dllhost.exe seems to take over my computer.

booya119 · November 9, 2014

When I start up my computer, I can run for a few minutes without any issue. However, after a little while, I see multiple instances of dllhost.exe start in my task manager, and from there, everything falls apart. The slowdowns and other issues make the computer nearly unusable (So much so that I have to use someone else's computer to post this.). I have tried running Herd Protect and MalwareBytes, and neither worked. It happens randomly, and it seems to happen more often when I start a web browser. Regardless of if the browser is open, it opens web pages I cannot see. When I end those processes (iexplorer.exe), they come back, and they multiply. They go to various ad websites for incredibly random things. But I can't see any of this if the task manager isn't there. There are no internet explorer windows open for me to see this in. My computer just grinds to a halt.

Posting my farbar log files in my next post, and they are attached at the end of this message as well.

booya119 · November 9, 2014

addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-11-2014 01

Ran by Tyler at 2014-11-09 06:06:24

Running from C:\Users\Tyler\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}

AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ace of Spades (HKLM\...\Steam App 224540) (Version: - Jagex Limited)

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)

Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden

Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)

Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)

Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)

Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Banctec Service Agreement (HKLM\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)

Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment)

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

Borderlands (HKLM\...\Steam App 8980) (Version: - Gearbox Software)

Chantelise - Demo (HKLM\...\Steam App 70430) (Version: - )

Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden

Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)

Curse (HKLM\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)

Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)

Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)

Dell Remote Access (HKLM\...\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}) (Version: 1.0.0.0 - Dell Inc.)

Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.08298 - Dell)

Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)

Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.2.115.201 - Alps Electric)

Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11 Application) (Version: 5.10.38.30 - Dell Inc.)

DELL0604 (Version: 1.0.0 - WildTangent) Hidden

DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.24 - DivX, LLC)

Dual-Core Optimizer (HKLM\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)

EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )

Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.8 - Echobit, LLC)

Gmask 1.70 English (HKLM\...\Gmask 1.70 English) (Version: - )

Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden

GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version: - )

Graphical Analysis 3.4 (HKLM\...\{047B3D5A-3E67-429E-8A12-B204B6B31DF8}) (Version: 3.4 - Vernier Software & Technology)

Hearthstone (HKLM\...\Hearthstone) (Version: - Blizzard Entertainment)

InstaCodecs (HKLM\...\InstaCodecs_is1) (Version: 1.0 - )

Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1994 - Intel Corporation)

Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)

iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)

Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)

Jazz Jackrabbit 2 (HKLM\...\Jazz Jackrabbit 2) (Version: - )

Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.4.8.42127 - Juniper Networks, Inc.)

Juniper Networks, Inc. Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)

Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden

KAG 0.95A (HKLM\...\King Arthur's Gold (Alpha)_is1) (Version: - Michal Marcinkowski THD)

Katawa Shoujo (HKLM\...\Katawa Shoujo) (Version: - )

Katawa Shoujo Act 1 (HKLM\...\Katawa Shoujo Act 1) (Version: - )

League of Legends (HKLM\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)

League of Legends (Version: 3.0.0 - Riot Games) Hidden

LIMBO (HKLM\...\Steam App 48000) (Version: - )

LINE (HKLM\...\LINE) (Version: 3.7.6.116 - LINE Corporation)

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

MapleStory (HKLM\...\MapleStory) (Version: - )

McAfee AntiVirus (HKLM\...\MSC) (Version: 12.8.988 - McAfee, Inc.)

McAfee Virtual Technician (HKLM\...\McAfee Virtual Technician) (Version: 6.5.0.2101 - McAfee, Inc.)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Age of Empires II (HKLM\...\Age of Empires 2.0) (Version: - )

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)

MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden

Mumble 1.2.8 (HKLM\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)

Nexon Game Manager (HKLM\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - )

NVIDIA PhysX (HKLM\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)

OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden

Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.6.0 - Pando Networks Inc.)

Peggle Deluxe (HKLM\...\Steam App 3480) (Version: - PopCap Games, Inc.)

Pokemon Showdown (HKLM\...\Pokemon Showdown) (Version: - "Pokemon Showdown")

Portal (HKLM\...\Steam App 400) (Version: - Valve)

PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)

Project64 1.6 (HKLM\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)

Psychonauts (HKLM\...\Steam App 3830) (Version: - Double Fine Productions, Inc.)

QuickSet (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 9.2.11 - Dell Inc.)

