Jump to content

Runaway COM Surrogate (32 bit)/dllhost.ex

AnotherNewVictim
 Share

Recommended Posts

AnotherNewVictim

AnotherNewVictim

Posted
Posted

Hi, There!

 

I was struck by the dreaded CryptoWall ransomware.  I first knew something was wrong when I noticed 20 to 30 instances of COM Surrogate (32 bit)/dllhost.exe popping up and running at once.  A few days later, I found the 3 files left behind in each folder where files were encrypted.

 

Thanks to MalwareByes Anti-Malware, I was able to remove Cryptowall.  Since Windows Defender had let the virus through, I switched to Avast, along with purchasing the premium version of MWBAM.  Now, I still notice both MWBAM and Avast popping up with prevention notifications, even while I'm not starting/clicking on anything.  I've also noticed the COM Surrogates popping up on occasion.  Sometimes, the machine behaves normally for a while.  I believe that Avast and MWBAM are preventing these processes from doing anything bad, but I have no way of knowing.  At a minimum, they impact performance, so I use Task Manager to end them as they come up. 

 

I appreciate any assistance you can provide.

 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-09-2014
Ran by Kulle (administrator) on OFFICE_PC on 23-09-2014 13:34:45
Running from C:\Users\Kulle\Desktop
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\LiveBoost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\ioloGovernor64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
() C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia ShowBiz\TMShowBiz.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\CaptureHDPVR.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [btTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [757888 2012-07-02] (Qualcomm Atheros)
HKLM\...\Run: [btvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127104 2012-07-02] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [CPMonitor] => C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe [84464 2011-07-08] ()
HKLM-x32\...\Run: [AllShareAgent] => C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-23] (AVAST Software)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKU\S-1-5-21-2997053151-1021370575-3583938921-1001\...\Run: [vmware-unity] => C:\Users\Kulle\AppData\Roaming\vmware-unity.exe
HKU\S-1-5-21-2997053151-1021370575-3583938921-1001\...\Run: [CryptoUpdate] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Kulle\AppData\Roaming\Microsoft\Crypto\RSA\cert_v64_2.tpl"
HKU\S-1-5-21-2997053151-1021370575-3583938921-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-12-03] (Google Inc.)
HKU\S-1-5-21-2997053151-1021370575-3583938921-1001\...\Run: [dosklder] => C:\Users\Kulle\AppData\Local\Temp\ctfminit.exe <===== ATTENTION
HKU\S-1-5-21-2997053151-1021370575-3583938921-1001\...\Run: [a73b28d] => C:\Users\Kulle\AppData\Roaming\a73b28d.exe
HKU\S-1-5-21-2997053151-1021370575-3583938921-1001\...\RunOnce: [CryptoUpdate] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Kulle\AppData\Roaming\Microsoft\Crypto\RSA\cert_v65_0.tpl"
HKU\S-1-5-21-2997053151-1021370575-3583938921-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk
ShortcutTarget: WinTV Recording Status.lnk -> C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk /p \??\Y:autocheck autochk /m /P \Device\HarddiskVolume17autocheck autochk /m /P \Device\HarddiskVolume16>"䷰Ljᎀ痤γڧ瀀!࠴αڥڥ쀴ǎ태ڧ여ǐⓌǕ檤γED!ly.ֽ끌፭䗠Ǟ㍰ፄĀĀ¾태๴ȀЂ๻矠Ϯ채๴ዌ㌼ץ쒜๴

