Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor.Bot


  • This topic is locked This topic is locked
6 replies to this topic

#1 dolamoth

dolamoth

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 24 January 2014 - 10:00 AM

I recently scanned my comp and found and deleted two instances of a backdoor bot. It has not regenerated, but I have been experiencing some odd problems, the comp won't boot up when a usb charger is in place, so I was hoping the kind folks here could take a look at my log and make sure nothing is awry. Thank you

 

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8:54:25 AM, on 1/24/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
CHROME: 1.1.266.0
FIREFOX: 26.0 (en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
C:\Users\dolam_000\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [HP Deskjet 3510 series (NET)] "C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN31S1PQPQ05R7:NW" -scfn "HP Deskjet 3510 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
O4 - HKCU\..\Run: [Google Update] "C:\Users\dolam_000\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
O4 - Startup: Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk = ?
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GManager - Unknown owner - C:\Windows\system32\GManager.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MCTDesktopSvr - Unknown owner - C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StartMenu8 Service (StartMenuService) - IObit - C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wyse PocketCloud (WysePocketCloud) - Unknown owner - C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
O23 - Service: Wyse Remote Access (WyseRemoteAccess) - Wyse Technology. - C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

--
End of file - 10238 bytes
 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:54 PM

Posted 29 January 2014 - 10:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/521941 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:54 AM

Posted 29 January 2014 - 01:47 PM

Hi,

I recently scanned my comp and found and deleted two instances of a backdoor bot.

Do you have a log file that documents these two backdoor bots (filenames with full path)? If yes, please post it up.


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#4 dolamoth

dolamoth
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 29 January 2014 - 02:04 PM

Ok, I will first post the log with the directory paths for the malware. 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.27.08
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
dolam_000 :: SILENT-OVERLORD [administrator]
 
1/27/2014 1:50:58 PM
mbam-log-2014-01-27 (13-50-58).txt
 
Scan type: Custom scan (C:\Program Files (x86)\IObit|)
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
Objects scanned: 195
Time elapsed: 8 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 2
C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8_About.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8_frmStartMenuLibrary.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
 
(end)
---------------------
now the two farbar logs
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by dolam_000 (administrator) on SILENT-OVERLORD on 29-01-2014 13:01:07
Running from C:\Users\dolam_000\Downloads
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\System32\GManager.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Magic Control Technology Corporation) C:\Program Files (x86)\Common Files\DesktopUtil\MCTDUtil.exe
(Magic Control Technology Corporation) C:\Program Files (x86)\Common Files\DesktopUtil\FDispPos.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
() C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
(Wyse Technology.) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Oracle Corporation) C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
(Oracle Corporation) C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] - c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Dell Inc.)
HKLM\...\Run: [BtPreLoad] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe [64640 2012-12-28] ()
HKLM\...\Run: [PocketCloud Location] - C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe [933776 2012-10-24] (Wyse Technology Inc.)
HKLM\...\Run: [MCTDUtil] - C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [FDispPos] - C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-06] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] ( (Qualcomm Atheros Commnucations))
HKCU\...\Run: [HP Deskjet 3510 series (NET)] - C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-15] (SUPERAntiSpyware)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-11-06] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)
HKCU\...\Run: [Google Update] - C:\Users\dolam_000\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-25] (Google Inc.)
MountPoints2: E - "E:\CDLaunch\shelexec.exe" \SP1INST.HTM
MountPoints2: {67095889-009a-11e3-be6e-bc855606f0e4} - "E:\CDLaunch\shelexec.exe" \SP1INST.HTM
Startup: C:\Users\dolam_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
SearchScopes: HKLM - DefaultScope {42EBCA8F-9836-4B59-A8EA-00E0781F3FAC} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM - {42EBCA8F-9836-4B59-A8EA-00E0781F3FAC} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - DefaultScope {42EBCA8F-9836-4B59-A8EA-00E0781F3FAC} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - {42EBCA8F-9836-4B59-A8EA-00E0781F3FAC} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKCU - DefaultScope {42EBCA8F-9836-4B59-A8EA-00E0781F3FAC} URL = 
SearchScopes: HKCU - {42EBCA8F-9836-4B59-A8EA-00E0781F3FAC} URL = 
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.2
 
FireFox:
========
FF ProfilePath: C:\Users\dolam_000\AppData\Roaming\Mozilla\Firefox\Profiles\gbloz2cp.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\dolam_000\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\dolam_000\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Extension: NoScript - C:\Users\dolam_000\AppData\Roaming\Mozilla\Firefox\Profiles\gbloz2cp.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-11-11]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\dolam_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-16]
CHR Extension: (Google Drive) - C:\Users\dolam_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-16]
CHR Extension: (YouTube) - C:\Users\dolam_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-16]
CHR Extension: (Google Cast) - C:\Users\dolam_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2013-12-25]
CHR Extension: (Google Search) - C:\Users\dolam_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-16]
CHR Extension: (AdBlock) - C:\Users\dolam_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-25]
CHR Extension: (Google Wallet) - C:\Users\dolam_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-16]
CHR Extension: (Gmail) - C:\Users\dolam_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-16]
 
==================== Services (Whitelisted) =================
 
U2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
U2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations)
U2 GManager; C:\Windows\system32\GManager.exe [313432 2012-08-28] ()
U2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
U2 MCTDesktopSvr; C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe [199296 2011-05-03] ()
U2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
U2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor)
U2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-11-25] (SoftThinks SAS)
U2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [72512 2013-12-02] (IObit)
U2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)
U2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [188928 2012-10-24] ()
U2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe [1436160 2012-10-24] (Wyse Technology.)
U2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros)
 
