Jump to content

Rampant Dllhost.exe processes on boot


Recommended Posts

Hey there, so basicallly when ever I boot up about 30 dllhosts.exe launch using up all of my Cpu and RAM until the system crashes. I have tried Malwarebytes and a few others that didnt work and they both found nothing. Also to note, this doesnt happen in safe mode only when I boot normally.

 

Thanks, here are the logs

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-10-2014
Ran by Home (administrator) on HOME-PC on 11-10-2014 21:52:27
Running from C:\Users\Home\Downloads
Loaded Profile: Home (Available profiles: Home)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(
ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\GPU Boost\GpuBoostServer.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Dropbox, Inc.) C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Flux Software LLC) C:\Users\Home\AppData\Local\FluxSoftware\Flux\flux.exe
(Valve Corporation) C:\Program Files (x86)\steam\Steam.exe
() C:\Users\Home\AppData\Roaming\Fepyymba\hebefon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Valve Corporation) C:\Program Files (x86)\steam\bin\steamwebhelper.exe
() C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboUnlocker\turboInfo.exe
(Valve Corporation) C:\Program Files (x86)\steam\bin\steamwebhelper.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\HMService\aaHM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\puush\puush.exe
(Valve Corporation) C:\Program Files (x86)\steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\steam\steamerrorreporter.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Hyduylmihyavpin] => C:\Users\Home\AppData\Roaming\Fepyymba\hebefon.exe [287117 2012-11-09] ()
HKLM-x32\...\Run: [upwadavyoqanso] => C:\Users\Home\AppData\Roaming\Akefucn\ohimy.exe [287117 2013-07-18] ()
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-769124411-1136293391-1213875144-1000\...\Run: [steam] => C:\Program Files (x86)\steam\steam.exe [1938624 2014-10-09] (Valve Corporation)
HKU\S-1-5-21-769124411-1136293391-1213875144-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2013-07-14] ()
HKU\S-1-5-21-769124411-1136293391-1213875144-1000\...\Run: [F.lux] => C:\Users\Home\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKU\S-1-5-21-769124411-1136293391-1213875144-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [385024 2010-04-06] (AMD)
HKU\S-1-5-21-769124411-1136293391-1213875144-1000\...\Run: [Google Update] => C:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-16] (Google Inc.)
HKU\S-1-5-21-769124411-1136293391-1213875144-1000\...\Run: [bitTorrent] => C:\Users\Home\AppData\Roaming\BitTorrent\BitTorrent.exe [1417048 2014-09-22] (BitTorrent Inc.)
HKU\S-1-5-21-769124411-1136293391-1213875144-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-769124411-1136293391-1213875144-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Home\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\flux - Shortcut.lnk
ShortcutTarget: flux - Shortcut.lnk -> C:\Users\Home\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Steam - Shortcut.lnk
ShortcutTarget: Steam - Shortcut.lnk -> C:\Program Files (x86)\steam\Steam.exe (Valve Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBD25B280E1D6CC01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Winsock: Catalog5 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 04 %SystemRoot%\System32\nwprovau.dll File Not found ()
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ava7bwki.default-1409440335566
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Home\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Home\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Home\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Home\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Home\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Home\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Home\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: MEGA - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\ava7bwki.default-1409440335566\Extensions\firefox@mega.co.nz.xpi [2014-08-31]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [457200 2009-06-02] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
S4 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-06-18] () [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3804120 2011-08-07] (INCA Internet Co., Ltd.) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-09-04] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
