Jump to content

fffsee.com outbound continuously popping up + dllhost instances out of control


gpc007

Recommended Posts

This PC became infected before MalwareBytes was installed.  It was runnint ESET antivirus software. The original symptom is CPU being completely maxed with MANY instances of dllhost / COM Surrogate running.  These only get generated when connected to a network.  With WIFI disabled, the PC does not generate these. 

 

After installing MalwareBytes Premium, numerous files were detected and cleaned, but the problem persists.  In addition, every 3-5 seconds, MalwareBytes detects and blocks a "malicious website".  These sites vary, but I see a lot of "95.215.1.57" and "fffsee.com".

 

I ran FRST and below are the logs requested.  Thank you for any help you are able to provide.

 

 

FRST.TXT:

===============================================================================================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2014
Ran by Nikki (administrator) on LAPTOP-NIKKI on 24-09-2014 03:57:30
Running from H:\
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Pro Softnet Corporation) C:\IDrive\IDriveE Service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Rosetta Stone Ltd.) C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
( ) C:\IDrive\IDrivePlugin.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
() C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Pro Softnet Corp.) C:\IDrive\IDriveETray.exe
(Pro-SoftNet Corp, U.S.A) C:\IDrive\IDriveEBackground.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officec2rclient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [505720 2011-07-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [536668 2011-01-24] (IDT, Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5110672 2013-09-12] (ESET)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2602784 2013-12-04] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1942424 2014-08-29] (APN)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-475017880-3412151489-2877756071-1003\...\Run: [iDriveE Startup] => C:\IDrive\IDrvieEStartup.exe [185800 2011-06-24] (Pro Softnet Corporation)
HKU\S-1-5-21-475017880-3412151489-2877756071-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-08-18] (Google Inc.)
HKU\S-1-5-21-475017880-3412151489-2877756071-1003\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-21-475017880-3412151489-2877756071-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iDriveE Startup] => C:\IDrive\IDrvieEStartup.exe [185800 2011-06-24] (Pro Softnet Corporation)
HKU\S-1-5-21-475017880-3412151489-2877756071-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-08-18] (Google Inc.)
AppInit_DLLs: C:\Windows\system32\nvinit.dll => C:\Windows\system32\nvinit.dll [156256 2013-12-04] (NVIDIA Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\Users\Nikki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IDrive Tray.lnk
ShortcutTarget: IDrive Tray.lnk -> C:\IDrive\IDriveEReg2ini.exe (Pro Softnet Corp.)
ShellIconOverlayIdentifiers: EnabledUnlockedFDEIconOverlay -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: UninitializedFdeIconOverlay -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/webhp?sourceid=navclient&ie=UTF-8&gws_rd=ssl
SearchScopes: HKCU - DefaultScope {09CE4A42-A9A2-49DD-A0E0-06D95FCBB159} URL = http://www.search.ask.com/web?tpid=ORJ-ST-SPE&o=APN11460&pf=V7&p2=^BE6^OSJ000^YY^US&gct=&itbv=12.16.2.54&apn_uid=1F10A509-ADE8-4C22-8355-BB14ED0C6DA0&apn_ptnrs=BE6&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.17280&doi=2014-09-17&trgb=IE&q={searchTerms}&psv=&pt=tb
SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP1B2D0F91-D6D0-4410-902F-EED2BE72CC0B&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {01D17C2A-FD50-4CE9-B069-076D6DF7C0A5} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {09CE4A42-A9A2-49DD-A0E0-06D95FCBB159} URL = http://www.search.ask.com/web?tpid=ORJ-ST-SPE&o=APN11460&pf=V7&p2=^BE6^OSJ000^YY^US&gct=&itbv=12.16.2.54&apn_uid=1F10A509-ADE8-4C22-8355-BB14ED0C6DA0&apn_ptnrs=BE6&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.17280&doi=2014-09-17&trgb=IE&q={searchTerms}&psv=&pt=tb
BHO: Shopping App by Ask -> {4F524A2D-5354-2D53-5045-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport.dll (APN LLC.)
BHO: Ask Toolbar -> {4F524A2D-5637-4300-76A7-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll (APN LLC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Ask Toolbar - {4F524A2D-5637-4300-76A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7C\Passport.dll (APN LLC.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Shopping App by Ask - {4F524A2D-5354-2D53-5045-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport.dll (APN LLC.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Nikki\AppData\Roaming\Mozilla\Firefox\Profiles\zlrlv7md.default
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.com/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-03-08]

