Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Load32.exe" (Continued)


  • This topic is locked This topic is locked
24 replies to this topic

#1 NexuxKitty

NexuxKitty

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 04 March 2014 - 09:53 PM

Hello, I've came from >http://www.bleepingcomputer.com/forums/t/526205/315load32exe/

To summarize my problem:
>I can't run any applications 

>Seems like it's because of a file called "Load32.exe"

>Tried running stuff like MalwareBytes and Junkware to try to post the logs, but it shows some sort of error

>I even tried booting in safe mode with networking, but to no avail. I still couldn't run any files or download.

>I took a look at the task manager and found that "Load32.exe" was in safe mode too

Files Attached are:
>The Error
>Downloads failing in safe mode

>Safe mode task manager

 

Attached File  poop.PNG   43.41KB   0 downloads

Attached File  dod.PNG   74.61KB   0 downloads

Attached File  Dood.PNG   46.15KB   0 downloads



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 05 March 2014 - 03:05 AM

Hello,

please run a FRST scan. If you cannot download it then get FRST on another computer and transfer it on a flash drive to the infected computer.


Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 NexuxKitty

NexuxKitty
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 06 March 2014 - 01:45 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-03-2014 02
Ran by Lyndon (administrator) on LYNDON-PC on 05-03-2014 20:38:04
Running from C:\Users\Lyndon\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Advanced Micro Devices) c:\Program Files (x86)\AMD\Fusion Utility for Mobility\FusionSVC.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
() C:\ProgramData\load32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WScript.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3179088 2009-08-07] (Dell Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [NT Kernel Service] - C:\ProgramData\load32.exe -rundll32 /SYSTEM32 "C:\Windows\System32\taskmgr.exe" "C:\Program Files\Microsoft\Windows"
HKLM\...\RunOnce: [DSUpdateLauncher] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161008 2009-09-17] ()
HKU\S-1-5-21-920365104-346405113-3152261100-1000\...\CurrentVersion\Windows: [Load] C:\Users\Lyndon\AppData\Roaming\uTorrent\(18禁ゲーム) [080718] [ぺろぺろキャンディー] B.M.G.Paradice_黒魔術少女の楽園\RJ012876\bmg\installshield.exe <===== ATTENTION
HKU\S-1-5-21-920365104-346405113-3152261100-1000\...\MountPoints2: {b081becd-7060-11e2-83c6-a4badb9a8506} - F:\setup.exe
HKU\S-1-5-21-920365104-346405113-3152261100-1000\...\Winlogon: [Shell] explorer.exe,"C:\ProgramData\load32.exe" [245760 2014-02-27] () <==== ATTENTION 
IFEO\AvastSvc.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\AvastUI.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\avcenter.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\avconfig.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\avgcsrvx.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\avgidsagent.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\avgnt.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\avgrsx.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\avguard.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\avgui.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\avgwdsvc.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\avp.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\avscan.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\bdagent.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\ccuac.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\ComboFix.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\egui.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\hijackthis.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\instup.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\keyscrambler.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\mbam.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\mbamgui.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\mbampt.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\mbamscheduler.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\mbamservice.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\NisSrv.exe: [Debugger] \315load32.exe
IFEO\rstrui.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\spybotsd.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\wireshark.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\zlclient.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
InternetURL: C:\Users\Lyndon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url -> 0
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: http=127.0.0.1:18810
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {04074216-D8B0-4FD2-AFC4-E161D2C7D16B} URL = 
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ED45488D-4444-453B-8D68-FEC628230453}: [NameServer]8.8.8.8,8.8.4.4
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (AVG Internet Security) - C:\Users\Lyndon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U38) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.380.5) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Lyndon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-29]
CHR Extension: (YouTube) - C:\Users\Lyndon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-29]
CHR Extension: (Google Search) - C:\Users\Lyndon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-29]
CHR Extension: (Google Calendar) - C:\Users\Lyndon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2012-12-29]
CHR Extension: (AdBlock) - C:\Users\Lyndon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-12-29]
CHR Extension: (Dictionary by Dictionary.com) - C:\Users\Lyndon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikhgcaliglmioibbockkmjknfnepbdh [2012-12-29]
CHR Extension: (Black Black Chrome Theme Dark Blue Highlight) - C:\Users\Lyndon\AppData\Local\Google\Chrome\User Data\Default\Extensions\njpbabhpbnilgchdjbajcbgnnclkaida [2013-03-21]
CHR Extension: (Google Wallet) - C:\Users\Lyndon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Lyndon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-29]
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-11-16] (Advanced Micro Devices, Inc.)
R2 AMDFusionSVC; c:\Program Files (x86)\AMD\Fusion Utility for Mobility\FusionSVC.exe [383544 2009-09-02] (Advanced Micro Devices)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-16] (Dell Inc.)
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-03-07] (Duplex Secure Ltd.)
S1 ahuwvbkt; \??\C:\Windows\system32\drivers\ahuwvbkt.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-05 20:35 - 2014-03-05 20:39 - 00014903 _____ () C:\Users\Lyndon\Desktop\FRST.txt
2014-03-05 20:35 - 2014-03-05 20:38 - 00000000 ____D () C:\FRST
2014-03-05 20:35 - 2014-03-05 20:34 - 02156544 _____ (Farbar) C:\Users\Lyndon\Desktop\FRST64.exe
2014-03-04 13:41 - 2014-03-04 16:25 - 00000168 _____ () C:\Windows\setupact.log
2014-03-04 13:41 - 2014-03-04 13:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-03 21:30 - 2014-03-03 21:47 - 00031380 ____H () C:\Users\Lyndon\Documents\~WRL0003.tmp
2014-03-02 12:36 - 2014-03-02 12:36 - 00550371 _____ () C:\Users\Lyndon\Downloads\Autoruns.zip
2014-03-02 12:00 - 2014-03-02 13:27 - 00000000 ____D () C:\AdwCleaner
2014-03-02 11:59 - 2014-03-02 11:59 - 00001071 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-02 11:59 - 2014-03-02 11:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-02 11:58 - 2014-03-02 11:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-02 11:58 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-02 09:31 - 2014-03-02 09:32 - 01244192 _____ () C:\Users\Lyndon\Downloads\AdwCleaner.exe
2014-03-02 09:31 - 2014-03-02 09:31 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Lyndon\Downloads\mbam-setup.exe
2014-03-02 09:29 - 2014-03-02 09:30 - 01037734 _____ () C:\Users\Lyndon\Downloads\JRT.exe
2014-03-01 17:14 - 2014-03-01 17:17 - 00000000 ____D () C:\Users\Lyndon\AppData\Roaming\LavasoftStatistics