QuickTime (HKLM\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)

Recettear: An Item Shop's Tale - Demo (HKLM\...\Steam App 70410) (Version: - EasyGameStation)

Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)

Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden

Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)

Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)

Star Wars Jedi Knight Jedi Academy (HKLM\...\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}) (Version: - )

Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

System Requirements Lab Detection (HKLM\...\{23C1EA28-BA75-469D-864C-9880D35AB582}) (Version: 2.2.1.0 - Husdawg, LLC)

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.8.1 - TeamSpeak Systems GmbH)

Terraria (HKLM\...\Steam App 105600) (Version: - Re-Logic)

The Elder Scrolls Online (HKLM\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)

Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)

Unturned (HKLM\...\Steam App 304930) (Version: - Nelson Sexton)

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden

Vindictus (HKLM\...\Steam App 212160) (Version: - Nexon)

VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

Voyetra Record Producer (HKLM\...\InstallShield_{28358FC7-703D-4D27-B791-B93C36650157}) (Version: 5.01.4100 - Voyetra Turtle Beach, Inc.)

Voyetra Record Producer (Version: 5.01.4100 - Voyetra Turtle Beach, Inc.) Hidden

WebM Project Directshow Filters (HKCU\...\webmdshow) (Version: - )

Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)

Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)

Windows Live Sync (HKLM\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)

Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)

Xiph.Org Ogg Codecs 0.83.17220 32-bit (HKLM\...\Ogg Codecs) (Version: 0.83.17220 - Xiph.Org)

Xiph.Org Open Codecs 0.85.17777 (HKLM\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Tyler\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Tyler\AppData\Local\Google\Chrome\Application\38.0.2125.111\delegate_execute.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.25.5\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File

CustomCLSID: HKU\S-1-5-21-879967681-4271235005-1519339517-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Tyler\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points =========================

03-10-2014 00:14:48 Scheduled Checkpoint

04-10-2014 02:47:13 Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers

05-10-2014 17:08:11 Scheduled Checkpoint

09-10-2014 21:19:18 Scheduled Checkpoint

16-10-2014 21:27:02 Installed Java 7 Update 71

17-10-2014 02:54:45 Installed System Requirements Lab Detection

17-10-2014 07:01:39 Windows Update

23-10-2014 23:24:10 Scheduled Checkpoint

01-11-2014 02:34:50 Scheduled Checkpoint

03-11-2014 23:36:57 Scheduled Checkpoint

09-11-2014 08:34:53 herdProtect before 20 removals

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02F3A87A-548F-47BC-BD68-5A888092064A} - \723068096 No Task File <==== ATTENTION

Task: {03F376E0-F1CB-4296-B87B-4B309DB588CD} - System32\Tasks\winupd => C:\Users\Tyler\AppData\Local\Temp:winupd.exe

Task: {0AC14CC6-C57B-4E94-AEF6-C84CDCDD4568} - System32\Tasks\GoogleUpdateTaskMachineUA1cfec4f46187060 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)

Task: {1097C274-B2F3-48B9-9A33-BB93A58AE7A4} - System32\Tasks\41e4db80 => C:\Users\Tyler\AppData\Local\Temp\\setup580511104.exe <==== ATTENTION

Task: {12E04DA3-AC3E-4876-97D2-2B5068500975} - System32\Tasks\2b8cf180 => C:\Users\Tyler\AppData\Local\Temp\\setup2968322816.exe <==== ATTENTION

Task: {1E9DA8F4-3624-4D36-9935-C638BF1BF2C8} - \1854721336 No Task File <==== ATTENTION

Task: {2086FFDA-25FD-41B6-8B15-B04E039FB5A7} - System32\Tasks\3db6c280 => C:\Users\Tyler\AppData\Local\Temp\\setup2671896960.exe <==== ATTENTION

Task: {22EDF7AF-765C-481D-B0F0-F35C8E5B42D2} - System32\Tasks\1282a400 => C:\Users\Tyler\AppData\Local\Temp\\setup2020529920.exe <==== ATTENTION

Task: {2D9354A7-0098-4C70-AF65-3E9ACDE16AD8} - \2105017024 No Task File <==== ATTENTION

Task: {347B25AD-737F-4CB2-9CE4-B7143274228A} - System32\Tasks\win402b40 => C:\Users\Tyler\AppData\Local\Temp\win402b40.dat <==== ATTENTION

Task: {3F4E49C7-1C2F-4FB9-B036-D5125C75F62D} - System32\Tasks\Launch BCM WLAN Tray => C:\Windows\system32\WLTRAY.EXE [2008-12-22] (Dell Inc.)

Task: {48ED1995-0CAB-4211-A9D0-4A431EA2D062} - System32\Tasks\dd91ed80 => C:\Users\Tyler\AppData\Local\Temp\\setup731568512.exe <==== ATTENTION

Task: {4A9850DC-9325-4F8E-9F8F-BC7A334C11CC} - \612777664 No Task File <==== ATTENTION

Task: {54659C83-9DFE-4ECB-AE9D-D6527B229EF3} - \2778588544 No Task File <==== ATTENTION

Task: {5581028F-00F2-4331-AF8D-49606E3588AA} - System32\Tasks\5c3cd980 => C:\Users\Tyler\AppData\Local\Temp\\setup2856699264.exe <==== ATTENTION

Task: {5B5DF183-F14E-4E77-945A-39A2D2863E06} - \3106137952 No Task File <==== ATTENTION

