My computer has been running very slowly for the past few days. My kids play online games and do several searches. I noticed that I had several dllhost.exe that was taking up a large amount of my memory and CPU usage. I installed Malwarebytes and now I keep getting a Malicious Website Blocked for fff5ee.com, 31.184.192.90, 95.215.1.57 on port different ports, but the processes all come from my C:\Windows\SysWOW64\dllhost.exe. Any suggestions or help to remove this?
dllhost.exe and Malicious Website Blocked (fff5ee.com) [Solved]
Started by
mantis_51
, Oct 22 2014 09:25 PM
-
This topic is locked
#2
Posted 23 October 2014 - 03:13 AM
LiquidTension
-
- Expert
-
- 1,151 posts
Expert
Hello Mantis_51, welcome to Geeks To Go Malware Removal forum!
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. 
======================================================
Please read through the points below to ensure this process moves as quickly and efficiently as possible.
- Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
- Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
- Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
- Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.
- If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
- Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
- Ensure you are following this topic. Click
at the top of the page.
======================================================
The symptoms you've described are associated with an infection called Poweliks.
Lets check if this infection is indeed present.
STEP 1
Farbar Recovery Scan Tool (FRST) Scan
- Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
- Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
- Right-Click FRST.exe / FRST64.exe and select
Run as administrator to run the programme. - Click Yes to the disclaimer.
- Ensure the Addition.txt box is checked.
- Click the Scan button and let the programme run.
- Upon completion, click OK, then OK on the Addition.txt pop up screen.
- Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
======================================================
STEP 2
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
- FRST.txt
- Addition.txt
#3
Posted 23 October 2014 - 05:20 AM
mantis_51
- Topic Starter
-
- Member
-
- 11 posts
Member
Thanks Adam. My name is Jeff. Below is the results of the FRST.txt. This morning as well I started getting reports from a mediaplayer-downloader888.com website in addition to the fff5ee.com url.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2014
Ran by Jeff Erwin (administrator) on JEFFERWIN-PC on 23-10-2014 06:23:04
Running from C:\Users\Jeff Erwin\Desktop
Loaded Profile: Jeff Erwin (Available profiles: Jeff Erwin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Windstream) C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
(Google Inc.) C:\Users\Jeff Erwin\AppData\Local\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Google Inc.) C:\Users\Jeff Erwin\AppData\Local\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Humana Inc.) C:\Users\Public\Humana\GearSync\Humana_GearSync.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
() C:\Program Files (x86)\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Windstream) C:\Program Files (x86)\Windstream\Diagnostic Tools\DiagnosticTools.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Radialpoint SafeCare Inc.) C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe
(Google Inc.) C:\Users\Jeff Erwin\AppData\Local\Google\Chrome\Application\chrome.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Users\Jeff Erwin\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Users\Jeff Erwin\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
() C:\Program Files (x86)\Real\RealPlayer\RPDS\Tools\ffmpeg\ffprobe.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-18] ()
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [298376 2012-09-28] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GearSyncAutoStart] => C:\Users\Public\Humana\GearSync\Humana_GearSync.exe [532040 2012-05-10] (Humana Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724536 2012-04-22] (Sony Corporation)
HKLM-x32\...\Run: [FPCCSMiddleware] => C:\Program Files (x86)\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe [536184 2008-03-06] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Windstream Service Agent.exe] => C:\Program Files (x86)\Windstream\Service Agent\Windstream Service Agent.exe [10204472 2011-10-14] (Windstream)
HKLM-x32\...\Run: [DiagnosticTools.exe] => C:\Program Files (x86)\Windstream\Diagnostic Tools\DiagnosticTools.exe [2037048 2011-04-25] (Windstream)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [296520 2014-03-03] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\runonceex: [ContentMerger] => C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4212909893-2989147456-1797026021-1000\...\Run: [Google Update] => C:\Users\Jeff Erwin\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-20] (Google Inc.)
HKU\S-1-5-21-4212909893-2989147456-1797026021-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-4212909893-2989147456-1797026021-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-4212909893-2989147456-1797026021-1000\...\MountPoints2: {a151284f-0613-11df-92fa-806e6f6e6963} - E:\PopCDRun.exe
HKU\S-1-5-21-4212909893-2989147456-1797026021-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Jeff Erwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2510 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2510 series.lnk -> C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM - {99DF2153-5B2B-4FDE-9657-8AABBAD3A3E3} URL = http://www.ask.com/w...}&l=dis&o=uscqd
SearchScopes: HKLM-x32 - {99DF2153-5B2B-4FDE-9657-8AABBAD3A3E3} URL = http://www.ask.com/w...}&l=dis&o=uscqd
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - No Name - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
Toolbar: HKCU - No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
Toolbar: HKCU - No Name - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h20364.www2....DataManager.CAB
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...ploader_v10.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{CCE25430-6B64-4075-8A5E-AB8060EA9E2F}: [NameServer] 8.8.8.8
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Windstream\Service Agent\nprpspa.dll (Windstream)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @ei.FromDocToPDF_65.com/Plugin -> C:\Program Files (x86)\FromDocToPDF_65EI\Installr\1.bin\NP65EISB.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll No File
FF Plugin-x32: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Windstream\Service Agent\nprpspa.dll (Windstream)
FF Plugin-x32: @real.com/nppl3260;version=17.0.6.13 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.6 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.6 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.6 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.6.13 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @virtools.com/3DviaPlayer -> C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Jeff Erwin\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Jeff Erwin\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{8E8D8D12-A43B-4289-994D-DF2C7C0EF736}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-03-03]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP&dt=112413
CHR StartupUrls: Default -> "hxxp://www.windstream.net/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Jeff Erwin\AppData\Local\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Jeff Erwin\AppData\Local\Google\Chrome\Application\38.0.2125.104\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Jeff Erwin\AppData\Local\Google\Chrome\Application\38.0.2125.104\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Users\Jeff Erwin\AppData\Local\Google\Chrome\Application\plugins\NPcol400.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Users\Jeff Erwin\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll No File
CHR Plugin: (Motive Plugin) - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (3DVIA player) - C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Jeff Erwin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jeff Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Jeff Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16]
CHR Extension: (Google Search) - C:\Users\Jeff Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16]
CHR Extension: (RealPlayer Downloader) - C:\Users\Jeff Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-12-25]
CHR Extension: (Radialpoint SPD Extension) - C:\Users\Jeff Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj [2014-01-07]
CHR Extension: (Google Wallet) - C:\Users\Jeff Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Jeff Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16]
CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx []
CHR HKLM-x32\...\Chrome\Extension: [ghnpfkmgeiojiaheaiefkilmjinpoccb] - C:\Users\JEFFER~1\AppData\Local\Temp\ghnpfkmgeiojiaheaiefkilmjinpoccb.crx []
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-02-12]
CHR HKLM-x32\...\Chrome\Extension: [lmmhpfbhngkongobaoibpmnijjokabmj] - C:\Program Files (x86)\Windstream\Service Agent\ChromeExtension.crx [2014-01-07]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-21] (WildTangent)
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HsdService; C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe [1393976 2011-04-25] (Windstream)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-05-13] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-05-13] (Alcatel-Lucent) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474168 2012-04-22] (Sony Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-02-12] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141336 2014-03-03] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-02-12] () [File not signed]
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 ServicepointService; C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe [10315064 2011-10-14] (Radialpoint SafeCare Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 a016bus; C:\Windows\System32\DRIVERS\a016bus.sys [109096 2008-01-18] (MCCI Corporation)
S3 a016mdfl; C:\Windows\System32\DRIVERS\a016mdfl.sys [19496 2008-01-18] (MCCI Corporation)
S3 a016mdm; C:\Windows\System32\DRIVERS\a016mdm.sys [146472 2008-01-18] (MCCI Corporation)
S3 a016mgmt; C:\Windows\System32\DRIVERS\a016mgmt.sys [130600 2008-01-18] (MCCI Corporation)
S3 a016obex; C:\Windows\System32\DRIVERS\a016obex.sys [125480 2008-01-18] (MCCI Corporation)
R3 arusb_lhx; C:\Windows\System32\DRIVERS\arusb_lhx.sys [538112 2008-07-01] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-03-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-03-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 RTL8192U; C:\Windows\System32\DRIVERS\RTL8192u.sys [1624096 2009-10-26] (Realtek Semiconductor Corporation )
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2010-02-20] (Sony Ericsson Mobile Communications)
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-23 06:23 - 2014-10-23 06:27 - 00029123 _____ () C:\Users\Jeff Erwin\Desktop\FRST.txt
2014-10-23 06:16 - 2014-10-23 06:17 - 02112000 _____ (Farbar) C:\Users\Jeff Erwin\Downloads\FRST64 (1).exe
2014-10-23 06:07 - 2014-10-23 06:23 - 00000000 ____D () C:\FRST
2014-10-23 06:01 - 2014-10-23 06:01 - 00000000 ____D () C:\Users\Jeff Erwin\AppData\Roaming\Skinux
2014-10-22 23:47 - 2014-10-22 23:42 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-22 23:45 - 2014-10-22 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-22 23:45 - 2014-10-22 23:42 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-22 23:45 - 2014-10-22 23:42 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-22 23:45 - 2014-10-22 23:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-22 23:40 - 2014-10-23 06:06 - 00000000 ____D () C:\Users\Jeff Erwin\Desktop\Clean PC
2014-10-22 23:40 - 2014-10-22 23:40 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-22 23:40 - 2014-10-22 23:38 - 02112000 _____ (Farbar) C:\Users\Jeff Erwin\Desktop\FRST64.exe
2014-10-22 23:35 - 2014-10-22 23:38 - 02112000 _____ (Farbar) C:\Users\Jeff Erwin\Downloads\FRST64.exe
2014-10-22 20:13 - 2014-10-22 20:14 - 00000000 ____D () C:\4cfb7205d4fcb11f5a5ea54353
2014-10-22 19:19 - 2014-10-23 06:00 - 00003358 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4212909893-2989147456-1797026021-1000
2014-10-22 19:19 - 2014-10-23 06:00 - 00003234 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4212909893-2989147456-1797026021-1000
2014-10-22 19:13 - 2014-10-22 19:15 - 00000000 ____D () C:\NPE