2014-03-01 17:12 - 2014-03-01 17:12 - 00000000 ____D () C:\Users\Lyndon\AppData\Roaming\Winamp
2014-03-01 17:01 - 2014-03-01 17:01 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-28 21:52 - 2014-02-28 21:52 - 00000065 _____ () C:\Update.Microsoft.com.url
2014-02-28 21:51 - 2014-03-04 16:21 - 00000000 ___HD () C:\NTKernel
2014-02-28 21:49 - 2014-02-28 21:49 - 00002896 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-02-28 20:11 - 2014-03-04 16:26 - 00000000 ___HD () C:\ProgramData\NTKernel
2014-02-28 20:11 - 2014-02-27 08:59 - 00245760 __RSH () C:\Users\Lyndon\Documents\315load32.exe
2014-02-28 20:11 - 2014-02-27 08:59 - 00245760 __RSH () C:\ProgramData\load32.exe
2014-02-28 20:11 - 2014-02-27 08:59 - 00245760 __RSH () C:\315load32.exe
2014-02-28 19:17 - 2014-02-28 19:17 - 00000000 ____D () C:\Riot Games
2014-02-28 04:02 - 2014-03-01 20:56 - 00000000 ____D () C:\Users\Lyndon\AppData\Local\PMB Files
2014-02-28 04:02 - 2014-03-01 20:00 - 00000000 ____D () C:\ProgramData\PMB Files
2014-02-27 03:10 - 2014-02-27 03:10 - 00000000 ____D () C:\114173e81def8a56ee05
2014-02-21 21:26 - 2014-02-21 21:26 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-02-20 19:03 - 2014-02-26 17:32 - 00028463 ____H () C:\Users\Lyndon\Documents\~WRL3245.tmp
2014-02-20 19:03 - 2014-02-24 22:02 - 00027085 ____H () C:\Users\Lyndon\Documents\~WRL2037.tmp
2014-02-20 19:03 - 2014-02-22 14:15 - 00031787 ____H () C:\Users\Lyndon\Documents\~WRL3695.tmp
2014-02-20 19:03 - 2014-02-20 19:04 - 00031065 ____H () C:\Users\Lyndon\Documents\~WRL3832.tmp
2014-02-20 15:41 - 2014-02-20 15:41 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-19 20:19 - 2014-02-19 20:19 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-19 20:19 - 2014-02-19 20:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-19 18:12 - 2014-02-28 21:49 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-02-19 18:12 - 2014-02-19 20:32 - 00000000 ____D () C:\Windows\AutoKMS
2014-02-19 18:04 - 2014-02-19 18:04 - 00000000 ____D () C:\Windows\PCHEALTH
2014-02-19 18:03 - 2014-02-19 18:03 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-02-19 18:02 - 2014-02-21 21:31 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-02-19 18:02 - 2014-02-19 18:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-02-19 18:00 - 2014-02-19 18:00 - 00000000 __RHD () C:\MSOCache
2014-02-19 17:56 - 2014-02-23 21:11 - 00000000 ____D () C:\Users\Lyndon\AppData\Local\Microsoft Help
2014-02-15 07:46 - 2014-02-15 07:46 - 00003326 _____ () C:\Windows\System32\Tasks\{C2DD9A12-482C-4736-98FB-14DD2B03EBE4}
2014-02-12 03:05 - 2014-02-12 03:05 - 00000000 ____D () C:\cabdb581eef04b58c8ec52
2014-02-12 03:04 - 2013-12-20 23:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 03:04 - 2013-12-20 22:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 03:03 - 2014-02-06 02:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 03:03 - 2014-02-06 01:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 03:03 - 2014-02-06 01:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 03:03 - 2014-02-06 01:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 03:03 - 2014-02-06 01:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 03:03 - 2014-02-06 00:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 03:03 - 2014-02-06 00:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 03:03 - 2014-02-06 00:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 03:03 - 2014-02-06 00:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 03:03 - 2014-02-06 00:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 03:03 - 2014-02-06 00:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 03:03 - 2014-02-06 00:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 03:03 - 2014-02-06 00:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 03:03 - 2014-02-06 00:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 03:03 - 2014-02-06 00:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 03:03 - 2014-02-06 00:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 03:03 - 2014-02-05 23:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 03:03 - 2014-02-05 23:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 03:03 - 2014-02-05 23:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 03:03 - 2014-02-05 23:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 03:03 - 2014-02-05 23:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 03:03 - 2014-02-05 23:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 03:03 - 2014-02-05 23:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 03:03 - 2014-02-05 23:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 03:03 - 2014-02-05 22:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 03:03 - 2014-02-05 22:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 03:02 - 2014-02-06 01:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 03:02 - 2014-02-06 00:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 03:02 - 2014-02-06 00:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 03:02 - 2014-02-05 23:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 03:02 - 2014-02-05 23:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 03:02 - 2014-02-05 23:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 03:02 - 2014-02-05 23:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 03:02 - 2014-02-05 23:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 03:02 - 2014-02-05 23:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 03:02 - 2014-02-05 23:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 03:02 - 2014-02-05 22:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 03:02 - 2014-02-05 22:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 03:02 - 2014-02-05 22:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-11 18:43 - 2013-12-31 13:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-11 18:43 - 2013-12-31 13:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-11 18:43 - 2013-12-24 13:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-11 18:43 - 2013-12-24 12:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-11 18:43 - 2013-12-05 16:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-11 18:43 - 2013-12-05 16:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-11 18:43 - 2013-12-05 16:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-11 18:43 - 2013-12-05 16:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-11 18:43 - 2013-12-03 16:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-11 18:43 - 2013-12-03 16:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-11 18:43 - 2013-12-03 16:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-11 18:43 - 2013-12-03 16:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-11 18:43 - 2013-12-03 16:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-11 18:43 - 2013-12-03 16:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-11 18:43 - 2013-12-03 16:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-11 18:43 - 2013-12-03 16:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-11 18:43 - 2013-12-03 16:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-11 18:43 - 2013-12-03 16:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-11 18:43 - 2013-12-03 16:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-11 18:43 - 2013-12-03 16:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-11 18:43 - 2013-12-03 16:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-11 18:43 - 2013-12-03 16:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-11 18:43 - 2013-12-03 15:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-11 18:43 - 2013-12-03 15:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-11 18:43 - 2013-12-03 15:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-11 18:43 - 2013-12-03 15:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-11 18:43 - 2013-11-25 22:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-11 18:43 - 2013-11-22 12:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-09 19:14 - 2014-02-10 06:23 - 00019280 _____ () C:\Users\Lyndon\Documents\Multi-Genre Portfolio.odt
 