Task: {62BA65A3-F904-4AC4-86ED-9C2355F937E8} - \77464128 No Task File <==== ATTENTION

Task: {635409A9-D3ED-44BA-88AC-8261B1450358} - System32\Tasks\1e723ec0 => C:\Users\Tyler\AppData\Local\Temp\\setup2709505536.exe <==== ATTENTION

Task: {65A519A5-404C-4F00-8901-FBE3928E9616} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)

Task: {6A669327-4173-4D1D-B406-6AC69FAD66EB} - System32\Tasks\8728f2c0 => C:\Users\Tyler\AppData\Local\Temp\\setup3760815040.exe <==== ATTENTION

Task: {6F6E9732-E8BD-467A-8947-4D956FBFB026} - System32\Tasks\c584be80 => C:\Users\Tyler\AppData\Local\Temp\\setup378817920.exe <==== ATTENTION

Task: {784E7FC3-2476-4EBB-B997-81A1F8959E44} - System32\Tasks\14770480 => C:\Users\Tyler\AppData\Local\Temp\\setup1325249920.exe <==== ATTENTION

Task: {78894A2C-9761-42DF-9B27-7560BF67DA72} - System32\Tasks\3d62c280 => C:\Users\Tyler\AppData\Local\Temp\\setup2389856640.exe <==== ATTENTION

Task: {79F67B3A-4697-46A2-BED6-B71965760E83} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-879967681-4271235005-1519339517-1000Core => C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-19] (Google Inc.)

Task: {7A37EF97-DB03-409A-AA13-EE2066C8CA16} - \1837831808 No Task File <==== ATTENTION

Task: {7AC62A27-75DB-4C4B-9D97-09C9CEFD1F9A} - System32\Tasks\a9ca0c80 => C:\Users\Tyler\AppData\Local\Temp\\setup3830496640.exe <==== ATTENTION

Task: {8576719E-EA86-405E-86DB-87A849BFF5C7} - System32\Tasks\p9pl5944863637826728850 => \\?\globalroot\Device\HarddiskVolume3\Users\Tyler\AppData\Local\Temp\p9pl5944863637826728850.tmp <==== ATTENTION

Task: {8E2D0CED-A382-4C75-AE93-C0A74561308A} - System32\Tasks\ec10ca40 => C:\Users\Tyler\AppData\Local\Temp\\setup802090624.exe <==== ATTENTION

Task: {8F2D83C7-454E-498B-AA2C-76F5345946AA} - System32\Tasks\59c9e100 => C:\Users\Tyler\AppData\Local\Temp\\setup3556369856.exe <==== ATTENTION

Task: {934728FC-EE47-4533-8858-A8E13EED00E9} - System32\Tasks\AdobeAAMUpdater-1.0-Tyler-PC-Tyler => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)

Task: {960BD142-4858-4A58-A5B4-6941A9B56291} - \735723520 No Task File <==== ATTENTION

Task: {9CE86707-2679-4ED1-B2BC-521F4AED3520} - System32\Tasks\90bebf80 => C:\Users\Tyler\AppData\Local\Temp\\setup1903413632.exe <==== ATTENTION

Task: {9E17A182-5687-427B-B1EC-28EE0EEFAD54} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-879967681-4271235005-1519339517-1000UA1cfeb0948c7c370 => C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-19] (Google Inc.)

Task: {A6AFE3FF-EBD9-4327-A603-C08004EDF913} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)

Task: {A8BB84DE-677F-48BE-9A35-D1D1A2A0AD5D} - System32\Tasks\GoogleUpdateTaskMachineCore1cf2ca2e648d290 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)

Task: {A9462BA2-5504-4C3E-8B84-0D9A2F7FC854} - System32\Tasks\582b9f80 => C:\Users\Tyler\AppData\Local\Temp\\setup954247552.exe <==== ATTENTION

Task: {B6A9B53F-7B1E-460E-8B25-417D3CE85E46} - \4104635328 No Task File <==== ATTENTION

Task: {B90EC509-EFFD-479F-B674-1098EF69ADE3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-879967681-4271235005-1519339517-1000UA => C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-19] (Google Inc.)