Chrome:
=======
CHR HomePage: Default -> FD2CDB8F12BBBE701DB84B78126884CB69BD9F81538EA0F5E6E30AB95EF6433F
CHR DefaultSearchKeyword: Default -> E9A44F1AD69990680DA158AFFDC8E360E82408F199F222DF9436CB027365880C
CHR DefaultSearchURL: Default -> 1FD560904E47B2C529B14DD7DC7181515BE594723CF5014D573428705F485C23
CHR CustomProfile: C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-18]
CHR Extension: (Google Drive) - C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-18]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-19]
CHR Extension: (YouTube) - C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-18]
CHR Extension: (Google Search) - C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-18]
CHR Extension: (Google Wallet) - C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-18]
CHR Extension: (Gmail) - C:\Users\Nikki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-08-29] (APN LLC.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1626800 2014-07-31] (Microsoft Corporation)
R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [826272 2010-10-25] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [32160 2010-10-25] (Broadcom Corporation)
R2 dcpsysmgrsvc; C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2011-01-20] (Dell Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1337752 2013-09-12] (ESET)
R2 IDriveE Service; C:\IDrive\IDriveE Service.exe [157128 2011-11-21] (Pro Softnet Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-01-18] (Hewlett-Packard) [File not signed]
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [72296 2010-02-10] (O2Micro International)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-01-18] (Hewlett-Packard) [File not signed]
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [605168 2014-02-19] (Paramount Software UK Ltd)
R2 RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [1646608 2012-06-19] (Rosetta Stone Ltd.)
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1477632 2010-11-03] (Wave Systems Corp.) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2011-01-24] (IDT, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed]
R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2337136 2011-03-04] (Wave Systems Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [43888 2010-12-13] (ST Microelectronics)
R3 BTWAMPFL; C:\Windows\System32\DRIVERS\btwampfl.sys [300584 2014-02-18] (Broadcom Corporation.)
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2010-08-24] (Broadcom Corporation)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [358224 2012-08-10] (Intel Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [188808 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [134248 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [122376 2013-09-17] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 MEI; C:\Windows\system32\drivers\HECI.sys [41088 2010-10-19] (Intel Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7434240 2010-12-21] (Intel Corporation)
S3 nusb3hub; C:\Windows\system32\drivers\nusb3hub.sys [62208 2010-11-19] (Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\system32\drivers\nusb3xhc.sys [141568 2010-11-19] (Renesas Electronics Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [208672 2013-12-04] (NVIDIA Corporation)
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [27936 2013-12-04] (NVIDIA Corporation)
R3 O2MDFRDR; C:\Windows\System32\DRIVERS\O2MDFxp.sys [60192 2011-01-04] (O2Micro )
S3 O2MDRRDR; C:\Windows\system32\drivers\O2MDRw7.sys [62440 2011-01-04] (O2Micro )
R3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjvst.sys [63976 2011-03-23] (O2Micro )
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16504 2013-06-28] (Macrium Software)
S3 ST7007; C:\Windows\system32\drivers\ST7007.sys [62576 2011-06-20] (STMicroelectronics)
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17648 2010-08-20] (ST Microelectronics)
S3 tcm; C:\Windows\system32\drivers\tcm.sys [12952 2009-04-17] ()