==================== One Month Modified Files and Folders =======
 
2014-03-05 20:39 - 2014-03-05 20:35 - 00014903 _____ () C:\Users\Lyndon\Desktop\FRST.txt
2014-03-05 20:38 - 2014-03-05 20:35 - 00000000 ____D () C:\FRST
2014-03-05 20:36 - 2013-02-02 00:56 - 01529854 _____ () C:\Windows\WindowsUpdate.log
2014-03-05 20:34 - 2014-03-05 20:35 - 02156544 _____ (Farbar) C:\Users\Lyndon\Desktop\FRST64.exe
2014-03-05 17:47 - 2009-07-13 17:20 - 00000000 ____D () C:\Windows\tracing
2014-03-04 16:33 - 2009-07-13 18:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-04 16:33 - 2009-07-13 18:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-04 16:26 - 2014-02-28 20:11 - 00000000 ___HD () C:\ProgramData\NTKernel
2014-03-04 16:25 - 2014-03-04 13:41 - 00000168 _____ () C:\Windows\setupact.log
2014-03-04 16:25 - 2011-01-07 21:26 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-03-04 16:21 - 2014-02-28 21:51 - 00000000 ___HD () C:\NTKernel
2014-03-04 13:41 - 2014-03-04 13:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-03 21:50 - 2011-07-11 21:53 - 00000000 ____D () C:\Users\Lyndon\AppData\Roaming\Media Player Classic
2014-03-03 21:49 - 2010-01-17 01:38 - 00000000 ____D () C:\Windows\Panther
2014-03-03 21:47 - 2014-03-03 21:30 - 00031380 ____H () C:\Users\Lyndon\Documents\~WRL0003.tmp
2014-03-02 13:27 - 2014-03-02 12:00 - 00000000 ____D () C:\AdwCleaner
2014-03-02 12:36 - 2014-03-02 12:36 - 00550371 _____ () C:\Users\Lyndon\Downloads\Autoruns.zip
2014-03-02 11:59 - 2014-03-02 11:59 - 00001071 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-02 11:59 - 2014-03-02 11:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-02 11:59 - 2014-03-02 11:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-02 09:32 - 2014-03-02 09:31 - 01244192 _____ () C:\Users\Lyndon\Downloads\AdwCleaner.exe
2014-03-02 09:31 - 2014-03-02 09:31 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Lyndon\Downloads\mbam-setup.exe
2014-03-02 09:30 - 2014-03-02 09:29 - 01037734 _____ () C:\Users\Lyndon\Downloads\JRT.exe
2014-03-01 20:56 - 2014-02-28 04:02 - 00000000 ____D () C:\Users\Lyndon\AppData\Local\PMB Files
2014-03-01 20:00 - 2014-02-28 04:02 - 00000000 ____D () C:\ProgramData\PMB Files
2014-03-01 17:17 - 2014-03-01 17:14 - 00000000 ____D () C:\Users\Lyndon\AppData\Roaming\LavasoftStatistics
2014-03-01 17:12 - 2014-03-01 17:12 - 00000000 ____D () C:\Users\Lyndon\AppData\Roaming\Winamp
2014-03-01 17:01 - 2014-03-01 17:01 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-28 21:52 - 2014-02-28 21:52 - 00000065 _____ () C:\Update.Microsoft.com.url
2014-02-28 21:49 - 2014-02-28 21:49 - 00002896 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-02-28 21:49 - 2014-02-19 18:12 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-02-28 21:48 - 2012-12-29 00:51 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-28 21:47 - 2009-07-13 19:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-28 21:41 - 2012-12-23 20:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-28 20:47 - 2012-12-29 00:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-28 20:12 - 2010-04-14 09:13 - 00000000 ___RD () C:\Users\Lyndon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-28 19:17 - 2014-02-28 19:17 - 00000000 ____D () C:\Riot Games
2014-02-28 04:01 - 2011-04-21 13:21 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-02-27 22:28 - 2011-12-21 00:53 - 00000000 ____D () C:\Users\Lyndon\AppData\Roaming\Skype
2014-02-27 08:59 - 2014-02-28 20:11 - 00245760 __RSH () C:\Users\Lyndon\Documents\315load32.exe
2014-02-27 08:59 - 2014-02-28 20:11 - 00245760 __RSH () C:\ProgramData\load32.exe
2014-02-27 08:59 - 2014-02-28 20:11 - 00245760 __RSH () C:\315load32.exe
2014-02-27 03:10 - 2014-02-27 03:10 - 00000000 ____D () C:\114173e81def8a56ee05
2014-02-27 03:08 - 2013-04-29 05:30 - 00766820 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-27 03:08 - 2009-07-13 19:13 - 00766820 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-26 17:32 - 2014-02-20 19:03 - 00028463 ____H () C:\Users\Lyndon\Documents\~WRL3245.tmp
2014-02-24 22:02 - 2014-02-20 19:03 - 00027085 ____H () C:\Users\Lyndon\Documents\~WRL2037.tmp
2014-02-23 21:11 - 2014-02-19 17:56 - 00000000 ____D () C:\Users\Lyndon\AppData\Local\Microsoft Help
2014-02-22 14:15 - 2014-02-20 19:03 - 00031787 ____H () C:\Users\Lyndon\Documents\~WRL3695.tmp
2014-02-22 06:52 - 2010-04-14 09:14 - 00105848 _____ () C:\Users\Lyndon\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-22 06:51 - 2009-07-13 18:45 - 00410432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-21 21:46 - 2010-01-17 00:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-21 21:31 - 2014-02-19 18:02 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-02-21 21:31 - 2009-07-13 17:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-02-21 21:26 - 2014-02-21 21:26 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-02-21 21:26 - 2010-01-17 00:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-02-20 19:04 - 2014-02-20 19:03 - 00031065 ____H () C:\Users\Lyndon\Documents\~WRL3832.tmp