2014-10-22 19:02 - 2014-10-22 21:53 - 00000000 ____D () C:\Users\Jeff Erwin\AppData\Local\NPE
2014-10-22 19:01 - 2014-10-22 19:02 - 03060320 ____N (Symantec Corporation) C:\Users\Jeff Erwin\Downloads\NPE.exe
2014-10-22 18:56 - 2014-10-23 05:54 - 00000000 ____D () C:\AdwCleaner
2014-10-22 18:52 - 2014-10-22 18:54 - 01962496 _____ () C:\Users\Jeff Erwin\Downloads\AdwCleaner.exe
2014-10-22 18:49 - 2014-10-22 18:50 - 00047179 _____ () C:\Users\Jeff Erwin\Downloads\FRST.txt
2014-10-22 17:52 - 2014-10-23 06:34 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-22 17:47 - 2014-10-22 17:47 - 00001072 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-22 17:47 - 2014-10-22 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-22 17:47 - 2014-10-22 17:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-22 17:47 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-22 17:47 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-22 17:47 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-22 17:41 - 2013-10-01 22:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-10-22 17:41 - 2013-10-01 22:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-10-22 17:41 - 2013-10-01 22:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-10-22 17:41 - 2013-10-01 21:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-10-22 17:41 - 2013-10-01 21:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-10-22 17:41 - 2013-10-01 21:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-22 17:41 - 2013-10-01 21:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-10-22 17:41 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-10-22 17:41 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-10-22 17:41 - 2013-10-01 20:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-10-22 17:41 - 2013-10-01 19:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-22 17:40 - 2013-10-01 20:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-10-22 17:40 - 2013-10-01 20:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-10-22 17:40 - 2013-10-01 19:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-22 17:40 - 2013-10-01 19:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-10-22 17:40 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-22 17:40 - 2013-10-01 16:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-22 17:40 - 2013-10-01 16:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-22 16:50 - 2014-10-22 18:01 - 119873784 _____ (Microsoft Corporation) C:\Users\Jeff Erwin\Downloads\msert (1).exe
2014-10-22 16:13 - 2014-10-22 16:36 - 32601272 _____ (Microsoft Corporation) C:\Users\Jeff Erwin\Downloads\Windows-KB890830-x64-V5.17.exe
2014-10-22 16:11 - 2014-10-22 17:46 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Jeff Erwin\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-22 16:10 - 2014-10-22 16:15 - 16558542 _____ () C:\Users\Jeff Erwin\Downloads\Windows6.1-KB2506143-x64.msu
2014-10-22 16:10 - 2014-10-22 16:13 - 10993379 _____ () C:\Users\Jeff Erwin\Downloads\Windows6.0-KB2506146-x86.msu
2014-10-22 00:44 - 2014-10-22 00:52 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-22 00:44 - 2014-10-22 00:44 - 00001361 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-10-22 00:44 - 2014-10-22 00:44 - 00001349 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-10-22 00:44 - 2014-10-22 00:44 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-10-22 00:44 - 2014-10-22 00:44 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-10-22 00:44 - 2014-10-22 00:44 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-10-22 00:44 - 2014-10-22 00:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-10-22 00:44 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-10-22 00:20 - 2014-10-22 00:38 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Jeff Erwin\Downloads\spybot-2.4.exe
2014-10-15 09:37 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 09:37 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 09:37 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 09:37 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 09:37 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 09:37 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 09:37 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 09:33 - 2014-08-18 23:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 09:33 - 2014-08-18 23:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 09:33 - 2014-08-18 23:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 09:33 - 2014-07-06 22:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 09:33 - 2014-07-06 22:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 09:33 - 2014-07-06 22:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 09:33 - 2014-07-06 22:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 09:33 - 2014-07-06 22:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 09:33 - 2014-07-06 22:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 09:33 - 2014-07-06 22:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 09:33 - 2014-07-06 22:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 09:33 - 2014-07-06 22:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 09:33 - 2014-07-06 22:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 09:33 - 2014-07-06 22:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 09:33 - 2014-07-06 22:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 09:33 - 2014-07-06 22:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 09:33 - 2014-07-06 22:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 09:33 - 2014-07-06 22:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 09:33 - 2014-07-06 22:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 09:33 - 2014-07-06 22:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 09:33 - 2014-07-06 22:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 09:33 - 2014-07-06 22:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 09:33 - 2014-07-06 22:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 09:33 - 2014-07-06 22:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 09:33 - 2014-07-06 21:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 09:33 - 2014-07-06 21:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 09:33 - 2014-07-06 21:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 09:33 - 2014-07-06 21:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 09:33 - 2014-07-06 21:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 09:33 - 2014-07-06 21:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 09:33 - 2014-07-06 21:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 09:33 - 2014-07-06 21:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 09:33 - 2014-07-06 21:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 09:33 - 2014-07-06 21:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 09:33 - 2014-07-06 21:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 09:33 - 2014-07-06 21:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 09:33 - 2014-07-06 21:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 09:33 - 2014-07-06 21:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 09:33 - 2014-07-06 21:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 09:33 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 09:33 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 09:33 - 2014-07-06 21:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 09:33 - 2014-07-06 21:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 09:33 - 2014-07-06 21:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 09:33 - 2014-06-27 20:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 09:33 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 09:33 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 09:32 - 2014-10-09 22:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 09:32 - 2014-10-09 22:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 09:32 - 2014-10-09 22:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 09:32 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 09:32 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 09:32 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 09:32 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 09:32 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 09:32 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 09:32 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 09:32 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 09:32 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 09:32 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 09:32 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 09:32 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 09:32 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 09:32 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 09:32 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 09:32 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 09:32 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 09:32 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 09:32 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 09:32 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 09:32 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 09:32 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 09:32 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 09:32 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 09:32 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 09:32 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 09:32 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 09:32 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 09:32 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 09:32 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 09:32 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 09:32 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 09:32 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 09:32 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 09:32 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 09:32 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 09:32 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 09:32 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 09:32 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 09:32 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 09:32 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 09:32 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 09:32 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 09:32 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 09:32 - 2014-08-18 23:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 09:32 - 2014-08-18 23:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 09:32 - 2014-08-18 23:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 09:32 - 2014-08-18 23:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 09:32 - 2014-08-18 23:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 09:32 - 2014-08-18 23:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 09:32 - 2014-08-18 23:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 09:32 - 2014-08-18 22:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 09:32 - 2014-08-18 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 09:32 - 2014-08-18 22:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 09:32 - 2014-07-06 22:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 09:32 - 2014-07-06 22:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 09:32 - 2014-07-06 22:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 09:32 - 2014-07-06 22:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 09:32 - 2014-07-06 22:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 09:32 - 2014-07-06 22:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 09:32 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 09:32 - 2014-07-06 22:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 09:32 - 2014-07-06 22:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 09:32 - 2014-07-06 22:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 09:32 - 2014-07-06 22:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 09:32 - 2014-07-06 21:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 09:32 - 2014-07-06 21:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 09:32 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 09:32 - 2014-07-06 21:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 09:32 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 09:32 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 09:32 - 2014-07-06 21:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 09:32 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 09:32 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 