S3 ActionReplayDS; C:\Windows\System32\Drivers\ActionReplayDS_x64.sys [51600 2007-02-08] (Thesycon GmbH, Germany)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-11] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
S3 nocashio; C:\Windows\SysWOW64\drivers\nocashio.sys [4096 2011-09-27] () [File not signed]
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.) [File not signed]
S3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [416768 2009-06-10] (Realtek Semiconductor Corporation                           )
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-11] ()
S3 vhidmini; C:\Windows\System32\DRIVERS\vjoy.sys [15544 2013-04-18] (Headsoft)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-11 21:52 - 2014-10-11 21:52 - 00017091 _____ () C:\Users\Home\Downloads\FRST.txt
2014-10-11 21:52 - 2014-10-11 21:52 - 00000000 ____D () C:\FRST
2014-10-11 21:50 - 2014-10-11 21:51 - 02109952 _____ (Farbar) C:\Users\Home\Desktop\FRST64.exe
2014-10-11 21:39 - 2014-10-11 21:39 - 06770080 _____ () C:\Users\Home\Downloads\bitdefender_isecurity(1).exe
2014-10-11 21:33 - 2014-10-11 21:33 - 06770080 _____ () C:\Users\Home\Downloads\bitdefender_isecurity.exe
2014-10-11 21:33 - 2014-10-11 21:33 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2014-10-11 21:00 - 2014-10-11 21:00 - 02347384 _____ (ESET) C:\Users\Home\Downloads\esetsmartinstaller_enu.exe
2014-10-11 21:00 - 2014-10-11 21:00 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-11 20:54 - 2014-10-09 04:46 - 01705755 _____ (Thisisu) C:\Users\Home\Desktop\JRT_NEW.exe
2014-10-11 20:21 - 2014-10-11 20:21 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Fepyymba
2014-10-11 20:21 - 2014-10-11 20:21 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Akefucn
2014-10-11 20:09 - 2014-10-11 20:09 - 00000000 _____ () C:\Users\Home\Downloads\eav_nt64_ENU.msi
2014-10-11 20:03 - 2014-10-11 20:03 - 01761992 _____ (ESET) C:\Users\Home\Downloads\eset_nod32_antivirus_live_installer.exe
2014-10-11 18:31 - 2014-10-11 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BabelSoft
2014-10-11 18:31 - 2014-10-11 18:31 - 00000000 ____D () C:\Program Files\Media Preview
2014-10-11 18:31 - 2014-10-11 18:31 - 00000000 ____D () C:\Program Files (x86)\Media Preview
2014-10-11 17:11 - 2014-10-11 20:47 - 00000000 ____D () C:\ProgramData\j9tbgsdger04r
2014-10-11 16:04 - 2014-10-11 16:05 - 01375089 _____ () C:\Users\Home\Downloads\adwcleaner_3.311.exe
2014-10-11 15:48 - 2014-10-11 15:48 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-11 15:48 - 2014-10-11 15:48 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-11 15:47 - 2014-10-11 15:48 - 15677528 _____ () C:\Users\Home\Downloads\RogueKiller.exe
2014-10-11 15:30 - 2014-10-11 15:30 - 00000222 _____ () C:\Users\Home\Desktop\Borderlands The Pre-Sequel.url
2014-10-09 20:51 - 2014-10-09 20:51 - 02737592 _____ (Malwarebytes ) C:\Users\Home\Downloads\mbae-setup-1.04.1.1012.exe
2014-10-03 14:38 - 2014-10-03 14:38 - 00002108 _____ () C:\Users\Home\AppData\Local\rx_audio.Cache
2014-10-03 14:38 - 2014-10-03 14:38 - 00000072 _____ () C:\Users\Home\AppData\Local\rx_image32.Cache
2014-10-03 14:33 - 2014-10-03 14:34 - 06086217 _____ () C:\Users\Home\Downloads\just friends.zip
2014-10-03 14:33 - 2014-10-03 14:33 - 04719906 _____ () C:\Users\Home\Downloads\Rhumba Corazon recording for listening.zip
2014-10-03 14:32 - 2014-10-03 14:32 - 06621519 _____ () C:\Users\Home\Downloads\Sunday Driver MP3.zip
2014-09-30 17:32 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 17:32 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-29 22:19 - 2014-09-29 22:20 - 06276229 _____ () C:\Users\Home\Downloads\media.io.75764928.zip
2014-09-28 16:28 - 2014-10-11 20:47 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Woinid
2014-09-28 16:28 - 2014-10-11 20:47 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Isuhwou
2014-09-27 21:46 - 2014-09-27 21:58 - 00043520 _____ () C:\Windows\SysWOW64\CmdLineExt03.dll
2014-09-24 21:11 - 2014-09-24 21:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-23 23:12 - 2014-09-23 23:12 - 00080384 _____ () C:\Windows\system32\dvprki.dll
2014-09-23 23:12 - 2014-09-23 23:12 - 00003858 _____ () C:\Windows\System32\Tasks\{26C88687-7EAE-1145-F8FA-E64457FBD83F}
2014-09-23 23:12 - 2014-09-23 23:12 - 00000000 _____ () C:\Windows\system32\ihmrnwg.dll
2014-09-23 22:44 - 2014-09-24 21:23 - 1203218495 _____ () C:\Users\Home\Downloads\iPhone3,3_7.1.2_11D257_Restore.ipsw
2014-09-23 22:01 - 2014-09-23 22:01 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-23 22:01 - 2014-09-23 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-23 22:00 - 2014-09-23 22:01 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-23 22:00 - 2014-09-23 22:01 - 00000000 ____D () C:\Program Files\iTunes
