R\ism[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
 
(end)
Link to post
Share on other sites

OK we to run an online AV scan to ensure we`ve missed nothing:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scan from ESET.

 

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

 

When the scan is complete

 

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

 

If threats were found

 

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish

 

close program

 

copy and paste the report here

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Let me see those two logs, also tell me you have any remaining issues or concerns..

 

Kevin

Link to post
Share on other sites

ESET log:

 

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\Users\Alex Moler\Music\DatPiff\Cruel Summer (2012) - GOOD Music - 320 kbps_secure.exe Win32/TopMedia.A application
 
SecurityCheck:
 
 Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 25  
 Adobe Flash Player 11.8.800.168  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Google Chrome 29.0.1547.62  
 Google Chrome 29.0.1547.66  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Alex Moler Downloads Malware SecurityCheck.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
Link to post
Share on other sites

The ESET entries are OK,

 

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

 

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

 

Untick the option for McAfee security scanner if offered.

 

Download and install.

 

Having the latest updates ensures there are no security vulnerabilities in your system.

 

How is your system responding now, any remaining issues or concerns? Run quick scan with Malwarebytes and post log..

Link to post
Share on other sites

Cheers, yeah, updated Adobe once I saw that. What's with the ESET entries? No worries because they are for 32bit? Or false positives? Anyway, the computer seems to be running fine. Again, when I restarted it after updating Adobe, programs did not open once I logged in. Again, a second restart cleared it all up, with everything loading as it should have. Here's the quickscan:

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.19.08
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Alex Moler :: ALEXMOLER-PC [administrator]
 
Protection: Enabled
 
20-Sep-13 4:29:30 PM
mbam-log-2013-09-20 (16-29-30).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203642
Time elapsed: 5 minute(s), 22 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

Apologies I make a mistake on the ESET entries, the first two Dell entries are OK, the third entry not so, is suspicious...

Do the following:

Download OTM from either of the following links and save to your Desktop:

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Filles

    :Filesipconfig /flushdns /cC:\Users\Alex Moler\Music\DatPiff\Cruel Summer (2012) - GOOD Music - 320 kbps_secure.exeC:\FRST:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Kevin...

Link to post
Share on other sites

Rebooted once, no desktop. Second reboot saw everything load fine. Here's the log:

 

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Alex Moler\Downloads\Malware\cmd.bat deleted successfully.
C:\Users\Alex Moler\Downloads\Malware\cmd.txt deleted successfully.
C:\Users\Alex Moler\Music\DatPiff\Cruel Summer (2012) - GOOD Music - 320 kbps_secure.exe moved successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives\Users\00000002 folder moved successfully.
C:\FRST\Hives\Users\00000001 folder moved successfully.
C:\FRST\Hives\Users folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Alex Moler
->Temp folder emptied: 354170394 bytes
->Temporary Internet Files folder emptied: 282701612 bytes
->Java cache emptied: 12952994 bytes
->Google Chrome cache emptied: 360133587 bytes
->Flash cache emptied: 57683 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4798210 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 38493 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42321377 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1,008.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 09202013_175915
 
Files moved on Reboot...
C:\Users\Alex Moler\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
 
Registry entries deleted on Reboot...
 
Link to post
Share on other sites

OK do the following:

 

Uninstall adwcleaner.exe

  •   Please close all open programs and internet browsers.
  •   Double click on adwcleaner.exe to run the tool.
  •   Click on Uninstall
  • Click Yes at Would you like to Uninstall Adwcleaner

 

Next,

 

Remove ESET online scanner  (Only If installed):

 


Click Start, type Uninstall a Program into the Search programs and files box, and then press ENTER.
Click to select ESET Online Scanner from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall ESETonline Scanner, only re-boot if prompted.

 

Next,

 

  • Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.
  • Double click OTC_Icon.jpg icon to start the program.
    If you are using Vista or Windows 7 accept UAC
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
  • This will remove tools we have used and itself.

 

Any tools/logs remaining on the Desktop can be deleted.

 

Next,

 

Create a new restore point:

 

   1. Right-click on Computer and go to Properties.

   2. Next click on the System Protection link.

   3. The System Properties dialog screen opens up and you will want to click on Create.

   4. Type in a description for the restore point which will help you remember the point at which it was created. Click on create.

   5. You should see the message "The restore point was created successfully

 

To remove all but the most recent restore point do the following:

 

   1.      Open Disk Cleanup by clicking the Start button 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33.jpg. In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.