==================== Drivers (Whitelisted) ====================
 
U3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)
U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
U1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
U1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\MBAE.sys [62168 2014-01-16] ()
U3 mctkmd; C:\Windows\system32\drivers\mctkmd64.sys [145840 2012-12-25] (Magic Control Technology Corporation)
U0 mctkmdldr; C:\Windows\System32\drivers\mctkmdldr64.sys [19584 2011-04-08] (Magic Control Technology Corporation)
U1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
U3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated)
U3 t1pusb64; C:\Windows\system32\drivers\t1pusb64.sys [178656 2012-09-28] (Magic Control Technology Corp.)
U3 iscFlash; \??\C:\Users\DOLAM_~1\AppData\Local\Temp\7zSA769.tmp\iscflashx64.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-29 13:01 - 2014-01-29 13:01 - 00017258 _____ C:\Users\dolam_000\Downloads\FRST.txt
2014-01-29 13:00 - 2014-01-29 13:01 - 00000000 ____D C:\FRST
2014-01-29 12:59 - 2014-01-29 12:59 - 02079744 _____ (Farbar) C:\Users\dolam_000\Downloads\FRST64.exe
2014-01-29 12:57 - 2014-01-29 12:57 - 00000000 ____D C:\Users\dolam_000\Desktop\logsmbam
2014-01-28 21:18 - 2014-01-28 21:27 - 232028253 _____ C:\Users\dolam_000\Downloads\the.blacklist.113.hdtv-lol.mp4
2014-01-28 16:16 - 2014-01-28 16:16 - 02346357 _____ C:\Users\dolam_000\Downloads\DeviousWorlda3.html
2014-01-28 11:03 - 2014-01-28 11:03 - 01769928 _____ (Malwarebytes                                                ) C:\Users\dolam_000\Downloads\mbae-setup-0.09.5.1000.exe
2014-01-28 11:03 - 2014-01-28 11:03 - 00003104 _____ C:\Windows\System32\Tasks\Malwarebytes Anti-Exploit
2014-01-28 11:03 - 2014-01-28 11:03 - 00000508 _____ C:\Windows\Tasks\Malwarebytes Anti-Exploit.job
2014-01-28 11:03 - 2013-07-16 03:41 - 01858896 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100d.dll
2014-01-28 11:03 - 2013-07-16 03:41 - 01498960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100d.dll
2014-01-28 11:03 - 2013-07-16 03:41 - 01014096 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100d.dll
2014-01-28 11:03 - 2013-07-16 03:41 - 00743248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100d.dll
2014-01-27 21:03 - 2014-01-27 21:03 - 00000799 _____ C:\Users\dolam_000\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-01-27 21:02 - 2014-01-27 21:02 - 00902736 _____ (BitTorrent Inc.) C:\Users\dolam_000\Downloads\uTorrent(btkey,https^3A^2F^2Futp.st^2FKNcF5izV).exe
2014-01-27 20:43 - 2014-01-27 20:43 - 01547864 _____ (BitTorrent Inc.) C:\Users\dolam_000\Downloads\bittorrent.exe
2014-01-26 22:19 - 2014-01-26 22:24 - 734734110 _____ C:\Users\dolam_000\Downloads\4584840.avi
2014-01-26 19:13 - 2014-01-26 19:13 - 14642497 _____ C:\Users\dolam_000\Downloads\avenged.swf
2014-01-26 19:07 - 2014-01-26 19:07 - 00000000 ____D C:\Users\dolam_000\AppData\Local\Campbell Wild
2014-01-26 19:04 - 2014-01-26 19:05 - 16904231 _____ C:\Users\dolam_000\Downloads\ADRIFT5Setup.zip
2014-01-26 19:02 - 2014-01-26 19:02 - 08291915 _____ C:\Users\dolam_000\Downloads\The Jade Ring v 0.22.zip
2014-01-26 18:57 - 2014-01-27 13:41 - 00000000 ____D C:\Users\dolam_000\Desktop\Adrift
2014-01-26 18:44 - 2014-01-26 18:44 - 03650590 _____ C:\Users\dolam_000\Downloads\SlaveMaker3.3.04c.torrent
2014-01-26 18:32 - 2014-01-27 22:27 - 00000000 ____D C:\Users\dolam_000\AppData\Roaming\uTorrent
2014-01-25 15:40 - 2014-01-25 15:43 - 445862470 _____ C:\Users\dolam_000\Downloads\batman.avi
2014-01-24 10:03 - 2014-01-28 11:03 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2014-01-24 08:44 - 2014-01-27 13:59 - 00001424 _____ C:\Windows\PFRO.log
2014-01-23 15:11 - 2014-01-28 09:31 - 00761262 _____ C:\Windows\WindowsUpdate.log
2014-01-23 13:33 - 2014-01-27 12:42 - 00000000 ____D C:\Users\dolam_000\Downloads\backups
2014-01-23 13:26 - 2014-01-23 13:27 - 00010258 _____ C:\Users\dolam_000\Downloads\hijackthis.log
2014-01-22 15:15 - 2014-01-22 15:25 - 64429494 _____ C:\Users\dolam_000\Downloads\Microsoft.Passguide.70-646.v2013-07-08.by.Riot.266q.vce
2014-01-22 15:13 - 2014-01-22 15:13 - 00536050 _____ C:\Users\dolam_000\Downloads\Microsoft.Test-papers.70-642.v2013-11-19.by.undergl.199q.vce
2014-01-22 15:12 - 2014-01-22 15:17 - 28006288 _____ C:\Users\dolam_000\Downloads\Microsoft.Selftestengine.70-640.v2013-12-16.by.Judy.565q.vce
2014-01-22 15:07 - 2014-01-27 13:41 - 00000000 ____D C:\Users\dolam_000\Desktop\Visual CertExam v3.4.2
2014-01-22 14:44 - 2014-01-28 09:58 - 00000140 _____ C:\Users\dolam_000\Desktop\funwithwindows@yahoo.txt
2014-01-22 12:28 - 2014-01-27 13:26 - 00000000 ____D C:\Wallpapers
2014-01-20 11:43 - 2014-01-27 12:42 - 00000000 ____D C:\Users\dolam_000\Downloads\PDFs
2014-01-20 11:41 - 2014-01-27 13:39 - 00000000 ____D C:\Users\dolam_000\Desktop\NG
2014-01-19 17:16 - 2014-01-19 17:04 - 00905056 _____ C:\Users\dolam_000\Documents\doll.rsv.bak
2014-01-19 17:04 - 2014-01-19 17:16 - 00905200 _____ C:\Users\dolam_000\Documents\doll.rsv
2014-01-18 17:57 - 2014-01-18 17:57 - 00249856 _____ (Microsoft Corporation) C:\Windows\Setup1.exe
2014-01-18 17:57 - 2014-01-18 17:57 - 00073216 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2014-01-17 08:23 - 2014-01-17 08:23 - 02057376 _____ C:\Users\dolam_000\Documents\ap choice.rsv