2014-02-20 15:42 - 2012-12-23 20:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-20 15:41 - 2014-02-20 15:41 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-20 15:41 - 2012-12-23 20:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 15:41 - 2012-01-04 01:11 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-19 20:37 - 2010-01-17 00:44 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-02-19 20:32 - 2014-02-19 18:12 - 00000000 ____D () C:\Windows\AutoKMS
2014-02-19 20:23 - 2013-02-02 00:57 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-02-19 20:22 - 2013-02-02 00:56 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-02-19 20:22 - 2013-02-02 00:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-02-19 20:19 - 2014-02-19 20:19 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-19 20:19 - 2014-02-19 20:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-19 20:19 - 2010-01-17 00:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-02-19 18:04 - 2014-02-19 18:04 - 00000000 ____D () C:\Windows\PCHEALTH
2014-02-19 18:03 - 2014-02-19 18:03 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-02-19 18:02 - 2014-02-19 18:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-02-19 18:02 - 2009-07-13 21:45 - 00000000 ____D () C:\Windows\ShellNew
2014-02-19 18:00 - 2014-02-19 18:00 - 00000000 __RHD () C:\MSOCache
2014-02-19 17:58 - 2009-07-13 16:34 - 00000387 _____ () C:\Windows\win.ini
2014-02-15 08:42 - 2012-12-29 00:51 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-15 08:42 - 2012-12-29 00:51 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-15 07:46 - 2014-02-15 07:46 - 00003326 _____ () C:\Windows\System32\Tasks\{C2DD9A12-482C-4736-98FB-14DD2B03EBE4}
2014-02-15 03:05 - 2013-08-15 03:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-15 03:02 - 2011-02-24 17:33 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-14 15:55 - 2009-07-13 17:20 - 00000000 ____D () C:\Windows\rescache
2014-02-12 17:09 - 2012-11-10 19:36 - 00000056 _____ () C:\Windows\kgt2k.INI
2014-02-12 13:43 - 2011-12-21 00:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-12 13:43 - 2011-12-21 00:52 - 00000000 ____D () C:\ProgramData\Skype
2014-02-12 03:05 - 2014-02-12 03:05 - 00000000 ____D () C:\cabdb581eef04b58c8ec52
2014-02-10 06:23 - 2014-02-09 19:14 - 00019280 _____ () C:\Users\Lyndon\Documents\Multi-Genre Portfolio.odt
2014-02-06 02:16 - 2014-02-12 03:03 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 01:30 - 2014-02-12 03:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 01:30 - 2014-02-12 03:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 01:12 - 2014-02-12 03:02 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 01:07 - 2014-02-12 03:03 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 01:06 - 2014-02-12 03:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 00:57 - 2014-02-12 03:03 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 00:56 - 2014-02-12 03:03 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 00:52 - 2014-02-12 03:03 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 00:49 - 2014-02-12 03:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 00:48 - 2014-02-12 03:03 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 00:48 - 2014-02-12 03:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 00:38 - 2014-02-12 03:02 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 00:32 - 2014-02-12 03:03 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 00:20 - 2014-02-12 03:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 00:17 - 2014-02-12 03:03 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 00:11 - 2014-02-12 03:02 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 00:01 - 2014-02-12 03:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 00:00 - 2014-02-12 03:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-05 23:57 - 2014-02-12 03:03 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 23:57 - 2014-02-12 03:02 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-05 23:52 - 2014-02-12 03:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-05 23:52 - 2014-02-12 03:03 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-05 23:50 - 2014-02-12 03:02 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 23:49 - 2014-02-12 03:03 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-05 23:47 - 2014-02-12 03:03 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-05 23:46 - 2014-02-12 03:03 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-05 23:25 - 2014-02-12 03:03 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-05 23:25 - 2014-02-12 03:02 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-05 23:24 - 2014-02-12 03:02 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 23:22 - 2014-02-12 03:02 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 23:13 - 2014-02-12 03:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-05 23:09 - 2014-02-12 03:02 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-05 23:03 - 2014-02-12 03:02 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-05 22:55 - 2014-02-12 03:02 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 22:41 - 2014-02-12 03:02 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-05 22:40 - 2014-02-12 03:03 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-05 22:36 - 2014-02-12 03:02 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-05 22:34 - 2014-02-12 03:03 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
 
