Jump to content

dllhost.exe infected?


Recommended Posts

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.45.2
Run by Woody at 21:44:28 on 2013-10-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.10220.5184 [GMT -5:00]
.
AV: GFI Software VIPRE *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: GFI Software VIPRE *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe
C:\Program Files\IDT\WDM\beats64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\mswinext.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe
C:\Program Files\IDT\WDM\beats64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\mswinext.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [sBAMTray] "C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe



TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3E8B3286-1F0D-4852-A8A2-E27730911DA4} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [beatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-10-15 89600]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-4 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-4 701512]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-10-15 1127448]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 SBAMSvc;VIPRE Antivirus;C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [2013-4-18 3680512]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2013-4-16 88432]
R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [2013-4-18 175936]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-3-30 378472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-15 2656280]
R3 HCW723x;Hauppauge WinTV 723x PCIe Card;C:\Windows\System32\drivers\HCW723x.sys [2011-10-15 1799552]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-12-26 25928]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-10-15 1041760]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-10-15 412776]
R3 sbwtis;sbwtis;C:\Windows\System32\drivers\sbwtis.sys [2013-4-12 88864]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 tihub3;TI USB3 Hub Service;C:\Windows\System32\drivers\tihub3.sys [2011-10-15 125552]
R3 tixhci;TI XHCI Service;C:\Windows\System32\drivers\tixhci.sys [2011-10-15 382024]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/10/15 02:47:45;C:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [2011-1-25 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2012-12-14 41032]
S3 gfiutil;gfiutil;C:\Windows\System32\drivers\gfiutil.sys [2013-6-18 31264]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-28 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-10-19 00:31:30 -------- d-----w- C:\Users\Woody\AppData\Roaming\Malwarebytes
2013-10-19 00:03:12 -------- d-----w- C:\Users\Woody\AppData\Roaming\GFI Software
2013-10-19 00:03:11 -------- d-----w- C:\Users\Woody\AppData\Local\PDFC
2013-10-19 00:03:10 -------- d-----w- C:\Users\Woody\AppData\Local\Adobe
2013-10-17 00:57:40 -------- d-----w- C:\ProgramData\Oracle
2013-10-17 00:56:05 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-16 22:52:27 -------- d-sh--w- C:\found.000
2013-10-16 02:11:39 -------- d-----w- C:\ProgramData\LogMeIn
2013-10-09 09:04:51 633856 ----a-w- C:\Windows\System32\comctl32.dll
2013-09-23 23:46:21 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2013-09-23 23:46:21 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2013-09-23 23:46:21 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2013-09-23 23:46:21 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
.
==================== Find3M  ====================
.
2013-10-08 19:22:07 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 19:22:07 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-04 19:57:42 31264 ----a-w- C:\Windows\System32\drivers\gfiutil.sys
2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-08-01 12:09:36 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
.
============= FINISH: 21:44:59.20 ===============

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/26/2011 1:33:46 PM
System Uptime: 10/17/2013 3:56:45 AM (42 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | 2AB5
Processor: Intel® Core i7-2600 CPU @ 3.40GHz | CPU 1 | 1598/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1386 GiB total, 1220.636 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.421 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP141: 10/16/2013 7:50:25 PM - Removed LogMeIn Hamachi
RP142: 10/16/2013 7:54:31 PM - Installed Java 7 Update 45
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe CS6 Design and Web Premium
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Help Manager
Adobe Photoshop CS6
Adobe Widget Browser
Adobe® Content Viewer
Agatha Christie - Peril at End House
ARMA 2
ARMA 2: Operation Arrowhead
Ask Toolbar
Ask Toolbar Updater
BattlEye for OA Uninstall
BattlEye Uninstall
Bejeweled 2 Deluxe
Bejeweled 3
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Build-a-lot 2
Cake Mania
Chuzzle Deluxe
CyberLink PowerDVD 10
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Farm Frenzy
FATE - The Traitor Soul
Hewlett-Packard ACLM.NET v1.2.1.1
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Games
HP Keyboard
HP LinkUp
HP MediaSmart/TouchSmart Netflix
HP MovieStore
HP Odometer
HP Remote Solution
HP Setup
HP Setup Manager
HP Support Assistant
HP Support Information
HP Update
HP Vision Hardware Diagnostics
Hulu Desktop
IDT Audio
Intel® Management Engine Components
Java 7 Update 45
Java Auto Updater
Java 6 Update 31
Junk Mail filter update
Kobo
LabelPrint
League of Legends
Mah Jong Medley
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mumble 1.2.3
Mystery P.I. - Stolen in San Francisco
Namco All-Stars PAC-MAN
Norton Online Backup
NVIDIA 3D Vision Driver 267.95
NVIDIA Control Panel 267.95
NVIDIA Graphics Driver 267.95
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
Pando Media Booster
PDF Complete Special Edition
PDF Settings CS6
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PressReader
Recovery Manager
Remote Graphics Receiver
RoxioNow Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Sid Meier's Civilization V
Skype™ 6.6
Slingo Supreme
Star Wars: The Old Republic
Steam
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update Installer for WildTangent Games App
VIPRE Antivirus
Virtual Villagers 4 - The Tree of Life
Warframe
Wheel of Fortune 2
WildTangent Games App
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.11 (64-bit)
World of Warcraft
Zinio Reader 4
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
10/18/2013 7:09:36 PM, Error: Service Control Manager [7000]  - The SeaPort service failed to start due to the following error:  The system cannot find the file specified.
10/18/2013 7:04:18 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "2" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
10/16/2013 9:38:53 PM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
10/16/2013 9:28:35 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
10/16/2013 9:28:34 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/16/2013 9:28:34 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/16/2013 9:28:32 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
10/16/2013 9:28:32 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/16/2013 9:28:31 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/16/2013 9:28:25 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/16/2013 9:27:27 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
10/16/2013 9:27:27 PM, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The dependency service or group failed to start.
10/16/2013 9:27:25 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
10/16/2013 9:27:25 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
10/16/2013 9:27:25 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
10/16/2013 9:27:25 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
10/16/2013 9:27:25 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
10/16/2013 9:27:25 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
10/16/2013 9:27:25 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
10/16/2013 9:27:25 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
10/16/2013 9:27:25 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
10/16/2013 9:27:25 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
10/14/2013 9:41:10 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {B77C4C36-0154-4C52-AB49-FAA03837E47F}  and APPID  {EA022610-0748-4C24-B229-6C507EBDFDBB}  to the user Mack-Gaming-HP\Mack SID (S-1-5-21-519769292-367529180-4234122669-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/14/2013 7:23:28 PM, Error: NetBT [4321]  - The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.14. The computer with the IP address 192.168.1.4 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================
 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin....