2014-01-15 20:50 - 2014-01-15 20:50 - 02057520 _____ C:\Users\dolam_000\Documents\aap.rsv
2014-01-15 12:16 - 2014-01-15 12:16 - 00000804 _____ C:\Users\dolam_000\Downloads\DayDreamerLicense.txt
2014-01-15 12:15 - 2014-01-27 12:41 - 00000000 ____D C:\Users\dolam_000\Desktop\dayd
2014-01-15 12:08 - 2014-01-15 12:08 - 11684338 _____ C:\Users\dolam_000\Downloads\TricksAndTreats1.0.1.ddz
2014-01-15 12:04 - 2014-01-15 12:04 - 00493440 _____ C:\Users\dolam_000\Documents\hois2.rsv
2014-01-15 11:42 - 2014-01-15 11:42 - 00493488 _____ C:\Users\dolam_000\Documents\hois1.rsv
2014-01-15 11:33 - 2014-01-15 11:33 - 00494304 _____ C:\Users\dolam_000\Documents\hois.rsv
2014-01-15 11:07 - 2014-01-15 11:07 - 00000000 ___HD C:\Windows\system32\CanonMF Uninstaller Information
2014-01-15 11:07 - 2014-01-15 11:07 - 00000000 ____D C:\Program Files\Canon
2014-01-15 11:07 - 2009-11-06 10:22 - 00154112 _____ (Canon Inc.) C:\Windows\system32\CNCLSD34d.DLL
2014-01-15 11:07 - 2009-11-06 10:22 - 00109568 _____ (Canon Inc.) C:\Windows\system32\CNCLSI34d.DLL
2014-01-15 11:07 - 2009-11-06 10:22 - 00049664 _____ (Canon Inc.) C:\Windows\system32\CNCLSO34d.dll
2014-01-15 11:07 - 2009-11-06 10:21 - 00336896 _____ (CANON INC.) C:\Windows\system32\CNCC460.DLL
2014-01-15 11:07 - 2009-11-06 10:21 - 00244736 _____ (Canon Inc.) C:\Windows\system32\CNCLSU34d.DLL
2014-01-15 11:07 - 2009-11-06 10:21 - 00135680 _____ (CANON INC.) C:\Windows\system32\CNCE460.DLL
2014-01-15 11:07 - 2009-11-06 10:21 - 00125952 _____ (Canon Inc.) C:\Windows\system32\CNCLST34d.DLL
2014-01-15 11:07 - 2009-11-06 10:21 - 00098816 _____ (Canon Inc.) C:\Windows\system32\CNCLSC34d.DLL
2014-01-15 11:07 - 2009-11-06 10:21 - 00085504 _____ (CANON INC.) C:\Windows\system32\CNCI460.DLL
2014-01-15 11:07 - 2009-11-06 10:20 - 00148480 _____ (CANON INC.) C:\Windows\system32\CNCL460.DLL
2014-01-15 11:07 - 2008-04-01 15:02 - 00000502 _____ C:\Windows\system32\CNCMFP34.INI
2014-01-15 11:07 - 2007-04-18 17:13 - 00066048 _____ (Canon Inc.) C:\Windows\system32\CNAS0MMK.DLL
2014-01-15 11:01 - 2014-01-15 11:01 - 00000000 ____D C:\Users\dolam_000\Downloads\ColorNetworkScanGear-v271_Win_us_EN
2014-01-15 10:58 - 2014-01-27 13:45 - 00000000 ____D C:\Users\dolam_000\Downloads\D480_MFDrivers_W64_us_EN
2014-01-14 11:40 - 2014-01-14 11:40 - 00483616 _____ C:\Users\dolam_000\Documents\bi.rsv
2014-01-13 12:17 - 2014-01-13 12:17 - 00506640 _____ C:\Users\dolam_000\Documents\krl.rsv
2014-01-13 12:03 - 2014-01-13 12:03 - 00246512 _____ C:\Users\dolam_000\Documents\ca1.rsv
2014-01-13 11:57 - 2014-01-13 11:57 - 00247104 _____ C:\Users\dolam_000\Documents\ca.rsv
2014-01-11 18:57 - 2014-01-11 18:57 - 01460000 _____ C:\Users\dolam_000\Documents\d2.rsv
2014-01-11 18:23 - 2014-01-11 18:23 - 01460112 _____ C:\Users\dolam_000\Documents\d1.rsv.bak
2014-01-11 11:55 - 2014-01-11 18:51 - 01460032 _____ C:\Users\dolam_000\Documents\d1.rsv
2014-01-11 11:48 - 2014-01-11 11:48 - 01460144 _____ C:\Users\dolam_000\Documents\d.rsv
2014-01-10 18:46 - 2014-01-10 18:46 - 00629232 _____ C:\Users\dolam_000\Documents\ff1.rsv.bak
2014-01-10 18:38 - 2014-01-10 18:28 - 00628672 _____ C:\Users\dolam_000\Documents\ff2.rsv.bak
2014-01-10 18:28 - 2014-01-10 18:38 - 00629200 _____ C:\Users\dolam_000\Documents\ff2.rsv
2014-01-10 18:24 - 2014-01-10 18:52 - 00629216 _____ C:\Users\dolam_000\Documents\ff1.rsv
2014-01-10 13:48 - 2014-01-10 13:48 - 00498112 _____ C:\Users\dolam_000\Documents\sotg3.rsv
2014-01-10 12:09 - 2014-01-10 12:05 - 00498112 _____ C:\Users\dolam_000\Documents\sotg2.rsv.bak
2014-01-10 12:05 - 2014-01-10 12:09 - 00498112 _____ C:\Users\dolam_000\Documents\sotg2.rsv
2014-01-10 11:51 - 2014-01-10 11:51 - 00498064 _____ C:\Users\dolam_000\Documents\sotg1.rsv
2014-01-10 11:33 - 2014-01-10 11:33 - 00498096 _____ C:\Users\dolam_000\Documents\sotg.rsv
2014-01-10 11:28 - 2014-01-10 11:28 - 00000000 ____D C:\Users\dolam_000\AppData\Roaming\Rags
2014-01-10 11:27 - 2014-01-10 11:27 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2014-01-10 11:27 - 2014-01-10 11:27 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2014-01-10 11:25 - 2014-01-10 11:25 - 00000000 ____D C:\Program Files (x86)\RagsGame
2014-01-10 11:22 - 2014-01-10 11:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2014-01-08 09:52 - 2014-01-27 12:41 - 00000000 ____D C:\textfile
2014-01-06 13:30 - 2014-01-27 12:41 - 00000000 ____D C:\Users\dolam_000\Desktop\Active Directory
2014-01-05 14:19 - 2014-01-05 14:19 - 01577457 _____ C:\Users\dolam_000\Downloads\SDT_1_21_1b.swf
2014-01-05 09:05 - 2014-01-05 09:05 - 00325544 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-04 09:01 - 2014-01-04 09:01 - 00000000 ____D C:\SUPERDelete
2014-01-03 22:05 - 2014-01-03 22:17 - 00004625 _____ C:\Users\dolam_000\Downloads\EuphorianTideSaveFile.xml
2014-01-02 15:32 - 2014-01-02 15:32 - 00330155 _____ C:\Users\dolam_000\Downloads\CompTIA.Testpapers.220-802.v2013-11-12.by.Freda.301q.vce
2014-01-02 14:29 - 2014-01-02 14:50 - 00000032 _____ C:\Users\dolam_000\Documents\vce-examcollect.txt
2014-01-02 14:29 - 2014-01-02 14:30 - 00292325 _____ C:\Users\dolam_000\Downloads\CompTIA.Realtests.220-801.v2013-12-09.by.Cristiano.280q.vce
2014-01-01 19:25 - 2014-01-06 12:18 - 00007601 _____ C:\Users\dolam_000\AppData\Local\resmon.resmoncfg
 