2014-09-23 22:00 - 2014-09-23 22:01 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-23 22:00 - 2014-09-23 22:00 - 00000000 ____D () C:\Program Files\iPod
2014-09-23 21:56 - 2014-09-23 21:56 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-23 21:56 - 2014-09-23 21:56 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-09-23 21:52 - 2014-09-23 21:55 - 112794960 _____ (Apple Inc.) C:\Users\Home\Downloads\iTunes64Setup(1).exe
2014-09-23 20:45 - 2014-09-23 21:23 - 1200255851 _____ () C:\Users\Home\Downloads\iPhone3,3_7.0_11A465_Restore.ipsw
2014-09-23 18:59 - 2014-09-23 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Tournament 2004
2014-09-23 18:50 - 2014-09-27 22:49 - 00000000 ____D () C:\UT2004
2014-09-23 18:38 - 2014-09-23 18:49 - 919941644 _____ () C:\Users\Home\Downloads\09.21.2014 Celebrity Nude Photo Hack Collection Part 2 - #thefappening.zip
2014-09-23 15:12 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 15:12 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-17 12:16 - 2014-09-17 20:59 - 00087200 _____ () C:\ProgramData\wrnhoah.tmp
2014-09-17 12:16 - 2014-09-17 20:36 - 00001224 _____ () C:\ProgramData\@system.att
2014-09-17 12:16 - 2014-09-17 20:36 - 00000960 ____H () C:\ProgramData\@system2.att
2014-09-17 12:16 - 2014-09-17 12:16 - 00000448 ____H () C:\Users\Home\AppData\Roaming\麽鎒駓覜
2014-09-14 19:33 - 2014-09-14 19:36 - 00000051 _____ () C:\Users\Home\Desktop\Audiveris2.bat
2014-09-14 19:32 - 2014-09-14 19:33 - 01901654 _____ () C:\Users\Home\Downloads\Converted_Files_Online2PDF.zip
2014-09-14 14:55 - 2014-09-14 14:55 - 00002191 _____ () C:\Users\Home\Desktop\Audiveris.lnk
2014-09-14 14:55 - 2013-07-01 11:33 - 02309120 _____ (Dan Bloomberg) C:\Windows\system32\liblept168.dll
2014-09-14 14:55 - 2013-07-01 11:33 - 02309120 _____ (Dan Bloomberg) C:\Windows\liblept168.dll
2014-09-14 14:55 - 2013-07-01 11:33 - 02150400 _____ () C:\Windows\system32\libtesseract302.dll
2014-09-14 14:55 - 2013-07-01 11:33 - 02150400 _____ () C:\Windows\libtesseract302.dll
2014-09-14 14:55 - 2013-07-01 11:33 - 00055808 _____ () C:\Windows\system32\jniTessBridge.dll
2014-09-14 14:55 - 2013-07-01 11:33 - 00055808 _____ () C:\Windows\jniTessBridge.dll
2014-09-14 14:54 - 2014-09-14 14:54 - 01932452 _____ () C:\Users\Home\Downloads\tess-windows-64bit.jar
2014-09-14 14:42 - 2014-09-14 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript
2014-09-14 14:42 - 2014-09-14 14:42 - 00000000 ____D () C:\Program Files\gs
2014-09-14 14:41 - 2014-09-14 14:42 - 13346833 _____ () C:\Users\Home\Downloads\gs914w64.exe
2014-09-14 14:35 - 2014-09-14 14:35 - 21323656 _____ (Oracle Corporation) C:\Users\Home\Downloads\jre-7-windows-x64.exe
2014-09-14 14:23 - 2014-09-14 14:23 - 00001067 _____ () C:\Users\Home\Desktop\PDFtoMusic.lnk
2014-09-14 14:18 - 2014-09-14 14:18 - 00001084 _____ () C:\Users\Public\Desktop\MuseScore.lnk
2014-09-14 14:18 - 2014-09-14 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MuseScore
2014-09-14 14:14 - 2014-09-14 14:16 - 38678632 _____ () C:\Users\Home\Downloads\MuseScore-1.3(1).exe
2014-09-13 19:03 - 2014-09-13 19:03 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Empty Clip Studios
2014-09-13 16:03 - 2014-09-13 16:03 - 00000000 ____D () C:\Users\Home\AppData\Local\PAYDAY 2
2014-09-11 23:09 - 2014-08-19 13:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 23:09 - 2014-08-19 12:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 23:09 - 2014-08-18 18:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 23:09 - 2014-08-18 17:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 23:09 - 2014-08-18 17:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 23:09 - 2014-08-18 17:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 23:09 - 2014-08-18 17:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 23:09 - 2014-08-18 17:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 23:09 - 2014-08-18 17:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 23:09 - 2014-08-18 17:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 23:09 - 2014-08-18 17:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 23:09 - 2014-08-18 17:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 23:09 - 2014-08-18 17:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 23:09 - 2014-08-18 17:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 23:09 - 2014-08-18 17:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 23:09 - 2014-08-18 17:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 23:09 - 2014-08-18 17:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 23:09 - 2014-08-18 17:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 23:09 - 2014-08-18 17:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 23:09 - 2014-08-18 16:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 23:09 - 2014-08-18 16:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 23:09 - 2014-08-18 16:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 23:09 - 2014-08-18 16:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 23:09 - 2014-08-18 16:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 23:09 - 2014-08-18 16:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 23:09 - 2014-08-18 16:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 23:09 - 2014-08-18 16:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 23:09 - 2014-08-18 16:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 23:09 - 2014-08-18 16:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 23:09 - 2014-08-18 16:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 23:09 - 2014-08-18 16:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 23:09 - 2014-08-18 16:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 23:09 - 2014-08-18 16:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 23:09 - 2014-08-18 16:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 23:09 - 2014-08-18 16:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 23:09 - 2014-08-18 16:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 23:09 - 2014-08-18 16:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 23:09 - 2014-08-18 16:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 23:09 - 2014-08-18 16:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 23:09 - 2014-08-18 16:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 23:09 - 2014-08-18 16:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 23:09 - 2014-08-18 16:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 23:09 - 2014-08-18 16:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 23:09 - 2014-08-18 16:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 23:09 - 2014-08-18 16:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 23:09 - 2014-08-18 16:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 23:09 - 2014-08-18 16:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 23:09 - 2014-08-18 16:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 23:09 - 2014-08-18 16:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 23:09 - 2014-08-18 16:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 23:09 - 2014-08-18 16:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 23:09 - 2014-08-18 15:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 23:09 - 2014-08-18 15:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 23:09 - 2014-08-18 15:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 23:09 - 2014-08-18 15:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 23:09 - 2014-08-18 15:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 23:04 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 23:04 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 20:33 - 2014-09-14 23:13 - 00000112 _____ () C:\Users\Home\Desktop\JRT.txt
2014-09-11 20:27 - 2014-09-11 20:27 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-09-11 20:24 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 20:24 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-11 20:23 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 20:23 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 20:21 - 2014-09-11 20:21 - 04901352 _____ (Piriform Ltd) C:\Users\Home\Downloads\ccsetup417.exe
2014-09-11 20:17 - 2014-09-04 21:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-11 20:17 - 2014-09-04 21:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-11 20:17 - 2014-07-06 21:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 20:17 - 2014-07-06 21:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 20:17 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 20:17 - 2014-07-06 20:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 20:17 - 2014-07-06 20:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-11 21:51 - 2014-07-11 22:05 - 00007604 _____ () C:\Users\Home\AppData\Local\Resmon.ResmonCfg
2014-10-11 21:32 - 2012-12-08 21:20 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-769124411-1136293391-1213875144-1000UA.job
2014-10-11 21:32 - 2012-12-08 21:20 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-769124411-1136293391-1213875144-1000Core.job
2014-10-11 20:59 - 2009-07-13 23:45 - 00028944 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-11 20:59 - 2009-07-13 23:45 - 00028944 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-11 20:56 - 2011-07-17 12:49 - 02044559 _____ () C:\Windows\WindowsUpdate.log