ZeroAccess:
C:\Windows\Installer\{7796217b-83e7-34f9-15bf-3d8a1507bc5e}
C:\Windows\Installer\{7796217b-83e7-34f9-15bf-3d8a1507bc5e}\@
C:\Windows\Installer\{7796217b-83e7-34f9-15bf-3d8a1507bc5e}\L\00000004.@
C:\Windows\Installer\{7796217b-83e7-34f9-15bf-3d8a1507bc5e}\L\201d3dde
C:\Windows\Installer\{7796217b-83e7-34f9-15bf-3d8a1507bc5e}\L\4cce1f70
C:\Windows\Installer\{7796217b-83e7-34f9-15bf-3d8a1507bc5e}\L\76603ac3
 
Files to move or delete:
====================
C:\ProgramData\load32.exe
C:\ProgramData\NTKernel
C:\Users\Lyndon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url
C:\NTKernel
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-21 03:30
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2014 02
Ran by Lyndon at 2014-03-05 20:42:12
Running from C:\Users\Lyndon\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
 
==================== Installed Programs ======================
 
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AMD Accelerated Video Transcoding (Version: 12.5.100.21116 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
AMD Fusion Media Explorer (HKLM-x32\...\{9C3AAC01-10DA-418F-AEBC-F75500220415}) (Version: 1.0.1.0151 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.71116.1554 - Advanced Micro Devices, Inc.) Hidden
AMD USB Filter Driver (HKLM-x32\...\{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}) (Version: 1.0.13.88 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0729.2226 - )
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0729.2227.38498 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Czech (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Danish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Dutch (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help English (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Finnish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help French (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help German (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Greek (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Italian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Japanese (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Korean (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Polish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Russian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Spanish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Swedish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Thai (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Turkish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
ccc-core-static (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
ccc-utility64 (Version: 2009.0729.2227.38498 - ATI) Hidden
ccc-utility64 (Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
CDisplayEx 1.8 (HKLM-x32\...\CDisplayEx_is1) (Version:  - Henri Gourvest.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
ClipGrab 3.3.0.4 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
Combined Community Codec Pack 2013-11-27 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2013.11.27.0 - CCCP Project)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version:  - Microsoft)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.31 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.3.44 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.1.0031 - Dell, Inc.)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.104.115.103 - Alps Electric)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 520 Series Printer Uninstall (HKLM\...\EPSON WorkForce 520 Series) (Version:  - SEIKO EPSON Corporation)
Fusion Utility for Mobility (HKLM-x32\...\{83F81F91-7BE9-44D1-98AF-2B87E0B8710C}) (Version: 1.1.1 - AMD)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 30 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416030FF}) (Version: 6.0.300 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 5.1.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 5.1.0 - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - English (HKLM-x32\...\{90150000-001F-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{67635FB6-2F63-4FFB-830B-D4C01597EBA4}) (Version: 1.2.1 - DELL)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.8 - Dell Inc.)
RGSS-RTP Standard (HKLM-x32\...\RGSS-RTP Standard_is1) (Version: 1.04 - Enterbrain)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Roxio Burn (x32 Version: 1.01 - Roxio) Hidden
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
RPGツクール2000 ランタイムパッケージ (HKLM-x32\...\{33F7A957-A66D-45A1-BADF-6576083B14E2}) (Version:  - )
RTP for RM2K (Png, Wav, Midi, Fonts) (HKLM-x32\...\RTP for RM2K (Png, Wav, Midi, Fonts)) (Version:  - )
Skins (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
 
==================== Restore Points  =========================
 
01-03-2014 05:15:14 Installed League of Legends
01-03-2014 05:18:01 Installed DirectX
01-03-2014 07:42:30 Windows Update
01-03-2014 19:57:58 Installed League of Legends
01-03-2014 19:59:13 Installed DirectX
02-03-2014 03:01:51 AA11
02-03-2014 03:14:29 AA11
02-03-2014 03:26:12 Removed Bonjour
02-03-2014 03:27:40 Removed League of Legends
02-03-2014 03:45:17 Installed League of Legends
02-03-2014 03:50:03 Installed DirectX
02-03-2014 06:24:41 Installed League of Legends
02-03-2014 06:25:21 Installed DirectX
02-03-2014 08:37:58 Removed League of Legends
 