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=fp-yie10
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.yahoo.com/?fr=fp-yie10
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
StartMenuInternet: IEXPLORE.EXE - %ProgramFiles(x86)%\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {BC16EF96-1661-4F71-B6D9-3ED7FA2FD127} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - {BC16EF96-1661-4F71-B6D9-3ED7FA2FD127} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKCU - {58A18107-2583-4955-B7B7-98DEEB51017C} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie10
SearchScopes: HKCU - {870653A8-9FC7-4D12-8A65-34EE256D6381} URL = https://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie10
SearchScopes: HKCU - {BC16EF96-1661-4F71-B6D9-3ED7FA2FD127} URL =
SearchScopes: HKCU - {CB60D13D-6D6A-4763-9863-859F795E53C4} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {EC947625-E22A-45ED-BE14-550262FB5BCE} URL = http://delicious.com/search?p={searchTerms}
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {300BEC06-B743-4D19-86B9-11DC711D7FFB} ->  No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
Handler: WSIEChrome - No CLSID Value -
Handler-x32: WSIEChrome - No CLSID Value -
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Kulle\AppData\Roaming\Mozilla\Firefox\Profiles\7wnw9rol.default
FF Homepage: hxxp://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Kulle\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Extension: Yahoo! Toolbar - C:\Users\Kulle\AppData\Roaming\Mozilla\Firefox\Profiles\7wnw9rol.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-06-22]
FF Extension: Print / Print Preview (Update) - C:\Users\Kulle\AppData\Roaming\Mozilla\Firefox\Profiles\7wnw9rol.default\Extensions\printprintpreview-andrewsfirefoxextensions@gmail.com.xpi [2013-09-09]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-05-25]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-29]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-23]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR Profile: C:\Users\Kulle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Kulle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kulle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Kulle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-03]
CHR Extension: (Google Search) - C:\Users\Kulle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-03]
CHR Extension: (SelectionLinks) - C:\Users\Kulle\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdcnnmifdmlmjffdgeieikcokcogpbej [2013-02-24]
CHR Extension: (Google Wallet) - C:\Users\Kulle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Kulle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-05-25]
CHR Extension: (Gmail) - C:\Users\Kulle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-03]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-23]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [kdcnnmifdmlmjffdgeieikcokcogpbej] - C:\Program Files (x86)\OApps\chromeaddon2.crx [2012-12-28]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-05-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2011-02-09] ()
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [128640 2012-07-02] (Qualcomm Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-23] (AVAST Software)
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [21488 2011-07-15] ()
S4 BOTService; C:\Program Files (x86)\Roxio\BackOnTrack\Instant Restore\BOTService.exe [211440 2011-07-14] (Rovi Corporation)
S2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [577536 2013-01-25] (Hauppauge Computer Works) [File not signed]
S3 HcwDevCentralService; C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe [401232 2013-02-07] (Hauppauge Computer Works, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-08-12] (iolo technologies, LLC)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 MSSQLSERVER; c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S4 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1095664 2011-07-13] (Rovi Corporation)
S4 RoxWatch12; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [340976 2011-07-13] (Rovi Corporation)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915480 2013-05-23] (SoftThinks SAS)
S4 SQLSERVERAGENT; c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
S4 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-23] ()
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-02] (Qualcomm Atheros)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-04] (OSR Open Systems Resources, Inc.)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-05-29] (EldoS Corporation)
S1 FileDisk; No ImagePath
R3 hcwE5bda; C:\Windows\system32\drivers\hcwE5bda.sys [950384 2013-03-05] (Hauppauge Computer Work, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2014-02-04] ()
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-08-12] (EldoS Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation)
R0 SysCow; C:\Windows\System32\drivers\syscowad64v.sys [164848 2010-05-23] (Sonic Solutions)
S1 celffluo; \??\C:\Windows\system32\drivers\celffluo.sys [X]
S1 evtuidgg; \??\C:\Windows\system32\drivers\evtuidgg.sys [X]
S1 hthhwdkn; \??\C:\Windows\system32\drivers\hthhwdkn.sys [X]
S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0; \??\c:\program files\my dell\pcdsrvc_x64.pkms [X]
S1 pqgeqfex; \??\C:\Windows\system32\drivers\pqgeqfex.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 13:34 - 2014-09-23 13:35 - 00029241 _____ () C:\Users\Kulle\Desktop\FRST.txt
2014-09-23 13:33 - 2014-09-23 13:34 - 00000000 ____D () C:\FRST
2014-09-23 13:31 - 2014-09-23 13:31 - 02106368 _____ (Farbar) C:\Users\Kulle\Desktop\FRST64.exe
2014-09-23 13:04 - 2014-09-23 13:04 - 00015872 _____ () C:\Users\Kulle\Desktop\DECRYPTED-file.xls
2014-09-23 03:54 - 2014-09-23 03:54 - 00000000 ___RD () C:\Users\Kulle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-09-23 02:43 - 2014-09-23 12:48 - 00003208 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2997053151-1021370575-3583938921-1001
2014-09-23 02:17 - 2014-09-23 02:17 - 00000000 ____D () C:\Users\Kulle\AppData\Roaming\AVAST Software
2014-09-23 02:14 - 2014-09-23 02:14 - 00001928 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-23 02:14 - 2014-09-23 02:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-23 02:13 - 2014-09-23 02:17 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-23 02:13 - 2014-09-23 02:13 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-23 02:13 - 2014-09-23 02:12 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-23 02:13 - 2014-09-23 02:12 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-23 02:13 - 2014-09-23 02:12 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-23 02:13 - 2014-09-23 02:12 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-23 02:13 - 2014-09-23 02:12 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-23 02:13 - 2014-09-23 02:12 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-23 02:13 - 2014-09-23 02:12 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-23 02:13 - 2014-09-23 02:12 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-23 02:12 - 2014-09-23 02:12 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-23 02:11 - 2014-09-23 02:11 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-23 02:10 - 2014-09-23 02:10 - 04862664 _____ (AVAST Software) C:\Users\Kulle\Downloads\avast_free_antivirus_setup_online.exe
2014-09-22 18:28 - 2014-09-22 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-09-22 18:27 - 2014-09-22 18:27 - 00000000 ____D () C:\Users\Kulle\AppData\Local\NVIDIA
2014-09-22 18:16 - 2014-07-02 10:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-09-22 18:14 - 2014-08-29 22:48 - 10115072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-09-22 18:14 - 2014-08-29 22:47 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-22 18:14 - 2014-08-29 22:46 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-22 18:14 - 2014-08-29 21:05 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-09-22 18:14 - 2014-08-29 21:04 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-22 18:14 - 2014-08-29 21:03 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-22 18:14 - 2014-08-01 15:08 - 00388729 _____ () C:\Windows\system32\ApnDatabase.xml
2014-09-22 18:14 - 2014-07-24 06:50 - 00447296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-09-22 18:14 - 2014-07-16 16:28 - 00027648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2014-09-22 18:14 - 2014-07-16 15:59 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-09-22 18:14 - 2014-07-16 15:59 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2014-09-22 18:14 - 2014-07-11 23:45 - 01549824 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2014-09-22 18:14 - 2014-07-11 21:36 - 00674304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-09-22 18:14 - 2014-07-11 21:36 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-09-22 18:14 - 2014-07-11 21:34 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-09-22 18:14 - 2014-07-11 21:34 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-09-22 18:14 - 2014-06-27 23:57 - 01341952 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-09-22 18:14 - 2014-06-27 19:23 - 01126400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-09-22 18:14 - 2014-06-12 16:34 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-09-22 18:14 - 2014-06-12 16:29 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-09-22 18:11 - 2014-09-22 18:11 - 00002182 _____ () C:\Users\Kulle\Desktop\Malwarebytes Anti-Malware Premium.txt
2014-09-22 18:07 - 2014-09-22 18:07 - 17291904 _____ (Malwarebytes Corporation ) C:\Users\Kulle\Downloads\mbam_premium.exe
2014-09-22 16:55 - 2014-09-22 16:55 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-09-22 16:49 - 2014-09-23 12:48 - 00003342 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2997053151-1021370575-3583938921-1001
2014-09-22 16:44 - 2014-09-22 16:44 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-22 16:41 - 2014-07-15 15:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-09-22 16:24 - 2014-08-28 04:34 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-22 16:24 - 2014-08-27 23:05 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-22 16:24 - 2014-08-27 23:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-22 16:24 - 2014-08-27 23:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-22 16:24 - 2014-08-27 23:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-22 16:24 - 2014-08-27 23:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-22 16:24 - 2014-08-27 23:01 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-22 16:24 - 2014-08-27 23:01 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-22 16:24 - 2014-08-27 23:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-22 16:24 - 2014-08-27 23:01 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-09-22 16:24 - 2014-08-27 23:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-09-22 16:24 - 2014-08-27 23:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-22 16:24 - 2014-08-27 23:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-22 16:24 - 2014-08-27 23:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-09-22 16:23 - 2014-08-20 16:40 - 00732880 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-09-22 16:23 - 2014-08-20 10:05 - 00694784 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-09-22 16:23 - 2014-08-20 10:05 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-09-22 16:23 - 2014-08-20 10:05 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-22 16:23 - 2014-08-20 10:02 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-09-22 16:23 - 2014-08-20 10:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-22 16:23 - 2014-06-24 00:35 - 00010450 _____ () C:\Windows\system32\autoconfig.cab
2014-09-22 16:23 - 2014-06-23 23:40 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2014-09-22 16:23 - 2014-03-24 16:42 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-09-22 16:23 - 2014-03-24 15:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-09-22 16:13 - 2014-09-22 16:13 - 00456864 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-22 16:02 - 2014-06-10 15:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-22 16:02 - 2014-06-10 15:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-22 16:01 - 2014-06-04 18:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2014-09-22 16:01 - 2014-06-03 16:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2014-09-22 15:45 - 2014-07-31 16:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-22 15:45 - 2014-06-17 16:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-09-22 15:45 - 2014-06-17 16:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-09-22 15:45 - 2014-06-12 18:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-22 15:45 - 2014-06-12 18:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-09-22 15:45 - 2014-05-02 22:47 - 03246592 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-09-22 15:45 - 2014-05-02 20:34 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-09-22 15:43 - 2014-03-28 01:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-22 15:43 - 2014-03-27 23:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-22 15:19 - 2014-08-16 02:34 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-22 15:19 - 2014-08-16 02:34 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-22 15:19 - 2014-08-16 02:34 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-09-22 15:19 - 2014-08-16 02:34 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-22 15:19 - 2014-08-16 02:33 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-22 15:19 - 2014-08-16 02:33 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-22 15:19 - 2014-08-16 02:32 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-22 15:19 - 2014-08-16 02:32 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-22 15:19 - 2014-08-16 02:32 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-22 15:19 - 2014-08-16 02:32 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-22 15:19 - 2014-08-16 02:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-22 15:19 - 2014-08-16 02:32 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-22 15:19 - 2014-08-16 02:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-22 15:19 - 2014-08-16 02:32 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-22 15:19 - 2014-08-16 00:37 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-22 15:19 - 2014-08-16 00:37 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-22 15:19 - 2014-08-16 00:36 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-22 15:19 - 2014-08-16 00:36 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-22 15:19 - 2014-08-16 00:36 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-22 15:19 - 2014-08-16 00:36 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-22 15:19 - 2014-08-16 00:36 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-22 15:19 - 2014-08-16 00:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-22 15:19 - 2014-08-16 00:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-22 15:19 - 2014-08-16 00:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-22 15:19 - 2014-08-16 00:36 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-22 15:19 - 2014-08-16 00:35 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-22 15:18 - 2014-08-16 02:33 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-22 15:18 - 2014-08-16 00:36 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-22 13:46 - 2014-09-22 13:46 - 00005100 _____ () C:\Users\Kulle\Desktop\Malwarebytes Anti-Malware.txt