Task: {BA07379C-921B-4AB1-8585-733D746B82DD} - \3975815936 No Task File <==== ATTENTION

Task: {BB542176-A526-4360-A650-B4A433AA62BA} - \3426028800 No Task File <==== ATTENTION

Task: {C090D641-39F5-4A04-88FD-0FF938662580} - System32\Tasks\win4036e0 => C:\Users\Tyler\AppData\Local\Temp\win4036e0.dat <==== ATTENTION

Task: {C15A3FCC-C99B-46B5-9D09-024F7268B652} - \3436031516 No Task File <==== ATTENTION

Task: {CCC2CDBA-04B8-4B4E-BB8E-2FB9747E7DEB} - System32\Tasks\a0168f00 => C:\Users\Tyler\AppData\Local\Temp\\setup2160826624.exe <==== ATTENTION

Task: {D5C774FE-AA3F-4944-BC4D-6DC2983A11AC} - \1067678144 No Task File <==== ATTENTION

Task: {DFDCAB67-7DAA-42D9-9555-A6C60AD5F35B} - \1015687112 No Task File <==== ATTENTION

Task: {EBC8DC2B-B1E1-4B3B-AD7B-6A54AC321E13} - System32\Tasks\p9pl388102792662700970 => \\?\globalroot\Device\HarddiskVolume3\Users\Tyler\AppData\Local\Temp\p9pl388102792662700970.tmp <==== ATTENTION

Task: {ECA6FEB7-4FF1-4A7F-8724-E8C80FD48DFB} - System32\Tasks\c52a4280 => C:\Users\Tyler\AppData\Local\Temp\\setup372887936.exe <==== ATTENTION

Task: {F054D8E5-C40B-40BF-991E-1BFD143B3D9E} - \193991460 No Task File <==== ATTENTION

Task: {FB20997B-71A1-4145-9D52-A9166159F737} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf2ca2e648d290.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfec4f46187060.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-879967681-4271235005-1519339517-1000Core.job => C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-879967681-4271235005-1519339517-1000UA.job => C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-879967681-4271235005-1519339517-1000UA1cfeb0948c7c370.job => C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-01-04 07:03 - 2009-11-04 13:14 - 00157696 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxecdrpp.dll

2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2009-03-15 21:15 - 2008-12-22 05:32 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll

2014-11-08 21:45 - 2014-11-08 21:45 - 00382848 ____N () C:\ProgramData\Windows Genuine Advantage\{8B34E930-277B-48EB-A692-D7FDBB372FCD}\msiexec.exe

2014-10-17 02:42 - 2014-10-17 02:42 - 00284160 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\df2a920b8e863d14ab8503f96c7b3ecd\VistaBridgeLibrary.ni.dll

2014-10-27 14:27 - 2014-10-21 23:04 - 08910664 _____ () C:\Users\Tyler\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll

2014-10-27 14:27 - 2014-10-21 23:04 - 01681224 _____ () C:\Users\Tyler\AppData\Local\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AESTFilters => 2

MSCONFIG\Services: Apple Mobile Device => 2

MSCONFIG\Services: asurscsi => 2

MSCONFIG\Services: Bonjour Service => 2

MSCONFIG\Services: DockLoginService => 2

MSCONFIG\Services: GameConsoleService => 3

MSCONFIG\Services: GoToAssist => 3

MSCONFIG\Services: gupdate => 2

MSCONFIG\Services: gupdatem => 3

MSCONFIG\Services: gusvc => 3

MSCONFIG\Services: hnmsvc => 2

MSCONFIG\Services: IAANTMON => 2

MSCONFIG\Services: iPod Service => 3

MSCONFIG\Services: lxec_device => 2

MSCONFIG\Services: SkypeUpdate => 2

MSCONFIG\Services: sprtsvc_DellSupportCenter => 2

MSCONFIG\Services: Steam Client Service => 3

MSCONFIG\Services: stllssvr => 3

MSCONFIG\Services: UMVPFSrv => 2

========================= Accounts: ==========================

Administrator (S-1-5-21-879967681-4271235005-1519339517-500 - Administrator - Disabled)

Guest (S-1-5-21-879967681-4271235005-1519339517-501 - Limited - Disabled)

Tyler (S-1-5-21-879967681-4271235005-1519339517-1000 - Administrator - Enabled) => C:\Users\Tyler

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft Tun Miniport Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunmp

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:

==================

Error: (11/09/2014 04:00:11 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application iexplore.exe, version 9.0.8112.16584, time stamp 0x4549b14e, faulting module MSHTML.dll, version 9.0.8112.16584, time stamp 0x541cb3c5, exception code 0xc0000005, fault offset 0x00260cee,

process id 0x2f00, application start time 0xiexplore.exe0.

Error: (11/09/2014 03:57:16 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\TYLER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (11/09/2014 03:57:16 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\TYLER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (11/09/2014 03:57:15 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\TYLER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (11/09/2014 03:57:15 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\TYLER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (11/09/2014 03:57:15 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\TYLER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (11/09/2014 03:57:15 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\TYLER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (11/09/2014 03:57:14 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\TYLER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\RETINA> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (11/09/2014 03:57:14 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\TYLER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\RETINA> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (11/09/2014 03:57:13 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\TYLER\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\NORMAL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

System errors:

=============

Error: (11/08/2014 09:47:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: McAfee Anti-Malware Core150001Restart the service

Error: (11/08/2014 09:24:28 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/08/2014 09:18:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Intel® PRO/1000 NDIS 6 Adapter Driver%%1058