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 03:55 - 2014-09-24 03:57 - 00000000 ____D () C:\FRST
2014-09-24 03:07 - 2014-09-24 03:39 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-24 03:06 - 2014-09-24 03:06 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-24 03:06 - 2014-09-24 03:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-24 03:06 - 2014-09-24 03:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-24 03:06 - 2014-09-24 03:06 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-24 03:06 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-24 03:06 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-24 03:06 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-24 02:45 - 2014-09-24 02:45 - 00003288 ____N () C:\bootsqm.dat
2014-09-24 02:20 - 2014-03-04 05:17 - 00868352 _____ (Microsoft Corporation) C:\ProgramData\wsesfqh.dll
2014-09-24 02:20 - 2013-08-28 21:50 - 01289096 _____ (Microsoft Corporation) C:\ProgramData\qwypnms.dll
2014-09-23 23:00 - 2014-09-23 23:00 - 00048640 _____ () C:\Windows\system32\wosyw.dll
2014-09-23 23:00 - 2014-09-23 23:00 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-09-23 23:00 - 2014-09-23 23:00 - 00000000 _____ () C:\Windows\system32\xitpi.dll
2014-09-22 11:51 - 2014-09-22 11:51 - 00000000 ___RD () C:\Program Files\Skype
2014-09-22 11:51 - 2014-09-22 11:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-22 11:51 - 2014-09-22 11:51 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-21 02:27 - 2014-09-21 02:27 - 00049673 _____ () C:\Users\Nikki\Documents\SAB2.pptx
2014-09-21 00:09 - 2014-09-21 01:58 - 00044040 _____ () C:\Users\Nikki\Documents\SAB.pptx
2014-09-17 19:37 - 2014-09-17 19:37 - 00004477 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-09-17 19:37 - 2014-09-17 19:37 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-16 21:29 - 2014-09-16 21:29 - 00157639 _____ () C:\Users\Nikki\Documents\Spanish II 2.05.wma
2014-09-14 19:05 - 2014-09-14 19:05 - 00001351 _____ () C:\Users\Nikki\Desktop\Sticky Notes.lnk
2014-09-14 02:22 - 2014-09-24 00:24 - 00042462 _____ () C:\Users\Nikki\Documents\TTI IP.pptx
2014-09-13 23:35 - 2014-09-17 13:17 - 00592384 _____ () C:\Users\Nikki\Documents\rectangle2.pptx
2014-09-13 21:56 - 2014-09-13 21:57 - 00153088 _____ () C:\Users\Nikki\Documents\rectangle1.pptx
2014-09-13 13:06 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-13 13:06 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-13 13:06 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-13 13:06 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-13 13:06 - 2014-08-18 17:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-13 13:06 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-13 13:06 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-13 13:06 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-13 13:06 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-13 13:06 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-13 13:06 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-13 13:06 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-13 13:06 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-13 13:06 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-13 13:06 - 2014-08-18 17:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-13 13:06 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-13 13:06 - 2014-08-18 17:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-13 13:06 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-13 13:06 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-13 13:06 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-13 13:06 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-13 13:06 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-13 13:06 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-13 13:06 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-13 13:06 