2014-09-22 13:29 - 2014-09-23 12:52 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 13:29 - 2014-09-22 18:08 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-22 13:29 - 2014-09-22 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-22 13:29 - 2014-05-12 08:19 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-22 13:29 - 2014-05-12 08:19 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-22 13:29 - 2014-05-12 08:19 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-22 13:28 - 2014-09-22 18:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-22 13:28 - 2014-09-22 13:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-22 13:15 - 2014-09-22 13:15 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Kulle\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-22 02:31 - 2014-09-23 03:50 - 00003364 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2997053151-1021370575-3583938921-1001
2014-09-22 02:31 - 2014-09-23 03:50 - 00003230 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2997053151-1021370575-3583938921-1001
2014-09-22 02:16 - 2014-09-23 04:38 - 00004924 _____ () C:\Users\Kulle\Desktop\9-21.txt
2014-09-22 01:05 - 2014-09-22 13:47 - 00000000 __SHD () C:\ProgramData\USB Adapter Updater
2014-09-21 23:47 - 2014-09-21 23:47 - 00008178 _____ () C:\Users\Kulle\Downloads\DECRYPT_INSTRUCTION.HTML
2014-09-21 23:47 - 2014-09-21 23:47 - 00008178 _____ () C:\Users\Kulle\Documents\DECRYPT_INSTRUCTION.HTML
2014-09-21 23:47 - 2014-09-21 23:47 - 00004134 _____ () C:\Users\Kulle\Downloads\DECRYPT_INSTRUCTION.TXT
2014-09-21 23:47 - 2014-09-21 23:47 - 00004134 _____ () C:\Users\Kulle\Documents\DECRYPT_INSTRUCTION.TXT
2014-09-21 23:47 - 2014-09-21 23:47 - 00000254 _____ () C:\Users\Kulle\Downloads\DECRYPT_INSTRUCTION.URL
2014-09-21 23:47 - 2014-09-21 23:47 - 00000254 _____ () C:\Users\Kulle\Documents\DECRYPT_INSTRUCTION.URL
2014-09-21 22:08 - 2014-09-21 22:08 - 00008178 _____ () C:\Users\Kulle\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-09-21 22:08 - 2014-09-21 22:08 - 00008178 _____ () C:\Users\Kulle\AppData\DECRYPT_INSTRUCTION.HTML
2014-09-21 22:08 - 2014-09-21 22:08 - 00004134 _____ () C:\Users\Kulle\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-09-21 22:08 - 2014-09-21 22:08 - 00004134 _____ () C:\Users\Kulle\AppData\DECRYPT_INSTRUCTION.TXT
2014-09-21 22:08 - 2014-09-21 22:08 - 00000254 _____ () C:\Users\Kulle\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-09-21 22:08 - 2014-09-21 22:08 - 00000254 _____ () C:\Users\Kulle\AppData\DECRYPT_INSTRUCTION.URL
2014-09-21 19:11 - 2014-09-21 19:11 - 00008178 _____ () C:\Users\Kulle\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-09-21 19:11 - 2014-09-21 19:11 - 00004134 _____ () C:\Users\Kulle\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-09-21 19:11 - 2014-09-21 19:11 - 00000254 _____ () C:\Users\Kulle\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-09-21 17:50 - 2014-09-21 17:50 - 00001447 _____ () C:\Users\Kulle\Desktop\LiveBoost.lnk
2014-09-21 17:49 - 2014-08-12 23:38 - 00032912 _____ (EldoS Corporation) C:\Windows\system32\Drivers\rawdsk3.sys
2014-09-21 16:11 - 2014-09-23 02:11 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-21 12:51 - 2014-09-21 12:51 - 1944573530 _____ () C:\Windows\MEMORY.DMP
2014-09-21 12:51 - 2014-09-21 12:51 - 00296792 _____ () C:\Windows\Minidump\092114-38125-01.dmp
2014-09-19 04:05 - 2014-09-21 22:08 - 00000792 _____ () C:\Users\Kulle\Desktop\Frequent Pages Listed on New Tab.txt
2014-09-19 03:33 - 2014-05-29 16:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-09-19 03:33 - 2014-05-29 16:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-09-19 03:33 - 2014-05-29 16:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-19 03:33 - 2014-05-29 16:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-09-19 03:27 - 2014-09-04 15:36 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-19 03:27 - 2014-09-02 18:49 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-19 03:27 - 2014-06-30 15:42 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-09-19 03:27 - 2014-06-30 15:42 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-09-19 03:16 - 2014-07-23 20:33 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-19 03:16 - 2014-07-23 20:33 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-09-19 03:15 - 2014-06-02 15:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-09-19 03:10 - 2014-05-02 23:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-09-19 03:10 - 2014-05-02 23:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-09-19 03:10 - 2014-05-02 21:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-09-19 03:10 - 2014-05-01 15:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-09-19 03:10 - 2014-04-29 15:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-09-19 03:10 - 2014-04-29 15:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-09-19 03:10 - 2014-04-12 02:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-09-19 03:10 - 2014-04-12 02:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-09-19 03:10 - 2014-04-12 02:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-09-19 03:10 - 2014-04-12 02:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-19 03:10 - 2014-04-12 02:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-09-19 03:10 - 2014-04-12 00:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-09-19 03:10 - 2014-04-12 00:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-09-19 03:10 - 2014-04-12 00:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-19 03:10 - 2014-03-10 20:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-09-19 03:10 - 2014-03-10 17:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-09-19 03:10 - 2014-03-10 17:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-09-19 03:10 - 2014-03-10 17:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-09-19 03:10 - 2014-03-10 17:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-09-19 03:10 - 2014-03-10 17:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-09-19 03:10 - 2014-03-09 20:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-09-19 03:10 - 2014-03-03 16:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-09-19 03:09 - 2014-04-12 02:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-09-19 03:09 - 2014-04-12 02:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-09-19 03:09 - 2014-04-12 02:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-09-19 03:09 - 2014-04-12 00:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-09-19 03:09 - 2014-04-12 00:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-09-19 03:09 - 2014-04-12 00:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-09-19 03:09 - 2014-04-11 23:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
2014-09-19 03:09 - 2014-03-10 17:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-09-19 03:09 - 2014-03-10 17:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-09-19 03:09 - 2014-03-10 17:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-09-19 03:09 - 2014-03-10 17:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-09-19 03:09 - 2014-03-10 17:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-09-19 03:09 - 2014-03-10 17:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-09-19 03:09 - 2014-03-09 18:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-19 03:07 - 2014-08-22 23:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-19 03:07 - 2014-07-15 16:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-19 03:07 - 2014-07-11 19:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-19 02:59 - 2014-05-29 15:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-09-19 02:58 - 2014-04-03 04:22 - 02233176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-09-19 02:53 - 2014-06-06 07:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-09-19 02:53 - 2014-06-06 03:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-09-19 02:53 - 2014-06-05 10:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-19 02:53 - 2014-06-05 10:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-19 02:52 - 2014-06-19 16:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-19 02:52 - 2014-06-19 15:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-19 02:52 - 2014-06-05 06:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-19 02:49 - 2014-08-09 01:29 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2014-09-19 02:48 - 2014-08-09 01:30 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-09-19 02:48 - 2014-03-06 17:47 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-09-19 02:48 - 2014-03-06 17:08 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-09-19 02:46 - 2014-05-28 21:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-09-19 02:46 - 2014-05-07 18:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-09-19 00:59 - 2014-09-23 13:09 - 00000000 ____D () C:\Users\Kulle\AppData\Roaming\vlc
2014-09-18 23:41 - 2014-09-18 23:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-18 17:39 - 2014-09-18 17:39 - 00008176 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-09-18 17:39 - 2014-09-18 17:39 - 00000252 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-09-17 08:48 - 2014-09-17 16:14 - 00023552 _____ () C:\ProgramData\893686b8
2014-09-17 08:48 - 2014-09-17 16:14 - 00020954 _____ () C:\Users\Kulle\AppData\Local\893686b8
2014-09-16 04:09 - 2014-09-21 22:08 - 00001560 _____ () C:\Users\Kulle\Desktop\grpconv.txt
2014-09-11 10:06 - 2014-09-11 10:06 - 00146352 _____ (Tim Kosse) C:\Users\Kulle\AppData\Roaming\poumel.exe
2014-09-07 19:12 - 2014-09-16 05:02 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-09-01 02:37 - 2014-09-01 02:36 - 06052529 _____ (Tim Kosse) C:\Users\Kulle\Downloads\FileZilla_3.9.0.3_win32-setup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 13:35 - 2014-09-23 13:34 - 00029241 _____ () C:\Users\Kulle\Desktop\FRST.txt
2014-09-23 13:34 - 2014-09-23 13:33 - 00000000 ____D () C:\FRST
2014-09-23 13:34 - 2012-12-03 17:25 - 00000000 ____D () C:\Users\Kulle\AppData\Local\CrashDumps
2014-09-23 13:31 - 2014-09-23 13:31 - 02106368 _____ (Farbar) C:\Users\Kulle\Desktop\FRST64.exe
2014-09-23 13:24 - 2014-02-03 11:56 - 00000582 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2997053151-1021370575-3583938921-1001.job
2014-09-23 13:18 - 2012-12-03 16:36 - 01554528 _____ () C:\Windows\WindowsUpdate.log
2014-09-23 13:09 - 2014-09-19 00:59 - 00000000 ____D () C:\Users\Kulle\AppData\Roaming\vlc
2014-09-23 13:06 - 2012-12-03 18:04 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-23 13:05 - 2012-07-26 00:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-23 13:04 - 2014-09-23 13:04 - 00015872 _____ () C:\Users\Kulle\Desktop\DECRYPTED-file.xls
2014-09-23 12:55 - 2012-11-09 02:14 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-09-23 12:52 - 2014-09-22 13:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-23 12:52 - 2012-12-03 16:44 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2997053151-1021370575-3583938921-1001
2014-09-23 12:48 - 2014-09-23 02:43 - 00003208 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2997053151-1021370575-3583938921-1001
2014-09-23 12:48 - 2014-09-22 16:49 - 00003342 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2997053151-1021370575-3583938921-1001
2014-09-23 12:47 - 2013-05-25 17:49 - 00000474 _____ () C:\Windows\SysWOW64\BOT.log
2014-09-23 12:47 - 2012-12-03 18:04 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-23 12:46 - 2013-05-25 17:49 - 00000151 _____ () C:\Windows\SysWOW64\AS_Storage.log
2014-09-23 12:46 - 2012-11-09 03:59 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-23 12:46 - 2012-07-26 00:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-23 11:00 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\sru
2014-09-23 04:38 - 2014-09-22 02:16 - 00004924 _____ () C:\Users\Kulle\Desktop\9-21.txt
2014-09-23 03:54 - 2014-09-23 03:54 - 00000000 ___RD () C:\Users\Kulle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-09-23 03:50 - 2014-09-22 02:31 - 00003364 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2997053151-1021370575-3583938921-1001
2014-09-23 03:50 - 2014-09-22 02:31 - 00003230 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2997053151-1021370575-3583938921-1001
2014-09-23 02:25 - 2012-11-09 03:57 - 01646330 _____ () C:\Windows\PFRO.log
2014-09-23 02:17 - 2014-09-23 02:17 - 00000000 ____D () C:\Users\Kulle\AppData\Roaming\AVAST Software
2014-09-23 02:17 - 2014-09-23 02:13 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-23 02:14 - 2014-09-23 02:14 - 00001928 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-23 02:14 - 2014-09-23 02:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-23 02:13 - 2014-09-23 02:13 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-23 02:12 - 2014-09-23 02:13 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-23 02:12 - 2014-09-23 02:13 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-23 02:12 - 2014-09-23 02:13 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-23 02:12 - 2014-09-23 02:13 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-23 02:12 - 2014-09-23 02:13 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-23 02:12 - 2014-09-23 02:13 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-23 02:12 - 2014-09-23 02:13 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-23 02:12 - 2014-09-23 02:13 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-23 02:12 - 2014-09-23 02:12 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-23 02:11 - 2014-09-23 02:11 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-23 02:11 - 2014-09-21 16:11 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-23 02:10 - 2014-09-23 02:10 - 04862664 _____ (AVAST Software) C:\Users\Kulle\Downloads\avast_free_antivirus_setup_online.exe
2014-09-22 19:36 - 2012-07-26 00:28 - 00006990 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-22 18:28 - 2014-09-22 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-09-22 18:27 - 2014-09-22 18:27 - 00000000 ____D () C:\Users\Kulle\AppData\Local\NVIDIA
2014-09-22 18:19 - 2012-07-26 00:21 - 00028701 _____ () C:\Windows\setupact.log
2014-09-22 18:17 - 2012-12-03 16:35 - 00000000 ____D () C:\Users\Kulle
2014-09-22 18:17 - 2012-11-09 03:58 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-09-22 18:17 - 2012-11-09 03:58 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-22 18:17 - 2012-11-09 03:58 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-09-22 18:17 - 2012-07-26 01:12 - 00000000 ___RD () C:\Windows\ToastData
2014-09-22 18:11 - 2014-09-22 18:11 - 00002182 _____ () C:\Users\Kulle\Desktop\Malwarebytes Anti-Malware Premium.txt
2014-09-22 18:08 - 2014-09-22 13:29 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-22 18:08 - 2014-09-22 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-22 18:08 - 2014-09-22 13:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-22 18:07 - 2014-09-22 18:07 - 17291904 _____ (Malwarebytes Corporation ) C:\Users\Kulle\Downloads\mbam_premium.exe
2014-09-22 17:08 - 2013-03-14 03:04 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-22 17:08 - 2013-03-14 03:04 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-22 16:55 - 2014-09-22 16:55 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-09-22 16:55 - 2013-03-14 03:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-22 16:44 - 2014-09-22 16:44 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-22 16:44 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\WinStore