09:32 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 09:31 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 09:31 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 09:31 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 09:31 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 09:31 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 09:31 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 09:31 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 09:31 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 09:31 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 09:31 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 09:31 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 09:31 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 09:25 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 09:25 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 09:25 - 2014-08-28 22:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 09:24 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 09:24 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 09:24 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 09:24 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 09:24 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 09:24 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 09:24 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 09:24 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 09:24 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 09:24 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 09:24 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 09:24 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 09:24 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 09:23 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 09:23 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-11 01:46 - 2014-10-11 01:46 - 00000000 ____D () C:\Users\Jeff Erwin\AppData\Local\{921A4CF5-2776-4326-B546-00AD42A244D5}
2014-10-01 13:09 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 13:09 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-24 07:49 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 07:49 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-23 06:44 - 2011-06-22 18:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-23 06:41 - 2011-07-25 10:32 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4212909893-2989147456-1797026021-1000UA.job
2014-10-23 06:22 - 2013-02-23 14:33 - 00000334 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-10-23 06:17 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-23 06:17 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-23 06:10 - 2012-06-02 09:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-23 06:07 - 2010-01-20 18:37 - 01994939 _____ () C:\Windows\WindowsUpdate.log
2014-10-23 06:00 - 2011-09-19 16:43 - 00000000 ____D () C:\ProgramData\Radialpoint
2014-10-23 05:59 - 2011-06-22 18:24 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-23 05:58 - 2014-09-14 12:30 - 00000396 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Jeff Erwin.job
2014-10-23 05:58 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-23 05:57 - 2009-11-25 16:05 - 00989598 _____ () C:\Windows\PFRO.log
2014-10-23 05:57 - 2009-07-14 00:51 - 00137714 _____ () C:\Windows\setupact.log
2014-10-23 05:53 - 2013-02-18 19:32 - 00000000 ____D () C:\Users\Jeff Erwin\AppData\Local\CRE
2014-10-23 05:53 - 2010-02-19 15:43 - 00000000 ____D () C:\Users\Jeff Erwin
2014-10-23 05:49 - 2013-11-03 23:31 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-23 01:20 - 2013-01-05 00:19 - 03490816 ___SH () C:\Users\Jeff Erwin\Desktop\Thumbs.db
2014-10-22 19:14 - 2012-05-29 14:37 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-22 19:14 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-22 19:05 - 2009-11-25 16:55 - 00000000 ____D () C:\ProgramData\Norton
2014-10-22 17:47 - 2012-10-02 16:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-22 15:15 - 2011-09-19 16:43 - 00000000 ____D () C:\Users\Jeff Erwin\AppData\Roaming\Radialpoint
2014-10-22 13:18 - 2014-09-14 12:30 - 00002994 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_Jeff Erwin
2014-10-22 13:18 - 2014-09-14 12:30 - 00000386 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Jeff Erwin.job
2014-10-22 11:15 - 2014-09-14 12:30 - 00002998 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Jeff Erwin
2014-10-22 11:15 - 2014-09-14 12:30 - 00000390 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Jeff Erwin.job
2014-10-22 05:51 - 2010-03-18 20:02 - 00039631 _____ () C:\Windows\wininit.ini
2014-10-22 00:44 - 2012-05-29 14:37 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-10-20 14:30 - 2011-07-25 10:32 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4212909893-2989147456-1797026021-1000UA
2014-10-20 14:30 - 2011-07-25 10:32 - 00003512 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4212909893-2989147456-1797026021-1000Core
2014-10-20 14:30 - 2011-07-25 10:32 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4212909893-2989147456-1797026021-1000Core.job
2014-10-20 08:15 - 2010-02-19 16:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-20 08:01 - 2014-02-25 23:28 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-10-18 09:00 - 2013-12-25 16:20 - 00000000 ____D () C:\Users\Jeff Erwin\AppData\Roaming\Real
2014-10-17 19:56 - 2011-07-25 10:33 - 00002405 _____ () C:\Users\Jeff Erwin\Desktop\Google Chrome.lnk
2014-10-17 19:37 - 2011-06-22 18:24 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-17 19:37 - 2011-06-22 18:24 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 03:16 - 2013-08-14 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 14:24 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 11:02 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-16 10:53 - 2009-07-14 00:45 - 00498576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 10:48 - 2014-05-07 08:19 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 10:48 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 10:48 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-16 09:37 - 2009-07-13 22:34 - 00000478 _____ () C:\Windows\win.ini
2014-10-15 07:38 - 2012-01-20 12:40 - 00000000 ____D () C:\Users\Jeff Erwin\Desktop\Rachel
2014-10-04 14:51 - 2010-12-27 12:16 - 00000000 ____D () C:\Users\Jeff Erwin\AppData\Local\Snapshots
2014-10-03 10:02 - 2010-02-19 17:34 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-30 13:40 - 2010-02-19 17:44 - 00000544 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2014-09-23 23:10 - 2012-06-02 09:59 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-23 23:10 - 2012-06-02 09:58 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-23 23:10 - 2011-06-17 08:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\Jeff Erwin\AppData\Local\Temp\BCUCInstaller.exe
C:\Users\Jeff Erwin\AppData\Local\Temp\IHU9AEB.tmp.exe
C:\Users\Jeff Erwin\AppData\Local\Temp\IHUBCD0.tmp.exe
C:\Users\Jeff Erwin\AppData\Local\Temp\IHUCB70.tmp.exe
C:\Users\Jeff Erwin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Jeff Erwin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Jeff Erwin\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Jeff Erwin\AppData\Local\Temp\lowproc.exe
C:\Users\Jeff Erwin\AppData\Local\Temp\ose00000.exe
C:\Users\Jeff Erwin\AppData\Local\Temp\Quarantine.exe
C:\Users\Jeff Erwin\AppData\Local\Temp\sqlite3.dll
C:\Users\Jeff Erwin\AppData\Local\Temp\stubhelper.dll
C:\Users\Jeff Erwin\AppData\Local\Temp\_is8526.exe
C:\Users\Jeff Erwin\AppData\Local\Temp\_isA581.exe
C:\Users\Jeff Erwin\AppData\Local\Temp\_isB48F.exe
C:\Users\Jeff Erwin\AppData\Local\Temp\_isC60C.exe
C:\Users\Jeff Erwin\AppData\Local\Temp\_isE7A0.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-16 12:51
==================== End Of Log ============================
#4
Posted 23 October 2014 - 05:21 AM
mantis_51
- Topic Starter
-
- Member
-
- 11 posts
Member
Here is the results from the additional.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-10-2014
Ran by Jeff Erwin at 2014-10-23 06:49:14
Running from C:\Users\Jeff Erwin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2X ApplicationServer and LoadBalancer Client (HKLM-x32\...\{994619C6-8E45-4DEB-A3B5-A9EE02CB6B1E}) (Version: 6.1.465 - 2X Software Ltd.)
3DVIA player 5.0 (HKLM-x32\...\{4E868D3D-6EEB-4273-926C-2287236B5B79}) (Version: 5.0.0.15 - 3DVIA)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.3.9130 - Adobe Systems Inc.) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version: - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version: - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version: - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
Caesar 3 (HKLM-x32\...\Caesar 3) (Version: - )
CCScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Certiprep Launcher (HKLM-x32\...\{26A48CF7-E944-4336-AC3A-8DE895CDCAAE}) (Version: 2.0.01 - Certiport, Inc.)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11299.0 - Cisco Consumer Products LLC)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2115 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeductionPro 2009 (HKLM-x32\...\{97F4D62E-5AEB-4649-BABF-4712C6EF6845}) (Version: 17.04 - HRB Technology, LLC.)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dogz (remove only) (HKLM-x32\...\Dogz) (Version: - )
EMC 10 Content (x32 Version: 1.0.035 - Roxo, Inc.) Hidden
EMCGadgets64 (Version: 1.0.302 - Sonic) Hidden
ESSBrwr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSgui (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (x32 Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ExamView ActiveX Control v2 (HKLM-x32\...\ExamView ActiveX Control v2) (Version: - )
ExamView Pro (HKLM-x32\...\ExamView Pro) (Version: - )
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Fisher-Price Clifford's Classroom (HKLM-x32\...\InstallShield_{188993D8-9B2B-475B-89DE-381419A9C1E4}) (Version: 1.00.0000 - Fisher-Price)
Fisher-Price Clifford's Classroom (x32 Version: 1.00.0000 - Fisher-Price) Hidden
Fisher-Price Computer Cool School (HKLM-x32\...\InstallShield_{803805A4-A3F7-4504-8B19-9A63BC8A4551}) (Version: 1.00.0000 - Fisher-Price)
Fisher-Price Computer Cool School (x32 Version: 1.00.0000 - Fisher-Price) Hidden
Fisher-Price Dora and Diego's Classroom (HKLM-x32\...\InstallShield_{85DE22DE-CB29-4A0C-8930-09BC030F64BF}) (Version: 1.00.0000 - Fisher-Price)
Fisher-Price Dora and Diego's Classroom (x32 Version: 1.00.0000 - Fisher-Price) Hidden
Fisher-Price Scooby-Doo's Classroom (HKLM-x32\...\InstallShield_{EBA4ECB6-8F08-4E3F-A1D1-6564931DFEAF}) (Version: 1.00.0000 - Fisher-Price)
Fisher-Price Scooby-Doo's Classroom (x32 Version: 1.00.0000 - Fisher-Price) Hidden
Fisher-Price Sesame Street Classroom (HKLM-x32\...\InstallShield_{92DDBF62-3992-40E8-8BA0-12F1B8E09F2A}) (Version: 1.00.0000 - Fisher-Price)
Fisher-Price Sesame Street Classroom (x32 Version: 1.00.0000 - Fisher-Price) Hidden
Fisher-Price SpongeBob's Classroom (HKLM-x32\...\InstallShield_{E7A9B8E3-060D-4D02-8ED7-D629BD6404EC}) (Version: 1.00.0000 - Fisher-Price)
Fisher-Price SpongeBob's Classroom (x32 Version: 1.00.0000 - Fisher-Price) Hidden
Fisher-Price Super Why Classroom (HKLM-x32\...\InstallShield_{7C6EC43F-F266-4008-A070-683B21749F01}) (Version: 1.00.0000 - Fisher-Price)
Fisher-Price Super Why Classroom (x32 Version: 1.00.0000 - Fisher-Price) Hidden
FLW Professional Bass Tournament (HKLM-x32\...\FLW Professional Bass Tournament) (Version: - )
Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GT Interactive - Driver (HKLM-x32\...\GT Interactive - Driver) (Version: - )
H&R Block Deluxe + Efile + State 2009 (HKLM-x32\...\{53A19323-917A-4822-B27E-A57D1EF6E9FC}) (Version: 09.04.7101 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2010 (HKLM-x32\...\{10964A8F-21C1-45EA-BC2D-F84B505C3848}) (Version: 10.04.6402 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2011 (HKLM-x32\...\{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}) (Version: 11.05.7102 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2012 (HKLM-x32\...\{89D20029-0578-4D8D-979A-695C8D868868}) (Version: 12.05.7301 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.5801 - HRB Technology, LLC.)
H&R Block Kentucky 2009 (HKLM-x32\...\{FBCDE9EE-7BEA-4121-A71C-E2BB125FBC94}) (Version: 1.09.3101 - HRB Technology, LLC.)
H&R Block Kentucky 2010 (HKLM-x32\...\{962F5DE1-17E5-422C-B754-39F2B6B51782}) (Version: 1.10.1501 - HRB Technology, LLC.)
H&R Block Kentucky 2011 (HKLM-x32\...\{8CE42F82-7F07-484E-AEC6-C606443CD36F}) (Version: 1.11.2601 - HRB Technology, LLC.)
H&R Block Kentucky 2012 (HKLM-x32\...\{B1663805-6A09-4C31-934A-8D01FA1667C4}) (Version: 1.12.3401 - HRB Technology, LLC.)