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-13 13:06 - 2014-08-18 17:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-13 13:06 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-13 13:06 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-13 13:06 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-13 13:06 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-13 13:06 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 22:09 - 2014-07-06 21:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 22:09 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 22:09 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 22:08 - 2014-09-04 21:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 22:08 - 2014-09-04 21:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 22:08 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 19:50 - 2014-09-10 21:09 - 00048347 _____ () C:\Users\Nikki\Documents\!.pptx
2014-09-08 14:16 - 2014-09-08 14:16 - 00031357 _____ () C:\Users\Nikki\Documents\kh.pptx
2014-09-08 00:01 - 2014-09-08 00:01 - 00363678 _____ () C:\Users\Nikki\Documents\FW2.pptx
2014-09-07 17:08 - 2014-09-07 17:08 - 00376320 _____ () C:\Users\Nikki\Documents\FW.pptx
2014-09-05 12:30 - 2014-09-05 17:59 - 02697294 _____ () C:\Users\Nikki\Documents\USH 1.05H.pptx
2014-09-03 21:19 - 2014-09-03 21:19 - 00630206 _____ () C:\Users\Nikki\Documents\English II 1.04(2).pptx
2014-09-03 12:29 - 2014-09-03 12:29 - 00000000 ____D () C:\Users\Nikki\Documents\Bluetooth Exchange Folder
2014-08-30 21:23 - 2014-09-03 21:19 - 00630231 _____ () C:\Users\Nikki\Documents\English II 1.04.pptx
2014-08-29 13:56 - 2014-08-29 13:56 - 00005844 _____ () C:\Users\Nikki\Documents\Algebra II 1.05 Grid.ggb
2014-08-28 11:16 - 2014-08-22 21:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 11:16 - 2014-08-22 20:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 03:57 - 2014-09-24 03:55 - 00000000 ____D () C:\FRST
2014-09-24 03:56 - 2009-07-14 00:34 - 00030896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-24 03:56 - 2009-07-14 00:34 - 00030896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-24 03:46 - 2010-11-20 17:01 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-24 03:39 - 2014-09-24 03:07 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-24 03:39 - 2014-08-18 12:26 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfbb013a16b54f.job
2014-09-24 03:39 - 2014-04-01 14:01 - 00000000 ____D () C:\IDrive
2014-09-24 03:38 - 2014-05-20 22:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-24 03:38 - 2014-02-18 18:07 - 01728290 _____ () C:\Windows\WindowsUpdate.log
2014-09-24 03:38 - 2010-11-20 17:48 - 00161328 _____ () C:\Windows\PFRO.log
2014-09-24 03:38 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-24 03:38 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\twain_32
2014-09-24 03:38 - 2009-07-14 00:39 - 00042432 _____ () C:\Windows\setupact.log
2014-09-24 03:37 - 2014-08-18 12:32 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfbb01ef80f922.job
2014-09-24 03:06 - 2014-09-24 03:06 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-24 03:06 - 2014-09-24 03:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-24 03:06 - 2014-09-24 03:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-24 03:06 - 2014-09-24 03:06 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-24 03:05 - 2014-03-08 02:28 - 00000000 ____D () C:\_Installs
2014-09-24 02:45 - 2014-09-24 02:45 - 00003288 ____N () C:\bootsqm.dat
2014-09-24 00:24 - 2014-09-14 02:22 - 00042462 _____ () C:\Users\Nikki\Documents\TTI IP.pptx
2014-09-23 23:00 - 2014-09-23 23:00 - 00048640 _____ () C:\Windows\system32\wosyw.dll
2014-09-23 23:00 - 2014-09-23 23:00 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-09-23 23:00 - 2014-09-23 23:00 - 00000000 _____ () C:\Windows\system32\xitpi.dll
2014-09-23 21:55 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-22 13:13 - 2014-03-08 06:50 - 00000000 ____D () C:\Users\Nikki\AppData\Roaming\Skype