2014-09-22 16:40 - 2013-08-14 18:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-22 16:13 - 2014-09-22 16:13 - 00456864 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-22 15:50 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-22 15:50 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-22 15:49 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-09-22 15:49 - 2012-07-26 00:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-22 13:47 - 2014-09-22 01:05 - 00000000 __SHD () C:\ProgramData\USB Adapter Updater
2014-09-22 13:47 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\Web
2014-09-22 13:46 - 2014-09-22 13:46 - 00005100 _____ () C:\Users\Kulle\Desktop\Malwarebytes Anti-Malware.txt
2014-09-22 13:28 - 2014-09-22 13:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-22 13:15 - 2014-09-22 13:15 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Kulle\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-22 03:09 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-21 23:47 - 2014-09-21 23:47 - 00008178 _____ () C:\Users\Kulle\Downloads\DECRYPT_INSTRUCTION.HTML
2014-09-21 23:47 - 2014-09-21 23:47 - 00008178 _____ () C:\Users\Kulle\Documents\DECRYPT_INSTRUCTION.HTML
2014-09-21 23:47 - 2014-09-21 23:47 - 00004134 _____ () C:\Users\Kulle\Downloads\DECRYPT_INSTRUCTION.TXT
2014-09-21 23:47 - 2014-09-21 23:47 - 00004134 _____ () C:\Users\Kulle\Documents\DECRYPT_INSTRUCTION.TXT
2014-09-21 23:47 - 2014-09-21 23:47 - 00000254 _____ () C:\Users\Kulle\Downloads\DECRYPT_INSTRUCTION.URL
2014-09-21 23:47 - 2014-09-21 23:47 - 00000254 _____ () C:\Users\Kulle\Documents\DECRYPT_INSTRUCTION.URL
2014-09-21 23:47 - 2013-09-18 16:05 - 00000000 ___RD () C:\Users\Kulle\Dropbox
2014-09-21 23:47 - 2013-08-04 23:19 - 00000000 ___RD () C:\Users\Kulle\Google Drive
2014-09-21 23:47 - 2013-05-25 17:33 - 00000000 ____D () C:\Users\Kulle\Downloads\roxio.creator.2012.pro.en
2014-09-21 23:47 - 2012-12-02 16:30 - 00000000 ____D () C:\Users\Kulle\Documents\Work
2014-09-21 23:42 - 2012-12-04 14:31 - 00000000 ____D () C:\Users\Kulle\Documents\Visual Studio 2012
2014-09-21 23:42 - 2012-12-03 17:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-21 23:42 - 2012-12-02 16:30 - 00000000 ____D () C:\Users\Kulle\Documents\Visual Studio 2010
2014-09-21 23:42 - 2012-12-02 16:27 - 00000000 ____D () C:\Users\Kulle\Documents\UCI Extension
2014-09-21 23:39 - 2013-05-26 16:21 - 00000000 ____D () C:\Users\Kulle\Documents\Transferred from Compaq
2014-09-21 23:38 - 2012-12-04 02:29 - 00000000 ____D () C:\Users\Kulle\Documents\Technical
2014-09-21 23:33 - 2013-03-19 14:14 - 00000000 ____D () C:\Users\Kulle\Documents\Schedules
2014-09-21 23:33 - 2012-12-11 02:27 - 00000000 ____D () C:\Users\Kulle\Documents\SQL Server Management Studio
2014-09-21 23:33 - 2012-12-02 16:26 - 00000000 ____D () C:\Users\Kulle\Documents\Tax Data
2014-09-21 23:33 - 2012-12-02 16:26 - 00000000 ____D () C:\Users\Kulle\Documents\Symantec
2014-09-21 23:33 - 2012-12-02 16:23 - 00000000 ____D () C:\Users\Kulle\Documents\Scanned
2014-09-21 23:27 - 2012-12-02 16:23 - 00000000 ____D () C:\Users\Kulle\Documents\ReVoice
2014-09-21 23:26 - 2012-12-02 16:22 - 00000000 ____D () C:\Users\Kulle\Documents\Recipes
2014-09-21 23:26 - 2012-12-02 16:22 - 00000000 ____D () C:\Users\Kulle\Documents\Receipts
2014-09-21 23:26 - 2012-12-02 16:22 - 00000000 ____D () C:\Users\Kulle\Documents\Quickbooks Exports
2014-09-21 23:26 - 2012-12-02 16:22 - 00000000 ____D () C:\Users\Kulle\Documents\Product Manuals
2014-09-21 23:25 - 2012-12-02 16:21 - 00000000 ____D () C:\Users\Kulle\Documents\Print Shop Projects
2014-09-21 23:24 - 2014-06-13 02:47 - 00000000 ____D () C:\Users\Kulle\Documents\Places of Interest
2014-09-21 23:24 - 2013-05-26 00:11 - 00000000 ____D () C:\Users\Kulle\Documents\Outlook Files
2014-09-21 23:24 - 2012-12-02 16:21 - 00000000 ____D () C:\Users\Kulle\Documents\Paper Models
2014-09-21 23:23 - 2012-12-14 23:35 - 00000000 ___SD () C:\Users\Kulle\Documents\My Data Sources
2014-09-21 23:23 - 2012-12-02 16:20 - 00000000 ____D () C:\Users\Kulle\Documents\News Articles
2014-09-21 23:23 - 2012-12-02 16:18 - 00000000 ____D () C:\Users\Kulle\Documents\My Web Sites
2014-09-21 23:13 - 2012-12-02 15:22 - 00000000 ____D () C:\Users\Kulle\Documents\Movies
2014-09-21 23:13 - 2012-12-02 14:55 - 00000000 ____D () C:\Users\Kulle\Documents\Miscellaneous
2014-09-21 23:11 - 2012-12-02 14:55 - 00000000 ____D () C:\Users\Kulle\Documents\Medical
2014-09-21 23:11 - 2012-12-02 14:55 - 00000000 ____D () C:\Users\Kulle\Documents\Maps & Seating Charts
2014-09-21 23:10 - 2012-12-04 02:23 - 00000000 ____D () C:\Users\Kulle\Documents\Lists
2014-09-21 22:52 - 2012-12-02 14:47 - 00000000 ____D () C:\Users\Kulle\Documents\Letters
2014-09-21 22:51 - 2012-12-02 14:47 - 00000000 ____D () C:\Users\Kulle\Documents\Labels
2014-09-21 22:51 - 2012-12-02 14:47 - 00000000 ____D () C:\Users\Kulle\Documents\Itemizations
2014-09-21 22:42 - 2012-12-02 14:39 - 00000000 ____D () C:\Users\Kulle\Documents\Garden Grove Journal
2014-09-21 22:42 - 2012-12-02 14:39 - 00000000 ____D () C:\Users\Kulle\Documents\Forms
2014-09-21 22:42 - 2012-12-02 02:01 - 00000000 ____D () C:\Users\Kulle\Documents\Finances
2014-09-21 22:37 - 2012-12-02 16:36 - 00000000 ____D () C:\Users\Kulle\Documents\Ema
2014-09-21 22:37 - 2012-12-02 16:35 - 00000000 ____D () C:\Users\Kulle\Documents\Driver Download CD for Dell
2014-09-21 22:37 - 2012-12-02 02:01 - 00000000 ____D () C:\Users\Kulle\Documents\Faxes
2014-09-21 22:37 - 2012-12-02 02:01 - 00000000 ____D () C:\Users\Kulle\Documents\Envelopes
2014-09-21 22:37 - 2012-12-02 02:01 - 00000000 ____D () C:\Users\Kulle\Documents\EML Copies for eBay Dispute
2014-09-21 22:35 - 2012-12-05 03:07 - 00000000 ____D () C:\Users\Kulle\Documents\CyberLink
2014-09-21 22:35 - 2012-12-02 16:34 - 00000000 ____D () C:\Users\Kulle\Documents\Condo Search
2014-09-21 22:35 - 2012-01-30 04:50 - 00001560 _____ () C:\Users\Kulle\Documents\continue.txt
2014-09-21 22:34 - 2012-12-02 16:32 - 00000000 ____D () C:\Users\Kulle\Documents\CD Factory
2014-09-21 22:33 - 2012-12-02 16:32 - 00000000 ____D () C:\Users\Kulle\Documents\Audio Clips
2014-09-21 22:33 - 2012-12-02 16:30 - 00000000 ____D () C:\Users\Kulle\Documents\Activities
2014-09-21 22:08 - 2014-09-21 22:08 - 00008178 _____ () C:\Users\Kulle\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-09-21 22:08 - 2014-09-21 22:08 - 00008178 _____ () C:\Users\Kulle\AppData\DECRYPT_INSTRUCTION.HTML
2014-09-21 22:08 - 2014-09-21 22:08 - 00004134 _____ () C:\Users\Kulle\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-09-21 22:08 - 2014-09-21 22:08 - 00004134 _____ () C:\Users\Kulle\AppData\DECRYPT_INSTRUCTION.TXT
2014-09-21 22:08 - 2014-09-21 22:08 - 00000254 _____ () C:\Users\Kulle\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-09-21 22:08 - 2014-09-21 22:08 - 00000254 _____ () C:\Users\Kulle\AppData\DECRYPT_INSTRUCTION.URL
2014-09-21 22:08 - 2014-09-19 04:05 - 00000792 _____ () C:\Users\Kulle\Desktop\Frequent Pages Listed on New Tab.txt
2014-09-21 22:08 - 2014-09-16 04:09 - 00001560 _____ () C:\Users\Kulle\Desktop\grpconv.txt
2014-09-21 22:08 - 2014-08-15 21:46 - 00013080 _____ () C:\Users\Kulle\Desktop\URLs for Tork.txt
2014-09-21 22:08 - 2014-05-29 03:31 - 00000000 ____D () C:\Users\Kulle\AppData\Roaming\RealNetworks
2014-09-21 22:08 - 2014-04-24 14:07 - 00000000 ____D () C:\Users\Kulle\Documents\20140608 Carl’s Jr_® Caramel Shake_files
2014-09-21 22:08 - 2013-07-28 17:21 - 00000000 ____D () C:\Users\Kulle\AppData\Roaming\Samsung
2014-09-21 22:08 - 2012-12-08 14:26 - 00000000 ____D () C:\Users\Kulle\AppData\Roaming\Real
2014-09-21 22:08 - 2012-12-06 23:47 - 00000000 ____D () C:\Users\Kulle\AppData\Roaming\TeamViewer
2014-09-21 19:25 - 2013-09-09 15:14 - 00000000 ____D () C:\Users\Kulle\AppData\Roaming\Mozilla
2014-09-21 19:14 - 2014-05-17 01:27 - 00000000 ____D () C:\Users\Kulle\AppData\Roaming\Corel
2014-09-21 19:14 - 2013-07-22 17:25 - 00000000 ____D () C:\Users\Kulle\AppData\Roaming\Dropbox
2014-09-21 19:11 - 2014-09-21 19:11 - 00008178 _____ () C:\Users\Kulle\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-09-21 19:11 - 2014-09-21 19:11 - 00004134 _____ () C:\Users\Kulle\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-09-21 19:11 - 2014-09-21 19:11 - 00000254 _____ () C:\Users\Kulle\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-09-21 19:11 - 2013-04-02 16:24 - 00000000 ____D () C:\Users\Kulle\AppData\Local\webkit
2014-09-21 19:11 - 2012-12-03 16:37 - 00000000 ____D () C:\Users\Kulle\AppData\Local\Power2Go8
2014-09-21 17:53 - 2013-08-30 13:49 - 00000000 ____D () C:\ProgramData\iolo
2014-09-21 17:50 - 2014-09-21 17:50 - 00001447 _____ () C:\Users\Kulle\Desktop\LiveBoost.lnk
2014-09-21 17:50 - 2014-01-02 12:28 - 00003144 _____ () C:\Windows\System32\Tasks\iolo Process Governor
2014-09-21 17:50 - 2014-01-02 12:28 - 00000000 ____D () C:\ProgramData\ioloGovernor
2014-09-21 17:50 - 2013-08-30 16:05 - 00001443 _____ () C:\Users\Kulle\Desktop\System Mechanic Professional.lnk
2014-09-21 17:50 - 2013-08-30 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic Professional
2014-09-21 17:50 - 2013-08-30 13:49 - 00000000 ____D () C:\Users\Kulle\AppData\Roaming\iolo
2014-09-21 12:51 - 2014-09-21 12:51 - 1944573530 _____ () C:\Windows\MEMORY.DMP
2014-09-21 12:51 - 2014-09-21 12:51 - 00296792 _____ () C:\Windows\Minidump\092114-38125-01.dmp
2014-09-21 12:51 - 2013-09-22 22:20 - 00000000 ____D () C:\Windows\Minidump
2014-09-20 22:49 - 2012-12-02 14:47 - 00000000 ____D () C:\Users\Kulle\Documents\Internet Windows & Goodies
2014-09-20 22:49 - 2012-12-02 14:47 - 00000000 ____D () C:\Users\Kulle\Documents\Internet Video Clips
2014-09-20 22:49 - 2012-12-02 14:47 - 00000000 ____D () C:\Users\Kulle\Documents\Internet Games
2014-09-20 22:49 - 2012-12-02 14:47 - 00000000 ____D () C:\Users\Kulle\Documents\Internet Cartoons & Animation
2014-09-20 22:49 - 2012-12-02 14:46 - 00000000 ____D () C:\Users\Kulle\Documents\Internet Audio Clips
2014-09-20 22:49 - 2012-12-02 14:46 - 00000000 ____D () C:\Users\Kulle\Documents\Insurance, Auto
2014-09-20 22:49 - 2012-12-02 14:39 - 00000000 ____D () C:\Users\Kulle\Documents\HTML Docs
2014-09-20 19:55 - 2012-12-14 15:56 - 00000000 ____D () C:\Users\Kulle\AppData\Local\join.me
2014-09-20 19:54 - 2014-05-29 03:30 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-09-20 19:54 - 2013-10-21 15:38 - 00000000 ____D () C:\ProgramData\Wondershare Application Common Data
2014-09-20 19:54 - 2012-12-08 03:46 - 00000000 ____D () C:\ProgramData\Real
2014-09-20 19:53 - 2012-12-22 14:17 - 00000000 ____D () C:\ProgramData\Broderbund Software
2014-09-20 15:54 - 2012-12-10 02:54 - 00000000 ____D () C:\inetpub
2014-09-20 15:51 - 2012-11-09 02:11 - 00000000 ____D () C:\ProgramData\install_clap
2014-09-20 00:39 - 2014-02-03 11:56 - 00003584 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2997053151-1021370575-3583938921-1001
2014-09-19 02:07 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-18 23:52 - 2013-09-09 15:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-18 23:51 - 2014-07-31 03:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-09-18 23:45 - 2014-09-18 23:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-18 20:28 - 2012-07-25 19:16 - 00000000 __SHD () C:\Users\Kulle\AppData\Roaming\ihadtvwv
2014-09-18 17:48 - 2012-12-03 18:04 - 00000000 ____D () C:\Users\Kulle\AppData\Local\Google
2014-09-18 17:45 - 2013-09-10 13:01 - 00000000 ____D () C:\Users\Kulle\AppData\Local\Citrix
2014-09-18 17:45 - 2012-12-05 03:07 - 00000000 ____D () C:\Users\Kulle\AppData\Local\Cyberlink
2014-09-18 17:43 - 2013-04-27 18:22 - 00000000 ____D () C:\Users\Kulle\AppData\Local\autorun
2014-09-18 17:43 - 2012-12-22 14:22 - 00000000 ____D () C:\Users\Kulle\AppData\Local\Broderbund Software
2014-09-18 17:42 - 2012-12-14 20:16 - 00000000 ____D () C:\Users\Kulle\AppData\Local\Apple Computer
2014-09-18 17:39 - 2014-09-18 17:39 - 00008176 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-09-18 17:39 - 2014-09-18 17:39 - 00000252 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-09-18 17:39 - 2013-06-21 16:21 - 00001408 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT.zuknxtk
2014-09-17 16:14 - 2014-09-17 08:48 - 00023552 _____ () C:\ProgramData\893686b8
2014-09-17 16:14 - 2014-09-17 08:48 - 00020954 _____ () C:\Users\Kulle\AppData\Local\893686b8
2014-09-17 07:56 - 2012-12-06 21:47 - 00000000 ____D () C:\Users\Kulle\AppData\Local\Deployment
2014-09-16 19:57 - 2013-03-22 01:20 - 00000000 ____D () C:\Delete
2014-09-16 05:02 - 2014-09-07 19:12 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-09-16 04:16 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-09-11 10:06 - 2014-09-11 10:06 - 00146352 _____ (Tim Kosse) C:\Users\Kulle\AppData\Roaming\poumel.exe
2014-09-04 23:07 - 2012-12-05 03:07 - 00000000 ____D () C:\Users\Kulle\AppData\Roaming\CyberLink
2014-09-04 15:36 - 2014-09-19 03:27 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-02 18:49 - 2014-09-19 03:27 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-02 12:32 - 2013-05-19 03:16 - 00705480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-02 12:32 - 2013-05-19 03:16 - 00104904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-01 15:41 - 2013-02-28 12:42 - 00000000 ____D () C:\Users\Kulle\AppData\Roaming\FileZilla
2014-09-01 04:25 - 2013-02-28 12:54 - 00000600 _____ () C:\Users\Kulle\AppData\Local\PUTTY.RND
2014-09-01 02:37 - 2013-02-28 12:42 - 00001966 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-09-01 02:37 - 2013-02-28 12:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-09-01 02:37 - 2013-02-28 12:42 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-09-01 02:36 - 2014-09-01 02:37 - 06052529 _____ (Tim Kosse) C:\Users\Kulle\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-29 22:48 - 2014-09-22 18:14 - 10115072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-08-29 22:47 - 2014-09-22 18:14 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-29 22:46 - 2014-09-22 18:14 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-29 21:05 - 2014-09-22 18:14 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-08-29 21:04 - 2014-09-22 18:14 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-29 21:03 - 2014-09-22 18:14 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-29 13:01 - 2012-12-13 04:18 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-28 04:34 - 2014-09-22 16:24 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-27 23:05 - 2014-09-22 16:24 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-27 23:05 - 2014-09-22 16:24 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-27 23:05 - 2014-09-22 16:24 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-27 23:05 - 2014-09-22 16:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-27 23:02 - 2014-09-22 16:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-27 23:01 - 2014-09-22 16:24 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-27 23:01 - 2014-09-22 16:24 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-27 23:01 - 2014-09-22 16:24 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-27 23:01 - 2014-09-22 16:24 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-27 23:01 - 2014-09-22 16:24 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-27 23:01 - 2014-09-22 16:24 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-27 23:01 - 2014-09-22 16:24 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-27 23:01 - 2014-09-22 16:24 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-08-26 02:06 - 2013-07-29 01:32 - 00000000 ____D () C:\Users\Kulle\Downloads\14aren