H&R Block Kentucky 2013 (HKLM-x32\...\{6884FBCF-02ED-489B-AD1B-5E28AE05AC9D}) (Version: 1.13.3101 - HRB Technology, LLC.)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Deskjet 2510 series Basic Device Software (HKLM\...\{293CC68A-32BA-4BA4-84BD-0DCF6583566F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Help (HKLM-x32\...\{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 2510 series Product Improvement Study (HKLM\...\{4B3264AA-951A-4A6B-B837-125224261F12}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Setup Guide (HKLM-x32\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.11182 - HP Photo Creations Powered by RocketLife)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Remote Solution (x32 Version: 1.1.11.0 - Hewlett-Packard) Hidden
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Support Assistant (x32 Version: 7.0.39.15 - Hewlett-Packard Company) Hidden
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Humana GearSync 1.5.115 (HKLM-x32\...\{4ADA60D4-895E-4B03-86BF-39582AD5E95C}_is1) (Version: 1.5.115 - Humana)
Indeo® software (HKLM-x32\...\Indeo® software) (Version: - )
iQsystem 7.001 English (HKLM-x32\...\{194BE500-6DAA-46FF-AD54-7202B899F545}) (Version: 7.001.002 - Certiport)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java Auto Updater (x32 Version: 2.1.71.14 - Oracle, Inc.) Hidden
Jimmy Neutron vs. Jimmy Negatron DEMO (HKLM-x32\...\Jimmy Neutron vs. Jimmy Negatron DEMO) (Version: - )
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 4.2.9.15649 - LeapFrog)
LeapFrog Connect (x32 Version: 4.2.9.15649 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (x32 Version: 4.2.11.15696 - LeapFrog) Hidden
LeapFrog Leapster2 Plugin (x32 Version: 4.2.9.15649 - LeapFrog) Hidden
LeapFrog My Pals Plugin (x32 Version: 4.2.9.15649 - LeapFrog) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Media Player Utilities 4.41 (HKLM-x32\...\{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}) (Version: 4.41 - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Money 2005 (HKLM-x32\...\Money2005b) (Version: 14 - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Monopoly (HKLM-x32\...\Monopoly) (Version: - PopCap Games)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
netbrdg (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Network Play System (Patching) (HKLM-x32\...\Network Play System (Patching)) (Version: - )
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.20.0 - Symantec)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9739 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.58.36 - NVIDIA Corporation)
Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version: - )
OfotoXMI (x32 Version: 8.02.1000.0001 - EASTMAN KODAK Company) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version: - )
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
PlayMemories Home (HKLM-x32\...\{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}) (Version: 6.3.00.04221 - Sony Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3405 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3405 - CyberLink Corp.) Hidden
Primo (x32 Version: 1.00.0000 - Your Company Name) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Radialpoint Security Advisor 2.5.15 (x32 Version: 2.5.15 - Radialpoint SafeCare Inc.) Hidden
Radialpoint Servicepoint Dashboard Extensions version 14.8.6.26202 (HKLM-x32\...\RadialpointServicepointDashboardExtensions_is1) (Version: 14.8.6.26202 - )
RealDownloader (x32 Version: 17.0.6 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.6 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Risk (HKLM-x32\...\bb3e225e1aaf56cf8f40418cd6333ebc) (Version: - )
Roll (HKLM-x32\...\RollerCoaster Tycoon Setup) (Version: - )
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.0 - Roxio) Hidden
Roxio Burn (x32 Version: 1.0.0 - Roxio) Hidden
Roxio Central Audio (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Copy (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Core (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Data (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Central Tools (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Easy CD and DVD Burning (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio Easy CD and DVD Burning (x32 Version: 10.3.104 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.1 - Roxio) Hidden
Roxio File Backup (Version: 1.3.0 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
Runtime (x32 Version: 1.00.0000 - Your Company Name) Hidden
Savings Bond Wizard (HKLM-x32\...\Savings Bond Wizard) (Version: - ) <==== ATTENTION
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (x32 Version: - Microsoft) Hidden
SFR (x32 Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden
SHASTA (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version: - )
skin0001 (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Snapshots (HKLM-x32\...\Snapshots) (Version: - )
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SpongeBob SquarePants - Battle for Bikini Bottom DEMO (HKLM-x32\...\{801D8B6D-8B1A-4796-8F3E-E1978BE0B24C}) (Version: 1.00.000 - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
staticcr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
TalonSoft's West Front: Elite Edition (HKLM-x32\...\TalonSoft's West Front: Elite Edition) (Version: - )
The Fairly OddParents Demo (HKLM-x32\...\{38BFF930-86E6-4061-8951-88E506760E78}) (Version: 0.90.000 - )
The Game of Life (HKLM-x32\...\The Game of Life) (Version: - PopCap Games)
The Sims (HKLM-x32\...\The Sims) (Version: - )
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Uninstall Dual Mode Camera (88379) (HKLM-x32\...\88379_2009_0702_1736_is1) (Version: - )
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version: - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin) (HKLM-x32\...\Leapster2Plugin) (Version: - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin) (HKLM-x32\...\MyPalsPlugin) (Version: - LeapFrog)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.14 - NCH Software)
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
VPRINTOL (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.16 - WildTangent)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windstream Diagnostic Tools 3.0.21 (x32 Version: 3.0.21 - Windstream) Hidden
Windstream Service Agent 4.1.15 (HKLM-x32\...\RadialpointClientGateway_is1) (Version: 4.1.15 - Windstream)
WIRELESS (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4212909893-2989147456-1797026021-1000_Classes\CLSID\{0C3BA0B1-BC14-4B55-98DC-F1E913C1DA10}\InprocServer32 -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\ActiveX64.ocx (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-4212909893-2989147456-1797026021-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Jeff Erwin\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4212909893-2989147456-1797026021-1000_Classes\CLSID\{6FFA7438-3E00-4176-9717-B3BBE2E704AB}\InprocServer32 -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\ActiveX64.ocx (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-4212909893-2989147456-1797026021-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Jeff Erwin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4212909893-2989147456-1797026021-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-4212909893-2989147456-1797026021-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jeff Erwin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4212909893-2989147456-1797026021-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jeff Erwin\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
17-10-2014 07:00:14 Windows Update
20-10-2014 11:30:20 Windows Update
22-10-2014 21:38:20 Windows Update
23-10-2014 03:20:56 Installed Java 7 Update 71
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2014-10-22 00:58 - 00450834 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {16B165AF-0067-4022-8B49-49489AA8D059} - System32\Tasks\RNUpgradeHelperLogonPrompt_Jeff Erwin => C:\Users\Jeff Erwin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-14] (RealNetworks, Inc.)
Task: {1EF67053-601D-4FC6-B054-5C42A12F77BF} - System32\Tasks\{D32CF1EB-71C1-419A-95B6-BA617AFE9A74} => E:\SETUP.EXE
Task: {2B0C740F-4202-4397-B2A9-2B6F0C27B4C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {2E6DAE3D-29C0-459F-8E0F-5F57BA4C0285} - System32\Tasks\{C4462F12-2781-476E-BF8E-4EE5B2A97314} => E:\SETUP.EXE
Task: {2EDF84D4-B491-44B6-A250-73D71B7D2D97} - System32\Tasks\{3B3C0249-1D0E-42C5-A68A-AB7036700F1E} => E:\SETUP.EXE
Task: {3BD61AA0-DCC5-40A8-B4C6-616350D1128B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {431FAA62-DCC9-4B44-A847-7B1EB44881EC} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4212909893-2989147456-1797026021-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-02-12] (RealNetworks, Inc.)
Task: {44D4FE5C-BE73-4F8C-B1BC-3037F144C65B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {4B30F23C-CA8A-40D3-9D70-DF2FEA01C6CC} - System32\Tasks\RNUpgradeHelperResumePrompt_Jeff Erwin => C:\Users\Jeff Erwin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-14] (RealNetworks, Inc.)
Task: {4ED01611-9909-47DB-B7BB-087CE91C608F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {5B994C73-8A41-4BAB-9CB5-B223B0E2F8A7} - System32\Tasks\{F1B5EB09-BD62-4D20-8387-BC63188C53C2} => E:\SETUP.EXE
Task: {71D07269-57FE-4A76-AB2A-2CDFE8DA1073} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {759C1BA8-49AE-4535-A53F-78C62CC6DB31} - System32\Tasks\{AE2E8BC1-BD8E-40B7-8E51-CD16D6403A72} => E:\SETUP.EXE
Task: {8B6F755F-6E3B-4B5E-B617-516BE05A0012} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {8EA251CD-03AD-4630-8B4A-36B034CB28B1} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4212909893-2989147456-1797026021-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-02-12] (RealNetworks, Inc.)
Task: {9E07A412-B774-4254-89A7-2E7624EBDCC6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4212909893-2989147456-1797026021-1000UA => C:\Users\Jeff Erwin\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {9E8CBE32-01E4-43E6-A2BB-F99C0652CDB1} - System32\Tasks\ReclaimerUpdateFiles_Jeff Erwin => C:\Users\Jeff Erwin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-14] (RealNetworks, Inc.)
Task: {AD32052D-0C8B-4C54-A8CA-A522AD54497D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4212909893-2989147456-1797026021-1000Core => C:\Users\Jeff Erwin\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {ADB7B03C-2FBE-4CE6-9439-52CA3A33EFAE} - System32\Tasks\{00A80AAB-9E7F-47E7-A926-856E519B3ABB} => C:\Users\Jeff Erwin\Desktop\comma\INSTALL\setup.exe
Task: {BD60ED36-737A-476C-8E94-5A4BA4CCFB21} - System32\Tasks\HPCustParticipation HP Deskjet 2510 series => C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {C8CC6501-F689-4AAC-B770-5FD6F7485B4D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {CA687443-4404-4796-A881-03D97C9517DF} - System32\Tasks\ReclaimerUpdateXML_Jeff Erwin => C:\Users\Jeff Erwin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe [2014-09-14] (RealNetworks, Inc.)