==================== Hosts content: ==========================
 
2009-07-13 16:34 - 2009-06-10 11:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {04163593-89DC-4676-BCA6-41D34471C087} - System32\Tasks\D1BN4ZJ1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-16] (Dell Inc.)
Task: {17CBAD22-D622-4DE7-808F-EA13A0513054} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {5C7FEEB9-2745-4427-ADAA-5F63CA53277B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {6017E62F-97DF-45BD-95CB-5E08E2F29C56} - System32\Tasks\RunAsStdUser Task => C:\Users\Lyndon\AppData\Local\Oxy\Application\oxy.exe <==== ATTENTION
Task: {7AE6A6DD-7F5E-4C54-B71F-205CE92EA2E5} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-02-19] ()
Task: {83B1472C-BCE3-4325-913F-DC15818F5F28} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {8B4371CF-18E5-4C5A-A007-77E3CDFE76E0} - System32\Tasks\{54CAA699-E9B6-4490-B95C-12322833F476} => C:\Users\Lyndon\Desktop\FairyFighting.exe
Task: {99E228B9-9525-4680-A28D-E4C5B81CF693} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated)
Task: {B31C1EF0-5BAD-48E2-84DB-90F585D317DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-29] (Google Inc.)
Task: {C306D5C7-21F5-45CB-BD7E-41A633A6F6AB} - \Express FilesUpdate No Task File
Task: {CA0846F7-47E8-4B5A-AEC1-5182CCCFB775} - System32\Tasks\{CC062962-3B14-45ED-A652-64B02B09D137} => C:\Users\Lyndon\Desktop\FairyFighting.exe
Task: {E4E788D5-8433-4A4D-B00B-D60E7FECD96C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-29] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-01-17 00:19 - 2009-07-16 15:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
2010-01-17 00:19 - 2009-07-16 15:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2012-11-16 15:27 - 2012-11-16 15:27 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-05-05 22:32 - 2012-02-17 17:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2010-01-17 00:36 - 2009-09-17 09:14 - 00161008 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
2014-02-28 20:11 - 2014-02-27 08:59 - 00245760 __RSH () C:\ProgramData\load32.exe
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-17 00:34 - 2009-09-17 09:04 - 00115952 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-01-17 00:34 - 2009-09-17 09:05 - 00128240 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-03-03 21:46 - 2014-03-01 16:35 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
2014-03-03 21:47 - 2014-03-01 16:35 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
2014-03-03 21:47 - 2014-03-01 16:35 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll
2014-03-03 21:47 - 2014-03-01 16:35 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
2014-03-03 21:47 - 2014-03-01 16:35 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
2014-03-03 21:47 - 2014-03-01 16:35 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/04/2014 01:46:05 PM) (Source: ESENT) (User: )
Description: DllHost (3744) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\Lyndon\AppData\Local\Microsoft\Windows\WebCache\V010001E.log.
 
Error: (03/04/2014 01:41:34 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/04/2014 01:41:34 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/04/2014 01:41:34 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/04/2014 01:41:34 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (03/04/2014 01:41:33 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/04/2014 01:41:33 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (03/04/2014 01:41:33 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/04/2014 01:41:33 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/04/2014 01:41:33 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot open the Jet property store.
 
 
Details:
0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))
 
 
System errors:
=============
Error: (03/05/2014 08:36:38 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer MYNETN600
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{ED45488D-4444-453B-8D68-FEC628230453}.
The master browser is stopping or an election is being forced.
 
Error: (03/05/2014 05:00:23 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer MYNETN600
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{ED45488D-4444-453B-8D68-FEC628230453}.
The master browser is stopping or an election is being forced.
 
Error: (03/04/2014 04:25:47 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer MYNETN600
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{ED45488D-4444-453B-8D68-FEC628230453}.
The master browser is stopping or an election is being forced.
 
Error: (03/04/2014 04:25:44 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: 490@01010004
 
Error: (03/04/2014 04:25:26 PM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT AUTHORITY)
Description: A fatal hardware error has occurred.
 
Reported by component: Processor Core
Error Source: 3
Error Type: 256
Processor ID: 0
 
The details view of this entry contains further information.
 
Error: (03/04/2014 04:25:26 PM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT AUTHORITY)
Description: A fatal hardware error has occurred.
 
Reported by component: Processor Core
Error Source: 3
Error Type: 256
Processor ID: 0
 
The details view of this entry contains further information.
 
Error: (03/04/2014 04:25:26 PM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT AUTHORITY)
Description: A fatal hardware error has occurred.
 
Reported by component: Processor Core
Error Source: 3
Error Type: 256
Processor ID: 0
 
The details view of this entry contains further information.
 
Error: (03/04/2014 04:25:26 PM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT AUTHORITY)
Description: A fatal hardware error has occurred.
 
Reported by component: Processor Core
Error Source: 3
Error Type: 256
Processor ID: 0
 
The details view of this entry contains further information.
 
Error: (03/04/2014 04:25:13 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error: 
%%5
 
Error: (03/04/2014 04:25:14 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 4:22:37 PM on ‎3/‎4/‎2014 was unexpected.
 
 
Microsoft Office Sessions:
=========================
Error: (03/04/2014 01:46:05 PM) (Source: ESENT)(User: )
Description: DllHost3744WebCacheLocal: C:\Users\Lyndon\AppData\Local\Microsoft\Windows\WebCache\V010001E.log-1811
 
Error: (03/04/2014 01:41:34 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/04/2014 01:41:34 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/04/2014 01:41:34 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/04/2014 01:41:34 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
 
Error: (03/04/2014 01:41:33 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
 
Error: (03/04/2014 01:41:33 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (03/04/2014 01:41:33 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
 
Error: (03/04/2014 01:41:33 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700
 
Error: (03/04/2014 01:41:33 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 32%
Total physical RAM: 4094.39 MB
Available physical RAM: 2748.94 MB
Total Pagefile: 8186.95 MB
Available Pagefile: 6515.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:97.08 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 983F7C98)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 06 March 2014 - 03:13 AM

Ok, let's try to get rid of this mess:


Step 1

Please download this attached Attached File  fixlist.txt   8.83KB   2 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

 

 

 