   2.      If prompted, select the drive that you want to clean up, and then click OK.

   3.      In the Disk Cleanup for (usually C:\) dialog box, click Clean up system files. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

   4.      If prompted, select the drive that you want to clean up, and then click OK.

   5.      Click the More Options tab, under System Restore and Shadow Copies, click Clean up.

   6.      In the Disk Cleanup dialog box, click Delete.

   7.      Click Delete Files, and then click OK. Re-Boot your PC.

 

Let me know if those steps complete OK, also if any remaining issues or concerns...

 

Kevin..

Link to post
Share on other sites

Kevin,

 

Followed these steps. Didn't go too well initially. After the Disc Clean Up, multiple attempts to reboot my computer failed for the most part. Windows boots and I'm able to log on, but all applications fail to load. Trying to launch anything from the start menu results in that menu freezing. I tried rebooting a second time, as that has worked so far; however, this also was unsuccessful. Two more attempts to reboot were equally unsuccessful. I then booted in Safe Mode and relaunched from the newly created safe point. This reboot succeeded. 

Link to post
Share on other sites

Download Services Repair tool, available here - http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe and Save it to your Desktop. Right click on it and select Run As Administrator, follow the prompts. It should reboot when it finishes. If not reboot it yourself.

 

Is the issue cleared after a reboot?

Link to post
Share on other sites

Unsuccessful. Since I ran that, I haven't been able to boot completely successfully. Two restarts, two safe shutdowns, each time I logged in I faced the same issue with applications not loading/start menu freezing/etc. I tried booting from safe mode and using my system restore point. I attempted this twice, equally unsuccessful. After two restarts and a safe shutdown, I was able to reach this point where Chrome and a few other applications run; however, all applications that should be starting up still do not start up. One potential concern - MSE shows that real time protection is enabled on the "settings" screen, but the PC is still "at risk". Trying to turn on protection from the home screen results in a time out. 

Link to post
Share on other sites

OK, obviously still problems with the system, lets run FRST again. If it will  not run from normal mode maybe best to run via recovery environment, try normal first if no i`ll post the other instructions...

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin

Link to post
Share on other sites

Bizarrely enough - I downloaded FRST and when attempting to run it, computer froze. I shut down the computer safely and upon rebooting, everything loaded without issue. I ran FRST and here are the results:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2013
Ran by Alex Moler (administrator) on ALEXMOLER-PC on 21-09-2013 11:10:53
Running from C:\Users\Alex Moler\Downloads\Malware
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Absolute Software) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Adobe Systems Incorporated) c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\CxUtilSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel® Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Update\GoogleUpdate.exe
(Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio3.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
() C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Absolute Software) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicator.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Dell Products, LP.) c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2894640 2012-03-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [QuickSet] - c:\Program Files\Dell\QuickSet\QuickSet.exe [5729648 2012-02-07] (Dell Inc.)
HKLM\...\Run: [intelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [smartAudio] - C:\Program Files\CONEXANT\SA3\SACpl.exe [1654400 2012-02-21] (Conexant Systems, Inc.)
HKLM\...\Run: [bLEServicesCtrl] - C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [bTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj [483424 2012-02-01] ()
HKLM\...\Run: [stage Remote] - C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [intelliType Pro] - c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [intelliPoint] - c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Alex Moler\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-30] (Google Inc.)
HKCU\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKCU\...\Run: [Facebook Update] - C:\Users\Alex Moler\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-04-06] (Facebook Inc.)
HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19876968 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [HP Officejet 7500 E910 (NET)] - C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [startCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2012-03-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - c:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] ()
HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [x]
HKLM-x32\...\Run: [NeroLauncher] - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [66872 2012-03-10] ()
HKLM-x32\...\Run: [AccuWeatherWidget] - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj [2835443 2012-02-01] ()
HKLM-x32\...\Run: [Absolute Notifier] - C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe [85672 2011-05-10] (Absolute Software)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [577536 2012-05-09] (Creative Technology Ltd)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
SearchScopes: HKLM - DefaultScope {1B2FBBDA-575C-418C-B771-E9BC62AA4E42} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {1B2FBBDA-575C-418C-B771-E9BC62AA4E42} URL = 
SearchScopes: HKCU - {1B2FBBDA-575C-418C-B771-E9BC62AA4E42} URL = 
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR Extension: (Google Drive) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0
CHR Extension: (Google Search) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Right-Click Search Wikipedia) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\eikmpmafdimllogceehaijmnlndineje\0.9_0
CHR Extension: (Facebook Disconnect) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0
CHR Extension: (AdBlock) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.7_0
CHR Extension: (IE Tab) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\5.8.13.1_0
CHR Extension: (Reddit Enhancement Suite) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.0.1_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\ALEXMO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
 