Task: {D5884632-7B55-4D1C-8A76-003A88209661} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-02-23] ()
Task: {D5C40EFB-B46A-4634-AF4B-A7EBE40ADC83} - System32\Tasks\ExtendedServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {DC70AF0C-0C43-4932-A73C-DF0A1241E95D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {EA594528-4886-4FBA-B93C-C8342D38F779} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {ECAF2633-30A7-4613-83C6-01ED57884BE6} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
Task: {ED0F786A-84BA-48B9-ACB1-9E1AA60EA6F6} - System32\Tasks\{538FB9A4-30A0-49DB-9313-072B88DAADCE} => C:\Users\Jeff Erwin\Desktop\comma\INSTALL\setup.exe
Task: {ED5C78CF-4283-42AC-AF2A-217181579180} - System32\Tasks\{51A70942-404A-4F33-B828-A96735FC9790} => E:\SETUP.EXE
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4212909893-2989147456-1797026021-1000Core.job => C:\Users\Jeff Erwin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4212909893-2989147456-1797026021-1000UA.job => C:\Users\Jeff Erwin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Jeff Erwin.job => C:\Users\Jeff Erwin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Jeff Erwin.job => C:\Users\Jeff Erwin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Jeff Erwin.job => C:\Users\Jeff Erwin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.02\agent\rnupgagent.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
==================== Loaded Modules (whitelisted) =============
2014-09-16 13:50 - 2014-09-16 13:50 - 08896160 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-02-16 18:28 - 2006-10-19 22:44 - 00047616 _____ () C:\Windows\System32\pdf995mon64.dll
2009-06-18 22:46 - 2009-06-18 22:46 - 00494064 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2012-08-10 09:30 - 2008-03-06 20:47 - 00536184 ____N () C:\Program Files (x86)\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
2014-02-12 15:42 - 2014-02-12 15:42 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-02-12 17:29 - 2014-02-12 17:29 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2009-06-18 22:46 - 2009-06-18 22:46 - 01554928 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
2014-03-03 09:51 - 2014-03-03 09:51 - 00118360 _____ () c:\program files (x86)\real\realplayer\RPDS\Tools\ffmpeg\ffprobe.exe
2010-01-27 11:10 - 2010-02-27 12:08 - 00406016 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Kfx.dll
2010-01-27 11:01 - 2010-02-27 12:08 - 00264192 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AppCore.dll
2010-01-27 10:58 - 2010-02-27 12:08 - 00356352 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Atlas.dll
2010-01-27 10:57 - 2010-02-27 12:08 - 00237568 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
2010-01-27 11:19 - 2010-02-27 12:08 - 00233984 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaControls.esx
2010-01-27 10:51 - 2010-02-27 12:08 - 00090112 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
2010-01-27 11:28 - 2010-02-27 12:08 - 00078848 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
2010-01-27 10:43 - 2010-02-27 12:08 - 00062464 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
2006-03-07 11:05 - 2010-02-27 12:08 - 01564672 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AreaIFDLL.dll
2010-01-27 11:22 - 2010-02-27 12:08 - 00761856 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
2010-01-27 10:53 - 2010-02-27 12:08 - 00152576 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
2010-01-27 11:50 - 2010-02-27 12:08 - 00684032 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEmail.esx
2010-01-27 11:05 - 2010-02-27 12:08 - 00084480 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\keml40.dll
2010-01-27 10:57 - 2010-02-27 12:08 - 00129536 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kpries40.dll
2010-01-27 12:33 - 2010-02-27 12:08 - 11503616 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSkin.esx
2009-09-28 22:19 - 2010-02-27 12:08 - 00782336 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
2009-09-28 22:19 - 2010-02-27 12:08 - 00868352 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
2009-09-28 22:20 - 2010-02-27 12:08 - 00462848 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
2009-09-28 22:19 - 2010-02-27 12:08 - 00155648 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
2009-09-28 22:21 - 2010-02-27 12:08 - 00528384 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
2009-09-28 22:20 - 2010-02-27 12:08 - 02236416 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
2009-09-28 22:21 - 2010-02-27 12:08 - 00847872 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
2009-09-28 22:21 - 2010-02-27 12:08 - 01396736 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
2010-01-27 11:54 - 2010-02-27 12:08 - 00171520 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Pcd.esx
2010-01-27 11:18 - 2010-02-27 12:08 - 00052224 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
2010-01-27 11:17 - 2010-02-27 12:08 - 00143360 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
2010-01-27 10:50 - 2010-02-27 12:08 - 00084480 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
2010-01-27 09:21 - 2010-02-27 12:08 - 00010240 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
2010-01-27 12:41 - 2010-02-27 12:08 - 00339968 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
2010-01-27 11:51 - 2010-02-27 12:08 - 00098304 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
2010-01-27 12:01 - 2010-02-27 12:08 - 00315392 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
2010-01-27 11:39 - 2010-02-27 12:08 - 00688128 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
2010-01-27 12:39 - 2010-02-27 12:08 - 00471040 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll
2010-01-27 10:51 - 2010-02-27 12:08 - 00044544 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
2014-10-22 00:44 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-10-22 00:44 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-10-22 00:44 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-09-16 13:50 - 2014-09-16 13:50 - 08896160 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-03 09:51 - 2014-03-03 09:51 - 00867928 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2009-06-18 22:46 - 2009-06-18 22:46 - 00584176 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\BBEngineAS.dll
2009-05-20 19:59 - 2009-05-20 19:59 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2014-10-17 19:56 - 2014-10-09 22:03 - 01042760 _____ () C:\Users\Jeff Erwin\AppData\Local\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
2014-10-17 19:56 - 2014-10-09 22:03 - 00211272 _____ () C:\Users\Jeff Erwin\AppData\Local\Google\Chrome\Application\38.0.2125.104\libegl.dll
2014-10-17 19:56 - 2014-10-09 22:04 - 08910664 _____ () C:\Users\Jeff Erwin\AppData\Local\Google\Chrome\Application\38.0.2125.104\pdf.dll
2014-10-17 19:56 - 2014-10-09 22:03 - 01681224 _____ () C:\Users\Jeff Erwin\AppData\Local\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:7E02A4C2
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ServicepointService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: BackgroundContainer => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Jeff Erwin\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
========================= Accounts: ==========================
Administrator (S-1-5-21-4212909893-2989147456-1797026021-500 - Administrator - Disabled)
Guest (S-1-5-21-4212909893-2989147456-1797026021-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4212909893-2989147456-1797026021-1003 - Limited - Enabled)
Jeff Erwin (S-1-5-21-4212909893-2989147456-1797026021-1000 - Administrator - Enabled) => C:\Users\Jeff Erwin
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/23/2014 06:21:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 22.10.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 21c
Start Time: 01cfeea927ed2b60
Termination Time: 0
Application Path: C:\Users\Jeff Erwin\Desktop\FRST64.exe
Report Id: a7b53329-5a9d-11e4-ba7a-c37f11acd316
Error: (10/22/2014 09:58:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NPE.exe, version: 4.3.5.28, time stamp: 0x53fd787a
Faulting module name: NPE.exe, version: 4.3.5.28, time stamp: 0x53fd787a
Exception code: 0xc0000005
Fault offset: 0x000195dc
Faulting process id: 0xb50
Faulting application start time: 0xNPE.exe0
Faulting application path: NPE.exe1
Faulting module path: NPE.exe2
Report Id: NPE.exe3
Error: (10/22/2014 06:34:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 6c8
Start Time: 01cfee026aac1ee0
Termination Time: 10186
Application Path: C:\Windows\Explorer.EXE
Report Id:
Error: (10/22/2014 11:59:49 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (10/22/2014 11:56:36 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
Error: (10/22/2014 05:53:44 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" ; Description = Cleaner (Spybot - Search & Destroy 2.4, administrator privileges; Error = 0x8007043c).
Error: (10/22/2014 05:53:24 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" ; Description = Cleaner (Spybot - Search & Destroy 2.4, administrator privileges; Error = 0x8007043c).
Error: (10/21/2014 11:01:48 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Installed Java 7 Update 71; Error = 0x81000101).
Error: (10/21/2014 07:15:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: The Game of Life.exe, version: 3.1.9.192, time stamp: 0x4cf8450f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x043f4fc0
Faulting process id: 0x11b8
Faulting application start time: 0xThe Game of Life.exe0
Faulting application path: The Game of Life.exe1
Faulting module path: The Game of Life.exe2
Report Id: The Game of Life.exe3
Error: (10/20/2014 01:33:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 2474
Start Time: 01cfec7809bd3c08
Termination Time: 692
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id:
System errors:
=============
Error: (10/23/2014 06:43:32 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.
Error: (10/23/2014 06:43:32 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.
Error: (10/23/2014 06:03:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%1053
Error: (10/23/2014 06:03:55 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.
Error: (10/23/2014 06:01:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053
Error: (10/23/2014 06:01:39 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
Error: (10/23/2014 06:01:28 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (10/23/2014 06:01:04 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RxFilter
Error: (10/23/2014 06:00:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053
Error: (10/23/2014 06:00:14 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
Microsoft Office Sessions:
=========================
Error: (10/23/2014 06:21:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe22.10.2014.021c01cfeea927ed2b600C:\Users\Jeff Erwin\Desktop\FRST64.exea7b53329-5a9d-11e4-ba7a-c37f11acd316
Error: (10/22/2014 09:58:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NPE.exe4.3.5.2853fd787aNPE.exe4.3.5.2853fd787ac0000005000195dcb5001cfee4e12d63e20C:\Users\Jeff Erwin\Downloads\NPE.exeC:\Users\Jeff Erwin\Downloads\NPE.exe05f7cf90-5a58-11e4-b486-ccdd5d2e2304
Error: (10/22/2014 06:34:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.175676c801cfee026aac1ee010186C:\Windows\Explorer.EXE
Error: (10/22/2014 11:59:49 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files (x86)\Microsoft Office\Office15\lync.exe.ManifestC:\Program Files (x86)\Microsoft Office\Office15\UccApi.DLL1
Error: (10/22/2014 11:56:36 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (10/22/2014 05:53:44 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" Cleaner (Spybot - Search & Destroy 2.4, administrator privileges0x8007043c
Error: (10/22/2014 05:53:24 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" Cleaner (Spybot - Search & Destroy 2.4, administrator privileges0x8007043c
Error: (10/21/2014 11:01:48 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\msiexec.exe /VInstalled Java 7 Update 710x81000101
Error: (10/21/2014 07:15:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: The Game of Life.exe3.1.9.1924cf8450funknown0.0.0.000000000c0000005043f4fc011b801cfed8401e15bb0C:\Program Files (x86)\PopCap Games\The Game of Life\The Game of Life.exeunknown13d7b200-5978-11e4-87ae-e0cb4e0c952c
Error: (10/20/2014 01:33:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17344247401cfec7809bd3c08692C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
==================== Memory info ===========================
Processor: AMD Sempron™ Processor LE-1300
Percentage of memory in use: 66%
Total physical RAM: 1918.49 MB
Available physical RAM: 636.88 MB
Total Pagefile: 4063.08 MB
Available Pagefile: 1571.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (COMPAQ) (Fixed) (Total:288.27 GB) (Free:160.27 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.72 GB) (Free:1.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (MONGOLPCMC-EN) (CDROM) (Total:0.45 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=288.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.7 GB) - (Type=07 NTFS)
==================== End Of Log ==================
#5
Posted 23 October 2014 - 05:38 AM
LiquidTension
-
- Expert
-
- 1,151 posts
Expert
Hi Jeff,
Unfortunately, your computer is infected with a rootkit. As such, I must issue the following warning. Please have a think, and let me know how you wish to proceed.