Link to post
Share on other sites

# AdwCleaner v3.008 - Report created 19/10/2013 at 13:16:04
# Updated 17/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Woody - MACK-GAMING-HP
# Running from : C:\Users\Woody\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Woody\AppData\LocalLow\AskToolbar

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

*************************

AdwCleaner[R0].txt - [10063 octets] - [19/10/2013 12:16:33]
AdwCleaner[R1].txt - [821 octets] - [19/10/2013 13:15:28]
AdwCleaner[s0].txt - [10230 octets] - [19/10/2013 12:21:19]
AdwCleaner[s1].txt - [747 octets] - [19/10/2013 13:16:04]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [806 octets] ##########

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-10-2013
Ran by Woody (administrator) on MACK-GAMING-HP on 19-10-2013 13:22:40
Running from C:\Users\Woody\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [beatsOSDApp] - C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-21] (Hewlett-Packard )
HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [835072 2011-01-26] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [HP Remote Solution] - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)
HKLM-x32\...\Run: [bATINDICATOR] - C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
HKLM-x32\...\Run: [LaunchHPOSIAPP] - C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [switchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [sBAMTray] - C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe [3155776 2013-04-18] (ThreatTrack Security, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Mack\...\Run: [steam] - C:\Program Files (x86)\Steam\steam.exe [1597864 2013-02-27] (Valve Corporation)
HKU\Mack\...\Run: [AdobeBridge] - [x]
HKU\Mack\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
AppInit_DLLs:        [0 ] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL =
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM - {E40D88A2-CD14-4EEC-9403-CA3A37442687} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {E40D88A2-CD14-4EEC-9403-CA3A37442687} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKCU - {E40D88A2-CD14-4EEC-9403-CA3A37442687} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll No File
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM -  No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM -  No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 -  No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM-x32 -  No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} -  No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU -  No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) =================