==================== Services (Whitelisted) =================
 
R2 AbsoluteNotifier; C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [10920 2011-05-10] (Absolute Software)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2012-05-18] (Conexant Systems, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-12-27] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [32896 2012-03-20] (Advanced Micro Devices, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-21 11:10 - 2013-09-21 11:10 - 00000000 ____D C:\FRST
2013-09-21 09:53 - 2013-09-21 09:53 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-09-20 23:16 - 2013-07-22 23:16 - 00000032 ____R C:\ProgramData\hash.dat
2013-09-20 16:22 - 2013-09-20 16:22 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-19 16:22 - 2013-09-21 11:00 - 00000000 ____D C:\Users\Alex Moler\Downloads\Malware
2013-09-19 01:22 - 2013-09-19 01:35 - 00000000 ____D C:\Users\Alex Moler\Downloads\CCleaner
2013-09-19 01:17 - 2013-09-19 01:35 - 00000000 ____D C:\Program Files\CCleaner
2013-09-12 00:49 - 2013-08-10 00:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 00:49 - 2013-08-10 00:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 00:49 - 2013-08-10 00:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 00:49 - 2013-08-09 22:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 00:49 - 2013-08-09 22:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 00:49 - 2013-08-09 22:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 00:49 - 2013-08-09 22:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 00:48 - 2013-08-10 00:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 00:48 - 2013-08-10 00:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 00:48 - 2013-08-10 00:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 00:48 - 2013-08-10 00:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 00:48 - 2013-08-10 00:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 00:48 - 2013-08-10 00:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 00:48 - 2013-08-10 00:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 00:48 - 2013-08-10 00:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 00:48 - 2013-08-10 00:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 00:48 - 2013-08-10 00:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 00:48 - 2013-08-10 00:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 00:48 - 2013-08-09 22:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 00:48 - 2013-08-09 22:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 00:48 - 2013-08-09 22:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 00:48 - 2013-08-09 22:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 00:48 - 2013-08-09 22:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 00:48 - 2013-08-09 22:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 00:48 - 2013-08-09 22:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 00:48 - 2013-08-09 22:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 00:48 - 2013-08-09 22:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 00:48 - 2013-08-09 22:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 00:48 - 2013-08-09 22:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 00:48 - 2013-08-09 21:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 00:48 - 2013-08-09 21:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 00:39 - 2013-08-07 20:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 00:39 - 2013-08-04 21:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 00:39 - 2013-08-01 21:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 00:39 - 2013-08-01 21:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 00:39 - 2013-08-01 21:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 00:39 - 2013-08-01 21:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 00:39 - 2013-08-01 21:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 00:39 - 2013-08-01 21:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 00:39 - 2013-08-01 21:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 00:39 - 2013-08-01 21:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 00:39 - 2013-08-01 21:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 00:39 - 2013-08-01 20:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 00:39 - 2013-08-01 20:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 00:39 - 2013-08-01 20:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 00:39 - 2013-08-01 20:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 00:39 - 2013-08-01 20:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 00:39 - 2013-08-01 19:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 00:39 - 2013-08-01 19:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 00:39 - 2013-08-01 19:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 00:39 - 2013-08-01 19:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 00:39 - 2013-08-01 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 00:39 - 2013-08-01 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 00:39 - 2013-08-01 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 00:39 - 2013-07-25 21:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 00:39 - 2013-07-25 21:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 00:39 - 2013-07-25 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 00:39 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-08-26 20:42 - 2013-08-26 20:43 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-26 20:42 - 2013-08-26 20:43 - 00000000 ____D C:\Program Files\iTunes
2013-08-26 20:42 - 2013-08-26 20:43 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-26 20:42 - 2013-08-26 20:42 - 00000000 ____D C:\Program Files\iPod
2013-08-26 18:44 - 2013-08-26 18:44 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
 