2014-10-11 20:54 - 2014-07-09 21:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-11 20:51 - 2012-05-04 19:41 - 00000000 ___RD () C:\Users\Home\Dropbox
2014-10-11 20:51 - 2012-05-04 19:38 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Dropbox
2014-10-11 20:49 - 2014-08-15 16:22 - 00000000 ____D () C:\Program Files (x86)\steam
2014-10-11 20:48 - 2014-06-12 10:21 - 02132965 _____ () C:\Windows\setupact.log
2014-10-11 20:48 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-11 20:47 - 2014-06-12 10:21 - 00137862 _____ () C:\Windows\PFRO.log
2014-10-11 20:47 - 2013-12-09 00:29 - 00000000 ____D () C:\Windows\Minidump
2014-10-11 18:14 - 2011-07-17 14:55 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{3D0E16A3-5D56-46CB-9A42-7ABA6872DA89}
2014-10-11 16:16 - 2014-08-30 18:15 - 00000000 ____D () C:\AdwCleaner
2014-10-11 16:16 - 2011-12-18 16:15 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-11 16:16 - 2011-07-17 12:55 - 00000987 _____ () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-11 16:04 - 2012-07-05 06:47 - 00000000 ____D () C:\Users\Home\AppData\Local\CrashDumps
2014-10-11 15:30 - 2011-09-04 16:36 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-10-06 21:21 - 2011-09-22 22:48 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Spotify
2014-10-06 20:56 - 2011-09-22 22:48 - 00000000 ____D () C:\Users\Home\AppData\Local\Spotify
2014-10-05 22:47 - 2011-07-19 06:12 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Skype
2014-10-03 23:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-03 21:26 - 2011-12-18 16:37 - 00000000 ____D () C:\Windows\pss
2014-09-30 22:47 - 2011-07-23 11:07 - 00000000 ____D () C:\Users\Home\AppData\Roaming\BitTorrent
2014-09-29 22:55 - 2013-11-06 21:01 - 00000000 ____D () C:\Users\Home\Desktop\My works
2014-09-29 22:55 - 2013-01-06 17:22 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Audacity
2014-09-28 19:58 - 2009-07-14 00:13 - 00799374 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-27 21:48 - 2011-10-21 22:51 - 00056320 ___SH () C:\Users\Home\Thumbs.db
2014-09-27 21:45 - 2011-08-01 16:10 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-09-25 20:42 - 2012-04-25 12:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 00:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-09-23 21:56 - 2011-07-17 19:32 - 00000000 ____D () C:\ProgramData\Apple
2014-09-23 19:04 - 2014-06-12 22:27 - 00038505 _____ () C:\Windows\DirectX.log
2014-09-23 18:55 - 2014-04-11 10:23 - 00000000 ____D () C:\Users\Home\Desktop\dad
2014-09-23 18:22 - 2013-11-28 00:12 - 00000000 ____D () C:\Users\Home\Desktop\Antivirus
2014-09-22 21:48 - 2013-07-18 15:07 - 00000000 ____D () C:\Users\Home\Documents\Universe Sandbox
2014-09-21 15:47 - 2014-01-26 01:04 - 00000000 ____D () C:\Users\Home\Desktop\GP7E01
2014-09-21 15:46 - 2012-06-18 20:44 - 00000000 ____D () C:\Users\Home\AppData\Roaming\.minecraft
2014-09-20 23:19 - 2014-07-08 14:30 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-17 22:12 - 2012-05-04 19:39 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-17 22:04 - 2013-10-10 21:18 - 00000000 __SHD () C:\Users\Home\AppData\Roaming\htjtjiiu
2014-09-16 20:18 - 2009-07-14 00:08 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-15 09:06 - 2010-11-20 22:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 20:53 - 2011-10-05 17:32 - 00000000 ____D () C:\Users\Home\AppData\Local\ESN Sonar
2014-09-14 14:36 - 2011-09-10 17:27 - 00627600 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2014-09-14 14:36 - 2011-09-10 17:27 - 00252296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-14 14:36 - 2011-09-10 17:27 - 00188808 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-14 14:36 - 2011-09-10 17:27 - 00188808 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-14 14:36 - 2011-09-10 17:27 - 00000000 ____D () C:\Program Files\Java
2014-09-13 18:57 - 2013-12-21 17:36 - 00000000 ____D () C:\Users\Home\AppData\Local\DayZ
2014-09-11 23:08 - 2011-07-17 22:41 - 00791496 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 23:07 - 2013-07-15 23:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 23:04 - 2011-07-17 18:53 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 23:03 - 2014-05-06 21:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 20:52 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\schemas
2014-09-11 20:19 - 2011-07-18 22:50 - 00000000 ____D () C:\Users\Home\AppData\Local\Google
2014-09-11 20:19 - 2011-07-18 22:50 - 00000000 ____D () C:\Program Files (x86)\Google