2014-09-22 12:52 - 2014-03-08 16:42 - 00000000 ____D () C:\Users\Nikki\Documents\Personal
2014-09-22 11:51 - 2014-09-22 11:51 - 00000000 ___RD () C:\Program Files\Skype
2014-09-22 11:51 - 2014-09-22 11:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-22 11:51 - 2014-09-22 11:51 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-22 11:51 - 2014-03-08 06:50 - 00002503 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-22 11:51 - 2014-03-08 06:50 - 00000000 ____D () C:\ProgramData\Skype
2014-09-21 02:27 - 2014-09-21 02:27 - 00049673 _____ () C:\Users\Nikki\Documents\SAB2.pptx
2014-09-21 01:58 - 2014-09-21 00:09 - 00044040 _____ () C:\Users\Nikki\Documents\SAB.pptx
2014-09-17 21:07 - 2014-03-08 16:42 - 00000000 ____D () C:\Users\Nikki\Documents\myss
2014-09-17 19:40 - 2014-03-08 04:19 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-17 19:37 - 2014-09-17 19:37 - 00004477 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-09-17 19:37 - 2014-09-17 19:37 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-17 19:37 - 2014-03-08 04:22 - 00000000 ____D () C:\Program Files\Java
2014-09-17 13:17 - 2014-09-13 23:35 - 00592384 _____ () C:\Users\Nikki\Documents\rectangle2.pptx
2014-09-16 22:53 - 2014-03-08 16:43 - 00000000 ____D () C:\Users\Nikki\Documents\Spanish I
2014-09-16 21:29 - 2014-09-16 21:29 - 00157639 _____ () C:\Users\Nikki\Documents\Spanish II 2.05.wma
2014-09-15 09:06 - 2014-03-08 02:24 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 20:51 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-14 19:38 - 2014-03-08 04:14 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-14 19:38 - 2014-03-08 04:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-14 19:05 - 2014-09-14 19:05 - 00001351 _____ () C:\Users\Nikki\Desktop\Sticky Notes.lnk
2014-09-13 21:57 - 2014-09-13 21:56 - 00153088 _____ () C:\Users\Nikki\Documents\rectangle1.pptx
2014-09-13 13:06 - 2014-03-08 16:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-13 13:04 - 2014-04-30 16:45 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-13 13:04 - 2014-03-08 16:21 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 22:11 - 2014-08-18 12:27 - 00002135 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-10 21:09 - 2014-09-10 19:50 - 00048347 _____ () C:\Users\Nikki\Documents\!.pptx
2014-09-10 17:08 - 2014-08-19 09:53 - 00118076 _____ () C:\Users\Nikki\Documents\English II Pace Chart.xlsx
2014-09-08 14:16 - 2014-09-08 14:16 - 00031357 _____ () C:\Users\Nikki\Documents\kh.pptx
2014-09-08 00:01 - 2014-09-08 00:01 - 00363678 _____ () C:\Users\Nikki\Documents\FW2.pptx
2014-09-07 17:08 - 2014-09-07 17:08 - 00376320 _____ () C:\Users\Nikki\Documents\FW.pptx
2014-09-05 17:59 - 2014-09-05 12:30 - 02697294 _____ () C:\Users\Nikki\Documents\USH 1.05H.pptx
2014-09-04 21:52 - 2014-09-11 22:08 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 21:47 - 2014-09-11 22:08 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-03 21:20 - 2014-04-09 16:54 - 01536000 ___SH () C:\Users\Nikki\Documents\Thumbs.db
2014-09-03 21:19 - 2014-09-03 21:19 - 00630206 _____ () C:\Users\Nikki\Documents\English II 1.04(2).pptx
2014-09-03 21:19 - 2014-08-30 21:23 - 00630231 _____ () C:\Users\Nikki\Documents\English II 1.04.pptx
2014-09-03 12:29 - 2014-09-03 12:29 - 00000000 ____D () C:\Users\Nikki\Documents\Bluetooth Exchange Folder
2014-09-03 12:28 - 2014-03-08 04:08 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-03 12:28 - 2009-07-14 00:33 - 00321192 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-30 18:01 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-08-30 14:54 - 2014-04-03 16:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-29 13:56 - 2014-08-29 13:56 - 00005844 _____ () C:\Users\Nikki\Documents\Algebra II 1.05 Grid.ggb
2014-08-29 11:48 - 2014-03-08 02:40 - 00000000 ____D () C:\Program Files\Microsoft Office 15