==================== One Month Modified Files and Folders =======
 
2014-01-29 13:01 - 2014-01-29 13:01 - 00017258 _____ C:\Users\dolam_000\Downloads\FRST.txt
2014-01-29 13:01 - 2014-01-29 13:00 - 00000000 ____D C:\FRST
2014-01-29 13:00 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\system32\sru
2014-01-29 12:59 - 2014-01-29 12:59 - 02079744 _____ (Farbar) C:\Users\dolam_000\Downloads\FRST64.exe
2014-01-29 12:57 - 2014-01-29 12:57 - 00000000 ____D C:\Users\dolam_000\Desktop\logsmbam
2014-01-29 12:48 - 2013-12-25 21:38 - 00000956 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2763157628-3096541892-2103606246-1001UA.job
2014-01-29 12:15 - 2013-12-16 12:05 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-29 12:15 - 2013-12-16 12:05 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-29 10:47 - 2012-07-26 01:28 - 00850046 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-29 10:41 - 2013-08-08 18:40 - 00000000 ____D C:\Users\dolam_000\Documents\Bluetooth Folder
2014-01-28 21:48 - 2013-12-25 21:38 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2763157628-3096541892-2103606246-1001Core.job
2014-01-28 21:27 - 2014-01-28 21:18 - 232028253 _____ C:\Users\dolam_000\Downloads\the.blacklist.113.hdtv-lol.mp4
2014-01-28 17:39 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\rescache
2014-01-28 16:16 - 2014-01-28 16:16 - 02346357 _____ C:\Users\dolam_000\Downloads\DeviousWorlda3.html
2014-01-28 14:50 - 2013-08-24 10:36 - 00000000 ____D C:\Users\dolam_000\.VirtualBox
2014-01-28 11:03 - 2014-01-28 11:03 - 01769928 _____ (Malwarebytes                                                ) C:\Users\dolam_000\Downloads\mbae-setup-0.09.5.1000.exe
2014-01-28 11:03 - 2014-01-28 11:03 - 00003104 _____ C:\Windows\System32\Tasks\Malwarebytes Anti-Exploit
2014-01-28 11:03 - 2014-01-28 11:03 - 00000508 _____ C:\Windows\Tasks\Malwarebytes Anti-Exploit.job
2014-01-28 11:03 - 2014-01-24 10:03 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2014-01-28 11:00 - 2013-12-10 14:37 - 00000000 ____D C:\Users\dolam_000\Desktop\Visual.CertExam.3.3
2014-01-28 09:58 - 2014-01-22 14:44 - 00000140 _____ C:\Users\dolam_000\Desktop\funwithwindows@yahoo.txt
2014-01-28 09:31 - 2014-01-23 15:11 - 00761262 _____ C:\Windows\WindowsUpdate.log
2014-01-27 22:27 - 2014-01-26 18:32 - 00000000 ____D C:\Users\dolam_000\AppData\Roaming\uTorrent
2014-01-27 21:03 - 2014-01-27 21:03 - 00000799 _____ C:\Users\dolam_000\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-01-27 21:02 - 2014-01-27 21:02 - 00902736 _____ (BitTorrent Inc.) C:\Users\dolam_000\Downloads\uTorrent(btkey,https^3A^2F^2Futp.st^2FKNcF5izV).exe
2014-01-27 20:43 - 2014-01-27 20:43 - 01547864 _____ (BitTorrent Inc.) C:\Users\dolam_000\Downloads\bittorrent.exe
2014-01-27 14:07 - 2013-05-24 00:25 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2014-01-27 13:59 - 2014-01-24 08:44 - 00001424 _____ C:\Windows\PFRO.log
2014-01-27 13:59 - 2013-12-05 10:40 - 00168111 _____ C:\MyXML.xml
2014-01-27 13:59 - 2013-08-27 12:17 - 00002804 _____ C:\Windows\system32\GManager.ini
2014-01-27 13:59 - 2012-07-26 01:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-27 13:58 - 2012-07-25 23:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2014-01-27 13:47 - 2013-08-08 18:37 - 00000000 ____D C:\Users\dolam_000
2014-01-27 13:45 - 2014-01-15 10:58 - 00000000 ____D C:\Users\dolam_000\Downloads\D480_MFDrivers_W64_us_EN
2014-01-27 13:45 - 2013-12-21 14:36 - 00000000 ____D C:\Users\dolam_000\Documents\confirmation_files
2014-01-27 13:45 - 2013-12-19 22:27 - 00000000 ____D C:\Users\dolam_000\Desktop\Minecraft server
2014-01-27 13:45 - 2013-09-17 22:27 - 00000000 ____D C:\Users\dolam_000\AppData\Roaming\vlc
2014-01-27 13:45 - 2013-09-12 11:26 - 00000000 ____D C:\Users\dolam_000\Documents\Hpdeskjet printer
2014-01-27 13:45 - 2013-08-24 10:33 - 00000000 ____D C:\Users\dolam_000\Documents\OpenOffice 4.0.0 (en-US) Installation Files
2014-01-27 13:45 - 2013-08-08 21:40 - 00000000 ___SD C:\Users\dolam_000\Documents\My Shapes
2014-01-27 13:45 - 2013-08-08 19:18 - 00000000 ____D C:\Users\dolam_000\Downloads\Microsoft XNA Game Studio 4.0 (English)
2014-01-27 13:45 - 2013-08-08 18:39 - 00000000 ___RD C:\Users\dolam_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-27 13:45 - 2012-07-26 02:12 - 00000000 __RHD C:\Users\Public\Libraries
2014-01-27 13:45 - 2012-07-26 02:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-27 13:45 - 2012-07-26 02:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-27 13:45 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\WinStore
2014-01-27 13:45 - 2012-07-26 02:12 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-27 13:45 - 2012-07-26 02:12 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-27 13:44 - 2013-12-10 14:38 - 00000000 ____D C:\Program Files (x86)\Visual CertExam Suite