S2 CLKMSVC10_38F51D56; c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-01-25] (CyberLink)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 SBAMSvc; C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [3680512 2013-04-18] (ThreatTrack Security, Inc.)
R2 SBPIMSvc; C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [175936 2013-04-18] (ThreatTrack Security, Inc.)
S2 SeaPort; "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R3 HCW723x; C:\Windows\System32\DRIVERS\HCW723x.sys [1799552 2009-12-15] (Hauppauge Computer Works, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88432 2013-04-16] (ThreatTrack Security, Inc.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-19 13:22 - 2013-10-19 13:22 - 00000000 ____D C:\FRST
2013-10-19 13:21 - 2013-10-19 13:21 - 01954548 _____ (Farbar) C:\Users\Woody\Desktop\FRST64.exe
2013-10-19 12:15 - 2013-10-19 13:16 - 00000000 ____D C:\AdwCleaner
2013-10-19 12:15 - 2013-10-19 12:15 - 01050644 _____ C:\Users\Woody\Desktop\AdwCleaner.exe
2013-10-19 12:10 - 2013-10-19 12:10 - 00000000 ____D C:\Users\Woody\hpremote
2013-10-19 12:10 - 2013-10-19 12:10 - 00000000 ____D C:\Users\Woody\AppData\Roaming\Hewlett-Packard
2013-10-18 22:30 - 2013-10-19 12:10 - 00000000 ____D C:\Users\Woody\AppData\Roaming\Skype
2013-10-18 22:30 - 2013-10-18 22:30 - 00000000 ____D C:\Users\Woody\AppData\Roaming\LolClient
2013-10-18 21:45 - 2013-10-18 21:45 - 00013682 _____ C:\Users\Woody\Desktop\attach.txt
2013-10-18 21:45 - 2013-10-18 21:44 - 00021350 _____ C:\Users\Woody\Desktop\dds.txt
2013-10-18 21:42 - 2013-10-18 21:42 - 00688992 ____R (Swearware) C:\Users\Woody\Desktop\dds.scr
2013-10-18 19:31 - 2013-10-18 19:31 - 00000000 ____D C:\Users\Woody\AppData\Roaming\Malwarebytes
2013-10-18 19:30 - 2013-10-18 19:30 - 00002600 _____ C:\Users\Woody\Desktop\Rkill.txt
2013-10-18 19:30 - 2013-10-18 19:30 - 00000000 ____D C:\Users\Woody\Desktop\rkill
2013-10-18 19:03 - 2013-10-18 19:03 - 00000000 ____D C:\Users\Woody\AppData\Roaming\GFI Software
2013-10-18 19:03 - 2013-10-18 19:03 - 00000000 ____D C:\Users\Woody\AppData\Local\PDFC
2013-10-18 19:03 - 2013-10-18 19:03 - 00000000 ____D C:\Users\Woody\AppData\Local\Adobe
2013-10-18 19:02 - 2013-10-18 19:03 - 00000000 ___RD C:\Users\Woody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-18 19:02 - 2013-10-18 19:03 - 00000000 ___RD C:\Users\Woody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-18 19:02 - 2013-10-18 19:03 - 00000000 ____D C:\Users\Woody\AppData\Roaming\Adobe
2013-10-18 19:02 - 2013-10-18 19:02 - 00001415 _____ C:\Users\Woody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-18 19:01 - 2013-10-19 12:10 - 00000000 ____D C:\Users\Woody
2013-10-18 19:01 - 2013-10-18 19:01 - 00000020 ___SH C:\Users\Woody\ntuser.ini
2013-10-18 19:01 - 2013-10-18 19:01 - 00000000 ____D C:\Users\Woody\AppData\Local\VirtualStore
2013-10-18 19:01 - 2011-10-15 04:46 - 00000000 ____D C:\Users\Woody\AppData\Roaming\Macromedia
2013-10-18 19:01 - 2011-10-15 04:39 - 00001974 _____ C:\Users\Woody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hulu Desktop.lnk
2013-10-18 19:01 - 2009-07-13 23:54 - 00000000 ___RD C:\Users\Woody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-10-18 19:01 - 2009-07-13 23:49 - 00000000 ___RD C:\Users\Woody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-10-16 19:57 - 2013-10-16 19:57 - 00000000 ____D C:\ProgramData\Oracle
2013-10-16 19:56 - 2013-10-16 19:55 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-16 19:56 - 2013-10-16 19:55 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-16 19:56 - 2013-10-16 19:55 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-16 19:56 - 2013-10-16 19:55 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-16 18:05 - 2013-10-16 18:05 - 00001520 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2013-10-16 17:52 - 2013-10-16 17:52 - 00000000 __SHD C:\found.000
2013-10-15 21:11 - 2013-10-15 21:11 - 00000000 ____D C:\Users\Mack\AppData\Local\LogMeIn
2013-10-15 21:11 - 2013-10-15 21:11 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-14 21:58 - 2013-10-14 21:58 - 24267712 _____ C:\Users\Mack\Documents\Divide.psd
2013-10-14 21:42 - 2013-10-14 21:42 - 33123991 _____ C:\Users\Mack\Documents\big_mountain_hires.psd
2013-10-10 03:10 - 2013-09-22 18:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-10 03:10 - 2013-09-22 18:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-10 03:10 - 2013-09-22 18:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-10 03:10 - 2013-09-22 18:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-10 03:10 - 2013-09-22 18:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-10 03:10 - 2013-09-22 18:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-10 03:10 - 2013-09-22 18:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-10 03:10 - 2013-09-22 18:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-10 03:10 - 2013-09-22 18:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-10 03:10 - 2013-09-22 18:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-10 03:10 - 2013-09-22 18:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-10 03:10 - 2013-09-22 18:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-10 03:10 - 2013-09-22 18:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-10 03:10 - 2013-09-22 17:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 03:10 - 2013-09-22 17:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 03:10 - 2013-09-22 17:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 03:10 - 2013-09-22 17:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 03:10 - 2013-09-22 17:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 03:10 - 2013-09-22 17:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 03:10 - 2013-09-22 17:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 03:10 - 2013-09-22 17:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 03:10 - 2013-09-22 17:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 03:10 - 2013-09-22 17:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 03:10 - 2013-09-22 17:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 03:10 - 2013-09-22 17:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 03:10 - 2013-09-22 17:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 03:10 - 2013-09-22 17:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 03:10 - 2013-09-20 22:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 03:10 - 2013-09-20 22:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-10 03:10 - 2013-09-20 21:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 03:10 - 2013-09-20 21:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 04:04 - 2013-09-13 20:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 04:04 - 2013-09-07 21:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 04:04 - 2013-09-07 21:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 04:04 - 2013-09-07 21:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 04:04 - 2013-09-04 07:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 04:04 - 2013-09-04 07:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 04:04 - 2013-09-04 07:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 04:04 - 2013-09-04 07:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 04:04 - 2013-09-04 07:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 04:04 - 2013-09-04 07:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 04:04 - 2013-09-04 07:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 04:04 - 2013-08-28 21:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 04:04 - 2013-08-28 21:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 04:04 - 2013-08-28 21:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 04:04 - 2013-08-28 21:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 04:04 - 2013-08-28 21:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 04:04 - 2013-08-28 20:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 04:04 - 2013-08-28 20:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 04:04 - 2013-08-28 20:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 04:04 - 2013-08-28 20:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 04:04 - 2013-08-28 20:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 04:04 - 2013-08-28 20:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 04:04 - 2013-08-28 19:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 04:04 - 2013-08-28 19:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 04:04 - 2013-08-28 19:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 04:04 - 2013-08-28 19:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 04:04 - 2013-08-27 20:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 04:04 - 2013-08-27 20:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 04:04 - 2013-08-01 07:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 04:04 - 2013-07-20 05:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 04:04 - 2013-07-20 05:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 04:04 - 2013-07-12 05:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 04:04 - 2013-07-12 05:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 04:04 - 2013-07-04 07:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 04:04 - 2013-07-04 07:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 04:04 - 2013-07-04 07:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 04:04 - 2013-07-04 06:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 04:04 - 2013-07-04 06:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 04:04 - 2013-07-04 06:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 04:04 - 2013-07-04 05:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 04:04 - 2013-07-02 23:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 04:04 - 2013-07-02 23:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 04:04 - 2013-06-25 17:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 04:04 - 2013-06-06 00:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 04:04 - 2013-06-06 00:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 04:04 - 2013-06-06 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 04:04 - 2013-06-06 00:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 04:04 - 2013-06-05 23:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 04:04 - 2013-06-05 23:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 04:04 - 2013-06-05 23:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 04:04 - 2013-06-05 22:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 04:04 - 2013-06-05 22:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 04:04 - 2013-06-05 22:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-09-23 18:46 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-09-23 18:46 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-09-23 18:46 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-09-23 18:46 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-09-23 18:45 - 2013-10-14 21:21 - 00000000 ____D C:\Users\Mack\AppData\Local\Warframe
2013-09-23 18:45 - 2013-09-23 18:45 - 00002311 _____ C:\Users\Mack\Desktop\Warframe.lnk
2013-09-23 18:45 - 2013-09-23 18:45 - 00000000 ____D C:\Users\Mack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe

==================== One Month Modified Files and Folders =======

2013-10-19 13:22 - 2013-10-19 13:22 - 00000000 ____D C:\FRST
2013-10-19 13:21 - 2013-10-19 13:21 - 01954548 _____ (Farbar) C:\Users\Woody\Desktop\FRST64.exe
2013-10-19 13:21 - 2009-07-14 00:13 - 00779724 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-19 13:20 - 2011-12-26 14:33 - 01722240 _____ C:\Windows\WindowsUpdate.log
2013-10-19 13:18 - 2012-05-05 10:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-19 13:17 - 2011-10-15 04:47 - 00000000 ____D C:\ProgramData\PDFC
2013-10-19 13:17 - 2011-10-15 04:29 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-19 13:17 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-19 13:16 - 2013-10-19 12:15 - 00000000 ____D C:\AdwCleaner
2013-10-19 13:16 - 2009-07-13 23:51 - 00051487 _____ C:\Windows\setupact.log
2013-10-19 13:16 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-19 13:16 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-19 13:11 - 2010-11-20 22:47 - 00407746 _____ C:\Windows\PFRO.log
2013-10-19 12:21 - 2012-01-06 23:56 - 00000000 ____D C:\Users\Mack\AppData\Local\CrashDumps
2013-10-19 12:15 - 2013-10-19 12:15 - 01050644 _____ C:\Users\Woody\Desktop\AdwCleaner.exe
2013-10-19 12:10 - 2013-10-19 12:10 - 00000000 ____D C:\Users\Woody\hpremote
2013-10-19 12:10 - 2013-10-19 12:10 - 00000000 ____D C:\Users\Woody\AppData\Roaming\Hewlett-Packard
2013-10-19 12:10 - 2013-10-18 22:30 - 00000000 ____D C:\Users\Woody\AppData\Roaming\Skype
2013-10-19 12:10 - 2013-10-18 19:01 - 00000000 ____D C:\Users\Woody
2013-10-19 02:00 - 2012-08-05 23:12 - 00000000 ____D C:\Users\Mack\AppData\Local\Adobe
2013-10-18 22:31 - 2013-02-13 08:00 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-18 22:31 - 2012-03-01 19:30 - 00000000 ____D C:\ProgramData\Skype
2013-10-18 22:30 - 2013-10-18 22:30 - 00000000 ____D C:\Users\Woody\AppData\Roaming\LolClient
2013-10-18 22:30 - 2012-03-01 19:30 - 00002515 _____ C:\Users\Public\Desktop\Skype.lnk
2013-10-18 21:45 - 2013-10-18 21:45 - 00013682 _____ C:\Users\Woody\Desktop\attach.txt
2013-10-18 21:44 - 2013-10-18 21:45 - 00021350 _____ C:\Users\Woody\Desktop\dds.txt
2013-10-18 21:42 - 2013-10-18 21:42 - 00688992 ____R (Swearware) C:\Users\Woody\Desktop\dds.scr
2013-10-18 19:31 - 2013-10-18 19:31 - 00000000 ____D C:\Users\Woody\AppData\Roaming\Malwarebytes
2013-10-18 19:30 - 2013-10-18 19:30 - 00002600 _____ C:\Users\Woody\Desktop\Rkill.txt
2013-10-18 19:30 - 2013-10-18 19:30 - 00000000 ____D C:\Users\Woody\Desktop\rkill
2013-10-18 19:03 - 2013-10-18 19:03 - 00000000 ____D C:\Users\Woody\AppData\Roaming\GFI Software
2013-10-18 19:03 - 2013-10-18 19:03 - 00000000 ____D C:\Users\Woody\AppData\Local\PDFC
2013-10-18 19:03 - 2013-10-18 19:03 - 00000000 ____D C:\Users\Woody\AppData\Local\Adobe
2013-10-18 19:03 - 2013-10-18 19:02 - 00000000 ___RD C:\Users\Woody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-18 19:03 - 2013-10-18 19:02 - 00000000 ___RD C:\Users\Woody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-18 19:03 - 2013-10-18 19:02 - 00000000 ____D C:\Users\Woody\AppData\Roaming\Adobe
2013-10-18 19:02 - 2013-10-18 19:02 - 00001415 _____ C:\Users\Woody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-18 19:01 - 2013-10-18 19:01 - 00000020 ___SH C:\Users\Woody\ntuser.ini
2013-10-18 19:01 - 2013-10-18 19:01 - 00000000 ____D C:\Users\Woody\AppData\Local\VirtualStore
2013-10-18 18:43 - 2012-03-01 19:30 - 00000000 ____D C:\Users\Mack\AppData\Roaming\Skype
2013-10-18 17:05 - 2013-06-18 18:10 - 00000000 ____D C:\Users\Mack\AppData\Local\PMB Files
2013-10-16 19:57 - 2013-10-16 19:57 - 00000000 ____D C:\ProgramData\Oracle
2013-10-16 19:55 - 2013-10-16 19:56 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-16 19:55 - 2013-10-16 19:56 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-16 19:55 - 2013-10-16 19:56 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-16 19:55 - 2013-10-16 19:56 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-16 19:55 - 2012-04-14 22:58 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-16 18:20 - 2013-01-15 22:08 - 00002028 _____ C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2013-10-16 18:16 - 2012-08-05 23:31 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-10-16 18:14 - 2012-08-05 23:13 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-10-16 18:05 - 2013-10-16 18:05 - 00001520 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2013-10-16 18:05 - 2012-08-05 23:34 - 00000000 ____D C:\Program Files\Adobe
2013-10-16 17:54 - 2011-12-26 14:33 - 00000000 ____D C:\Users\Mack
2013-10-16 17:53 - 2012-11-27 14:20 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForMack.job
2013-10-16 17:52 - 2013-10-16 17:52 - 00000000 __SHD C:\found.000