Step 2

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#5 NexuxKitty

NexuxKitty
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 07 March 2014 - 12:09 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-03-2014 02
Ran by Lyndon at 2014-03-06 19:02:50 Run:1
Running from C:\Users\Lyndon\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
() C:\ProgramData\load32.exe
HKLM-x32\...\Run: [NT Kernel Service] - C:\ProgramData\load32.exe -rundll32 /SYSTEM32 "C:\Windows\System32\taskmgr.exe" "C:\Program Files\Microsoft\Windows"
HKU\S-1-5-21-920365104-346405113-3152261100-1000\...\CurrentVersion\Windows: [Load] C:\Users\Lyndon\AppData\Roaming\uTorrent\(18禁ゲーム) [080718] [ぺろぺろキャンディー] B.M.G.Paradice_黒魔術少女の楽園\RJ012876\bmg\installshield.exe <===== ATTENTION
HKU\S-1-5-21-920365104-346405113-3152261100-1000\...\Winlogon: [Shell] explorer.exe,"C:\ProgramData\load32.exe" [245760 2014-02-27] () <==== ATTENTION 
C:\ProgramData\load32.exe
C:\Users\Lyndon\AppData\Roaming\uTorrent
IFEO\AvastSvc.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\AvastUI.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\avcenter.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\avconfig.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\avgcsrvx.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\avgidsagent.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\avgnt.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\avgrsx.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\avguard.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\avgui.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\avgwdsvc.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\avp.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\avscan.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\bdagent.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\ccuac.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\ComboFix.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\egui.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\hijackthis.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\instup.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\keyscrambler.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\mbam.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\mbamgui.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\mbampt.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\mbamscheduler.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\mbamservice.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\NisSrv.exe: [Debugger] \315load32.exe
IFEO\rstrui.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\spybotsd.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\wireshark.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
IFEO\zlclient.exe: [Debugger] C:\Users\Lyndon\Documents\315load32.exe
C:\Users\Lyndon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url
ProxyServer: http=127.0.0.1:18810
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
2014-02-28 20:11 - 2014-03-04 16:26 - 00000000 ___HD () C:\ProgramData\NTKernel
2014-02-28 20:11 - 2014-02-27 08:59 - 00245760 __RSH () C:\Users\Lyndon\Documents\315load32.exe
2014-02-28 20:11 - 2014-02-27 08:59 - 00245760 __RSH () C:\ProgramData\load32.exe
2014-02-28 20:11 - 2014-02-27 08:59 - 00245760 __RSH () C:\315load32.exe
2014-02-28 21:52 - 2014-02-28 21:52 - 00000065 _____ () C:\Update.Microsoft.com.url
2014-02-28 21:51 - 2014-03-04 16:21 - 00000000 ___HD () C:\NTKernel
Task: {7AE6A6DD-7F5E-4C54-B71F-205CE92EA2E5} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-02-19] ()
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
C:\Windows\Installer\{7796217b-83e7-34f9-15bf-3d8a1507bc5e}
Task: {6017E62F-97DF-45BD-95CB-5E08E2F29C56} - System32\Tasks\RunAsStdUser Task => C:\Users\Lyndon\AppData\Local\Oxy\Application\oxy.exe <==== ATTENTION
C:\Users\Lyndon\AppData\Local\Oxy
Task: {83B1472C-BCE3-4325-913F-DC15818F5F28} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
C:\Program Files (x86)\YourFileDownloader
Reboot:
*****************
 
[2916] C:\ProgramData\load32.exe => Process closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\NT Kernel Service => Value deleted successfully.
HKU\S-1-5-21-920365104-346405113-3152261100-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully.
HKU\S-1-5-21-920365104-346405113-3152261100-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\ProgramData\load32.exe => Moved successfully.
"C:\Users\Lyndon\AppData\Roaming\uTorrent" => File/Directory not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastSvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AvastUI.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avcenter.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avconfig.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgcsrvx.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgidsagent.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgnt.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgrsx.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avguard.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgui.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avgwdsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avp.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\avscan.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bdagent.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ccuac.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ComboFix.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\egui.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\hijackthis.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\instup.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\keyscrambler.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbam.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamgui.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbampt.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamscheduler.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mbamservice.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\NisSrv.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rstrui.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\spybotsd.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\wireshark.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\zlclient.exe => Key deleted successfully.
C:\Users\Lyndon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.Microsoft.com.url => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
C:\ProgramData\NTKernel => Moved successfully.
C:\Users\Lyndon\Documents\315load32.exe => Moved successfully.
"C:\ProgramData\load32.exe" => File/Directory not found.
C:\315load32.exe => Moved successfully.
C:\Update.Microsoft.com.url => Moved successfully.
C:\NTKernel => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7AE6A6DD-7F5E-4C54-B71F-205CE92EA2E5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AE6A6DD-7F5E-4C54-B71F-205CE92EA2E5} => Key deleted successfully.
C:\Windows\System32\Tasks\AutoKMS => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS => Key deleted successfully.
C:\Windows\Tasks\AutoKMS.job => Moved successfully.
C:\Windows\Installer\{7796217b-83e7-34f9-15bf-3d8a1507bc5e} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6017E62F-97DF-45BD-95CB-5E08E2F29C56} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6017E62F-97DF-45BD-95CB-5E08E2F29C56} => Key deleted successfully.
C:\Windows\System32\Tasks\RunAsStdUser Task => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task => Key deleted successfully.
"C:\Users\Lyndon\AppData\Local\Oxy" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{83B1472C-BCE3-4325-913F-DC15818F5F28} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83B1472C-BCE3-4325-913F-DC15818F5F28} => Key deleted successfully.
C:\Windows\System32\Tasks\YourFile DownloaderUpdate => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile DownloaderUpdate => Key deleted successfully.
"C:\Program Files (x86)\YourFileDownloader" => File/Directory not found.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#6 NexuxKitty