==================== One Month Modified Files and Folders =======
 
2013-09-21 11:11 - 2012-07-17 01:48 - 01566152 _____ C:\Windows\WindowsUpdate.log
2013-09-21 11:10 - 2013-09-21 11:10 - 00000000 ____D C:\FRST
2013-09-21 11:09 - 2012-09-05 10:26 - 00017920 _____ C:\Windows\system32\rpcnetp.exe
2013-09-21 11:08 - 2012-09-05 19:50 - 00000000 ____D C:\Users\Alex Moler\AppData\Roaming\Skype
2013-09-21 11:07 - 2013-05-08 11:23 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-21 11:07 - 2012-09-05 10:27 - 00017920 _____ C:\Windows\SysWOW64\rpcnetp.dll
2013-09-21 11:07 - 2012-08-30 18:44 - 00069792 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2013-09-21 11:07 - 2012-07-17 02:23 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-09-21 11:07 - 2012-07-17 02:23 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-09-21 11:07 - 2012-07-17 02:16 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-09-21 11:06 - 2012-07-17 01:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-21 11:06 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-21 11:06 - 2009-07-13 23:51 - 00070648 _____ C:\Windows\setupact.log
2013-09-21 11:05 - 2012-09-05 10:26 - 00017920 _____ C:\Windows\SysWOW64\rpcnetp.exe
2013-09-21 11:00 - 2013-09-19 16:22 - 00000000 ____D C:\Users\Alex Moler\Downloads\Malware
2013-09-21 10:15 - 2012-08-30 18:18 - 00000000 ____D C:\Users\Alex Moler
2013-09-21 10:14 - 2012-08-30 18:31 - 00000000 ____D C:\Users\Alex Moler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-09-21 10:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-09-21 09:53 - 2013-09-21 09:53 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-09-21 09:37 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-21 09:37 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-21 00:05 - 2012-09-30 08:24 - 00000000 ____D C:\Users\Alex Moler\Documents\Employment
2013-09-20 18:35 - 2013-05-08 11:23 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-20 18:31 - 2012-08-30 18:30 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2835968529-593628438-4282775179-1000UA.job
2013-09-20 18:15 - 2009-07-14 00:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-20 16:34 - 2013-04-06 16:29 - 00000948 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2835968529-593628438-4282775179-1000UA.job
2013-09-20 16:25 - 2010-11-20 22:47 - 00077094 _____ C:\Windows\PFRO.log
2013-09-20 16:23 - 2012-08-30 18:23 - 00000000 ____D C:\Users\Alex Moler\AppData\Local\Adobe
2013-09-20 16:22 - 2013-09-20 16:22 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-09-20 16:22 - 2012-07-17 02:30 - 00000000 ____D C:\ProgramData\Adobe
2013-09-20 16:22 - 2012-07-17 02:29 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-09-20 14:31 - 2012-08-30 18:30 - 00000876 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2835968529-593628438-4282775179-1000Core.job
2013-09-20 09:54 - 2012-07-17 01:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-20 09:54 - 2012-07-17 01:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-20 09:54 - 2012-07-17 01:49 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-19 22:34 - 2013-04-06 16:29 - 00000926 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2835968529-593628438-4282775179-1000Core.job
2013-09-19 01:35 - 2013-09-19 01:22 - 00000000 ____D C:\Users\Alex Moler\Downloads\CCleaner
2013-09-19 01:35 - 2013-09-19 01:17 - 00000000 ____D C:\Program Files\CCleaner
2013-09-19 01:35 - 2013-06-14 06:39 - 00000000 ____D C:\Windows\Minidump
2013-09-19 01:35 - 2012-09-25 12:41 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2013-09-19 01:35 - 2012-09-14 22:59 - 00000000 ____D C:\Users\Alex Moler\AppData\Roaming\Azureus
2013-09-19 01:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2013-09-19 01:33 - 2012-09-17 12:41 - 00000000 __RHD C:\MSOCache
2013-09-19 01:21 - 2012-09-22 17:19 - 00000000 ____D C:\Users\Alex Moler\Tracing
2013-09-19 01:20 - 2011-02-10 09:02 - 00000000 ____D C:\Windows\panther
2013-09-19 01:13 - 2010-11-21 02:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-14 18:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-09-12 08:34 - 2012-08-30 18:22 - 00000000 ___RD C:\Users\Alex Moler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 08:34 - 2012-08-30 18:22 - 00000000 ___RD C:\Users\Alex Moler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 08:33 - 2009-07-13 23:45 - 00350664 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 00:48 - 2013-08-15 03:01 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 00:47 - 2012-09-05 10:31 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-12 00:46 - 2012-09-17 12:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-26 20:43 - 2013-08-26 20:42 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-26 20:43 - 2013-08-26 20:42 - 00000000 ____D C:\Program Files\iTunes
2013-08-26 20:43 - 2013-08-26 20:42 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-26 20:42 - 2013-08-26 20:42 - 00000000 ____D C:\Program Files\iPod
2013-08-26 18:44 - 2013-08-26 18:44 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
Some content of TEMP:
====================
C:\Users\Alex Moler\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-09-11 11:26
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2013
Ran by Alex Moler at 2013-09-21 11:11:41
Running from C:\Users\Alex Moler\Downloads\Malware
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs ======================
 