2014-01-27 13:44 - 2013-12-05 14:18 - 00000000 ____D C:\cygwin
2014-01-27 13:44 - 2013-10-29 12:59 - 00000000 ____D C:\ProgramData\ElectricSheep
2014-01-27 13:44 - 2013-08-24 10:24 - 00000000 ____D C:\ProgramData\IObit
2014-01-27 13:44 - 2013-08-08 18:40 - 00000000 ____D C:\ProgramData\Atheros
2014-01-27 13:44 - 2012-07-26 02:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-27 13:44 - 2012-07-26 02:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-01-27 13:44 - 2012-07-26 02:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-27 13:44 - 2012-07-26 02:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-01-27 13:43 - 2013-12-03 14:27 - 00000000 ____D C:\cygwin64
2014-01-27 13:41 - 2014-01-26 18:57 - 00000000 ____D C:\Users\dolam_000\Desktop\Adrift
2014-01-27 13:41 - 2014-01-22 15:07 - 00000000 ____D C:\Users\dolam_000\Desktop\Visual CertExam v3.4.2
2014-01-27 13:41 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\registration
2014-01-27 13:40 - 2012-07-25 23:38 - 00000000 ____D C:\Windows\system32\Sysprep
2014-01-27 13:39 - 2014-01-20 11:41 - 00000000 ____D C:\Users\dolam_000\Desktop\NG
2014-01-27 13:39 - 2012-07-25 23:37 - 00000000 __RHD C:\Users\Default
2014-01-27 13:38 - 2013-08-24 10:24 - 00000000 ____D C:\Program Files (x86)\IObit
2014-01-27 13:26 - 2014-01-22 12:28 - 00000000 ____D C:\Wallpapers
2014-01-27 13:25 - 2013-08-08 21:27 - 00000000 ____D C:\Users\dolam_000\Downloads\en_office_suite_2007_service_pack_1_x86_cd_x13-87877
2014-01-27 13:25 - 2013-08-08 20:05 - 00000000 ____D C:\Users\dolam_000\Downloads\Visio Professional 2013 (x86 and x64) - DVD (English)
2014-01-27 13:25 - 2013-08-08 19:57 - 00000000 ____D C:\Users\dolam_000\Downloads\Project Professional 2013 (x86 and x64) - DVD (English)
2014-01-27 13:24 - 2013-08-24 10:45 - 00000000 ____D C:\Images
2014-01-27 13:17 - 2013-11-12 13:15 - 00000000 ____D C:\Users\dolam_000\Documents\A+ 220-801 220-802
2014-01-27 12:42 - 2014-01-23 13:33 - 00000000 ____D C:\Users\dolam_000\Downloads\backups
2014-01-27 12:42 - 2014-01-20 11:43 - 00000000 ____D C:\Users\dolam_000\Downloads\PDFs
2014-01-27 12:42 - 2013-10-31 12:02 - 00000000 ____D C:\Users\dolam_000\Documents\MYCC
2014-01-27 12:41 - 2014-01-15 12:15 - 00000000 ____D C:\Users\dolam_000\Desktop\dayd
2014-01-27 12:41 - 2014-01-08 09:52 - 00000000 ____D C:\textfile
2014-01-27 12:41 - 2014-01-06 13:30 - 00000000 ____D C:\Users\dolam_000\Desktop\Active Directory
2014-01-27 12:41 - 2013-09-17 14:18 - 00000000 ____D C:\Users\dolam_000\Cisco Packet Tracer 5.3.3
2014-01-26 22:24 - 2014-01-26 22:19 - 734734110 _____ C:\Users\dolam_000\Downloads\4584840.avi
2014-01-26 19:13 - 2014-01-26 19:13 - 14642497 _____ C:\Users\dolam_000\Downloads\avenged.swf
2014-01-26 19:07 - 2014-01-26 19:07 - 00000000 ____D C:\Users\dolam_000\AppData\Local\Campbell Wild
2014-01-26 19:05 - 2014-01-26 19:04 - 16904231 _____ C:\Users\dolam_000\Downloads\ADRIFT5Setup.zip
2014-01-26 19:02 - 2014-01-26 19:02 - 08291915 _____ C:\Users\dolam_000\Downloads\The Jade Ring v 0.22.zip
2014-01-26 18:44 - 2014-01-26 18:44 - 03650590 _____ C:\Users\dolam_000\Downloads\SlaveMaker3.3.04c.torrent
2014-01-25 15:43 - 2014-01-25 15:40 - 445862470 _____ C:\Users\dolam_000\Downloads\batman.avi
2014-01-23 23:03 - 2013-08-27 15:28 - 00000000 ____D C:\Windows\system32\MRT
2014-01-23 15:17 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\system32\NDF
2014-01-23 13:40 - 2013-08-08 19:32 - 00000000 ____D C:\Users\dolam_000\AppData\Local\CrashDumps
2014-01-23 13:27 - 2014-01-23 13:26 - 00010258 _____ C:\Users\dolam_000\Downloads\hijackthis.log
2014-01-23 11:39 - 2013-09-24 13:12 - 00000000 ____D C:\ProgramData\Visual CertExam Suite
2014-01-22 16:15 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\AUInstallAgent
2014-01-22 15:25 - 2014-01-22 15:15 - 64429494 _____ C:\Users\dolam_000\Downloads\Microsoft.Passguide.70-646.v2013-07-08.by.Riot.266q.vce
2014-01-22 15:17 - 2014-01-22 15:12 - 28006288 _____ C:\Users\dolam_000\Downloads\Microsoft.Selftestengine.70-640.v2013-12-16.by.Judy.565q.vce
2014-01-22 15:13 - 2014-01-22 15:13 - 00536050 _____ C:\Users\dolam_000\Downloads\Microsoft.Test-papers.70-642.v2013-11-19.by.undergl.199q.vce
2014-01-19 17:16 - 2014-01-19 17:04 - 00905200 _____ C:\Users\dolam_000\Documents\doll.rsv
2014-01-19 17:04 - 2014-01-19 17:16 - 00905056 _____ C:\Users\dolam_000\Documents\doll.rsv.bak
2014-01-19 01:33 - 2013-08-27 13:11 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-18 17:57 - 2014-01-18 17:57 - 00249856 _____ (Microsoft Corporation) C:\Windows\Setup1.exe
2014-01-18 17:57 - 2014-01-18 17:57 - 00073216 _____ (Microsoft Corporation) C:\Windows\ST6UNST.EXE
2014-01-18 10:25 - 2013-08-08 18:38 - 00000000 ____D C:\Users\dolam_000\AppData\Local\VirtualStore
2014-01-17 08:23 - 2014-01-17 08:23 - 02057376 _____ C:\Users\dolam_000\Documents\ap choice.rsv