Error: (11/08/2014 09:18:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Intel® PRO/1000 PCI Express Network Connection Driver%%1058

Error: (11/08/2014 09:18:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/08/2014 08:54:27 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/08/2014 08:51:30 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (11/08/2014 08:46:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/08/2014 08:46:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Intel® PRO/1000 NDIS 6 Adapter Driver%%1058

Error: (11/08/2014 08:46:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Intel® PRO/1000 PCI Express Network Connection Driver%%1058

Microsoft Office Sessions:

=========================

CodeIntegrity Errors:

===================================

Date: 2014-11-09 06:04:55.240

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-09 06:04:51.421

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-09 06:04:46.506

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-09 06:04:41.715

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-09 06:04:33.745

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-09 06:04:31.596

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-09 06:04:28.678

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-09 06:04:25.676

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-09 06:02:25.497

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-11-09 06:02:22.656

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz

Percentage of memory in use: 60%

Total physical RAM: 3033.63 MB

Available physical RAM: 1184.88 MB

Total Pagefile: 6269.51 MB

Available Pagefile: 3676.27 MB

Total Virtual: 2047.88 MB

Available Virtual: 1877.33 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:35.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.72 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 232.9 GB) (Disk ID: 2F03C1E0)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)

Partition 3: (Active) - (Size=218.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Maniac · November 11, 2014

Hello booya119 and :welcome: ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Sorry for delay!

Do you still need help? If you still need help, please manually delete FRST.exe, download a new fresh one and generate log files.

booya119 · November 12, 2014

Thank you for responding. I will generate new logs as soon as possible, but may be one or two days before I am able to do so. I hope this will not be an issue.

Maniac · November 12, 2014

It is okay. Thanks for letting me know!

booya119 · November 14, 2014

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-11-2014 01

Ran by Tyler (administrator) on TYLER-PC on 13-11-2014 18:59:29

Running from C:\Users\Tyler\Downloads

Loaded Profile: Tyler (Available profiles: Tyler)

Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe

(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe

(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe

(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe

(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

() C:\Program Files\DivX\DivX Update\DivXUpdate.exe

(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe

(Dell Inc.) C:\Windows\System32\WLTRAY.EXE

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

() C:\Program Files\Pando Networks\Media Booster\PMB.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\System32\conime.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483420 2008-12-14] (IDT, Inc.)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)

HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [1662032 2008-08-27] (Dell Inc.)

HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-23] (CyberLink Corp.)

HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)

HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)

HKLM\...\Run: [iAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-05-07] (Intel Corporation)

HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()

HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-01-29] (DivX, LLC)

HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2008-10-04] (SupportSoft, Inc.)

HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3810304 2008-12-22] (Dell Inc.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [200704 2008-09-04] (Alps Electric Co., Ltd.)

HKLM\...\Run: [amd_dc_opt] => C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2012-12-19] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2012-12-03] (Adobe Systems Incorporated)

HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKLM\...\RunOnce: [b Register C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll",DllRegisterServer

Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKLM\...\Policies\Explorer: [NoFolderOptions] 0

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-19\...\Winlogon: [shell] C:\Windows\Explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION

HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-20\...\Winlogon: [shell] C:\Windows\Explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION

HKU\S-1-5-21-879967681-4271235005-1519339517-1000\...\Run: [winupd] => C:\Users\Tyler\AppData\Local\Temp:winupd.exe

HKU\S-1-5-21-879967681-4271235005-1519339517-1000\...\Run: [Pando Media Booster] => C:\Program Files\Pando Networks\Media Booster\PMB.exe [3077528 2011-08-17] ()

HKU\S-1-5-21-879967681-4271235005-1519339517-1000\...\Run: [p9pl5944863637826728850] => \\?\globalroot\Device\HarddiskVolume3\Users\Tyler\AppData\Local\Temp\p9pl5944863637826728850.tmp <===== ATTENTION

HKU\S-1-5-21-879967681-4271235005-1519339517-1000\...\Run: [p9pl388102792662700970] => \\?\globalroot\Device\HarddiskVolume3\Users\Tyler\AppData\Local\Temp\p9pl388102792662700970.tmp <===== ATTENTION

HKU\S-1-5-21-879967681-4271235005-1519339517-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3882312 2008-12-02] (Microsoft Corporation)

HKU\S-1-5-21-879967681-4271235005-1519339517-1000\...\Run: [Google Update] => C:\Users\Tyler\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-19] (Google Inc.)

HKU\S-1-5-21-879967681-4271235005-1519339517-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)

HKU\S-1-5-21-879967681-4271235005-1519339517-1000\...\Run: [-694390270] => C:\Users\Tyler\AppData\Local\Temp\thpm3029530543124544682.tmp <===== ATTENTION

HKU\S-1-5-21-879967681-4271235005-1519339517-1000\...\Run: [{79BF4901-1EC4-4726-B3C2-A7859706C6E7}] => "C:\Users\Tyler\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QZDS6Q57\LeagueofLegends_NA_Installer_05_07_13.exe" /cmdloc "HKCU\Software\Riot Games AiTemp\{79BF4901-1EC4-4726-B3 (the data entry has 17 more characters).