Files to move or delete:
====================
C:\ProgramData\qwypnms.dll
C:\ProgramData\wsesfqh.dll


Some content of TEMP:
====================
C:\Users\Nikki\AppData\Local\Temp\APNSetup.exe
C:\Users\Nikki\AppData\Local\Temp\emsxocl.dll
C:\Users\Nikki\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Nikki\AppData\Local\Temp\InstHelper.exe
C:\Users\Nikki\AppData\Local\Temp\MSNCDCB.exe
C:\Users\Nikki\AppData\Local\Temp\prmouyy.dll
C:\Users\Nikki\AppData\Local\Temp\ucfpooo.dll
C:\Users\Nikki\AppData\Local\Temp\ygnvvtu.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 13:18

==================== End Of Log ============================

 

 

 

 

ADDITION.TXT:

===============================================================================================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-09-2014
Ran by Nikki at 2014-09-24 04:00:30
Running from H:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.4 - Hewlett-Packard) Hidden
AccelerometerP11 (HKLM\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.22 - STMicroelectronics)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Ask Toolbar (HKLM\...\{4F524A2D-5637-4300-76A7-A758B70C1002}) (Version: 12.16.2.57 - APN, LLC) <==== ATTENTION
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version: 7.80.4.0 - Conexant)
Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell ControlVault Host Components Installer (Version: 2.0.20.159 - Broadcom Corporation) Hidden
Dell Data Protection | Access (HKLM\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.0.00001.000 - Dell Inc.)
Dell Data Protection | Access (Version: 01.00.01.000 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 1.00.011 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 1.00.005 - Dell Inc.)
Dell System Manager (HKLM\...\{43CFE88C-A97B-4875-9BCC-E93EC0EEEEA4}) (Version: 1.6.00000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.124 - ALPS ELECTRIC CO., LTD.)
DellAccess (Version: 01.00.00.078 - Wave Systems Corp.) Hidden
EMBASSY Security Center (Version: 04.02.00.072 - Wave Systems Corp.) Hidden
ESET NOD32 Antivirus (HKLM\...\{1BE7C1D9-06A8-466D-ADEA-B07F68BDEFB5}) (Version: 7.0.302.26 - ESET, spol s r. o.)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.0.5.618 - Foxit Corporation)
FreeMind (HKLM\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0 - )
Gemalto (Version: 01.01.01.0000 - Wave Systems Corp) Hidden
GeoGebra 4.4 (HKLM\...\GeoGebra 4.4) (Version: 4.4.22.0 - International GeoGebra Institute)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
IDrive version 3.4.1 January 03, 2012 (HKLM\...\IDrive_is1) (Version: 3.4.1 - ProSoftnet Corp)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.2.6474 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTRU TCG Software Stack (Version: 2.1.34 - Security Innovation) Hidden
NVIDIA Control Panel 327.62 (Version: 327.62 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.141.953 - NVIDIA Corporation) Hidden
NVIDIA nView 140.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.75 - NVIDIA Corporation)
NVIDIA Optimus 1.14.17 (Version: 1.14.17 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
Preboot Manager (Version: 03.02.00.066 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.00.00.026 - Wave Systems Corp.) Hidden
Rosetta Stone Ltd Services (HKLM\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd)
Search Protect (HKLM\...\SearchProtect) (Version: 2.11.11.7 - Conduit) <==== ATTENTION
Shopping App by Ask (HKLM\...\{4F524A2D-5354-2D53-5045-A758B70C1002}) (Version: 12.16.2.54 - APN, LLC)
Skype™ 6.20 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
Stellarium 0.12.4 (HKLM\...\Stellarium_is1) (Version: 0.12.4 - Stellarium team)
Trusted Drive Manager (Version: 4.0.5.8 - Wave Systems Corp.) Hidden
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
Wave Infrastructure Installer (Version: 07.02.40.0008 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.12.00.012 - Wave Systems Corp) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6900 - Broadcom Corporation)
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-475017880-3412151489-2877756071-1003_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Nikki\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-475017880-3412151489-2877756071-1003_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Nikki\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-475017880-3412151489-2877756071-1003_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Nikki\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-475017880-3412151489-2877756071-1003_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-475017880-3412151489-2877756071-1003_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Nikki\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-475017880-3412151489-2877756071-1003_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Nikki\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-475017880-3412151489-2877756071-1003_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Nikki\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-475017880-3412151489-2877756071-1003_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Nikki\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\FileSyncApi.dll (Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0CDB2C79-CAE5-468E-9E2D-4189D7879701} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2014-07-31] (Microsoft Corporation)
Task: {3E124A1D-E97D-42DD-B565-CB02F622EE3B} - System32\Tasks\{9678620C-B7FF-D3EA-61BE-4E6BDD97CD72} => C:\Windows\system32\wosyw.dll [2014-09-23] ()
Task: {5B87279C-2CA5-4793-8CC5-331E71905A9A} - System32\Tasks\GoogleUpdateTaskMachineUA1cfbb01ef80f922 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-18] (Google Inc.)
Task: {6AB08C04-688B-49A7-B94C-3D73445E1FD7} - System32\Tasks\GoogleUpdateTaskMachineCore1cfbb013a16b54f => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-18] (Google Inc.)
Task: {6CAE4A3E-ADE6-4CF7-86CA-7F8CCF6B3988} - System32\Tasks\Time Trigger Test Task => C:\Users\Nikki\AppData\Local\Temp\yiivdqo.exe <==== ATTENTION
Task: {FAF5FD9A-FD08-4431-94D6-CE7B46BEC4E3} - System32\Tasks\Microsoft Office 15 Sync Maintenance for LAPTOP-NIKKI-Nikki Laptop-Nikki => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-08-26] (Microsoft Corporation)
Task: {FDF0D188-9609-4169-AFC2-5A0400F84111} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-14] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfbb013a16b54f.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfbb01ef80f922.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-08 16:17 - 2013-10-28 19:22 - 00088864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-03-08 02:40 - 2014-05-20 03:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2010-10-15 20:14 - 2010-10-15 20:14 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2014-02-18 19:50 - 2011-06-10 13:36 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2014-02-18 18:09 - 2010-12-17 12:24 - 00686704 _____ () C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2014-06-20 17:48 - 2014-06-20 17:48 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/24/2014 03:56:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17280, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17280, time stamp: 0x53f27d67
Exception code: 0xc0000005
Fault offset: 0x00140273
Faulting process id: 0x2960
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (09/24/2014 03:54:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x013d1138
Faulting process id: 0x2e50
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (09/24/2014 03:41:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x008e1138
Faulting process id: 0x212c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (09/24/2014 03:39:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x007f1138
Faulting process id: 0x1294
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (09/24/2014 03:39:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2014 03:36:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x004c1138
Faulting process id: 0x26a0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (09/24/2014 03:21:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x012b1138
Faulting process id: 0x1104
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (09/24/2014 03:14:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2014 02:55:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x004c1138
Faulting process id: 0x2d90
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (09/24/2014 02:46:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/24/2014 03:40:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (09/24/2014 03:40:06 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (09/24/2014 03:38:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (09/24/2014 03:15:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (09/24/2014 03:14:35 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (09/24/2014 03:13:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (09/24/2014 02:47:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (09/24/2014 02:46:39 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (09/24/2014 02:46:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/24/2014 02:45:55 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.34 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0