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-08 08:42

==================== End Of Log ============================

 

 

 

 

Link to post
Share on other sites
AnotherNewVictim

AnotherNewVictim

Posted
  • Author
Posted

First post was too long  Here's the continuation.

 

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-09-2014
Ran by Kulle at 2014-09-23 13:35:28
Running from C:\Users\Kulle\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
ABBYY FineReader 5.0 Sprint Plus (HKLM-x32\...\{D1696920-9794-4BBC-8A30-7A88763DE5A2}) (Version: 5.0.0.3501 - ABBYY Software House)
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.8 - Absolute Software)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft ShowBiz (HKLM-x32\...\{4653DA78-3DB2-4F38-A35D-675CA0AF49CA}) (Version:  - ArcSoft)
Atheros Outlook Addin 2010 (HKCU\...\D9918D4858F5B722A4667B7989E1983A8FCC0462) (Version: 1.0.0.0 - Microsoft)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Blend for Visual Studio Add-in for Adobe FXG Import (x32 Version: 1.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Corel WinDVD (x32 Version: 11 - Corel Inc.) Hidden
Corel WinDVD Pro 11 (HKLM-x32\...\_{991D8429-CFD9-48D9-BD85-6EDD3007B5A9}) (Version: 11.0.0.342 - Corel Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.2) (Version: 5.0.0.2 - Coupons.com Incorporated)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415a - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.1913 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1904 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1904 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4318.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{42CBCE27-DE9B-4094-B9EB-D4C4C135FFA8}) (Version:  - Microsoft)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{98CB551E-EDB1-4535-82A6-E3258597F64E}) (Version: 2.7.1000.0 - Dell Products, LP)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DivX Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.5.0.15 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{AFA4B0BF-3289-495A-B949-BA91F39B1A44}) (Version: 11.1.21009.00 - Microsoft Corporation)
EPSON Artisan 50 Series Printer Uninstall (HKLM\...\EPSON Artisan 50 Series) (Version:  - SEIKO EPSON Corporation)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
Face Filter (x32 Version: 1.0.007 - Roxio) Hidden
FileZilla Client 3.9.0.3 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.3 - Tim Kosse)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 7.0.0.1694 (HKCU\...\GoToMeeting) (Version: 7.0.0.1694 - CitrixOnline)
Hauppauge Device Central (HKLM-x32\...\Hauppauge Device Central) (Version: 1.1.31038 - Hauppauge Computer Works, Inc.)
Hauppauge StreamEez (HKLM-x32\...\Hauppauge StreamEez) (Version: 1.0.31029 - Hauppauge Computer Works, Inc.)
Hauppauge WinTV 7 (HKLM-x32\...\Hauppauge WinTV 7) (Version: v7.0.31050 (CD 2.7) - Hauppauge Computer Works)
ICA (x32 Version: 1.0 - Corel Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iolo technologies' System Mechanic Professional (HKLM-x32\...\{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1) (Version: 14.0.1 - iolo technologies, LLC)
IPM (x32 Version: 1.00.0000 - Corel Inc.) Hidden
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
join.me (HKCU\...\JoinMe) (Version: 1.9.2.216 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 3 - Visual Studio Express 2012 for Web (x32 Version: 3.0.30710.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 - Visual Studio Express 2012 for Web - ENU (x32 Version: 4.1.20219.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 4 Runtime (x32 Version: 4.0.20710.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET Web Pages - Visual Studio Express 2012 for Web (x32 Version: 1.0.20710.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages 2 - Visual Studio Express 2012 for Web - ENU (x32 Version: 4.1.20219.0 - Microsoft Corporation) Hidden
Microsoft ASP.NET Web Pages 2 Runtime (x32 Version: 2.0.20715.0 - Microsoft Corporation) Hidden
Microsoft Expression Blend SDK for .NET 4 (x32 Version: 2.0.20525.0 - Microsoft Corporation) Hidden
Microsoft Expression Blend SDK for Silverlight 4 (x32 Version: 2.0.20525.0 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (x32 Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft NuGet - Visual Studio Express 2012 for Web (x32 Version: 2.0.30625.9003 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Portable Library Multi-Targeting Pack (x32 Version: 11.0.60130.00 - Microsoft Corporation) Hidden
Microsoft Report Viewer Redistributable 2008 (KB971119) (x32 Version: 9.0.30731 - Microsoft Corporation) Hidden
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Policies (HKLM-x32\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{01078B88-2981-4F75-96B0-8B22E2D2DE03}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (Version:  - ) Hidden
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM-x32\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Express Prerequisites x64 - ENU (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Preparation (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Shell (Minimum) (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Shell (Minimum) Resources (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU (x32 Version: 4.0.8876.1 - Microsoft Corporation) Hidden
Microsoft Visual Studio Express 2012 for Web - ENU (HKLM-x32\...\{0845d9ea-46e3-4ac6-af9d-2e3e8e386d80}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 for Web - ENU (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2012 Object Model (Version: 11.0.60315 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU (Version: 11.0.60315 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Web Deploy 3.0 (HKLM\...\{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Developer Tools 2012.2 - Visual Studio Express 2012 for Web (x32 Version: 1.2.40308.0 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Multimedia Card Reader (HKLM-x32\...\InstallShield_{4B3D9AA4-B47A-4349-A64F-04D5A9226D7C}) (Version: 2.2.915.108 - Fitipower)
Multimedia Card Reader (x32 Version: 2.2.915.108 - Fitipower) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Control Panel 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1150 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0613 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
NVIDIA Update Core (Version: 10.4.0 - NVIDIA Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Presto! BizCard 4.1 Eng (HKLM-x32\...\Uninstall Presto! BizCard 4.1 Eng) (Version:  - )
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.200 - Qualcomm Atheros Communications)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio BackOnTrack (x32 Version: 4.1 - Roxio) Hidden
Roxio BackOnTrackPE (x32 Version: 4.0 - Roxio) Hidden
Roxio Burn - Secure (x32 Version: 1.6 - Roxio) Hidden
Roxio CinePlayer (x32 Version: 5.8 - Roxio) Hidden
Roxio CinePlayer Decoder Pack (x32 Version: 4.3.0 - Roxio) Hidden
Roxio Creator 2012 Pro (HKLM-x32\...\{AAB42DD0-9551-4E30-A3E4-F87D4A4E1C52}) (Version: 13.5 - Roxio)
Roxio Creator 2012 Pro (x32 Version: 1.3.675 - Roxio) Hidden
Roxio Creator 2012 Pro (x32 Version: 6.5.0 - Roxio) Hidden
Roxio System Rollback (Version: 3.9.0 - Roxio) Hidden
Roxio System Rollback Recovery Disk (x32 Version: 3.9.0 - Roxio) Hidden
Roxio Video Capture USB (x32 Version: 1.22.0000 - Roxio) Hidden
Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.)
Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden
ScanToWeb (HKLM-x32\...\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Setup (x32 Version: 11.0 - Corel Inc.) Hidden
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.7 - SmartSound Software Inc.) Hidden
SQL Server 2008 R2 Management Studio (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Management Studio (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2012 Data quality client (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
The Print Shop (HKLM-x32\...\{FB26EA24-AE01-4C86-BEBC-424D5B81E66E}) (Version:  - Broderbund LLC)
TinEye Internet Explorer plugin 1.2 (HKLM-x32\...\{AD1C7ACE-30DC-4107-B6A7-9495D12DC846}) (Version: 1.2.0 - Idée Inc.)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{AC36E3B7-5095-43B9-9A74-928420F88714}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B114A387-8A14-4C43-AE51-82F17EB81D49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{860EE8B1-0B9F-4A8A-91FE-649CD3C6754C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{DBAC8ED2-9287-499E-AD66-590C7413C7DE}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{393B360E-62F8-463D-B914-1ECDC1359A46}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - Microsoft)
Update for Microsoft Visual Studio 2012 (KB2781514) (HKLM-x32\...\{3786efc1-59ff-4908-8cd6-dc85ec87209e}) (Version: 11.0.50727 - Microsoft Corporation)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
VideoReDo Plus Version 3.10.3.629 (HKLM-x32\...\VideoReDoPlus_is1) (Version:  - DRD Systems, Inc.)
VideoReDo TVSuite Version 4.21.3.667 (HKLM-x32\...\VideoReDo4_is1) (Version:  - DRD Systems, Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Visual Studio 2012 Update 2 (KB2707250) (HKLM-x32\...\{2fba7dd0-b8eb-4185-aea3-e6910d3f8102}) (Version: 11.0.60315 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinUndelete 3.50 (HKLM-x32\...\{E0724276-6980-47E2-8FF2-88F473805773}_is1) (Version:  - WinRecovery Software)
Yahoo Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2997053151-1021370575-3583938921-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\977\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2997053151-1021370575-3583938921-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-2997053151-1021370575-3583938921-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kulle\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2997053151-1021370575-3583938921-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kulle\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2997053151-1021370575-3583938921-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kulle\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2997053151-1021370575-3583938921-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kulle\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2997053151-1021370575-3583938921-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kulle\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2997053151-1021370575-3583938921-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kulle\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2997053151-1021370575-3583938921-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kulle\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2997053151-1021370575-3583938921-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kulle\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 22:26 - 2014-04-11 01:09 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0723178D-050E-48BC-AF2C-537D21E1EEFC} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2997053151-1021370575-3583938921-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {09B43744-F8A8-441A-B446-63A7097519AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-03] (Google Inc.)
Task: {0ADEE31B-EE8F-4C4B-89AA-6C24E1227BAA} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic Professional\iologovernor64.exe [2014-08-13] (iolo technologies, LLC)
Task: {1894ED67-414A-4584-A7AE-3BFB5D330B95} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2997053151-1021370575-3583938921-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {195FC264-A097-4EDC-A56D-A3FFBB4225A4} - \Security Center Update - 270528284 No Task File <==== ATTENTION
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2D8E3BB8-A679-4DDD-8A67-67D47DAAE97A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-29] (Microsoft Corporation)
Task: {2E37BE91-6948-4C81-B8E3-4EE364BFE281} - System32\Tasks\Test TimeTrigger => C:\Users\Kulle\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {321C05BF-475C-44B9-8B84-CBA6F904F0A9} - \Security Center Update - 4237271463 No Task File <==== ATTENTION
Task: {32EE5C29-65A7-4AFE-909A-0277197D14D5} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {4FE8C2A0-4100-4D10-9893-6D93DF5BF1B1} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2997053151-1021370575-3583938921-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {520F949D-1A13-41CD-B6B4-98301271C887} - \Security Center Update - 1266932140 No Task File <==== ATTENTION
Task: {554AF825-9E3C-4574-B1DD-6F89887F1147} - \Security Center Update - 2186543397 No Task File <==== ATTENTION
Task: {63B6AC00-AABA-49EB-9C55-F65EC3A8C90E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-23] (AVAST Software)
Task: {6690C54E-5612-4BFE-AD60-BAA736922471} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2997053151-1021370575-3583938921-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {75AB27FC-BC2E-47AC-AF6D-64F39A07C74C} - \Security Center Update - 419914859 No Task File <==== ATTENTION
Task: {812FCFDC-7808-467E-A2A5-9FA856515505} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-03] (Google Inc.)
Task: {93D85001-0869-4D9B-8E84-3ED6C1AFB73D} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2997053151-1021370575-3583938921-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B733D698-0D5F-4DFD-BC48-880C819F7465} - \Security Center Update - 1600948070 No Task File <==== ATTENTION
Task: {BFB11C7F-FB43-427E-BBED-BE21231382AB} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install => C:\Windows\system32\NotificationUI.exe [2014-08-20] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CDEF9C26-1EED-4375-98A6-4489E348A80C} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2997053151-1021370575-3583938921-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {D9AB2117-CC03-4F33-AE1C-EDBD7EB611A6} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {DB9C061F-01A7-4C5D-A009-8AD0DF4591EB} - \Security Center Update - 4221024840 No Task File <==== ATTENTION
Task: {E1889B06-79D7-45BF-AAE6-8AFAA81522D9} - \nahearj No Task File <==== ATTENTION
Task: {E85C6E14-0C49-47FF-AC71-862718068926} - System32\Tasks\G2MUpdateTask-S-1-5-21-2997053151-1021370575-3583938921-1001 => C:\Users\Kulle\AppData\Local\Citrix\GoToMeeting\1694\g2mupdate.exe [2014-09-20] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F0CC4559-E0D5-4F1A-B004-D23C966C0C00} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2997053151-1021370575-3583938921-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {FD3C9A4C-2BA4-4517-8B0F-51E068852FA3} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2997053151-1021370575-3583938921-1001.job => C:\Users\Kulle\AppData\Local\Citrix\GoToMeeting\1694\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-11-09 03:59 - 2014-07-02 11:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-02-09 17:36 - 2011-02-09 17:36 - 00457200 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
2011-07-15 01:03 - 2011-07-15 01:03 - 00021488 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-07-02 18:28 - 2012-07-02 18:28 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll
2011-07-08 12:31 - 2011-07-08 12:31 - 00084464 _____ () C:\Program Files (x86)\Roxio 2012\5.0\CPMonitor.exe
2013-07-06 09:09 - 2013-04-19 15:51 - 00023328 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2013-07-06 09:09 - 2013-04-19 15:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll
2014-09-23 02:12 - 2014-09-23 02:12 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-23 03:50 - 2014-09-23 03:50 - 02865152 _____ () C:\Program Files\AVAST Software\Avast\defs\14092300\algo.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-07-15 01:03 - 2011-07-15 01:03 - 03297264 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll
2011-07-15 01:03 - 2011-07-15 01:03 - 00523248 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\TRREngine.dll
2011-07-15 01:03 - 2011-07-15 01:03 - 00107504 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll
2013-04-27 19:49 - 2012-10-29 17:29 - 00018944 _____ () C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll
2014-09-23 02:12 - 2014-09-23 02:12 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-08-07 14:27 - 2013-08-07 14:27 - 00110088 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 01135616 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMSWrap.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00656896 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00105472 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMCDP.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00098816 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\FolderCDP.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00031232 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\Autobackup.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00054784 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RosettaAllShare.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00077312 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MetadataFramework.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00520234 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\sqlite3.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00450560 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MoodExtractor.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 05717504 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMImgExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00029184 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AutoChaptering.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00027648 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AudioExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ImageExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00013824 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\TextExtractor.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00147456 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexpat.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00012288 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoThumb.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00063488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ID3Driver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00023040 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RichInfoDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00017920 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ThumbnailMaker.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00133120 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoMetadataDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\SECMetaDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00024064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\photoDriver.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 04671488 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avcodec-52.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00686080 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avformat-52.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00070656 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avutil-50.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00152064 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\swscale-0.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00366592 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\tag.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00289792 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libThumbnail.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 00290304 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libKeyFrame.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00399826 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexif-12.dll.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 00044032 _____ () C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\us.dll
2013-07-06 09:09 - 2013-05-02 16:01 - 01813792 _____ () C:\Program Files (x86)\Dell Backup and Recovery\OLCoreWrapper.dll
2013-04-27 19:51 - 2010-04-15 09:09 - 00098304 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia ShowBiz\VEAUtility.dll
2013-04-27 19:51 - 2010-04-15 11:00 - 00038912 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia ShowBiz\XMLWrapper.dll
2013-04-27 19:51 - 2006-11-08 14:58 - 00449280 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia ShowBiz\fpxlib.dll
2013-04-27 19:51 - 2007-06-06 17:54 - 00027392 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia ShowBiz\MagicDLL\MagPanelCallBackCtrl.dll
2013-04-27 19:51 - 2010-04-15 09:09 - 00102400 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia ShowBiz\VEAAudioRecorder.dll
2013-04-27 19:51 - 2009-12-21 16:38 - 00090112 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia ShowBiz\CaptureAudio.dll
2013-04-27 19:51 - 2010-04-15 10:36 - 00050688 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia ShowBiz\PlugIn_Transition\DissolvesTransition.dll
2013-04-27 19:51 - 2009-08-21 15:15 - 00590848 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia ShowBiz\PlugIn_Transition\DissolvesTransitionRes.at
2013-04-27 19:51 - 2010-04-15 10:36 - 00047616 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia ShowBiz\PlugIn_Transition\SlidesTransition.dll
2013-04-27 19:51 - 2009-12-09 15:45 - 00685568 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia ShowBiz\PlugIn_Transition\SlidesTransitionRes.at
2013-04-27 19:51 - 2010-04-15 10:37 - 00049152 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia ShowBiz\PlugIn_Transition\SpecialTransition.dll
2013-04-27 19:51 - 2009-08-21 15:15 - 00793088 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia ShowBiz\PlugIn_Transition\SpecialTransitionRes.at
2013-04-27 19:51 - 2010-04-15 10:37 - 00109568 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia ShowBiz\PlugIn_Transition\WipeTransition.dll
2013-04-27 19:51 - 2009-08-21 15:15 - 00619520 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia ShowBiz\PlugIn_Transition\WipeTransitionRes.at
2013-04-27 19:51 - 2009-11-19 16:00 - 00025600 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia ShowBiz\EffectMgr.dll
2013-04-27 19:51 - 2010-04-15 10:44 - 00100352 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia ShowBiz\PlugIn_Effect\FiltersEffect.dll
2013-04-27 19:51 - 2009-08-21 15:12 - 00521728 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia ShowBiz\PlugIn_Effect\FiltersEffectRes.ae
2013-04-27 19:51 - 2010-04-15 10:45 - 00053760 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia ShowBiz\PlugIn_Effect\OrientationEffect.dll
2013-04-27 19:51 - 2009-08-21 15:12 - 00373248 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia ShowBiz\PlugIn_Effect\OrientationEffectRes.ae
2013-04-27 19:51 - 2009-11-23 17:45 - 00028672 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia ShowBiz\GetQTVer.dll
2013-04-27 19:51 - 2009-12-21 17:56 - 00131072 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia ShowBiz\VEAUploadToOVI.dll
2013-04-27 19:51 - 2010-04-15 09:10 - 00114688 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia ShowBiz\VEAECommerce.dll
2013-04-27 19:51 - 2010-08-19 14:12 - 00058880 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia ShowBiz\EM2800dll.dll
2014-08-13 07:09 - 2014-08-13 07:09 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 09:41 - 2014-05-24 09:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 09:41 - 2014-05-24 09:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0888F409
AlternateDataStreams: C:\ProgramData\Temp:3440EB47
AlternateDataStreams: C:\ProgramData\Temp:66633281
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Java JRE Update Manager"
HKLM\...\StartupApproved\Run32: => "Huatbuofwukogi"
HKCU\...\StartupApproved\StartupFolder: => "WMPDMC.lnk"
HKCU\...\StartupApproved\StartupFolder: => "WMPDMCCrap.lnk"
HKCU\...\StartupApproved\Run: => "WMPDMC"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/23/2014 01:36:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HauppaugeTVServer.exe, version: 1.2.30292.0, time stamp: 0x510167da
Faulting module name: MSVCR90.dll, version: 9.0.30729.6871, time stamp: 0x4fee6073
Exception code: 0x40000015
Fault offset: 0x0005beae
Faulting process id: 0x16e0
Faulting application start time: 0xHauppaugeTVServer.exe0
Faulting application path: HauppaugeTVServer.exe1
Faulting module path: HauppaugeTVServer.exe2
Report Id: HauppaugeTVServer.exe3
Faulting package full name: HauppaugeTVServer.exe4
Faulting package-relative application ID: HauppaugeTVServer.exe5