2014-01-15 20:50 - 2014-01-15 20:50 - 02057520 _____ C:\Users\dolam_000\Documents\aap.rsv
2014-01-15 12:16 - 2014-01-15 12:16 - 00000804 _____ C:\Users\dolam_000\Downloads\DayDreamerLicense.txt
2014-01-15 12:08 - 2014-01-15 12:08 - 11684338 _____ C:\Users\dolam_000\Downloads\TricksAndTreats1.0.1.ddz
2014-01-15 12:04 - 2014-01-15 12:04 - 00493440 _____ C:\Users\dolam_000\Documents\hois2.rsv
2014-01-15 11:42 - 2014-01-15 11:42 - 00493488 _____ C:\Users\dolam_000\Documents\hois1.rsv
2014-01-15 11:33 - 2014-01-15 11:33 - 00494304 _____ C:\Users\dolam_000\Documents\hois.rsv
2014-01-15 11:07 - 2014-01-15 11:07 - 00000000 ___HD C:\Windows\system32\CanonMF Uninstaller Information
2014-01-15 11:07 - 2014-01-15 11:07 - 00000000 ____D C:\Program Files\Canon
2014-01-15 11:07 - 2012-07-26 02:12 - 00000000 __RSD C:\Windows\Media
2014-01-15 11:01 - 2014-01-15 11:01 - 00000000 ____D C:\Users\dolam_000\Downloads\ColorNetworkScanGear-v271_Win_us_EN
2014-01-15 08:56 - 2013-10-29 14:36 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2014-01-14 11:40 - 2014-01-14 11:40 - 00483616 _____ C:\Users\dolam_000\Documents\bi.rsv
2014-01-13 12:17 - 2014-01-13 12:17 - 00506640 _____ C:\Users\dolam_000\Documents\krl.rsv
2014-01-13 12:03 - 2014-01-13 12:03 - 00246512 _____ C:\Users\dolam_000\Documents\ca1.rsv
2014-01-13 11:57 - 2014-01-13 11:57 - 00247104 _____ C:\Users\dolam_000\Documents\ca.rsv
2014-01-11 18:57 - 2014-01-11 18:57 - 01460000 _____ C:\Users\dolam_000\Documents\d2.rsv
2014-01-11 18:51 - 2014-01-11 11:55 - 01460032 _____ C:\Users\dolam_000\Documents\d1.rsv
2014-01-11 18:23 - 2014-01-11 18:23 - 01460112 _____ C:\Users\dolam_000\Documents\d1.rsv.bak
2014-01-11 11:48 - 2014-01-11 11:48 - 01460144 _____ C:\Users\dolam_000\Documents\d.rsv
2014-01-10 18:52 - 2014-01-10 18:24 - 00629216 _____ C:\Users\dolam_000\Documents\ff1.rsv
2014-01-10 18:46 - 2014-01-10 18:46 - 00629232 _____ C:\Users\dolam_000\Documents\ff1.rsv.bak
2014-01-10 18:38 - 2014-01-10 18:28 - 00629200 _____ C:\Users\dolam_000\Documents\ff2.rsv
2014-01-10 18:28 - 2014-01-10 18:38 - 00628672 _____ C:\Users\dolam_000\Documents\ff2.rsv.bak
2014-01-10 13:48 - 2014-01-10 13:48 - 00498112 _____ C:\Users\dolam_000\Documents\sotg3.rsv
2014-01-10 12:09 - 2014-01-10 12:05 - 00498112 _____ C:\Users\dolam_000\Documents\sotg2.rsv
2014-01-10 12:05 - 2014-01-10 12:09 - 00498112 _____ C:\Users\dolam_000\Documents\sotg2.rsv.bak
2014-01-10 11:51 - 2014-01-10 11:51 - 00498064 _____ C:\Users\dolam_000\Documents\sotg1.rsv
2014-01-10 11:33 - 2014-01-10 11:33 - 00498096 _____ C:\Users\dolam_000\Documents\sotg.rsv
2014-01-10 11:28 - 2014-01-10 11:28 - 00000000 ____D C:\Users\dolam_000\AppData\Roaming\Rags
2014-01-10 11:27 - 2014-01-10 11:27 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2014-01-10 11:27 - 2014-01-10 11:27 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2014-01-10 11:25 - 2014-01-10 11:25 - 00000000 ____D C:\Program Files (x86)\RagsGame
2014-01-10 11:22 - 2014-01-10 11:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2014-01-10 11:22 - 2013-05-24 00:28 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-01-07 09:51 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\LiveKernelReports
2014-01-06 17:33 - 2013-12-20 22:25 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2014-01-06 13:11 - 2013-10-08 12:03 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-06 12:18 - 2014-01-01 19:25 - 00007601 _____ C:\Users\dolam_000\AppData\Local\resmon.resmoncfg
2014-01-05 14:25 - 2013-10-15 12:11 - 00000000 ____D C:\Users\dolam_000\AppData\Local\Adobe
2014-01-05 14:25 - 2013-10-08 12:03 - 00003720 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-05 14:19 - 2014-01-05 14:19 - 01577457 _____ C:\Users\dolam_000\Downloads\SDT_1_21_1b.swf
2014-01-05 09:05 - 2014-01-05 09:05 - 00325544 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-04 13:52 - 2013-12-02 10:15 - 00000000 ____D C:\Users\dolam_000\AppData\Roaming\Samsung
2014-01-04 09:01 - 2014-01-04 09:01 - 00000000 ____D C:\SUPERDelete
2014-01-04 09:01 - 2013-09-26 12:10 - 00000000 ____D C:\Users\dolam_000\AppData\Roaming\IObit
2014-01-04 00:05 - 2012-07-26 02:12 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2014-01-04 00:05 - 2012-07-25 23:38 - 00000000 ____D C:\Windows\system32\oobe
2014-01-03 22:17 - 2014-01-03 22:05 - 00004625 _____ C:\Users\dolam_000\Downloads\EuphorianTideSaveFile.xml
2014-01-02 15:32 - 2014-01-02 15:32 - 00330155 _____ C:\Users\dolam_000\Downloads\CompTIA.Testpapers.220-802.v2013-11-12.by.Freda.301q.vce
2014-01-02 14:50 - 2014-01-02 14:29 - 00000032 _____ C:\Users\dolam_000\Documents\vce-examcollect.txt
2014-01-02 14:30 - 2014-01-02 14:29 - 00292325 _____ C:\Users\dolam_000\Downloads\CompTIA.Realtests.220-801.v2013-12-09.by.Cristiano.280q.vce
 