Please let me know how you wish to proceed, and if you have any questions.
BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.
Please disconnect your computer from the internet immediately. If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, email, eBay, paypal, online forums, etc).
Banking and credit card institutions should be notified of the possible security breach immediately. Please read the following for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
Whilst the identified infection(s) can be removed, there is no way to guarantee that your computer will be trustworthy again. This is due to the nature of the infection, which allows the attacker complete control over the computer. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat the hard drive and reinstall the Operating System. Please read the following articles for more information.
#6
Posted 23 October 2014 - 06:29 AM
mantis_51
- Topic Starter
-
- Member
-
- 11 posts
Member
Seems like the best course of action would be to rebuild the system. What would be the best course of action to take to ensure that this will wipe out this rootkit? Also, what files can I save from this computer (photos, music, documents, etc...)?
#7
Posted 23 October 2014 - 07:27 AM
LiquidTension
-
- Expert
-
- 1,151 posts
Expert
Hello Jeff,
What would be the best course of action to take to ensure that this will wipe out this rootkit?
Your computer has a recovery partition. Using this will restore the computer back to the factory image - how it was when you first switched the machine on. This will guarantee all malware removed.
Also, what files can I save from this computer (photos, music, documents, etc...)?
Follow the steps below on protecting your USB drive and safely backing up your data.
STEP 1
Panda USB Vaccine
- Using a clean PC, please download Panda USB Vaccine and save the file to your Desktop.
- Double-click USBVaccineSetup.exe to install the programme.
- Read and accept the license agreement, then click Next.
- Upon completion of the setup, ensure Launch Panda USB Vaccine is checked and click Finish.
- Click the Vaccinate Computer button. It should now show a green checkmark and confirm Computer vaccinated.
- Hold down the Shift key on your keyboard and insert your USB drive.
- When the name of the drive appears in the Panda USB Vaccine dialog box, click the Vaccinate USB drive(s) button.
- Exit the programme when done.
-- Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates an AUTORUN_.INF as protection against malicious code. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.
STEP 2
Backup Data
The safest practice is not to backup any executable (.exe), screensavers (.scr), dynamic link library (.dll), autorun (.ini) or script (.php,.asp, .htm, .html, .xml) files because they may be infected by malware. You should also avoid backing up compressed (.zip, .cab, .rar) files that have executables inside as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may disguise itself by hiding a file extension or by adding double file extensions and/or space(s) in the file's name to hide the real extension, so be sure you look closely at the full file name.
- Backing up documents, image, music and video is fine.
- Specially crafted Word/Excel/PDF can be used for malicious intent, so I recommend only backing up documents you created, or are from trusted sources.
- To repeat, do not backup up files with the following extensions:
.exe, .scr, .bat, .com, .cmd, .msi, .pif, .ini, .htm, .html, .hta, .php, .asp, .xml, .zip, .rar, .cab
- Hold the shift key on your infected PC. Insert your USB drive. Copy the files you wish to keep onto your USB drive using the guidelines above.
- Remove your USB drive. Your data is now backed up.
#8
Posted 23 October 2014 - 09:31 AM
mantis_51
- Topic Starter
-
- Member
-
- 11 posts
Member
Adam, thank you so much, I will work on this. Thank you for your help and for the resources to get me back up and running. I have cleared some male-ware off in the past from my computers at work, but this is the first time I have ran into this type of issue. Thanks again and I will keep you updated.
#9
Posted 23 October 2014 - 09:34 AM
LiquidTension
-
- Expert
-
- 1,151 posts
Expert
You're more than welcome.
If restoring to factory image is indeed the path you'd like to take, and you're unfamiliar with the process, please let me know the make and model of your machine.
#10
Posted 23 October 2014 - 09:39 AM
mantis_51
- Topic Starter
-
- Member
-
- 11 posts
Member
By the way do you know which specific Rootkit it was?
#11
Posted 23 October 2014 - 10:40 AM
LiquidTension
-
- Expert
-
- 1,151 posts
Expert
You're infected with Poweliks.
Poweliks is unique in that it does not require an executable file to be present on the HDD in order to remain active.
Once the Poweliks dropper is on the system, the file will write the necessary modifications to the Windows Registry, and then delete itself. Poweliks is contained entirely within the registry, making use of Powershell (a legitimate command-line programme) and zombifying dllhost.exe (a legitimate System File).
#12
Posted 25 October 2014 - 06:33 PM
mantis_51
- Topic Starter
-
- Member
-
- 11 posts
Member
Well, I have reformatted the hard drive and recovered via the factory image. Things seem pretty good. Below is my new report from FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-10-2014
Ran by Jeff Erwin (administrator) on JEFFERWIN-PC on 25-10-2014 11:59:49
Running from C:\Users\Jeff Erwin\Desktop
Loaded Profile: Jeff Erwin (Available profiles: Jeff Erwin)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-08-24] (Hewlett-Packard)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [600936 2009-06-29] (Symantec Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-310167515-2241255610-4053756275-1000\...\MountPoints2: {5b873f4d-5c65-11e4-9bd4-806e6f6e6963} - E:\DWA130.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Jeff Erwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2510 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2510 series.lnk -> C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {99DF2153-5B2B-4FDE-9657-8AABBAD3A3E3} URL = http://www.ask.com/w...}&l=dis&o=uscqd
SearchScopes: HKLM-x32 - {99DF2153-5B2B-4FDE-9657-8AABBAD3A3E3} URL = http://www.ask.com/w...}&l=dis&o=uscqd
SearchScopes: HKCU - {99DF2153-5B2B-4FDE-9657-8AABBAD3A3E3} URL = http://www.ask.com/w...}&l=dis&o=uscqd
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
FireFox:
========
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
Chrome:
=======
CHR Profile: C:\Users\Jeff Erwin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jeff Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-25]
CHR Extension: (Google Docs) - C:\Users\Jeff Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-25]
CHR Extension: (Google Drive) - C:\Users\Jeff Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jeff Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-25]
CHR Extension: (YouTube) - C:\Users\Jeff Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-25]
CHR Extension: (Google Search) - C:\Users\Jeff Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-25]
CHR Extension: (Google Sheets) - C:\Users\Jeff Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-25]
CHR Extension: (Google Wallet) - C:\Users\Jeff Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-25]
CHR Extension: (Gmail) - C:\Users\Jeff Erwin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-25]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [125440 2009-09-24] (Hewlett-Packard) [File not signed]
R2 HPSLPSVC; C:\Users\Jeff Erwin\AppData\Local\Temp\7zS338C\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S3 jswpsapi; C:\Program Files (x86)\D-Link\DWA-130 revD\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 arusb_lhx; C:\Windows\System32\DRIVERS\arusb_lhx.sys [538112 2008-07-01] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-25 12:37 - 2014-10-25 12:37 - 00000000 ____D () C:\ProgramData\Recovery
2014-10-25 11:59 - 2014-10-25 12:02 - 00011054 _____ () C:\Users\Jeff Erwin\Desktop\FRST.txt
2014-10-25 11:59 - 2014-10-25 11:59 - 00000000 ____D () C:\FRST
2014-10-25 11:56 - 2014-10-25 11:57 - 02112512 _____ (Farbar) C:\Users\Jeff Erwin\Desktop\FRST64.exe
2014-10-25 10:40 - 2014-10-25 11:27 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-25 10:39 - 2014-10-25 10:39 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-25 10:39 - 2014-10-25 10:39 - 00000000 ____D () C:\Users\Jeff Erwin\AppData\Roaming\LavasoftStatistics
2014-10-25 10:39 - 2014-10-25 10:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-25 10:39 - 2014-10-25 10:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-25 10:39 - 2014-10-25 10:39 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-25 10:39 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-25 10:39 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-25 10:39 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-25 10:37 - 2014-10-25 10:37 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-10-25 10:37 - 2014-10-25 10:37 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-10-25 10:36 - 2014-10-25 10:36 - 00002010 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2014-10-25 10:35 - 2014-10-25 10:39 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Jeff Erwin\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-25 10:35 - 2014-10-25 10:35 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-10-25 10:34 - 2014-10-25 10:35 - 01754248 _____ () C:\Users\Jeff Erwin\Downloads\Adaware_Installer.exe
2014-10-25 10:28 - 2014-10-25 10:28 - 00001997 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-10-25 10:28 - 2014-10-25 10:28 - 00000000 ____D () C:\ProgramData\Visan
2014-10-25 10:28 - 2014-10-25 10:28 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-10-25 10:28 - 2014-10-25 10:28 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-10-25 10:27 - 2014-10-25 10:27 - 00003642 _____ () C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 2510 series
2014-10-25 10:27 - 2014-10-25 10:27 - 00002218 _____ () C:\Users\Public\Desktop\HP Deskjet 2510 series.lnk
2014-10-25 10:27 - 2014-10-25 10:27 - 00001165 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 2510 series.lnk
2014-10-25 10:27 - 2014-10-25 10:27 - 00000000 ____D () C:\Users\Jeff Erwin\AppData\Roaming\HpUpdate