Files to move or delete:
====================
C:\ProgramData\5it12s5a.dat
C:\ProgramData\hash.dat
C:\Users\Home\jagex_cl_runescape_LIVE.dat
C:\Users\Home\random.dat


Some content of TEMP:
====================
C:\Users\Home\AppData\Local\Temp\airbvfz.dll
C:\Users\Home\AppData\Local\Temp\cabex.dll
C:\Users\Home\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcvost1.dll
C:\Users\Home\AppData\Local\Temp\kowvqyk.dll
C:\Users\Home\AppData\Local\Temp\MediaPreviewSetup.exe
C:\Users\Home\AppData\Local\Temp\Nexus%20Mod%20Manager-0.49.8.exe
C:\Users\Home\AppData\Local\Temp\Quarantine.exe
C:\Users\Home\AppData\Local\Temp\SIntf16.dll
C:\Users\Home\AppData\Local\Temp\SIntf32.dll
C:\Users\Home\AppData\Local\Temp\SIntfNT.dll
C:\Users\Home\AppData\Local\Temp\tjrrkse.dll
C:\Users\Home\AppData\Local\Temp\tkfsolq.dll
C:\Users\Home\AppData\Local\Temp\tu17p84.exe
C:\Users\Home\AppData\Local\Temp\unelevate.exe
C:\Users\Home\AppData\Local\Temp\uninstal.exe
C:\Users\Home\AppData\Local\Temp\UpdateFlashPlayer_225b03e2.exe
C:\Users\Home\AppData\Local\Temp\UpdateFlashPlayer_b9120011.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-07 00:38

==================== End Of Log ============================

 

Addition.txt

Link to post
Share on other sites

  • Staff

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 

 

Link to post
Share on other sites

  • Staff

Okay.
 
 
Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

  • Staff

Please execute tasks in this order.

 

 

 

remove%20outdated.jpg Uninstall some programs
 
We need to uninstall some unwanted/unneeded programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

  • BrowseToSave
  • Vuze Remote Toolbar

After completing uninstalls, please manually reboot your machine!
 
Note: If you get the message like: An error occurred while trying to uninstall, just press Yes.
 
 
 
 
51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware
 
Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.
 

 
 
FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

fixlist.txt

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.