Some content of TEMP:
====================
C:\Users\dolam_000\AppData\Local\Temp\setup.exe
C:\Users\dolam_000\AppData\Local\Temp\sfamcc00001.dll
C:\Users\dolam_000\AppData\Local\Temp\sfextra.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-27 10:35
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2014 01
Ran by dolam_000 at 2014-01-29 13:01:55
Running from C:\Users\dolam_000\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
µTorrent (HKCU Version: 3.3.2.30303 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Amazon Browser App (x32 Version: 1.0.0.0 - Amazon)
Canon D460-490 (Version:  - )
CCleaner (Version: 4.09 - Piriform)
ChromecastApp (HKCU Version: 1.1.266.0 - Google Inc.)
Cisco Packet Tracer 5.3.3 (x32 Version:  - Cisco Systems, Inc.)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.2417 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (x32 Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.2126 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.2413 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4828.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (Version:  - Microsoft)
Dell Backup and Recovery - Support Software (x32 Version: 1.0.0.6 - Dell Inc.)
Dell Backup and Recovery (x32 Version: 1.0.0.6 - Dell Inc.)
Dell Touchpad (Version: 16.3.7.0 - Synaptics Incorporated)
Dell WLAN and Bluetooth Client Installation (x32 Version: 10.0 - Dell Inc.)
Electric Sheep 2.7b34 (x32 Version: 2.7b34 - Electricsheep)
Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
HP Deskjet 3510 series Basic Device Software (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3510 series Help (x32 Version: 28.0.0 - Hewlett Packard)
HP Deskjet 3510 series Product Improvement Study (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP FWUpdateEDO2 (x32 Version: 1.2.0.0 - Hewlett-Packard)
HP Update (x32 Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Intel® Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (x32 Version: 9.17.10.2867 - Intel Corporation)
Intel® Rapid Storage Technology (x32 Version: 11.7.0.1013 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
j5 USB DISPLAY ADAPTER 12.01.1225.3179 (x32 Version: 12.01.1225.3179 - j5create)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Exploit version 0.09.5.1000 (Version: 0.09.5.1000 - Malwarebytes)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Project MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Project Professional 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Project Professional 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visio MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Visio Professional 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visio Professional 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (Version: 3.4.6422.14 - PC-Doctor, Inc.)
MyFreeCodec (HKCU Version:  - )
OpenOffice 4.0.0 (x32 Version: 4.00.9702 - Apache Software Foundation)
Oracle VM VirtualBox 3.2.4 (Version: 3.2.4 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PocketCloud Windows Companion (x32 Version: 2.5.11 - Wyse Technology)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.218 - Qualcomm Atheros Communications)
Quickset64 (Version: 10.15.018 - Dell Inc.)
Rags Suite (x32 Version: 2.4.0 - RagsGame)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6788 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Samsung Kies (x32 Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_6 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Secure Download Manager (x32 Version: 3.1.10 - Kivuto Solutions Inc.)
Shared C Run-time for x64 (Version: 10.0.0 - McAfee)
SpeedFan (remove only) (x32 Version:  - )
Start Menu 8 (x32 Version: 1.4.0.0 - IObit)
SUPERAntiSpyware (Version: 5.6.1040 - SUPERAntiSpyware.com)
TrueCrypt (x32 Version: 7.1a - TrueCrypt Foundation)
Update for Microsoft Lync 2013 (KB2817621) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760257) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817309) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817311) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817493) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817640) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827228) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827235) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2810016) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Project 2013 (KB2767859) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft SkyDrive Pro (KB2825633) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio 2013 (KB2752018) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio 2013 (KB2810008) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition (Version:  - Microsoft)
Visual CertExam Suite (x32 Version:  - Avanset)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.8 (x32 Version: 2.0.8 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
23-01-2014 21:11:13 Windows Backup
27-01-2014 01:07:06 Installed ADRIFT 5.
27-01-2014 19:34:45 Restore Operation
27-01-2014 19:56:05 Windows Backup
 