Absolute Notifier (x32 Version: 1.4.3.10)
Accidental Damage Services Agreement (x32 Version: 2.0.0)
Adobe AIR (x32 Version: 2.6.0.19120)
Adobe Community Help (x32 Version: 3.5.23)
Adobe Digital Editions 2.0 (x32 Version: 2.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Photoshop Elements 9 (x32 Version: 9.0)
Adobe Premiere Elements 9 (x32 Version: 9.0)
Adobe Reader XI (11.0.04) (x32 Version: 11.0.04)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133)
Advanced Audio FX Engine (x32 Version: 1.12.05)
Airline Tycoon - Deluxe (x32)
AMD Accelerated Video Transcoding (Version: 2.00.0002)
AMD APP SDK Runtime (Version: 10.0.898.1)
AMD AVIVO64 Codecs (Version: 12.3.103.20326)
AMD Catalyst Install Manager (Version: 3.0.868.0)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
ArcSoft Panorama Maker 5 (x32 Version: 5.0.1.25)
Banctec Service Agreement (x32 Version: 2.0.0)
Battlefield 3™ (x32 Version: 1.5.0.0)
Battlelog Web Plugins (x32 Version: 2.1.4)
Blio (x32 Version: 2.3.7140)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.0326.310.3601)
Catalyst Control Center InstallProxy (x32 Version: 2012.0326.310.3601)
Catalyst Control Center Localization All (x32 Version: 2012.0326.310.3601)
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0326.310.3601)
CCC Help Chinese Standard (x32 Version: 2012.0326.0309.3601)
CCC Help Chinese Traditional (x32 Version: 2012.0326.0309.3601)
CCC Help Danish (x32 Version: 2012.0326.0309.3601)
CCC Help Dutch (x32 Version: 2012.0326.0309.3601)
CCC Help English (x32 Version: 2012.0326.0309.3601)
CCC Help Finnish (x32 Version: 2012.0326.0309.3601)
CCC Help French (x32 Version: 2012.0326.0309.3601)
CCC Help German (x32 Version: 2012.0326.0309.3601)
CCC Help Italian (x32 Version: 2012.0326.0309.3601)
CCC Help Japanese (x32 Version: 2012.0326.0309.3601)
CCC Help Korean (x32 Version: 2012.0326.0309.3601)
CCC Help Norwegian (x32 Version: 2012.0326.0309.3601)
CCC Help Portuguese (x32 Version: 2012.0326.0309.3601)
CCC Help Russian (x32 Version: 2012.0326.0309.3601)
CCC Help Spanish (x32 Version: 2012.0326.0309.3601)
CCC Help Swedish (x32 Version: 2012.0326.0309.3601)
ccc-utility64 (Version: 2012.0326.310.3601)
Complete Care Business Service Agreement (x32 Version: 2.0.0)
Conexant Maxx Preset (Version: 1.4.0.0)
Conexant SmartAudio HD (Version: 8.54.37.0)
Consumer In-Home Service Agreement (x32 Version: 2.0.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dell Audio (Version: 1.72.0.0)
Dell DataSafe Local Backup - Support Software (x32 Version: 9.4.67)
Dell DataSafe Local Backup (x32 Version: 9.4.67)
Dell DataSafe Online (x32 Version: 2.1.19634)
Dell Digital Delivery (x32 Version: 2.7.1000.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (x32 Version: 1.00.0000)
Dell Home Systems Service Agreement (x32 Version: 2.0.0)
Dell MusicStage (x32 Version: 1.6.225.0)
Dell PhotoStage (x32 Version: 1.5.0.130)
Dell Stage (x32 Version: 1.7.209.0)
Dell Stage Remote (x32 Version: 2.0.0.43)
Dell Support Center (Version: 3.1.5907.16)
Dell Touchpad (Version: 10.3.2.2)
Dell VideoStage  (x32 Version: 1.3.0.2513)
Dell Webcam Central (x32 Version: 2.01.17)
Elements 9 Organizer (x32 Version: 9.0)
Elements STI Installer (x32 Version: 1.0)
ESN Sonar (x32 Version: 0.70.4)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Football Manager 2012 (x32)
Football Manager 2012 Editor (x32)
Google Chrome (HKCU Version: 29.0.1547.66)
Google Drive (x32 Version: 1.11.4865.2530)
High-Definition Video Playback (x32 Version: 7.3.10000.0.0)
HP Officejet 7500 E910 Basic Device Software (Version: 28.0.1315.0)
HP Photo Creations (x32 Version: 1.0.0.9572)
HP Update (x32 Version: 5.005.000.002)
HPDiagnosticAlert (x32 Version: 1.00.0000)
I.R.I.S. OCR (x32 Version: 12.3.4.0)
Install LoJack for Laptops (x32 Version: 1.0.0.39)
Intel PROSet Wireless
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Display Audio Driver (x32 Version: 6.14.00.3090)
Intel® Management Engine Components (x32 Version: 8.0.1.1399)
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed (Version: 15.0.0.0059)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 2.1.1.0191)
Intel® Rapid Storage Technology (x32 Version: 11.1.0.1006)
Intel® Turbo Boost Technology Monitor 2.0 (Version: 2.1.23.0)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.225)
Intel® WiDi (x32 Version: 3.0.13.0)
Intel® Wireless Display
Intel® PROSet/Wireless WiFi Software (Version: 15.00.0000.0642)
Intel® Trusted Connect Service Client (Version: 1.23.219.2)
iTunes (Version: 11.0.5.5)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Mouse and Keyboard Center (Version: 1.1.500.0)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10200.0.0)
Nero Control Center 10 (x32 Version: 10.6.12800.0.8)
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.2.10800)
Nero Core Components 10 (x32 Version: 2.0.20500.9.16)
Nero Update (x32 Version: 1.0.0018)
Origin (x32 Version: 9.1.3.2637)
Picture Control Utility (x32 Version: 1.2.2)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
PowerXpressHybrid (x32 Version: 1.00.0000)
Premium Service Agreement (x32 Version: 2.0.0)
PunkBuster Services (x32 Version: 0.991)
Puzzle Pirates (HKCU)
PX Profile Update (x32 Version: 1.00.1.)
QualxServ Service Agreement (x32 Version: 2.0.0)
Quickset64 (Version: 10.14.010)
QuickTime (x32 Version: 7.74.80.86)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7601.39019)
Skype Click to Call (x32 Version: 6.11.13348)
Skype™ 6.6 (x32 Version: 6.6.106)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090)
Steam (x32 Version: 1.0.0.0)
swMSM (x32 Version: 12.0.0.1)
SyncUP (x32 Version: 1.12.11500.11.105)
SyncUP (x32 Version: 10.2.16500)
TrustedID IDMonitor Identity Protection (x32 Version: 1.1.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
VLC media player 2.0.6 (x32 Version: 2.0.6)
Vuze (x32 Version: 5.0.0.0)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
Zinio Reader 4 (x32 Version: 4.2.4164)
 