HKU\S-1-5-21-879967681-4271235005-1519339517-1000\...\Run: [EvolveClient] => C:\Program Files\Echobit\Evolve\EvolveClient.exe [3332512 2014-09-23] (Echobit LLC)

HKU\S-1-5-21-879967681-4271235005-1519339517-1000\...\Run: [DellSystemDetect] => C:\Users\Tyler\AppData\Local\Apps\2.0\BB45JB1N.PVP\VOEHN7TA.V0B\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-05-08] (Dell)

HKU\S-1-5-21-879967681-4271235005-1519339517-1000\...\Run: [acillao] => rundll32 "C:\Users\Tyler\AppData\Local\acillao.dll",acillao <===== ATTENTION

HKU\S-1-5-21-879967681-4271235005-1519339517-1000\...\Winlogon: [shell] C:\Windows\Explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION

HKU\S-1-5-21-879967681-4271235005-1519339517-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!

HKU\S-1-5-18\...\Winlogon: [shell] C:\Windows\Explorer.exe [2926592 2009-04-11] (Microsoft Corporation) <==== ATTENTION

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Remote Access.lnk

ShortcutTarget: Dell Remote Access.lnk -> c:\Windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe (Macrovision Corporation)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: ftp=127.0.0.1:52081;http=127.0.0.1:52081;https=127.0.0.1:52081

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF Plugin: @mcafee.com/MVT -> C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-07]

FF HKLM\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn

FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-02-23]

Chrome:

=======

CHR HomePage: Default -> hxxp://www.google.com

CHR StartupUrls: Default -> "hxxp://www.google.com"

CHR DefaultSearchKeyword: Default -> search.live.com

CHR DefaultSearchURL: Default -> http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}

CHR DefaultSuggestURL: Default ->

CHR Profile: C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]

CHR Extension: (YouTube) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-26]

CHR Extension: (Google Search) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-26]

CHR Extension: (Google Wallet) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

CHR Extension: (Gmail) - C:\Users\Tyler\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-26]

CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-07]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [81920 2008-12-14] (Andrea Electronics Corporation)

S4 asurscsi; C:\Users\Tyler\AppData\Local\Temp\MSI3834.tmp [142336 2009-10-21] (Voyetra Turtle Beach, Inc.) [File not signed]

S4 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation) [File not signed]

S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1579936 2014-09-23] (Echobit LLC)

S4 GameConsoleService; C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe [164600 2008-07-04] (WildTangent, Inc.)

S4 hnmsvc; c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe [820464 2008-09-30] (Dell Inc.)

R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)

S4 lxec_device; C:\Windows\system32\lxeccoms.exe [598696 2010-04-14] ( )

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)

R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [472072 2014-06-12] (McAfee, Inc.)

R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)

R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-07-24] (McAfee, Inc.)

R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-06-20] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-06-20] (McAfee, Inc.)

S4 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-10-04] (SupportSoft, Inc.)

R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe [241746 2008-12-14] (IDT, Inc.)

S4 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)

R2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-22] (Broadcom Corporation)

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.)

R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [18584 2014-08-10] (Echobit, LLC)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-13] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.)

S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.)

R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [349192 2014-07-24] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81296 2014-07-24] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217224 2014-06-20] (McAfee, Inc.)

R2 Packet; C:\Windows\System32\DRIVERS\packet.sys [22016 2008-06-17] (SingleClick Systems)

S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]

S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-13 18:59 - 2014-11-13 19:00 - 00022240 _____ () C:\Users\Tyler\Downloads\FRST.txt

2014-11-13 18:58 - 2014-11-13 18:58 - 01108480 _____ (Farbar) C:\Users\Tyler\Desktop\FRST.exe

2014-11-13 18:53 - 2014-11-13 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2014-11-09 06:27 - 2014-11-09 06:27 - 00021241 _____ () C:\Users\Tyler\Desktop\virus removal logs.zip

2014-11-09 05:58 - 2014-11-13 18:59 - 00000000 ____D () C:\FRST

2014-11-09 05:54 - 2014-11-09 05:54 - 00003181 _____ () C:\Users\Tyler\Desktop\Malwarebytes Help Making a post.txt

2014-11-09 04:23 - 2014-11-09 04:23 - 00229927 _____ () C:\Users\Tyler\Desktop\Scan_2014-11-9-4-10.txt

2014-11-09 04:19 - 2014-11-13 18:46 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-11-09 04:17 - 2014-11-09 04:17 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-11-09 04:17 - 2014-11-09 04:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-11-09 04:17 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-11-09 04:17 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-11-09 04:17 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-11-09 04:16 - 2014-11-09 04:17 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-11-09 04:16 - 2014-11-09 04:16 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-11-09 03:27 - 2014-11-09 05:41 - 00000000 ____D () C:\Users\Tyler\AppData\Local\Igdsoft