==================== Hosts content: ==========================
 
2012-07-25 23:26 - 2012-07-25 23:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {018545E8-F8D9-43D8-9180-3AD75BB2F693} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {088D25E5-DF53-4F32-B1EE-946E80914408} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-15] (Microsoft Corporation)
Task: {09F399DB-06A4-43CF-AE8E-A1AB9C84B784} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3C2BBFFA-CCA1-4028-B8B2-29233F445951} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {3CA46327-C573-4EC3-AEEC-F747BA78BD26} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-05] (Adobe Systems Incorporated)
Task: {53C7D28C-B8D9-40E4-8642-1C28F3D18B36} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\system32\NotificationUI.exe [2013-08-15] (Microsoft Corporation)
Task: {5755C693-EBD9-4D23-92D9-A39174D646C7} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-12-06] (PC-Doctor, Inc.)
Task: {5BFAE9E2-804D-4174-8DB5-6A25EF1AA586} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
Task: {625B811C-D1D7-46DD-8FF0-285E770D3AF9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2763157628-3096541892-2103606246-1001UA => C:\Users\dolam_000\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-25] (Google Inc.)
Task: {7D470760-D254-4E30-99BD-A82D6F66CEB6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-16] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {BA44B6ED-E44D-47A3-9F60-FA7400CB4844} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {BF7881ED-4567-409B-83B9-5ADF4D45CF13} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {BFC92768-0C19-4058-829F-4AAA1E521CF2} - System32\Tasks\Malwarebytes Anti-Exploit => C:\Program Files\Malwarebytes Anti-Exploit\mbae-loader.exe [2014-01-16] (Malwarebytes Corporation)
Task: {C4221DA1-EB0D-438F-9393-F32E0598EDD1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2763157628-3096541892-2103606246-1001Core => C:\Users\dolam_000\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-25] (Google Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C79FEB13-A3C0-4CC6-90A3-06590E295837} - System32\Tasks\defrag => C:\Windows\System32\dfrgui.exe [2012-07-25] (Microsoft Corporation)
Task: {C9151C0C-984C-4416-BFBB-36B3A8AC2A7F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {CA67FE75-D354-4B3D-8B79-EABD376A6ABB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {CA714611-A9E7-46A3-91FA-0BB8A73F2E49} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-09-05] (PC-Doctor, Inc.)
Task: {D3D4FF74-845E-4A57-85AE-6CBAA8D9F7CB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-16] (Google Inc.)
Task: {E375A00A-93F3-4E32-87CC-DF610DC330B0} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-12-21] (Synaptics Incorporated)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EEE21559-8D8D-4595-A08B-29F1BC7608D3} - System32\Tasks\HPCustParticipation HP Deskjet 3510 series => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {F50E8B94-5B67-457D-A0F6-F8B440113AB9} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [2013-12-02] (IObit)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2763157628-3096541892-2103606246-1001Core.job => C:\Users\dolam_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2763157628-3096541892-2103606246-1001UA.job => C:\Users\dolam_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Malwarebytes Anti-Exploit.job => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-12-28 14:39 - 2012-12-28 14:39 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-12-28 14:36 - 2012-12-28 14:36 - 00084480 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2013-05-23 23:51 - 2012-10-16 04:38 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-12-28 14:42 - 2012-12-28 14:42 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll
2010-06-08 12:26 - 2010-06-08 12:26 - 01473040 _____ () C:\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2010-06-08 12:25 - 2010-06-08 12:25 - 03543568 _____ () C:\Program Files\Oracle\VirtualBox\VBoxRT.dll
2010-06-08 12:22 - 2010-06-08 12:22 - 03421200 _____ () C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
2010-06-08 12:22 - 2010-06-08 12:22 - 11595792 _____ () C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
2010-06-08 12:22 - 2010-06-08 12:22 - 01032720 _____ () C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
2010-06-08 12:26 - 2010-06-08 12:26 - 00047120 _____ () C:\Program Files\Oracle\VirtualBox\VBoxREM.dll
2010-06-08 12:26 - 2010-06-08 12:26 - 00226832 _____ () C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2013-08-24 10:24 - 2013-12-02 17:12 - 00348992 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl
2013-08-24 10:24 - 2013-12-02 17:12 - 00183616 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl
2013-08-24 10:24 - 2013-12-02 17:12 - 00051008 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl
2013-12-05 10:40 - 2013-12-02 17:12 - 00089920 _____ () C:\Program Files (x86)\IObit\Start Menu 8\NTFSScan.dll
2013-09-26 12:09 - 2013-12-02 17:12 - 00039744 _____ () C:\Program Files (x86)\IObit\Start Menu 8\pri.dll
2013-09-26 12:09 - 2013-12-02 17:13 - 00041280 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll
2013-05-24 00:21 - 2012-06-07 21:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-09-09 13:22 - 2013-09-09 13:22 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\e1703d2acd816693ae5e6f42cb057951\PSIClient.ni.dll
2013-05-24 00:12 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-09-13 05:02 - 2013-09-13 05:02 - 08866472 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-01-16 19:16 - 2014-01-11 04:28 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
2014-01-16 19:16 - 2014-01-11 04:28 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libegl.dll
2014-01-16 19:16 - 2014-01-11 04:29 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
2014-01-16 19:16 - 2014-01-11 04:29 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
2014-01-16 19:16 - 2014-01-11 04:28 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
2014-01-16 19:16 - 2014-01-11 04:29 - 13615896 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== Faulty Device Manager Devices =============
 
Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Sun Microsystems, Inc.
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Intel® 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D
Description: Intel® 7 Series/C216 Chipset Family USB Enhanced Host Controller - 1E2D
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: =========================
 
Could not start eventlog service, could not read events.
 
The requested service has already been started.
 
More help is available by typing NET HELPMSG 2182.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 37%
Total physical RAM: 8073.27 MB
Available physical RAM: 5056.49 MB
Total Pagefile: 11913.27 MB
Available Pagefile: 5617.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:452.82 GB) (Free:284.5 GB) NTFS
Drive e: (OFFICE12) (CDROM) (Total:0.5 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 21E47351)
 
Partition: GPT Partition Type
==================== End Of Log ============================
 


#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:54 AM

Posted 29 January 2014 - 02:18 PM

This most likely is a false alarm. And your logs look clean.
If your computer is running smoothly and you don't experience any suspicious symptoms I don't see a reason for further examination. :)

#6 dolamoth

dolamoth
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:54 PM

Posted 29 January 2014 - 02:47 PM

Oh ok. Thank you very much!



#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:54 AM

Posted 29 January 2014 - 02:49 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users