==================== Restore Points  =========================
 
20-09-2013 23:34:50 Post MalwareForums Advice Sept 20
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {23CF54A5-2222-4470-9EAB-337CAC1FA5A9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2835968529-593628438-4282775179-1000Core => C:\Users\Alex Moler\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-30] (Google Inc.)
Task: {2871CD53-2398-41ED-8CAA-8FE874C99C67} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-08] (Google Inc.)
Task: {2A389F95-0F77-4AAA-9ECD-2971D51DBEA9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2835968529-593628438-4282775179-1000UA => C:\Users\Alex Moler\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-30] (Google Inc.)
Task: {4908993A-DE5F-4669-A6D4-6771710564B8} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {4D54B0E3-44C1-4CA4-AA30-5AB11728EBC7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2835968529-593628438-4282775179-1000UA => C:\Users\Alex Moler\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-06] (Facebook Inc.)
Task: {5D981CD5-BAE5-4331-8992-E05C81E16A8F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {7DF7B4AD-615A-4E0D-854D-C763AF5383BD} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)
Task: {85D58465-DDAB-4155-9B0E-A584A4581833} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)
Task: {96974084-A7C2-4645-AE72-5F0697EB04F3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-20] (Adobe Systems Incorporated)
Task: {99B0A9A4-B959-451E-9726-B6A07D9C604D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation)
Task: {ADA35AC4-DD52-4363-9BCF-D7323FAB4939} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C14CAF0C-2836-443C-BE71-33C77680D214} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CEB074D1-0E07-44B3-B650-DE627A0C7348} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation)
Task: {D444FAAC-648C-48DF-BC42-D4EA259D111E} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft)
Task: {EA1E85A7-C084-4E9F-A522-5A6F88333A55} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-08] (Google Inc.)
Task: {FFFF682D-03BE-4B02-A2E6-C0A93EAC70F5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2835968529-593628438-4282775179-1000Core => C:\Users\Alex Moler\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-06] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2835968529-593628438-4282775179-1000Core.job => C:\Users\Alex Moler\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2835968529-593628438-4282775179-1000UA.job => C:\Users\Alex Moler\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2835968529-593628438-4282775179-1000Core.job => C:\Users\Alex Moler\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2835968529-593628438-4282775179-1000UA.job => C:\Users\Alex Moler\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-05-22 18:56 - 2012-06-09 13:20 - 00196096 _____ (Alexander Roshal) C:\Program Files\WinRAR\rarext.dll
2012-07-17 03:28 - 2012-03-19 18:16 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrENU.lrc
2012-07-17 03:27 - 2012-03-19 18:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-17 02:04 - 2012-04-10 14:42 - 00323712 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio.Core.dll
2012-07-17 02:04 - 2012-03-16 11:50 - 00125568 _____ ( ) C:\Program Files\Conexant\SA3\Interop.CxHDAudioAPILib.dll
2012-07-17 02:04 - 2012-03-16 11:50 - 01256576 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\CxHDAudioAPI.dll
2012-07-17 02:03 - 2012-05-18 03:36 - 00011904 _____ ( ) C:\Program Files\Conexant\SA3\Interop.CxUtilSvcLib.dll
2012-07-17 02:04 - 2012-04-10 14:42 - 00030208 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio.Creative.dll
2012-07-17 02:04 - 2012-04-10 14:42 - 02783360 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio.Dell.dll
2012-07-17 02:04 - 2012-04-10 14:42 - 00448128 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio.Localization.dll