2013-10-15 21:26 - 2012-11-27 14:20 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMack
2013-10-15 21:25 - 2012-01-10 18:37 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-10-15 21:25 - 2011-12-27 17:54 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-10-15 21:24 - 2011-12-27 17:53 - 00000000 ____D C:\Users\Mack\AppData\Roaming\HP Support Assistant
2013-10-15 21:24 - 2011-12-27 16:05 - 00000000 ____D C:\Users\Mack\AppData\Roaming\HpUpdate
2013-10-15 21:15 - 2013-06-18 18:10 - 00000000 ____D C:\ProgramData\PMB Files
2013-10-15 21:11 - 2013-10-15 21:11 - 00000000 ____D C:\Users\Mack\AppData\Local\LogMeIn
2013-10-15 21:11 - 2013-10-15 21:11 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-14 21:58 - 2013-10-14 21:58 - 24267712 _____ C:\Users\Mack\Documents\Divide.psd
2013-10-14 21:42 - 2013-10-14 21:42 - 33123991 _____ C:\Users\Mack\Documents\big_mountain_hires.psd
2013-10-14 21:21 - 2013-09-23 18:45 - 00000000 ____D C:\Users\Mack\AppData\Local\Warframe
2013-10-12 10:10 - 2012-12-14 04:19 - 00000354 _____ C:\Windows\Tasks\HPCeeScheduleForMACK-GAMING-HP$.job
2013-10-12 10:10 - 2012-07-01 23:04 - 00003230 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMACK-GAMING-HP$
2013-10-10 22:38 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-10-10 03:29 - 2009-07-13 23:45 - 04908944 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-10 03:28 - 2013-03-13 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-10 03:28 - 2013-03-13 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-10 03:08 - 2011-02-11 12:15 - 00773448 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-10 03:06 - 2013-08-14 03:01 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 03:04 - 2013-06-19 23:52 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-08 14:22 - 2012-05-05 10:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 14:22 - 2012-05-05 10:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 14:22 - 2012-05-05 10:49 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-23 18:46 - 2011-10-15 04:48 - 00045710 _____ C:\Windows\DirectX.log
2013-09-23 18:45 - 2013-09-23 18:45 - 00002311 _____ C:\Users\Mack\Desktop\Warframe.lnk
2013-09-23 18:45 - 2013-09-23 18:45 - 00000000 ____D C:\Users\Mack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe
2013-09-22 18:28 - 2013-10-10 03:10 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-22 18:28 - 2013-10-10 03:10 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-22 18:27 - 2013-10-10 03:10 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-22 18:27 - 2013-10-10 03:10 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-22 18:27 - 2013-10-10 03:10 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-22 18:27 - 2013-10-10 03:10 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-22 18:27 - 2013-10-10 03:10 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-22 18:27 - 2013-10-10 03:10 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-22 18:27 - 2013-10-10 03:10 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-22 18:27 - 2013-10-10 03:10 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-22 18:27 - 2013-10-10 03:10 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-22 18:27 - 2013-10-10 03:10 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-22 18:27 - 2013-10-10 03:10 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-22 17:55 - 2013-10-10 03:10 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-22 17:55 - 2013-10-10 03:10 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-22 17:55 - 2013-10-10 03:10 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-22 17:54 - 2013-10-10 03:10 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-22 17:54 - 2013-10-10 03:10 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-22 17:54 - 2013-10-10 03:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-22 17:54 - 2013-10-10 03:10 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-22 17:54 - 2013-10-10 03:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-22 17:54 - 2013-10-10 03:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-22 17:54 - 2013-10-10 03:10 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-22 17:54 - 2013-10-10 03:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-22 17:54 - 2013-10-10 03:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-22 17:54 - 2013-10-10 03:10 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-22 17:54 - 2013-10-10 03:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-20 22:38 - 2013-10-10 03:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-20 22:30 - 2013-10-10 03:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-20 21:48 - 2013-10-10 03:10 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-20 21:39 - 2013-10-10 03:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