Error: (09/23/2014 01:35:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HauppaugeTVServer.exe, version: 1.2.30292.0, time stamp: 0x510167da
Faulting module name: MSVCR90.dll, version: 9.0.30729.6871, time stamp: 0x4fee6073
Exception code: 0x40000015
Fault offset: 0x0005beae
Faulting process id: 0x2b14
Faulting application start time: 0xHauppaugeTVServer.exe0
Faulting application path: HauppaugeTVServer.exe1
Faulting module path: HauppaugeTVServer.exe2
Report Id: HauppaugeTVServer.exe3
Faulting package full name: HauppaugeTVServer.exe4
Faulting package-relative application ID: HauppaugeTVServer.exe5

Error: (09/23/2014 01:35:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HauppaugeTVServer.exe, version: 1.2.30292.0, time stamp: 0x510167da
Faulting module name: MSVCR90.dll, version: 9.0.30729.6871, time stamp: 0x4fee6073
Exception code: 0x40000015
Fault offset: 0x0005beae
Faulting process id: 0x2e30
Faulting application start time: 0xHauppaugeTVServer.exe0
Faulting application path: HauppaugeTVServer.exe1
Faulting module path: HauppaugeTVServer.exe2
Report Id: HauppaugeTVServer.exe3
Faulting package full name: HauppaugeTVServer.exe4
Faulting package-relative application ID: HauppaugeTVServer.exe5

Error: (09/23/2014 01:35:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HauppaugeTVServer.exe, version: 1.2.30292.0, time stamp: 0x510167da
Faulting module name: MSVCR90.dll, version: 9.0.30729.6871, time stamp: 0x4fee6073
Exception code: 0x40000015
Fault offset: 0x0005beae
Faulting process id: 0x1afc
Faulting application start time: 0xHauppaugeTVServer.exe0
Faulting application path: HauppaugeTVServer.exe1
Faulting module path: HauppaugeTVServer.exe2
Report Id: HauppaugeTVServer.exe3
Faulting package full name: HauppaugeTVServer.exe4
Faulting package-relative application ID: HauppaugeTVServer.exe5

Error: (09/23/2014 01:35:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_mshtml, version: 6.2.9200.16384, time stamp: 0x50109cdd
Faulting module name: ntdll.dll, version: 6.2.9200.16912, time stamp: 0x536464ba
Exception code: 0xc0000005
Fault offset: 0x0000000000005491
Faulting process id: 0x27ac
Faulting application start time: 0xrundll32.exe_mshtml0
Faulting application path: rundll32.exe_mshtml1
Faulting module path: rundll32.exe_mshtml2
Report Id: rundll32.exe_mshtml3
Faulting package full name: rundll32.exe_mshtml4
Faulting package-relative application ID: rundll32.exe_mshtml5

Error: (09/23/2014 01:35:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HauppaugeTVServer.exe, version: 1.2.30292.0, time stamp: 0x510167da
Faulting module name: MSVCR90.dll, version: 9.0.30729.6871, time stamp: 0x4fee6073
Exception code: 0x40000015
Fault offset: 0x0005beae
Faulting process id: 0x1cb8
Faulting application start time: 0xHauppaugeTVServer.exe0
Faulting application path: HauppaugeTVServer.exe1
Faulting module path: HauppaugeTVServer.exe2
Report Id: HauppaugeTVServer.exe3
Faulting package full name: HauppaugeTVServer.exe4
Faulting package-relative application ID: HauppaugeTVServer.exe5

Error: (09/23/2014 01:35:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16912, time stamp: 0x53645e25
Exception code: 0xc0000005
Fault offset: 0x00061830
Faulting process id: 0x2514
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (09/23/2014 01:35:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16537, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16912, time stamp: 0x53645e25
Exception code: 0xc0000005
Fault offset: 0x00061830
Faulting process id: 0x2a04
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (09/23/2014 01:35:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HauppaugeTVServer.exe, version: 1.2.30292.0, time stamp: 0x510167da
Faulting module name: MSVCR90.dll, version: 9.0.30729.6871, time stamp: 0x4fee6073
Exception code: 0x40000015
Fault offset: 0x0005beae
Faulting process id: 0x2e38
Faulting application start time: 0xHauppaugeTVServer.exe0
Faulting application path: HauppaugeTVServer.exe1
Faulting module path: HauppaugeTVServer.exe2
Report Id: HauppaugeTVServer.exe3
Faulting package full name: HauppaugeTVServer.exe4
Faulting package-relative application ID: HauppaugeTVServer.exe5

Error: (09/23/2014 01:35:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HauppaugeTVServer.exe, version: 1.2.30292.0, time stamp: 0x510167da
Faulting module name: MSVCR90.dll, version: 9.0.30729.6871, time stamp: 0x4fee6073
Exception code: 0x40000015
Fault offset: 0x0005beae
Faulting process id: 0x2180
Faulting application start time: 0xHauppaugeTVServer.exe0
Faulting application path: HauppaugeTVServer.exe1
Faulting module path: HauppaugeTVServer.exe2
Report Id: HauppaugeTVServer.exe3
Faulting package full name: HauppaugeTVServer.exe4
Faulting package-relative application ID: HauppaugeTVServer.exe5

System errors:
=============
Error: (09/23/2014 01:36:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HauppaugeTVServer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (09/23/2014 01:35:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HauppaugeTVServer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (09/23/2014 01:35:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HauppaugeTVServer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (09/23/2014 01:35:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HauppaugeTVServer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (09/23/2014 01:35:35 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (09/23/2014 01:35:35 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Error: (09/23/2014 01:35:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HauppaugeTVServer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (09/23/2014 01:35:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HauppaugeTVServer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (09/23/2014 01:35:19 PM) (Source: DCOM) (EventID: 10010) (User: Office_PC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (09/23/2014 01:35:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HauppaugeTVServer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (09/23/2014 01:36:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HauppaugeTVServer.exe1.2.30292.0510167daMSVCR90.dll9.0.30729.68714fee6073400000150005beae16e001cfd76dfbe485d1C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_50944e7cbcb706e5\MSVCR90.dll3a2eb456-4361-11e4-8457-90b11c7065c0

Error: (09/23/2014 01:35:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HauppaugeTVServer.exe1.2.30292.0510167daMSVCR90.dll9.0.30729.68714fee6073400000150005beae2b1401cfd76df774c41cC:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_50944e7cbcb706e5\MSVCR90.dll35bf6925-4361-11e4-8457-90b11c7065c0

Error: (09/23/2014 01:35:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HauppaugeTVServer.exe1.2.30292.0510167daMSVCR90.dll9.0.30729.68714fee6073400000150005beae2e3001cfd76df361f756C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_50944e7cbcb706e5\MSVCR90.dll31ab3b56-4361-11e4-8457-90b11c7065c0

Error: (09/23/2014 01:35:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HauppaugeTVServer.exe1.2.30292.0510167daMSVCR90.dll9.0.30729.68714fee6073400000150005beae1afc01cfd76dece80f9bC:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_50944e7cbcb706e5\MSVCR90.dll2b48b072-4361-11e4-8457-90b11c7065c0

Error: (09/23/2014 01:35:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_mshtml6.2.9200.1638450109cddntdll.dll6.2.9200.16912536464bac0000005000000000000549127ac01cfd76dea269dc4C:\Windows\system32\rundll32.exeC:\Windows\SYSTEM32\ntdll.dll294a6263-4361-11e4-8457-90b11c7065c0

Error: (09/23/2014 01:35:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HauppaugeTVServer.exe1.2.30292.0510167daMSVCR90.dll9.0.30729.68714fee6073400000150005beae1cb801cfd76de88f10d0C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_50944e7cbcb706e5\MSVCR90.dll271a4cd9-4361-11e4-8457-90b11c7065c0

Error: (09/23/2014 01:35:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.1691253645e25c000000500061830251401cfd76de6ad9afeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll255596d9-4361-11e4-8457-90b11c7065c0

Error: (09/23/2014 01:35:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe10.0.9200.165375010888antdll.dll6.2.9200.1691253645e25c0000005000618302a0401cfd76de61f7d34C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SYSTEM32\ntdll.dll255548ac-4361-11e4-8457-90b11c7065c0

Error: (09/23/2014 01:35:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HauppaugeTVServer.exe1.2.30292.0510167daMSVCR90.dll9.0.30729.68714fee6073400000150005beae2e3801cfd76de454d0a5C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_50944e7cbcb706e5\MSVCR90.dll22a1e5ea-4361-11e4-8457-90b11c7065c0

Error: (09/23/2014 01:35:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HauppaugeTVServer.exe1.2.30292.0510167daMSVCR90.dll9.0.30729.68714fee6073400000150005beae218001cfd76de03fab6eC:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_50944e7cbcb706e5\MSVCR90.dll1e965cd3-4361-11e4-8457-90b11c7065c0

==================== Memory info ===========================

Processor: Intel® Core i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 22%
Total physical RAM: 16344.98 MB
Available physical RAM: 12746.34 MB
Total Pagefile: 32728.98 MB
Available Pagefile: 28142.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1854.76 GB) (Free:1249.92 GB) NTFS
Drive d: (My Book) (Fixed) (Total:2794.49 GB) (Free:863.92 GB) NTFS
Drive k: (Seagate Backup Plus Drive) (Fixed) (Total:3726.01 GB) (Free:545.96 GB) NTFS
Drive l: (Seagate Backup Plus Drive) (Fixed) (Total:3726.01 GB) (Free:137.71 GB) NTFS
Drive m: (Seagate Backup Plus Drive) (Fixed) (Total:3726.01 GB) (Free:195.32 GB) NTFS
Drive n: (Seagate Backup Plus Drive) (Fixed) (Total:3726.01 GB) (Free:52.8 GB) NTFS
Drive o: (Seagate Backup Plus Drive) (Fixed) (Total:3726.01 GB) (Free:973.23 GB) NTFS
Drive p: (Seagate Backup Plus Drive) (Fixed) (Total:3726.01 GB) (Free:689.82 GB) NTFS
Drive y: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 7877050F)

Partition: GPT Partition Type.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 2.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 3.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 4.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 5.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 6.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 7.