2014-10-25 10:25 - 2014-10-25 10:25 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-10-25 10:25 - 2014-10-25 10:25 - 00000000 ____D () C:\Program Files\HP
2014-10-25 10:20 - 2014-10-25 10:29 - 00000000 ____D () C:\Users\Jeff Erwin\AppData\Local\HP
2014-10-25 10:20 - 2014-10-25 10:21 - 00001574 _____ () C:\Windows\IE11_main.log
2014-10-25 09:58 - 2014-10-25 10:20 - 00000000 ____D () C:\ProgramData\HP
2014-10-25 09:58 - 2014-10-25 09:58 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-25 09:58 - 2014-10-25 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-25 09:49 - 2014-10-25 09:49 - 00002154 _____ () C:\Windows\epplauncher.mif
2014-10-25 09:49 - 2014-10-25 09:49 - 00002123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-10-25 09:49 - 2014-10-25 09:49 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-10-25 09:49 - 2014-10-25 09:49 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-10-25 09:48 - 2010-04-09 07:06 - 01898376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-25 09:48 - 2010-04-09 07:06 - 00374664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-10-25 09:47 - 2014-09-22 02:42 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-25 09:44 - 2014-10-25 09:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-25 09:44 - 2014-10-03 10:02 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-25 09:39 - 2014-10-25 11:46 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-25 09:39 - 2014-10-25 11:27 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-25 09:39 - 2014-10-25 09:58 - 00000000 ____D () C:\Users\Jeff Erwin\AppData\Local\Google
2014-10-25 09:39 - 2014-10-25 09:58 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-25 09:39 - 2014-10-25 09:39 - 00003902 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-25 09:39 - 2014-10-25 09:39 - 00003650 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-25 09:38 - 2014-10-25 09:39 - 00000000 ____D () C:\Users\Jeff Erwin\AppData\Local\Deployment
2014-10-25 09:38 - 2014-10-25 09:38 - 00000000 ____D () C:\Users\Jeff Erwin\AppData\Local\Apps\2.0
2014-10-25 09:37 - 2014-10-25 10:42 - 00000544 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2014-10-25 09:37 - 2014-10-25 09:37 - 00005010 _____ () C:\Windows\System32\Tasks\PCDRScheduledMaintenance
2014-10-25 09:37 - 2014-10-25 09:37 - 00000000 ____D () C:\Users\Jeff Erwin\AppData\Roaming\Macromedia
2014-10-25 09:28 - 2014-10-25 09:28 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-25 09:19 - 2014-10-25 09:19 - 00000948 _____ () C:\Users\Public\Desktop\Wireless Connection Manager.lnk
2014-10-25 09:19 - 2014-10-25 09:19 - 00000000 ____D () C:\Users\Public\D-Link
2014-10-25 09:19 - 2014-10-25 09:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Link
2014-10-25 09:19 - 2014-10-25 09:19 - 00000000 ____D () C:\Program Files (x86)\D-Link
2014-10-25 09:19 - 2008-04-28 16:59 - 00020384 _____ (Atheros Communications, Inc.) C:\Windows\SysWOW64\Drivers\jswpslwf.sys
2014-10-25 09:18 - 2014-10-25 09:18 - 00000000 ____D () C:\Users\Jeff Erwin\AppData\Roaming\InstallShield
2014-10-25 09:16 - 2014-10-25 09:19 - 00000000 ____D () C:\Windows\pcidevice
2014-10-25 09:12 - 2014-10-09 21:53 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-25 09:12 - 2014-10-09 21:53 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-25 09:12 - 2014-10-09 21:47 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-25 09:12 - 2014-09-14 20:44 - 03195392 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-25 09:12 - 2011-04-09 02:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-10-25 09:12 - 2011-04-09 02:45 - 05509504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-25 09:12 - 2011-04-09 02:13 - 03957632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-25 09:12 - 2011-04-09 02:13 - 03901824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-25 09:12 - 2011-04-09 01:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-10-25 09:12 - 2009-10-24 00:28 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-10-25 09:12 - 2009-10-24 00:27 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-10-25 09:08 - 2014-10-25 09:37 - 00004330 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{98D106B9-A61C-44C5-A923-0753C3BD6CF2}
2014-10-25 09:07 - 2014-10-25 09:07 - 00000000 ____D () C:\Users\Jeff Erwin\AppData\Roaming\Adobe
2014-10-25 09:07 - 2012-06-02 18:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-25 09:07 - 2012-06-02 18:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-25 09:07 - 2012-06-02 18:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-25 09:07 - 2012-06-02 18:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-25 09:07 - 2012-06-02 18:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-25 09:07 - 2012-06-02 18:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-25 09:07 - 2012-06-02 18:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-25 09:07 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-25 09:07 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-25 09:01 - 2008-04-28 16:59 - 00026624 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\jswpslwfx.sys
2014-10-25 09:00 - 2014-10-25 09:01 - 00000000 ____D () C:\temp
2014-10-25 09:00 - 2008-07-01 14:04 - 00538112 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\arusb_lhx.sys
2014-10-25 08:49 - 2014-10-25 08:49 - 00001449 _____ () C:\Users\Jeff Erwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-25 08:49 - 2014-10-25 08:49 - 00001415 _____ () C:\Users\Jeff Erwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-10-25 08:49 - 2014-10-25 08:49 - 00000000 ____D () C:\Users\Jeff Erwin\AppData\Roaming\PictureMover
2014-10-25 08:48 - 2014-10-25 10:03 - 00000000 ____D () C:\Users\Jeff Erwin\AppData\Local\Hewlett-Packard
2014-10-25 08:48 - 2014-10-25 09:01 - 00000000 ____D () C:\Users\Jeff Erwin\AppData\Local\VirtualStore
2014-10-25 08:48 - 2014-10-25 08:48 - 00003724 _____ () C:\Windows\System32\Tasks\RecoveryCDWin7
2014-10-25 08:48 - 2014-10-25 08:48 - 00003434 _____ () C:\Windows\System32\Tasks\ExtendedServicePlan
2014-10-25 08:48 - 2014-10-25 08:48 - 00003424 _____ () C:\Windows\System32\Tasks\ServicePlan
2014-10-25 08:47 - 2014-10-25 10:04 - 00080992 _____ () C:\Users\Jeff Erwin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-25 08:45 - 2014-10-25 08:45 - 00000000 ____D () C:\Users\Public\Symantec
2014-10-25 08:44 - 2014-10-25 12:01 - 00899051 _____ () C:\Windows\WindowsUpdate.log
2014-10-25 08:44 - 2014-10-25 08:49 - 00000000 ____D () C:\Users\Jeff Erwin\AppData\Roaming\Hewlett-Packard
2014-10-25 08:44 - 2014-10-25 08:49 - 00000000 ____D () C:\Users\Jeff Erwin
2014-10-25 08:44 - 2014-10-25 08:44 - 00001692 __RSH () C:\Windows\SysWOW64\Drivers\103C_HP_CPC_AY026AA-ABA CQ5300F_YC_0Pres_QMXX003_EA1NAv6PrA1_49_INARRA5_SPEGATRON CORPORATION_V5.00_B5.54_T091022_WUH0_L409_M1919_J320_7AMD_8Sempron LE-1300_92.3_#100219_N10DE03EF_Z11C10630_G10DE03D0.MRK
2014-10-25 08:44 - 2014-10-25 08:44 - 00001692 __RSH () C:\Windows\system32\Drivers\103C_HP_CPC_AY026AA-ABA CQ5300F_YC_0Pres_QMXX003_EA1NAv6PrA1_49_INARRA5_SPEGATRON CORPORATION_V5.00_B5.54_T091022_WUH0_L409_M1919_J320_7AMD_8Sempron LE-1300_92.3_#100219_N10DE03EF_Z11C10630_G10DE03D0.MRK
2014-10-25 08:44 - 2014-10-25 08:44 - 00001196 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Snapfish Photos - FREE - 1st 30 Prints.lnk
2014-10-25 08:44 - 2014-10-25 08:44 - 00000020 ___SH () C:\Users\Jeff Erwin\ntuser.ini
2014-10-25 08:44 - 2014-10-25 08:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides
2014-10-25 08:44 - 2009-11-25 16:46 - 00002310 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Software Store.lnk
2014-10-25 08:44 - 2009-11-25 16:46 - 00002284 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
2014-10-25 08:44 - 2009-11-25 16:46 - 00002278 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk
2014-10-25 08:44 - 2009-11-25 16:46 - 00002132 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Install Rhapsody.lnk
2014-10-25 08:44 - 2009-11-25 16:46 - 00000183 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Internet Radio.url
2014-10-25 08:44 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\Jeff Erwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-25 08:44 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\Jeff Erwin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-25 12:44 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-10-25 12:41 - 2009-11-25 16:31 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-10-25 12:40 - 2009-11-25 16:03 - 00003540 _____ () C:\Windows\TSSysprep.log
2014-10-25 12:40 - 2009-07-14 00:46 - 00002790 _____ () C:\Windows\DtcInstall.log
2014-10-25 12:37 - 2009-07-14 01:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-10-25 12:37 - 2009-07-14 01:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-10-25 11:54 - 2009-11-25 16:55 - 00000000 ____D () C:\ProgramData\Norton
2014-10-25 11:54 - 2009-11-25 16:55 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-10-25 11:35 - 2009-07-14 01:13 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-25 11:34 - 2009-07-14 00:45 - 00015568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-25 11:34 - 2009-07-14 00:45 - 00015568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-25 11:26 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-25 11:26 - 2009-07-14 00:51 - 00019221 _____ () C:\Windows\setupact.log
2014-10-25 10:42 - 2009-07-14 00:45 - 00324688 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-25 10:41 - 2009-11-25 16:05 - 00007752 _____ () C:\Windows\PFRO.log
2014-10-25 10:39 - 2009-11-25 16:26 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-10-25 10:36 - 2009-11-25 16:11 - 00000000 ____D () C:\Program Files (x86)\hp
2014-10-25 10:28 - 2009-11-25 16:10 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-10-25 09:36 - 2009-11-25 16:00 - 00000000 ___HD () C:\hp
2014-10-25 09:19 - 2009-11-25 16:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-25 09:06 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-10-25 09:03 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-25 09:00 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\restore
2014-10-25 08:44 - 2009-11-25 16:47 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2014-10-25 08:44 - 2009-11-25 16:42 - 00000000 ___RD () C:\Program Files (x86)\Online Services
2014-10-25 08:44 - 2009-11-25 16:00 - 00000000 ____D () C:\Windows\Panther
2014-10-25 08:44 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-10-25 08:44 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