Alureon:
C:\Users\Mack\AppData\Local\Temp\smeivxx\srqurid\wow.dll

Files to move or delete:
====================
C:\ProgramData\hash.dat

Some content of TEMP:
====================
C:\Users\Woody\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-10-11 23:53

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-10-2013
Ran by Woody at 2013-10-19 13:23:50
Running from C:\Users\Woody\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: GFI Software VIPRE (Enabled - Up to date) {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: GFI Software VIPRE (Enabled - Up to date) {5BB89C30-6480-BC7C-9F17-199BD76F557A}

==================== Installed Programs ======================

7-Zip 9.20 (x32)
Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.8)
Adobe AIR (x32 Version: 3.8.0.1280)
Adobe CS6 Design and Web Premium (x32 Version: 6)
Adobe Download Assistant (x32 Version: 1.2.3)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Photoshop CS6 (x32 Version: 13.0)
Adobe Widget Browser (x32 Version: 2.0 Build 348)
Adobe Widget Browser (x32 Version: 2.0.348)
Adobe® Content Viewer (x32 Version: 3.3.0)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
ARMA 2 (x32)
ARMA 2: Operation Arrowhead (x32)
BattlEye for OA Uninstall (x32)
BattlEye Uninstall (x32)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Bejeweled 3 (x32 Version: 2.2.0.95)
Bing Bar (x32 Version: 6.0.2282.0)
Bing Bar Platform (x32 Version: 6.0.2282.0)
Bing Rewards Client Installer (x32 Version: 16.0.345.0)
Blackhawk Striker 2 (x32 Version: 2.2.0.95)
Blasterball 3 (x32 Version: 2.2.0.95)
Blio (x32 Version: 2.2.6699)
Bounce Symphony (x32 Version: 2.2.0.95)
Build-a-lot 2 (x32 Version: 2.2.0.95)
Cake Mania (x32 Version: 2.2.0.95)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
CyberLink PowerDVD 10 (x32 Version: 10.0.1.2615)
D3DX10 (x32 Version: 15.4.2368.0902)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
Dora's World Adventure (x32 Version: 2.2.0.95)
Farm Frenzy (x32 Version: 2.2.0.95)
FATE - The Traitor Soul (x32 Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Games (x32 Version: 1.0.2.4)
HP Keyboard (x32 Version: 1.5.0.4)
HP LinkUp (x32 Version: 2.01.026)
HP MediaSmart/TouchSmart Netflix (x32 Version: 1.0.6.0)
HP MovieStore (x32 Version: 1.0.045)
HP MovieStore (x32 Version: 2.0)
HP Odometer (x32 Version: 2.10.0000)
HP Remote Solution (x32 Version: 1.1.14.0)
HP Setup (x32 Version: 8.6.4530.3651)
HP Setup Manager (x32 Version: 1.1.13253.3682)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Support Information (x32 Version: 10.1.1000)
HP Update (x32 Version: 5.002.003.003)
HP Vision Hardware Diagnostics (Version: 2.5.0.0)
Hulu Desktop (HKCU Version: 0.9.13)
IDT Audio (x32 Version: 1.0.6325.0)
Intel® Management Engine Components (x32 Version: 7.0.0.1144)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Java 6 Update 31 (x32 Version: 6.0.310)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kobo (x32 Version: 1.6)
LabelPrint (x32 Version: 2.5.3609)
League of Legends (x32 Version: 3.0.0)
Mah Jong Medley (x32 Version: 2.2.0.95)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (x32 Version: 2.2.114.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000)
Microsoft Search Enhancement Pack (x32 Version: 3.0.131.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Mumble 1.2.3 (x32 Version: 1.2.3)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95)
Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95)
Norton Online Backup (x32 Version: 2.1.17869)
NVIDIA 3D Vision Driver 267.95 (Version: 267.95)
NVIDIA Control Panel 267.95 (Version: 267.95)
NVIDIA Graphics Driver 267.95 (Version: 267.95)
NVIDIA Install Application (Version: 2.265.41.0)
NVIDIA PhysX (x32 Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6795)
Pando Media Booster (x32 Version: 2.6.0.7)
PDF Complete Special Edition (x32 Version: 4.0.35)
PDF Settings CS6 (x32 Version: 11.0)
Penguins! (x32 Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
Poker Superstars III (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.95)
Polar Golfer (x32 Version: 2.2.0.95)
Power2Go (x32 Version: 6.1.4817)
PressReader (x32 Version: 5.10.1217.0)
Recovery Manager (x32 Version: 5.5.3621)
Remote Graphics Receiver (x32 Version: 5.4.5)
RoxioNow Player (x32 Version: 1.9.5.103)
Sid Meier's Civilization V (x32)
Skype™ 6.9 (x32 Version: 6.9.106)
Slingo Supreme (x32 Version: 2.2.0.95)
Star Wars: The Old Republic (x32 Version: 1.00)
Steam (x32 Version: 1.0.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update Installer for WildTangent Games App (x32)
VIPRE Antivirus (x32 Version: 6.2.4.7)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95)
Warframe (x32 Version: 1.0.0)
Wheel of Fortune 2 (x32 Version: 2.2.0.95)
WildTangent Games App (x32 Version: 4.0.10.2)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 4.11 (64-bit) (Version: 4.11.0)
World of Warcraft (x32 Version: 5.2.0.16769)
Zinio Reader 4 (x32 Version: 4.0.3184)
Zuma Deluxe (x32 Version: 2.2.0.95)

==================== Restore Points  =========================

17-10-2013 00:50:25 Removed LogMeIn Hamachi
17-10-2013 00:54:31 Installed Java 7 Update 45