2014-11-09 03:27 - 2014-11-09 03:27 - 00000000 ____D () C:\Users\Tyler\AppData\Local\Ewfdtion

2014-11-08 22:21 - 2014-11-08 22:21 - 00000000 ____D () C:\Program Files\Reason

2014-11-08 22:16 - 2014-11-08 22:17 - 02469552 _____ (Reason Company Software Inc.) C:\Users\Tyler\Desktop\herdProtectScan_Portable.exe

2014-11-08 22:07 - 2014-11-08 22:34 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Tyler\Desktop\mbam-setup-2.0.3.1025.exe

2014-11-08 22:05 - 2014-11-09 03:56 - 00000000 ____D () C:\ProgramData\HitmanPro

2014-11-08 21:59 - 2014-11-08 22:02 - 10284408 _____ (SurfRight B.V.) C:\Users\Tyler\Desktop\HitmanPro.exe

2014-11-08 21:49 - 2014-11-08 22:00 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\Nihyqyx

2014-11-08 21:45 - 2014-11-08 21:45 - 00000000 ____D () C:\ProgramData\PancUfizy

2014-11-08 20:35 - 2014-11-09 07:08 - 00000160 ____H () C:\ProgramData\@system3.att

2014-11-08 20:34 - 2014-11-09 07:08 - 00000424 _____ () C:\ProgramData\@system.temp

2014-11-08 20:34 - 2014-11-09 04:53 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\FrameworkUpdate7

2014-11-08 20:34 - 2014-11-08 20:34 - 00000448 ____H () C:\Users\Tyler\AppData\Roaming\麽鎒駓覜

2014-11-08 20:34 - 2014-11-08 20:34 - 00000000 ____D () C:\ProgramData\DufjiGmudi

2014-11-08 20:33 - 2014-11-09 03:36 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage

2014-10-24 20:32 - 2014-10-24 20:32 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-10-24 20:32 - 2014-10-24 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-10-24 20:29 - 2014-10-24 20:31 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB

2014-10-24 20:29 - 2014-10-24 20:31 - 00000000 ____D () C:\Program Files\iTunes

2014-10-24 20:29 - 2014-10-24 20:29 - 00000000 ____D () C:\Program Files\iPod

2014-10-20 05:19 - 2014-11-09 06:24 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfec4f46187060.job

2014-10-18 14:25 - 2014-11-09 06:30 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-879967681-4271235005-1519339517-1000UA1cfeb0948c7c370.job

2014-10-17 21:54 - 2014-10-17 21:54 - 00001878 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-10-17 21:54 - 2014-10-17 21:54 - 00000000 ___RD () C:\Program Files\Skype

2014-10-17 21:54 - 2014-10-17 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-10-17 21:54 - 2014-10-17 21:54 - 00000000 ____D () C:\Program Files\Common Files\Skype

2014-10-17 02:13 - 2014-06-15 17:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2014-10-17 02:13 - 2014-06-13 13:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2014-10-17 02:13 - 2014-06-13 13:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2014-10-17 02:09 - 2014-09-27 18:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-10-17 02:07 - 2014-09-04 18:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys

2014-10-17 02:02 - 2014-09-16 11:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-10-16 21:55 - 2014-10-16 21:55 - 00000000 ____D () C:\Program Files\SystemRequirementsLab

2014-10-16 21:54 - 2014-10-16 21:54 - 00663552 _____ () C:\Users\Tyler\Downloads\Detection.msi

2014-10-16 16:32 - 2014-10-16 16:32 - 00000000 ____D () C:\Program Files\Common Files\Java

2014-10-16 16:32 - 2014-10-16 16:30 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-10-16 16:31 - 2014-10-16 16:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-10-16 16:31 - 2014-10-16 16:30 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-10-16 16:31 - 2014-10-16 16:30 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-10-16 16:31 - 2014-10-16 16:30 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2014-10-16 05:26 - 2014-09-19 17:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-10-16 05:26 - 2014-09-19 17:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-10-16 05:26 - 2014-09-19 17:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-10-16 05:26 - 2014-09-19 17:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-10-16 05:26 - 2014-09-19 17:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-10-16 05:26 - 2014-09-19 17:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-10-16 05:26 - 2014-09-19 17:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-10-16 05:26 - 2014-09-19 17:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-10-16 05:26 - 2014-09-19 17:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-10-16 05:26 - 2014-09-19 17:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-10-16 05:26 - 2014-09-19 17:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-10-16 05:26 - 2014-09-19 17:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-10-16 05:26 - 2014-09-19 17:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-10-16 05:26 - 2014-09-19 17:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-10-16 05:26 - 2014-09-19 17:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-10-16 05:26 - 2014-09-19 17:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-10-16 05:26 - 2014-09-19 17:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-10-16 05:26 - 2014-09-19 17:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-10-16 05:26 - 2014-09-19 17:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2014-10-16 05:26 - 2014-09-19 17:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2014-10-16 05:26 - 2014-09-19 17:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-13 19:00 - 2012-04-18 17:41 - 00000000 ____D () C:\Users\Tyler\AppData\Local\PMB Files