Some content of TEMP:
====================
C:\Users\Jeff Erwin\AppData\Local\Temp\HPInstaller.exe
C:\Users\Jeff Erwin\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2009-11-25 16:01
==================== End Of Log ============================
#13
Posted 25 October 2014 - 06:34 PM
mantis_51
- Topic Starter
-
- Member
-
- 11 posts
Member
Here is the additional file:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-10-2014
Ran by Jeff Erwin at 2014-10-25 12:02:49
Running from C:\Users\Jeff Erwin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.1 - Hewlett-Packard) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
CyberLink DVD Suite Deluxe (x32 Version: 7.0.2115 - CyberLink Corp.) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DWA-130 (HKLM-x32\...\{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}) (Version: 2.00 - D-Link)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Deskjet 2510 series Basic Device Software (HKLM\...\{293CC68A-32BA-4BA4-84BD-0DCF6583566F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Help (HKLM-x32\...\{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 2510 series Product Improvement Study (HKLM\...\{4B3264AA-951A-4A6B-B837-125224261F12}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Setup Guide (HKLM-x32\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.11.0 - Hewlett-Packard)
HP Remote Solution (x32 Version: 1.1.11.0 - Hewlett-Packard) Hidden
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}) (Version: 4.2.5.3 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version: - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 3.0.40624.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.20.0 - Symantec)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3405 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3405 - CyberLink Corp.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5938 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
25-10-2014 13:00:35 Installed DWA-130
25-10-2014 13:06:51 Windows Update
25-10-2014 13:12:48 Windows Update
25-10-2014 13:12:48 Removed DWA-130
25-10-2014 13:18:09 Removed DWA-130
25-10-2014 13:19:03 Installed DWA-130
25-10-2014 13:34:33 Scripted restore
25-10-2014 13:44:21 Windows Update
25-10-2014 13:48:29 Windows Update
25-10-2014 14:02:47 Installed HP Support Solutions Framework
25-10-2014 14:35:21 AA11
25-10-2014 15:04:58 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0B3C2644-B998-422A-B0FE-064AA7A6618C} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {46960146-993E-43EC-8203-5B2246F2D315} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {494378F7-5676-41B8-984B-64970E0D2AFA} - System32\Tasks\HPCustParticipation HP Deskjet 2510 series => C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {5AA751C6-AA86-4660-AE59-27EEAA2FED71} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {61D51DA3-9B71-4897-889E-0135C212C50F} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard)
Task: {6B7F125D-BFE8-4D4D-A062-5A833775D225} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\Windows\SYSTEM32\OOBE\SETUPSQM.EXE [2009-07-13] (Microsoft Corporation)
Task: {77428D54-0CE0-4AAD-AC41-86964CDFCEBC} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
Task: {BEDB2A81-696A-4010-B454-958400ED8B9B} - System32\Tasks\ExtendedServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {F35D6EED-4A52-4AA9-9FA4-B15AAFF27058} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {FA5700FD-0E45-480B-9638-EC4F8740762D} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-09-24] (Hewlett-Packard)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe
==================== Loaded Modules (whitelisted) =============
2014-10-25 08:49 - 2009-06-03 16:34 - 03764224 _____ () C:\Users\Jeff Erwin\AppData\Roaming\PictureMover\Bin\Core.dll
2009-07-13 17:03 - 2009-07-13 21:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-10-25 08:49 - 2009-06-03 16:43 - 01703936 _____ () C:\Users\Jeff Erwin\AppData\Roaming\PictureMover\EN-US\Presentation.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-310167515-2241255610-4053756275-500 - Administrator - Disabled)
Guest (S-1-5-21-310167515-2241255610-4053756275-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-310167515-2241255610-4053756275-1002 - Limited - Enabled)
Jeff Erwin (S-1-5-21-310167515-2241255610-4053756275-1000 - Administrator - Enabled) => C:\Users\Jeff Erwin
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/25/2014 11:34:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16434, time stamp: 0x4acab5a7
Faulting module name: SHLWAPI.dll, version: 6.1.7600.16385, time stamp: 0x4a5be059
Exception code: 0xc0000005
Fault offset: 0x0000000000007656
Faulting process id: 0xbf4
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Error: (10/25/2014 09:08:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 8.0.7600.16385, time stamp: 0x4a5bc69e
Faulting module name: mshtml.dll, version: 8.0.7600.16385, time stamp: 0x4a5bda8a
Exception code: 0xc0000005
Fault offset: 0x000a1133
Faulting process id: 0xad4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Error: (11/25/2009 05:02:34 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
Error: (11/25/2009 05:02:34 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
System errors:
=============
Error: (10/25/2014 11:52:40 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
Error: (10/25/2014 11:26:15 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:24:49 AM on 10/25/2014 was unexpected.
Error: (10/25/2014 10:23:05 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %JeffErwin-PC60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: %JeffErwin-PC51
Update Stage: 4.6.0305.00
Source Path: 4.6.0305.01
Signature Type: %JeffErwin-PC602
Update Type: %JeffErwin-PC604
User: JeffErwin-PC\Jeff Erwin
Current Engine Version: %JeffErwin-PC605
Previous Engine Version: %JeffErwin-PC606
Error code: %JeffErwin-PC607
Error description: %JeffErwin-PC608
Error: (10/25/2014 10:23:01 AM) (Source: Microsoft Antimalware) (EventID: 2003) (User: )
Description: %JeffErwin-PC60 has encountered an error trying to update the engine.
New Engine Version:
Previous Engine Version:
Engine Type: %JeffErwin-PC604
User: JeffErwin-PC\Jeff Erwin
Error Code: %JeffErwin-PC601
Error description: %JeffErwin-PC602
Error: (10/25/2014 10:23:01 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %JeffErwin-PC60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: %JeffErwin-PC15
Update Stage: 4.6.0305.00
Source Path: 4.6.0305.01
Signature Type: %JeffErwin-PC602
Update Type: %JeffErwin-PC604
User: JeffErwin-PC\Jeff Erwin
Current Engine Version: %JeffErwin-PC605
Previous Engine Version: %JeffErwin-PC606
Error code: %JeffErwin-PC607
Error description: %JeffErwin-PC608
Error: (10/25/2014 10:21:57 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.187.523.0).
Error: (10/25/2014 10:21:37 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.187.523.0
Update Source: %NT AUTHORITY59
Update Stage: 4.6.0305.00
Source Path: 4.6.0305.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (10/25/2014 10:21:27 AM) (Source: Microsoft Antimalware) (EventID: 2003) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update the engine.
New Engine Version:
Previous Engine Version:
Engine Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Error Code: %NT AUTHORITY601
Error description: %NT AUTHORITY602
Error: (10/25/2014 10:21:27 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source: %NT AUTHORITY15
Update Stage: 4.6.0305.00
Source Path: 4.6.0305.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (10/25/2014 09:34:28 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%16405
Microsoft Office Sessions:
=========================
Error: (10/25/2014 11:34:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7600.164344acab5a7SHLWAPI.dll6.1.7600.163854a5be059c00000050000000000007656bf401cff0682b8f62e0C:\Windows\Explorer.EXEC:\Windows\system32\SHLWAPI.dll5e292960-5c5c-11e4-bb5e-af7bb873ee72
Error: (10/25/2014 09:08:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.7600.163854a5bc69emshtml.dll8.0.7600.163854a5bda8ac0000005000a1133ad401cff0549f984f80C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\mshtml.dllf5bdaf40-5c47-11e4-9359-d41a76f101a4
Error: (11/25/2009 05:02:34 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8
Error: (11/25/2009 05:02:34 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8
==================== Memory info ===========================
Processor: AMD Sempron™ Processor LE-1300
Percentage of memory in use: 68%
Total physical RAM: 1918.49 MB
Available physical RAM: 611.96 MB
Total Pagefile: 3836.98 MB
Available Pagefile: 2298.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (COMPAQ) (Fixed) (Total:288.27 GB) (Free:264.64 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.72 GB) (Free:1.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=288.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================
#14
Posted 25 October 2014 - 06:35 PM
mantis_51
- Topic Starter
-
- Member
-
- 11 posts
Member
I know I still have a lot of updates left to go, but let's hope for the best.
#15
Posted 26 October 2014 - 03:12 AM
LiquidTension
-
- Expert
-
- 1,151 posts
Expert
Looks good.
Run this FRST script to remove a few orphans/non-malicious entries.
Farbar Recovery Scan Tool (FRST) Script
- Press the Windows Key
+ r on your keyboard at the same time. Type Notepad and click OK. - Copy the entire contents of the codebox below and paste into the Notepad document.
start HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-310167515-2241255610-4053756275-1000\...\MountPoints2: {5b873f4d-5c65-11e4-9bd4-806e6f6e6963} - E:\DWA130.exe SearchScopes: HKLM - {99DF2153-5B2B-4FDE-9657-8AABBAD3A3E3} URL = http://www.ask.com/w...}&l=dis&o=uscqd SearchScopes: HKLM-x32 - {99DF2153-5B2B-4FDE-9657-8AABBAD3A3E3} URL = http://www.ask.com/w...}&l=dis&o=uscqd SearchScopes: HKCU - {99DF2153-5B2B-4FDE-9657-8AABBAD3A3E3} URL = http://www.ask.com/w...}&l=dis&o=uscqd BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File end - Click File, Save As and type fixlist.txt as the File Name.
- Important: The file must be saved in the same location as FRST64.exe.
NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.
- Right-Click FRST64.exe and select Run as administrator to run the programme.
- Click Fix.
- A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