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {3916D71B-3A62-4D66-8511-DD43CF8AD1D8} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4CD17A51-4217-4872-9ABD-3DE9E32E576A} - System32\Tasks\HPCeeScheduleForMACK-GAMING-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {6298E022-89A9-49A7-8129-0F65B5861EAD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {68885ADB-5638-4ACF-A1A4-4B6D8B78224F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {736CD329-5F01-46AF-9B87-F92FB1A52751} - System32\Tasks\AdobeAAMUpdater-1.0-Mack-Gaming-HP-Mack => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {77301C0E-482F-4B25-A225-19D0F882D917} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2013-09-17] (Microsoft)
Task: {78F54311-EEEA-4239-B5B1-D64FC562E009} - System32\Tasks\HPOSIAPP64 => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe [2009-02-27] ()
Task: {C4EF016C-AA6F-476C-9870-AA633A86F501} - System32\Tasks\HPCeeScheduleForMack => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {D913D344-C133-404A-B809-E7A00DA941CB} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2010-12-21] (CyberLink)
Task: {F33E47BB-6837-4E5C-8428-DADB78D71208} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {F73D083F-62C0-4506-B520-29AFF3C3F347} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)
Task: {F9EE2342-87BF-4BE7-AAB0-A6DFE596A9B6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {FB78DCDF-8D83-4DA6-922C-67FA3A07C2A9} - \Scheduled Update for Ask Toolbar No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMACK-GAMING-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMack.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2012-10-24 14:38 - 2012-10-24 14:38 - 00160768 _____ () C:\Program Files (x86)\GFI Software\VIPRE\unrar.dll
2011-10-15 04:40 - 2009-02-19 19:22 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\WMINPUT.DLL
2011-12-26 14:54 - 2013-07-05 14:25 - 00190752 _____ () C:\Program Files (x86)\GFI Software\VIPRE\Definitions\libBase64.dll
2011-12-26 14:54 - 2013-07-05 14:25 - 00178464 _____ () C:\Program Files (x86)\GFI Software\VIPRE\Definitions\libMachoUniv.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBPIMSvc => ""="Service"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/19/2013 01:18:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2013 01:13:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2013 00:21:18 PM) (Source: Application Error) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca54
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000004eae0
Faulting process id: 0x53f8
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/19/2013 00:21:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca54
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000004eae0
Faulting process id: 0x29a0
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/19/2013 00:19:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca54
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000004eae0
Faulting process id: 0x3808
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/19/2013 00:19:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca54
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000004eae0
Faulting process id: 0x5954
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/19/2013 00:19:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca54
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000004eae0
Faulting process id: 0x63dc
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/19/2013 00:18:48 PM) (Source: Application Error) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca54
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000004eae0
Faulting process id: 0x2550
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/19/2013 00:18:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca54
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000004eae0
Faulting process id: 0x26c8
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

Error: (10/19/2013 00:18:20 PM) (Source: Application Error) (User: )
Description: Faulting application name: dllhost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca54
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000004eae0
Faulting process id: 0x6088
Faulting application start time: 0xdllhost.exe0
Faulting application path: dllhost.exe1
Faulting module path: dllhost.exe2
Report Id: dllhost.exe3

System errors:
=============
Error: (10/19/2013 01:17:09 PM) (Source: Service Control Manager) (User: )
Description: The SeaPort service failed to start due to the following error:
%%2

Error: (10/19/2013 01:12:07 PM) (Source: Service Control Manager) (User: )
Description: The SeaPort service failed to start due to the following error:
%%2

Error: (10/19/2013 01:11:56 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 1:10:28 PM on ‎10/‎19/‎2013 was unexpected.

Error: (10/19/2013 01:00:58 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.

Error: (10/19/2013 01:00:28 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

Error: (10/19/2013 00:59:58 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.

Error: (10/19/2013 00:59:28 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.

Error: (10/19/2013 00:58:58 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.

Error: (10/19/2013 10:53:19 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Error: (10/19/2013 10:53:19 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Microsoft Office Sessions:
=========================
Error: (10/19/2013 01:18:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2013 01:13:38 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2013 00:21:18 PM) (Source: Application Error)(User: )
Description: dllhost.exe6.1.7600.163854a5bca54ntdll.dll6.1.7601.18247521eaf24c0000005000000000004eae053f801ceccef65136f0aC:\Windows\system32\dllhost.exeC:\Windows\SYSTEM32\ntdll.dlldd0c5aa4-38e2-11e3-8b8b-386077904850

Error: (10/19/2013 00:21:12 PM) (Source: Application Error)(User: )
Description: dllhost.exe6.1.7600.163854a5bca54ntdll.dll6.1.7601.18247521eaf24c0000005000000000004eae029a001cecceeece42157C:\Windows\system32\dllhost.exeC:\Windows\SYSTEM32\ntdll.dlld9712ee2-38e2-11e3-8b8b-386077904850

Error: (10/19/2013 00:19:52 PM) (Source: Application Error)(User: )
Description: dllhost.exe6.1.7600.163854a5bca54ntdll.dll6.1.7601.18247521eaf24c0000005000000000004eae0380801ceccef586820d9C:\Windows\system32\dllhost.exeC:\Windows\SYSTEM32\ntdll.dlla9fa0a93-38e2-11e3-8b8b-386077904850