==================== End Of Log ============================

Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Hello AnotherNewVictim, welcome to Malwarebytes' Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. :)
 
General P2P/Piracy Notice:
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
  • Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation & providing the best set of instructions for you.
  • Please backup important documents before proceeding with my instructions.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before you run anything.
  • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
     

======================================================
 
Please consider the following warning, and let me know how you wish to proceed. 
 

goGMWSt.gifBACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.

Please disconnect your computer from the internet immediately. If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, email, eBay, paypal, online forums, etc). Consider these accounts already compromised.

If you have used a router, you will need to reset it with a strong logon/password to ensure the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach immediately. Please read the following for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Whilst the identified infection(s) can be removed, there is no way to guarantee that your computer will be trustworthy again. This is due to the nature of the infection, which allows the attacker complete control over the computer. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat the hard drive and reinstall the Operating System. Please read the following articles for more information.

Please let me know how you wish to proceed, and if you have any questions.

 

Link to post
Share on other sites
AnotherNewVictim

AnotherNewVictim

Posted
  • Author
Posted

My only other computer is my old XP machine.  It has been turned off for a few months, until I encountered problems with this machine and used it for web searches.  It is (U-Verse) networked with this one, I believe.  Is that machine safe for changing passwords?  Is this machine safe for passwords, since Avast and MWBAM seem to constantly be trapping unauthorized outbound connections?

Link to post
Share on other sites
AnotherNewVictim

AnotherNewVictim

Posted
  • Author
Posted

Further, I had the last 15 years of my life on this machine.  I am considering paying the ransom to get the encryption key.  Do you have any statistics or information about numbers or percentages of people who paid and whether or not they were able to recover their files?  It is a lot of money ($500 for 48 more hours) and I hate paying it, but there are files that I'm not sure I've realized I've lost yet.  Also, the whole bitcoin thing scares me, as I know nothing about it.

Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Hi Tom, 

 

I don't believe a machine running Windows XP should be connected to the Internet. 

So in my personal opinion, I would suggest looking for an alternative. Perhaps a mobile or tablet? 

 

If the Windows XP machine is your only option then it's probably best you go ahead and use it. Whilst I'm not an advocate, it would be better than doing nothing.

Do not use the infected PC to change passwords. 

 

-----------

 

Regarding the ransomware; your original post indicates you have already removed the infection with MBAM. How do you still have the ability to pay the ransom? 

If you are certain the ransomware is CryptoWall (there are many encrypting ransomware variants, some of whom use the same name as other infections), please read the following article. Brute forcing the encryption is not possible as CryptoWall uses RSA encryption. Unless you have backups, the only other options (excluding paying the ransom) are hit and miss I'm afraid (see "How to restore files encrypted by CryptoWall" in the linked article). 

 

You may also wish to read this rather lengthy discussion topic on the infection. 

Take note of users reporting that paying the ransom did not work. This may influence your decision. 

 

-----------

 

On top of CryptoWall, you're also infected with Poweliks and Zbot banking malware. Both infections open a backdoor. Zbot specifically targets banking credentials and passwords, making it all the more important you change account details as soon as possible.

Link to post
Share on other sites
AnotherNewVictim

AnotherNewVictim

Posted
  • Author
Posted

Hi, Adam!

In your links in the back door warning section, both "How do I handle" and "When should I reformat" point to the reformat FAQ. I think the correct link for the ID theft FAQ is http://www.DSLReports.com/FAQ/10451.

In reading the "When should I reformat" page, I was leaning toward a medium extreme recovery measure. After last night, I am convinced I need to reformat and start from scratch.

My pc worked ok yesterday. It seemed like Avast and MBAM were doing their jobs, giving constant warnings, so I felt that at least nothing was getting out. At some point, I noticed that MBAM was no longer running. When I tried to start it up, it briefly popped up and then shut down again. I tried to uninstall it and then reinstall it from my downloads folder, neither the free version nor the premium version would install. Thinking that whatever was taking over my machine might have tweaked the exe files in the downloads folder, I deleted them both and downloaded a fresh copy of the free version. When, I try to install this, I get 5 error messages and no install.

The messages are:

Internal error: Expression error 'Runtime error (at 79:177): External exception E06D7363.'. This exact message pops up 3 times, then:

Runtime error (at 69:252): External exception E06D7363.'

Internal error: Expression error 'Runtime error (at 45:89): External exception E06D7363.'.

In desperation, I tried RogueKiller. Each time, it finds Poweliks and kills it, but Poweliks is back on every reboot. The machine is left off and the Ethernet cable is pulled, until I know what to do next. I have borrowed my sis's iPad and am connecting via 3G.

My plan is as follows:

Get my pc as clean as possible, with both Avast and MBAM protecting it.

Scan and copy off any files that I can salvage.

Reformat and reload win8.

Get Avast and MBAM running and updated.

Get my OS updates loaded.

Start rescanning and reloading saved files.

Set up a proper back-up regime.

Stay on top of back-ups, updates and scans.

How does this sound. What have I missed?

Do I start a new thread for the first item, or continue here?

Should I re-run FRST and post the new logs?

Thanks for your help so far and for any additional help you can provide!

Tom

Link to post
Share on other sites
AnotherNewVictim

AnotherNewVictim

Posted
  • Author
Posted

I was thinking that getting the scanners working properly would give me the best chance at uninfected data files to save off. I'd hate to go through the pain of reformatting, only to bring in who knows what when I reload the files back on the clean system. It sounds like you think it's not worth the effort required to do a pre-scan, as that would basically offer just a little more peace of mind. If I attach a USB disc drive containing all my files to a (my) cleaned (reformatted) pc, is it possible for anything to copy itself to my pc upon connection, before the USB drive has been scanned?

Regarding the Cryptowall ransom, I have come to a decision. This goes against every fiber of my being (as an upstanding citizen), but I have decided to pay. I think I'd feel worse sometime down the line, once I realize the magnitude of what I'd lost, thinking "what if" or "why didn't I" than I will if they rip me off again by not providing the key. If it gets my files all back, it will be worth the money, but the terrorism sickens me.

I will let you know what happens.

Thanks for your help.

Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Hello, 
 

If I attach a USB disc drive containing all my files to a (my) cleaned (reformatted) pc, is it possible for anything to copy itself to my pc upon connection, before the USB drive has been scanned?

There are preventative measures we can take to vaccinate your computer and USB drive from autorun infections. We also have the option of booting into a Linux environment. 
However, nothing can categorically prevent you, the end-user, from physically copying an infected file onto a USB drive, and then transferring the file back.
 

Regarding the Cryptowall ransom, I have come to a decision. This goes against every fiber of my being (as an upstanding citizen), but I have decided to pay.

Have you looked into the options listed in the article I linked? 
 

How to restore files encrypted by CryptoWall
If your files have become encrypted and you are not going to pay the ransom then there are a few methods you can try to restore your files.

Method 1: Backups
The first and best method is to restore your data from a recent backup. If you have been performing backups, then you should use your backups to restore your data.
 
Method 2: File Recovery Software
When CryptoWall encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you can use file recovery software such as R-Studio or Photorec to possibly recover some of your original files. It is important to note that the more you use your computer after the files are encrypted the more difficult it will be for file recovery programs to recover the deleted un-encrypted files.
 
Method 3: Shadow Volume Copies
As a last resort, you can try to restore your files via Shadow Volume Copies. Unfortunately, this infection will attempt to delete any Shadow Volume Copies on your computer, but sometimes it fails to do so and you can use them to restore your files. For more information on how to restore your files via Shadow Volume Copies, please see the link below:
 
How to restore files encrypted by CryptoWall using Shadow Volume Copies

 
 
Whilst you may already be aware, I must emphasize once more than there is just as much chance your files will not be decrypted as there is they will if you go ahead and pay the ransom.
 
-------------------------------------
 
I have a 12 step set of instructions on how you can backup your data, make appropriate preparations, restore/reformat your machine and transfer your data back that I can provide once we know where we stand regarding your encrypted files. 
 
Please let me know how you get on with the encrypted files, and we can go from there.

Link to post
Share on other sites
AnotherNewVictim

AnotherNewVictim

Posted
  • Author
Posted

Hi, Adam!

Yes, I read the documents you linked to, along with many (hours of) others. I tried every recovery option I could find. Based on the positive ransomed recoveries reported by William (IIRC a trusted member-type) on one page, along with the experience of a close personal friend who was hit by CryptoWall in December, I decided I would regret not doing everything possible to get my files back, no matter how much it sickens and scares me. If the decryption works, I'd be happy to post additional details about the transactions and timing involved, but I'd prefer to do that once I get my keyboard back.

I paid the ransom last night and was provided a downloadable zip file, purported to contain my decryption key and a decryption exe.

My current plan is as follows:

I just got back from the store with a new USB HD. I am going to copy all non-encrypted files to it (so the "decrypter" can't do any further damage.

Unplug the new drive.

Run the decryption and verify the results.

Reformat and reload win8.

Get Avast and MBAM running and updated.

Get my OS updates loaded.

Plug in the new HD. Is there anything I should do before scanning with both Avast and MBAM?

Start rescanning and reloading saved files.

Set up a proper back-up regime.

Stay on top of back-ups, updates and scans.

Could you please post your 12-step link so I can see if there's anything I haven't thought of saving?

Thanks!

Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Hi Tom, 

 

Here are the steps (11, not 12) I provide to those seeking assistance with reformatting/restoring their computer to factory default.

 

STEP 1
ypeNg1J.png Panda USB Vaccine

  • Please download Panda USB Vaccine and save the file to your desktop.
  • Double-click USBVaccineSetup.exe to install the programme.
  • Read and accept the license agreement, then click Next.
  • Upon completion of the setup, ensure Launch Panda USB Vaccine is checked and click Finish.
  • Click the Vaccinate Computer button. It should now show a green checkmark and confirm Computer vaccinated.
  • Hold down the Shift key on your keyboard and insert your USB drive.
  • Follow these instructions on how to format your USB drive (this will remove all files on the device).
  • Return to Panda USB Vaccine. When the name of the drive appears in the Panda USB Vaccine dialog box, click the Vaccinate USB drive(s)button.
  • Exit the programme when done.

-- Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates an AUTORUN_.INF as protection against malicious code. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.
 
 
STEP 2
nSymGHK.png Folder Options

  • Press the Windows Key + r on your keyboard at the same time. Type Control Folders and click OK.
  • Click View. Under Hidden files and folders:
  • Place a checkmark next to Show hidden files, folders and drives.
  • Remove the checkmark next to Hide extensions for known file types.
  • Click Apply followed by OK.
     

STEP 3
LRQ3fDK.png Backup Data
The safest practice is not to backup any executable files (.exe), screensavers (.scr), dynamic link library (.dll), autorun (.ini) or script files (.php,.asp.htm.html.xml) files because they may be infected by malware. You should also avoid backing up compressed files (.zip.cab.rar) that have executables inside as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may disguise itself by hiding a file extension or by adding double file extensions (hence why STEP 2 is important) and/or space(s) in the file's name to hide the real extension, so be sure you look closely at the full file name.

  • Backing up documents, image, music and video is fine.
  • Specially crafted Word/Excel/PDF can be used for malicious intent, so I recommend only backing up such documents that you or other users created (as opposed to downloaded).
  • To repeat, do not backup up files with the following extensions:
.exe, .scr, .bat, .com, .cmd, .msi, .pif, .ini, .htm, .html, .hta, .php, .asp, .xml, .zip, .rar, .cab
  • Once you have decided which files you wish to backup, copy the files over to the USB drive. 
     

STEP 4
CXrghb6.png Download Installation Files
I recommend downloading your Network Adapter drivers before reformatting. This is a precaution in case you experience issues with Internet connectivity after reformatting.

  • Press the Windows Key + r on your keyboard at the same time. Type devmgmt.msc and click OK.
  • Locate Network Adapters and click the corresponding drop-down arrow.
  • Make a note of your Network Adapters.
  • Using this Dell page, enter your relevant product details and locate the Network Adapters you noted down. Save the files to your USB drive. 
     

Download the Anti-Virus installation file of your choice. You need only download the installation file; do not click or open the file. Once downloaded, save the file to your USB drive. You must only install one Anti-Virus after reformatting.

Each paid-for Anti-Virus comes with a free trial if you wish to try the software before purchasing. Alternatively, you may wish to use the trial, and revert to a free anti-virus afterwards. 
 
For a paid solution, my choice of anti-virus is ESET NOD32. For a free solution, my choice of anti-virus is avast!. However, please be aware thatthere is no universal solution that works for everyone, and there is no single best anti-virus. What works for me may not work for you and your machine. 
 