2012-07-17 02:04 - 2012-04-10 14:42 - 00148608 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\SmartAudio.Waves.dll
2012-07-17 02:03 - 2012-04-10 11:38 - 00364544 _____ (Conexant Systems, Inc.) C:\Program Files\Conexant\SA3\Languages\en-US\SmartAudio.resources.dll
2012-07-17 02:04 - 2012-04-05 14:55 - 00035456 _____ ( ) C:\Program Files\Conexant\SA3\Interop.MaxxAudioWrapperLib.dll
2012-07-17 02:04 - 2012-04-05 14:55 - 00164992 _____ () C:\Program Files\Conexant\SA3\MaxxAudioWrapper.dll
2012-07-17 02:04 - 2012-05-18 03:36 - 00986456 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2012-10-17 04:28 - 2012-10-17 04:28 - 02965096 _____ (TODO: <Company name>) C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationUI.dll
2010-03-16 20:28 - 2010-03-16 20:28 - 01926144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
2010-03-22 15:52 - 2010-03-22 15:52 - 06776832 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
2010-03-16 20:28 - 2010-03-16 20:28 - 00635904 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
2010-03-16 20:28 - 2010-03-16 20:28 - 00326144 _____ () C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
2011-06-24 23:20 - 2011-06-24 23:20 - 00565968 _____ () C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
2011-06-27 19:25 - 2011-06-27 19:25 - 00058944 _____ () C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
2011-06-24 23:21 - 2011-06-24 23:21 - 00322624 _____ () C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll
2010-03-11 19:52 - 2010-03-11 19:52 - 00028160 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
2010-03-05 15:07 - 2010-03-05 15:07 - 00031744 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
2010-03-05 15:07 - 2010-03-05 15:07 - 00125952 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
2010-03-11 19:52 - 2010-03-11 19:52 - 00225280 _____ () C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
2013-07-12 14:26 - 2013-07-12 14:26 - 00853896 ____T (Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Update\1.3.21.153\goopdate.dll
2011-05-10 13:37 - 2011-05-10 13:37 - 00007168 _____ (Absolute Software) C:\Program Files (x86)\Absolute Software\Absolute Notifier\Com.Absolute.Common.Agent.Remoting.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00053608 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-15 03:34 - 2013-08-15 03:34 - 00489472 _____ (Intel Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\591b99d5681c59ed6c5e9544d7def0ea\IAStorUtil.ni.dll
2013-07-11 11:37 - 2013-07-11 11:37 - 00014336 _____ (Intel Corp.) C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\45581138b36fd338c87813390775b65f\IAStorCommon.ni.dll
2013-09-03 21:32 - 2013-09-02 15:34 - 47074256 _____ (Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\29.0.1547.66\chrome.dll
2013-09-03 21:33 - 2013-09-02 15:35 - 09962960 _____ (The ICU Project) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\29.0.1547.66\icudt.dll
2013-09-03 21:33 - 2013-09-02 13:46 - 03231688 _____ (Microsoft Corporation) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\29.0.1547.66\D3DCompiler_46.dll
2013-09-03 21:33 - 2013-09-02 15:35 - 00709584 _____ () C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
2013-09-03 21:33 - 2013-09-02 15:35 - 00099792 _____ () C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\29.0.1547.66\libegl.dll
2013-09-03 21:33 - 2013-09-02 15:35 - 04053456 _____ () C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll
2013-09-03 21:33 - 2013-09-02 15:35 - 00410576 _____ () C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
2013-09-03 21:33 - 2013-09-02 15:35 - 02110928 _____ (Google Inc.) C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\29.0.1547.66\libpeerconnection.dll
2013-09-03 21:33 - 2013-09-02 15:35 - 01604560 _____ () C:\Users\Alex Moler\AppData\Local\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
2013-08-14 12:24 - 2013-08-14 12:24 - 00216576 _____ () C:\Users\Alex Moler\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\5.8.13.1_0\plugin\blackfishietab.dll
 