2014-11-13 18:57 - 2009-03-15 15:57 - 01533365 _____ () C:\Windows\WindowsUpdate.log

2014-11-13 18:53 - 2014-01-08 10:11 - 00001753 _____ () C:\Users\Public\Desktop\McAfee AntiVirus.lnk

2014-11-13 18:51 - 2006-11-02 05:33 - 00759542 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-11-13 18:49 - 2009-04-08 16:54 - 00000000 ____D () C:\Users\Tyler\Tracing

2014-11-13 18:46 - 2014-02-18 07:13 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf2ca2e648d290.job

2014-11-13 18:44 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-11-13 18:44 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-11-13 18:44 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-11-09 15:52 - 2006-11-02 08:01 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-11-09 15:40 - 2008-01-20 21:47 - 01296150 _____ () C:\Windows\PFRO.log

2014-11-09 07:14 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Web

2014-11-09 07:11 - 2011-08-14 22:50 - 00000000 ____D () C:\Users\Tyler\AppData\Roaming\Skype

2014-11-09 06:31 - 2010-01-13 20:36 - 00000680 _____ () C:\Users\Tyler\AppData\Local\d3d9caps.dat

2014-11-09 06:30 - 2012-09-26 16:12 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-879967681-4271235005-1519339517-1000UA.job

2014-11-09 06:24 - 2011-04-07 19:55 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-11-09 06:22 - 2012-04-13 04:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-11-09 04:01 - 2012-01-15 01:41 - 00000000 ____D () C:\Users\Tyler\AppData\Local\CrashDumps

2014-11-09 03:40 - 2011-08-14 20:42 - 00000000 ____D () C:\ProgramData\Anti-phishing Domain Advisor

2014-11-08 19:31 - 2012-09-26 16:12 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-879967681-4271235005-1519339517-1000Core.job

2014-10-27 14:27 - 2012-09-26 16:14 - 00002044 _____ () C:\Users\Tyler\Desktop\Google Chrome.lnk

2014-10-24 20:29 - 2014-10-03 21:57 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2014-10-24 20:29 - 2014-01-24 20:59 - 00000000 ____D () C:\Program Files\Common Files\Apple

2014-10-17 21:54 - 2011-08-14 22:50 - 00000000 ____D () C:\ProgramData\Skype

2014-10-17 02:51 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-10-17 02:35 - 2006-11-02 07:47 - 03627952 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-10-17 02:13 - 2009-04-14 16:07 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-10-16 22:08 - 2011-08-19 18:11 - 00000000 ____D () C:\Program Files\Steam

2014-10-16 16:33 - 2013-10-21 21:40 - 00000000 ____D () C:\ProgramData\Oracle

2014-10-16 05:20 - 2012-08-26 03:10 - 00000858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk

2014-10-16 05:20 - 2012-08-26 03:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE

Files to move or delete:

====================

C:\ProgramData\hash.dat

Some content of TEMP:

====================

C:\Users\Tyler\AppData\Local\Temp\DivXSetup.exe

C:\Users\Tyler\AppData\Local\Temp\install_flashplayer11x32ax_gtbp_chrd_au_aih.exe

C:\Users\Tyler\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe

C:\Users\Tyler\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe

C:\Users\Tyler\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe

C:\Users\Tyler\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe

C:\Users\Tyler\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe

C:\Users\Tyler\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe

C:\Users\Tyler\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe

C:\Users\Tyler\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\Tyler\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\Tyler\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe

C:\Users\Tyler\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\Tyler\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe

C:\Users\Tyler\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe

C:\Users\Tyler\AppData\Local\Temp\NGMDll.dll

C:\Users\Tyler\AppData\Local\Temp\NGMResource.dll

C:\Users\Tyler\AppData\Local\Temp\NGMSetup.exe

C:\Users\Tyler\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Tyler\AppData\Local\Temp\swt-win32-3349.dll

C:\Users\Tyler\AppData\Local\Temp\tmp17EA.exe

C:\Users\Tyler\AppData\Local\Temp\tmpE2E6.exe

C:\Users\Tyler\AppData\Local\Temp\unicows.dll

C:\Users\Tyler\AppData\Local\Temp\UpdateFlashPlayer_8459c5d2.exe

C:\Users\Tyler\AppData\Local\Temp\vlc-2.1.5-win32.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-13 18:55

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-11-2014 01

Ran by Tyler at 2014-11-13 19:01:02