Once you have downloaded the drivers and the Anti-Virus installation file of your choice, right-click the USB drive in the system-tray, and follow the prompts to safely remove the device. Now remove your USB drive from the computer 
 
 
STEP 5 
6YRrgUC.png Paid-for/Premium/Licensed Software
Do you have any paid-for software that was activated using a code or key? If so, ensure you have all relevant information noted down before reformatting. 
 
If you have a Malwarebytes Anti-Malware Premium license, but do not possess your details, follow the instructions below.
 

You cannot look up your Activation ID and Key from the Registry unless you have a previously licensed 1.x version installed.  Fresh installs now encrypt that data so make very sure you have your ID and Key before you proceed.  Previous 1.x PRO versions did store the ID and Key in the following locations of the Registry but a clean fresh install of version 2.0 will not store it in the Registry.
 

Location for Windows x86 32-Bit
HKEY_LOCAL_MACHINE\SOFTWARE\Malwarebytes' Anti-Malware
 
Location for Windows x64 64-Bit
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware

 
 
If you cannot locate your license activation information in the Registry and no longer have access to your order number you can contact cleverbridge to obtain information about your order including license registration and activation information. Please note that cleverbridge does not offer technical support for any products. They will only provide you with your order information: Contact cleverbridge customer service If you purchased Malwarebytes Anti-Malware from another vendor or reseller and still require the license activation information you will need to contact that vendor or reseller to obtain the information before you proceed otherwise you will not be able to re-activate the product.

 

Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

The following steps explain how you can reformat/restore, setup your machine once done, and safely move your backed up data across. 
 
STEP 6
jUWtJiD.png Reformatting/Restoring
There are several options available.

  • Restore to factory default using your Dell DBRM (Windows 8).
  • Reformat using Windows built-in tools.
  • Reformat using Darik's Boot and Nuke (DBAN).

The advantage of using your Recovery partition is that you do not need to reinstall Windows afterwards. The Recovery partition will restore the computer to the state it was before the very first time you switched it on. This is the option I recommend you take. 
 
Before proceeding, double-check you have backed up all the files you need. Now follow these instructions on using your Dell DBRM to restore to factory default. Take heed of the warnings provided to you, and take your time as you progress through the various stages. Do not click or agree to anything without first ensuring you've fully read what you're agreeing to. 
 
 
STEP 7
dPS9R8h.png Computer Setup
Before restoring your backed up data, it's important you do the following in the order specified.
 
Confirm Windows Firewall is enabled

  • Press the Windows Key + r on your keyboard at the same time. Type firewall.cpl and click OK.
  • Confirm Windows Firewall is enabled.
  • If not, enable the Firewall.

Install an Anti-Virus

  • Hold the shift key and insert your USB drive. Move the AV installation file to your Desktop. Remove your USB drive.
  • Open the installation file, and follow the prompts to install the Anti-Virus.
  • Once installed, connect to Internet and immediately download the latest updates for the Anti-Virus.
  • Run a scan if you wish to.
  • Note: Avast! requires an active Internet connection during the installation. You must connect to the Internet before starting the installation if you chose avast!.

Install Windows Updates

  • Press the Windows Key + r on your keyboard at the same time. Type wuapp.exe and click OK.
  • Click Check for updates.
  • Install all recommended updates (you may wish to uncheck any optional updates).
  • Do not use the computer whilst updates are installing.

Confirm there are no Issues with...

  • Audio/Sound
  • Battery
  • Display
  • CD/DVD drive
  • Keyboard
  • Mouse
  • Wireless Network

If you find issues with any of the above, do the following.

  • Press the Windows Key + r on your keyboard at the same time. Type devmgmt.msc and click OK.
  • Locate the relevant category, and click the corresponding drop-down arrow.
  • Right-click the relevant driver, and click Uninstall.
  • Follow any prompts.
  • Reboot your computer.
  • Windows should notify you that it has found and installed the driver after the reboot.
  • Confirm if the issue is resolved. 
     

STEP 8
ypeNg1J.png Panda USB Vaccine

  • Install Panda USB Vaccine as instructed in STEP 1. Skip the instructions that proceed Computer vaccinated.
  • I recommend keeping the programme installed for future use. 
     

STEP 9
LRQ3fDK.png Restoring Backed Up Data

  • Hold the shift key and insert your USB drive.
  • Open your Anti-Virus. Run a scan, ensuring you select the option to scan removal media or the drive letter associated with your USB drive.
  • Confirm no threats found.
  • Open Windows Explorer, and navigate to your USB drive. Copy the backed up files to your Desktop, or the location of your choice.
  • Remove your USB drive.
     

STEP 10
CXrghb6.png Install Previously Installed Software
Here are links to some of your previously installed software. I do not recommend installing Java for the reasons below.

Using Java is an unnecessary security risk; especially using older versions which have vulnerabilities that malicious sites can use to exploit and infect your system.

Java is one of those technologies that you find installed on the majority of computer systems despite the fact that average users do not come across many Java-powered websites or desktop applications [...] According to W3Techs, only four percent of websites use Java on the server side [...] it is used by 0.2 percent of all websites on the client side. And two tenths of a percent includes sites that do not use it for their core functionality [...] there are sites and applications that require Java, and if you use any of them, you obviously need Java. But that makes you a minority. The majority of Internet users do not need Java. They do not need the Java plugin, nor do they need the Java Runtime Environment installed on their operating system.

Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Below I have compiled a list of recommend software and resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.
 
STEP 11
CXrghb6.png Recommended Software
The following programmes come highly recommended in the security community.

  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • x7D2ig3K.png.pagespeed.ic.x4TC1AK8OX.jpg Emsisoft Antimalware (free) acts as an additional on-demand scanner, and can be used in conjunction with your Anti-Virus. 
  • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) incorporates real-time protection and is designed to run alongside your Anti-Virus. 
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. 
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from writing to your HDD unless you approve the file. 
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xsHjS79L.png.pagespeed.ic.n4Sk8_GzZn.jpg Unchecky automatically removes checkmarks for additional software in programme installers, helping you avoid adware and PUPs. 
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert the user before interacting with a potentially malicious website. 
     

Setup on my Windows 8 machine:

  • ESET Smart Security
  • Malwarebytes Anti-Malware Premium
  • Emsisoft Antimalware
  • Sandboxie
  • SpywareBlaster
  • Secunia PSI
  • CCleaner
  • WOT, Adblock & NoScript
Link to post
Share on other sites
AnotherNewVictim

AnotherNewVictim

Posted
  • Author
Posted

Wow! That's a lot of information. Unfortunately, I already had started copying files by the time I saw your response. You replied much faster than I had hoped. I had about 4 to 5 hours in, but the bulk of that was in deciding what to copy. I assume you would recommend that I start over and I don't want to skip any steps, so I am now copying my selected files back to a new subdirectory on C: drive. Once that is done, I will start with the Panda USB Vaccine program.

Can you advise about any files that are not in the usual "My ..." folders? I'm talking about the stuff that's easy to forget on a reload, like Outlook (e-mails & contacts), favorites and any files saved to the desktop. Can you think of anything else?

Questions after initial perusal of your procedure:

Step 3:

The only zip files I can think of are either ones that I created or that I downloaded from known sources. If they contain only images, videos and music (no exe suffices), then are they OK to copy?

Step 4:

It seems counterintuitive to download anything while who knows what is running, especially while connected to the web.

Also, is it ok to initially bring it up with Windows Defender and Windows Firewall, since they will both be in the clean image?

You don't mention MBAM here. It looks like you're lumping it in with other stuff in Step 10. I suppose I should install that before the other listed programs?

Step 10:

Java. Before I used it in a programming class, I'm pretty sure that I had been told by a website that I needed to download it for something to work properly. I'll admit I haven't read the Java links you provided yet, but it sounds as if I should reply "no" to such questions in the future for pretty much anything. Does the download pop up from my OS or from the web page? If the latter, what's to stop an unscrupulous web developer from labeling the download button as "No"?

Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Hello Tom,
 

Wow! That's a lot of information. Unfortunately, I already had started copying files by the time I saw your response. You replied much faster than I had hoped. I had about 4 to 5 hours in, but the bulk of that was in deciding what to copy. I assume you would recommend that I start over and I don't want to skip any steps, so I am now copying my selected files back to a new subdirectory on C: drive. Once that is done, I will start with the Panda USB Vaccine program.

Ultimately, it's up to you. Panda USB Vaccine will prevent your USB drive from transferring autorun infections to your clean PC (or your freshly reformatted PC). 
 

Can you advise about any files that are not in the usual "My ..." folders? I'm talking about the stuff that's easy to forget on a reload, like Outlook (e-mails & contacts), favorites and any files saved to the desktop. Can you think of anything else?

Go through every subfolder of C:\Users\Kulle. 
If you have other user accounts, now would be the time to login and check for personal files. 
Other than that, you shouldn't have personal files saved anywhere else. 
 

The only zip files I can think of are either ones that I created or that I downloaded from known sources. If they contain only images, videos and music (no exe suffices), then are they OK to copy?

Yes, image, video and music files are OK as long as you can account for the files (whether it be files you've created or downloaded from a known source). 
 

It seems counterintuitive to download anything while who knows what is running, especially while connected to the web.

Apologies, that step isn't clear. Downloading your Network Adapters and Anti-Virus setup file should be done on a clean PC. Should anything go wrong with the reformat/restore and you find yourself without Internet access, you may appreciate having the adapters readily available at hand.
 
By downloading your Anti-Virus setup file, you can ensure you need not connect to the Internet until after your Anti-Virus is installed (or during the avast! installation process, as you must be connected with this Anti-Virus). Of course, with Windows 8 this isn't as much an issue (see below).
 

Also, is it ok to initially bring it up with Windows Defender and Windows Firewall, since they will both be in the clean image?

If you don't want to download your Anti-Virus setup file in advance, by all means turn on Windows Defender which is of course a fully fledged Anti-Virus. As with STEP 7, you must ensure Windows Firewall is enabled after the reformat/restore. 
 

You don't mention MBAM here. It looks like you're lumping it in with other stuff in Step 10. I suppose I should install that before the other listed programs?

If you have the Premium version then by all means install MBAM earlier. 
 

Java. Before I used it in a programming class, I'm pretty sure that I had been told by a website that I needed to download it for something to work properly. I'll admit I haven't read the Java links you provided yet, but it sounds as if I should reply "no" to such questions in the future for pretty much anything. Does the download pop up from my OS or from the web page? If the latter, what's to stop an unscrupulous web developer from labeling the download button as "No"?

Yes, some websites and games require Java. But as the quotation demonstrates, that would put you in a minority. Most Internet-users do not need Java. 
 
A website may tell you Java is required for the site to function correctly. This is normal, but if you do decide to download and install Java, I would only do so from the official site. Any pop-ups asking you to install Java should automatically be treated as malicious. This may not be the actual case, but it's a good habit to get into, and may help minimize the risk of infection.
 
I would hold back installing Java. Once all is sorted, and normal use of the computer can be resumed, you will quickly realise if you do or do not need Java.

Link to post
Share on other sites
AnotherNewVictim

AnotherNewVictim

Posted
  • Author
Posted

I don't have a second pc. I understood I was to load Panda onto the infected PE, vaccinate it and then vaccinate the USB drive from there, as the instructions seem to indicate they are done from the same running window.

At any rate, I will look into this later, as I have several other USB flash & hard drives to vaccinate.

Link to post
Share on other sites
LiquidTension

LiquidTension

Posted
Posted

Sorry, there appears to be a slight misunderstanding on my part.

We have another option you may be interested in. Download and install MCShield onto the infected machine. Backup your data, and run a scan to confirm the external drive is clean. Reformat/restore. Install MCShield again, insert your external drive and run a scan.

MCShield is specifically designed to catch infections known to propagate via USB drives.

http://www.mcshield.net/

Let me know how you get on.

-------------------------

Regarding Windows Updates, you may find it more beneficial to break the Updates into segments, and install one segment at a time.

You can start with the security updates, but the majority of Windows Updates are security patches in any case.

Link to post
Share on other sites
AnotherNewVictim

AnotherNewVictim

Posted
  • Author
Posted

OK, will do. I'm still copying files. As soon as the current batch finishes, I will get MCShield & install it. I'll then finish copying files.

Once I have everything copied, I will then get to try my expensive new software, the decryption program. I figure that may run all night, so I hope to verify decrypted files, copy them off, too, and rebuild in the morning. I will, of course, not be able to sleep until I'm able to check some preliminary decryption results.

Link to post
Share on other sites
AnotherNewVictim

AnotherNewVictim

Posted
  • Author
Posted

What about applying OS updates - should I select and apply the ones mentioning "security" first, or just apply them all in the order presented?

Do you set your updates to download and apply automatically, or just download?

Do you know if the automatic apply process will kill running programs if a reboot is required, or wait for them to finish?

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.