==================== Alternate Data Streams (whitelisted) ======
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/21/2013 11:08:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/21/2013 10:29:26 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/21/2013 10:10:43 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/21/2013 09:30:41 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/20/2013 07:20:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/20/2013 06:30:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/20/2013 06:11:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/20/2013 04:27:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/20/2013 03:39:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1045
 
Error: (09/20/2013 03:39:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1045
 
 
System errors:
=============
Error: (09/21/2013 11:05:09 AM) (Source: Service Control Manager) (User: )
Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.
 
Error: (09/21/2013 10:43:51 AM) (Source: Service Control Manager) (User: )
Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.
 
Error: (09/21/2013 10:40:12 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (09/21/2013 10:40:12 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (09/21/2013 10:40:12 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (09/21/2013 10:40:12 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (09/21/2013 10:40:12 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (09/21/2013 10:40:11 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (09/21/2013 10:40:10 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (09/21/2013 10:40:10 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
 
Microsoft Office Sessions:
=========================
Error: (09/21/2013 11:08:05 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/21/2013 10:29:26 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/21/2013 10:10:43 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/21/2013 09:30:41 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/20/2013 07:20:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/20/2013 06:30:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/20/2013 06:11:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/20/2013 04:27:54 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/20/2013 03:39:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1045
 
Error: (09/20/2013 03:39:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1045
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-09-15 09:37:55.124
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-15 09:31:27.945
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-02 20:03:00.303
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-09-02 20:02:52.665
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-28 22:32:11.463
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-28 22:29:22.199
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-21 21:13:04.611
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-21 21:11:36.201
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-21 20:38:41.375
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-08-21 20:38:33.206
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\MaxxAudioAPOShell64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 39%
Total physical RAM: 8094.36 MB
Available physical RAM: 4909.9 MB
Total Pagefile: 16186.89 MB
Available Pagefile: 12635.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:678.79 GB) (Free:488.92 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: D83524CC)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=679 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Let me see those logs, re-boot a couple of times and see if the issue still happens...

 

Kevin

fixlist.txt

Link to post
Share on other sites

Rebooting now, but here are the logs:

 

FRST:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-09-2013
Ran by Alex Moler at 2013-09-21 11:34:35 Run:1
Running from C:\Users\Alex Moler\Downloads\Malware
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
C:\ProgramData\hash.dat
C:\Users\Alex Moler\AppData\Local\Temp\Quarantine.exe
End
 
*****************
 
C:\ProgramData\hash.dat => Moved successfully.
C:\Users\Alex Moler\AppData\Local\Temp\Quarantine.exe => Moved successfully.
 
==== End of Fixlog ====
 
 Results of screen317's Security Check version 0.99.73  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 25  
 Adobe Flash Player 11.8.800.168  
 Adobe Reader XI  
 Google Chrome 29.0.1547.62  
 Google Chrome 29.0.1547.66  
 Google Chrome 29.0.1547.76  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.