Error: (10/19/2013 00:19:30 PM) (Source: Application Error)(User: )
Description: dllhost.exe6.1.7600.163854a5bca54ntdll.dll6.1.7601.18247521eaf24c0000005000000000004eae0595401ceccef3a354be5C:\Windows\system32\dllhost.exeC:\Windows\SYSTEM32\ntdll.dll9cd6f3da-38e2-11e3-8b8b-386077904850

Error: (10/19/2013 00:19:19 PM) (Source: Application Error)(User: )
Description: dllhost.exe6.1.7600.163854a5bca54ntdll.dll6.1.7601.18247521eaf24c0000005000000000004eae063dc01ceccef194fd768C:\Windows\system32\dllhost.exeC:\Windows\SYSTEM32\ntdll.dll95edab35-38e2-11e3-8b8b-386077904850

Error: (10/19/2013 00:18:48 PM) (Source: Application Error)(User: )
Description: dllhost.exe6.1.7600.163854a5bca54ntdll.dll6.1.7601.18247521eaf24c0000005000000000004eae0255001cecceeda0805c3C:\Windows\system32\dllhost.exeC:\Windows\SYSTEM32\ntdll.dll83a3be16-38e2-11e3-8b8b-386077904850

Error: (10/19/2013 00:18:25 PM) (Source: Application Error)(User: )
Description: dllhost.exe6.1.7600.163854a5bca54ntdll.dll6.1.7601.18247521eaf24c0000005000000000004eae026c801ceccef11a39fa7C:\Windows\system32\dllhost.exeC:\Windows\SYSTEM32\ntdll.dll75ff2e4a-38e2-11e3-8b8b-386077904850

Error: (10/19/2013 00:18:20 PM) (Source: Application Error)(User: )
Description: dllhost.exe6.1.7600.163854a5bca54ntdll.dll6.1.7601.18247521eaf24c0000005000000000004eae0608801cecceec0fbcca4C:\Windows\system32\dllhost.exeC:\Windows\SYSTEM32\ntdll.dll72c79335-38e2-11e3-8b8b-386077904850

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 10220.31 MB
Available physical RAM: 8244.57 MB
Total Pagefile: 20438.8 MB
Available Pagefile: 18265.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1385.55 GB) (Free:1218.78 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.62 GB) (Free:1.42 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (Photoshop CS6) (CDROM) (Total:1.78 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1397 GB) (Disk ID: 019EED83)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-711304675328) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST/FRST64 and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Run Malwarebytes Quick scan, post that log...

 

Next,

 

Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)

 

  • The file will be randomly named
  • Reboot to safe mode
  • Run Dr Web
  • Tick the I agree box and select continue
  • Click select objects for scanning
     
    drwebselect.JPG
     
  • Tick all boxes as shown
  • Click the wrench and select automatically apply actions to threats
     
    drwebfolders.JPG
     
  • Press start scan
  • The scan will now commence
     
    drwebscan.JPG
     
  • Once the scan has finished click open report
     
    drwebscancomplete.JPG
     
  • A notepad will open
  • Select File > Save as..
  • Save it to your desktop

 

This log will be excessive, Attach it to your next reply…

 

Kevin

fixlist.txt

Link to post
Share on other sites

Long story short, I was having trouble getting into safe mode, and made a mistake and hard powered off during a reboot.  This apparently killed the network drivers.  Anyway, had to system restore to prior to all of our efforts here.  I recreated most of the steps and here are the logs from this final step:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-10-2013 01
Ran by Woody at 2013-10-20 16:18:34 Run:2
Running from C:\Users\Woody.Mack-Gaming-HP\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
C:\Users\Mack\AppData\Local\Temp\smeivxx\srqurid\wow.dll
C:\ProgramData\hash.dat
C:\Users\Woody\AppData\Local\Temp\Quarantine.exe
Task: {FB78DCDF-8D83-4DA6-922C-67FA3A07C2A9} - \Scheduled Update for Ask Toolbar No Task File
End

 

*****************

C:\Users\Mack\AppData\Local\Temp\smeivxx\srqurid\wow.dll => Moved successfully.
"C:\ProgramData\hash.dat" => File/Directory not found.
"C:\Users\Woody\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB78DCDF-8D83-4DA6-922C-67FA3A07C2A9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB78DCDF-8D83-4DA6-922C-67FA3A07C2A9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar => Key deleted successfully.

==== End of Fixlog ====

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.20.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Woody :: MACK-GAMING-HP [administrator]

Protection: Enabled

10/20/2013 3:37:42 PM
mbam-log-2013-10-20 (15-37-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 1162
Time elapsed: 20 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

Dr. Web did not open a Notepad.  I could not find anything to save.  The scan did not detect any threats.

Link to post
Share on other sites

Ok, continue please:

 

Download Junkware Removal tool from this link:

http://www.bleepingcomputer.com/download/junkware-removal-tool/

Save to your desktop.

 

  • Shut down your Security Protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator. Follow prompts as they come.
  • The tool will open and start scanning your system. (Press any key when prompted to continue)
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post JRT.txt to your next message.

 

Next,

 

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe  <- 32 bit version

 

http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe  <- 64 bit version

                                     

  • Make sure to get the correct version for your system.
  • Quit all running programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • The following EULA will appear, please select accept
     
    RKLicence.png
     
  • Ensure MBR scan, Check faked and AntiRootkit are checked
  • Select Scan
     
    RK1A.png
     
  • When the scan completes select Report, copy and paste that to your reply.
     
    RK2A.png
     
  • The log should be found in RKreport[?].txt on your Desktop
  • Exit/Close RogueKiller


     
    Let me see those two logs, also let me know if there are any remaining issues or concerns...
     
    Kevin
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.