Microsoft Office Sessions:
=========================
Error: (09/24/2014 03:56:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.172804a5bc6b7MSHTML.dll11.0.9600.1728053f27d67c000000500140273296001cfd7ccc08d0cb1C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll5168a9fa-43c0-11e4-8ecd-d0df9a3b4321

Error: (09/24/2014 03:54:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005013d11382e5001cfd7cc71e836f6C:\Windows\system32\svchost.exeunknownf4044896-43bf-11e4-8ecd-d0df9a3b4321

Error: (09/24/2014 03:41:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005008e1138212c01cfd7cae18192c2C:\Windows\system32\svchost.exeunknown221cf317-43be-11e4-8ecd-d0df9a3b4321

Error: (09/24/2014 03:39:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005007f1138129401cfd7cab03f0adaC:\Windows\system32\svchost.exeunknownef425be2-43bd-11e4-8ecd-d0df9a3b4321

Error: (09/24/2014 03:39:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2014 03:36:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005004c113826a001cfd7ca425d2cdaC:\Windows\system32\svchost.exeunknown8369c1ec-43bd-11e4-a2a7-d0df9a3b4321

Error: (09/24/2014 03:21:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005012b1138110401cfd7c72096cbf7C:\Windows\system32\svchost.exeunknown5616a442-43bb-11e4-a2a7-d0df9a3b4321

Error: (09/24/2014 03:14:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2014 02:55:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005004c11382d9001cfd7c4793cc1d8C:\Windows\system32\svchost.exeunknowncfa8f17b-43b7-11e4-8ed8-d0df9a3b4321

Error: (09/24/2014 02:46:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel® Core i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 95%
Total physical RAM: 3241.02 MB
Available physical RAM: 155.8 MB
Total Pagefile: 7408.45 MB
Available Pagefile: 1118.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.06 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:232.88 GB) (Free:192.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive h: () (Removable) (Total:29.91 GB) (Free:29.89 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 000CD844)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
Partition 00: (Not Active) - (Size=0) - (Type=00) ATTENTION ===> 0 byte partition bootkit.

========================================================
Disk: 1 (Size: 29.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter

notepad c:\windows\debug\mrt.log

 

Next,

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report" save to desktop. Close the program > Don't Fix anything!
Post back the report which should be located on your desktop.

 

Let me see those logs in your next reply, also give an update on any  remaining issues or concerns....

 

Kevin...

 

 

 

Fixlist.txt

Link to post
Share on other sites

Thank you for your very quick reply. 

I have initiated the first step you requested (FRST fix).  It has been running for about an hour with "Fixing in progress.  Please wait."  A Fixlog.txt file has been created, though and ends with "HKU\S-1-5-21... ==> Key not found.".

Is this a long process or do you suspect it has finished?

 

Thank you again

Link to post
Share on other sites

No worries ... I just hadn't waited long enough.  FRST finished shortly after my last post ... about 70 min to run, I figure.  I have been wrapping up the rest of your instructed steps.

 

I have attached the 4 log/report files you requested.  I also have another MWB scan log from last night that has the files originally cleaned by MWB if you want me to send that (that was from before I started this post).

 

Finally, I have left RogueKiller running ... there are 2 gray-highlighted Registry entries (that start with "PUM"), and an orange-highlighted Task entry (type: suspicious.path).  I will leave things be until I hear back. 

 

Thank you again!

Fixlog.txt

MWB-scanlog2.txt

mrtlog.txt

RKreport_SCN_09242014_130155.log

Link to post
Share on other sites

Thanks for the logs, continue please:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Next,

 

Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)

 

  • The file will be randomly named
  • Reboot to safe mode
  • Run Dr Web
  • Tick the I agree box and select continue
  • Click select objects for scanning
     
    drwebselect.JPG
     
  • Tick all boxes as shown
  • Click the wrench and select automatically apply actions to threats
     
    drwebfolders.JPG
     
  • Press start scan
  • The scan will now commence
     
    drwebscan.JPG
     
  • Once the scan has finished click open report
     
    drwebscancomplete.JPG
     
  • A notepad will open
  • Select File > Save as..
  • Save it to your desktop

 

This log will be excessive,  Attach it to your next reply…

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Let me see those logs, give an update on any remaining issues or concerns....

 

Thanks,

 

Kevin...

 

 

 

Fixlist.txt

Link to post
Share on other sites

FRST rerun (this time it ran in less than 5 seconds; a reboot was required) ... logs attached.

MWB rerun (no threats detected as before; a reboot was not required) ... log attached.

Dr. Web run in safe mode (no threats) ... log attached.

ADWCleaner run in safe mode (no items listed, but I clicked Clean anyway; a reboot was required (not safe mode this time)) ... log attached.

 

FRST3.txt

Addition3.txt

MWB-log3.txt

cureit.log

AdwCleanerS0.txt

Link to post
Share on other sites

Thanks for the logs, all looking good now. If no issues/concerns run the following to clean up...

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Activate UAC
    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Any remnant files, folders or logs from tools can be deleted.....

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if we can close out...

 

Kevin..

Link to post
Share on other sites

All is now well.  Thank you very much for your superb assistance.  I am amazed that such talent is available and willing to help SO QUICKLY.  FWIW, my daughter thanks you profusely (this was her PC).  Oh, and I also strongly believe in supporting what you do so I took care of the donation step as well ;-).

 

All the best.  This issue can be updated to SOLVED.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.