NexuxKitty
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 07 March 2014 - 12:11 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-03-2014 02
Ran by Lyndon (administrator) on LYNDON-PC on 06-03-2014 19:08:45
Running from C:\Users\Lyndon\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Advanced Micro Devices) c:\Program Files (x86)\AMD\Fusion Utility for Mobility\FusionSVC.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3179088 2009-08-07] (Dell Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\RunOnce: [DSUpdateLauncher] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161008 2009-09-17] ()
HKU\S-1-5-21-920365104-346405113-3152261100-1000\...\MountPoints2: {b081becd-7060-11e2-83c6-a4badb9a8506} - F:\setup.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {04074216-D8B0-4FD2-AFC4-E161D2C7D16B} URL = 
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ED45488D-4444-453B-8D68-FEC628230453}: [NameServer]8.8.8.8,8.8.4.4
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (AVG Internet Security) - C:\Users\Lyndon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Extension: (Google Drive) - C:\Users\Lyndon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-29]
CHR Extension: (YouTube) - C:\Users\Lyndon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-29]
CHR Extension: (Google Search) - C:\Users\Lyndon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-29]
CHR Extension: (Google Calendar) - C:\Users\Lyndon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2012-12-29]
CHR Extension: (AdBlock) - C:\Users\Lyndon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-12-29]
CHR Extension: (Dictionary by Dictionary.com) - C:\Users\Lyndon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikhgcaliglmioibbockkmjknfnepbdh [2012-12-29]
CHR Extension: (Black Black Chrome Theme Dark Blue Highlight) - C:\Users\Lyndon\AppData\Local\Google\Chrome\User Data\Default\Extensions\njpbabhpbnilgchdjbajcbgnnclkaida [2013-03-21]
CHR Extension: (Google Wallet) - C:\Users\Lyndon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Lyndon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-29]
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-11-16] (Advanced Micro Devices, Inc.)
R2 AMDFusionSVC; c:\Program Files (x86)\AMD\Fusion Utility for Mobility\FusionSVC.exe [383544 2009-09-02] (Advanced Micro Devices)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-16] (Dell Inc.)
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-03-07] (Duplex Secure Ltd.)
S1 ahuwvbkt; \??\C:\Windows\system32\drivers\ahuwvbkt.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-05 20:42 - 2014-03-05 20:44 - 00035606 _____ () C:\Users\Lyndon\Desktop\Addition.txt
2014-03-05 20:35 - 2014-03-06 19:08 - 00010198 _____ () C:\Users\Lyndon\Desktop\FRST.txt
2014-03-05 20:35 - 2014-03-06 19:05 - 00000000 ____D () C:\FRST
2014-03-05 20:35 - 2014-03-05 20:34 - 02156544 _____ (Farbar) C:\Users\Lyndon\Desktop\FRST64.exe
2014-03-04 13:41 - 2014-03-06 19:04 - 00000336 _____ () C:\Windows\setupact.log
2014-03-04 13:41 - 2014-03-04 13:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-03 21:30 - 2014-03-03 21:47 - 00031380 ____H () C:\Users\Lyndon\Documents\~WRL0003.tmp
2014-03-02 12:36 - 2014-03-02 12:36 - 00550371 _____ () C:\Users\Lyndon\Downloads\Autoruns.zip
2014-03-02 12:00 - 2014-03-02 13:27 - 00000000 ____D () C:\AdwCleaner
2014-03-02 11:59 - 2014-03-02 11:59 - 00001071 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-02 11:59 - 2014-03-02 11:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-02 11:58 - 2014-03-02 11:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-02 11:58 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-02 09:31 - 2014-03-02 09:32 - 01244192 _____ () C:\Users\Lyndon\Downloads\AdwCleaner.exe
2014-03-02 09:31 - 2014-03-02 09:31 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Lyndon\Downloads\mbam-setup.exe
2014-03-02 09:29 - 2014-03-02 09:30 - 01037734 _____ () C:\Users\Lyndon\Downloads\JRT.exe
2014-03-01 17:14 - 2014-03-01 17:17 - 00000000 ____D () C:\Users\Lyndon\AppData\Roaming\LavasoftStatistics
2014-03-01 17:12 - 2014-03-01 17:12 - 00000000 ____D () C:\Users\Lyndon\AppData\Roaming\Winamp
2014-03-01 17:01 - 2014-03-01 17:01 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-28 19:17 - 2014-02-28 19:17 - 00000000 ____D () C:\Riot Games
2014-02-28 04:02 - 2014-03-01 20:56 - 00000000 ____D () C:\Users\Lyndon\AppData\Local\PMB Files
2014-02-28 04:02 - 2014-03-01 20:00 - 00000000 ____D () C:\ProgramData\PMB Files
2014-02-27 03:10 - 2014-02-27 03:10 - 00000000 ____D () C:\114173e81def8a56ee05
2014-02-21 21:26 - 2014-02-21 21:26 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-02-20 19:03 - 2014-02-26 17:32 - 00028463 ____H () C:\Users\Lyndon\Documents\~WRL3245.tmp
2014-02-20 19:03 - 2014-02-24 22:02 - 00027085 ____H () C:\Users\Lyndon\Documents\~WRL2037.tmp
2014-02-20 19:03 - 2014-02-22 14:15 - 00031787 ____H () C:\Users\Lyndon\Documents\~WRL3695.tmp
2014-02-20 19:03 - 2014-02-20 19:04 - 00031065 ____H () C:\Users\Lyndon\Documents\~WRL3832.tmp
2014-02-20 15:41 - 2014-02-20 15:41 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-19 20:19 - 2014-02-19 20:19 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-19 20:19 - 2014-02-19 20:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-19 18:12 - 2014-02-19 20:32 - 00000000 ____D () C:\Windows\AutoKMS
2014-02-19 18:04 - 2014-02-19 18:04 - 00000000 ____D () C:\Windows\PCHEALTH
2014-02-19 18:03 - 2014-02-19 18:03 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-02-19 18:02 - 2014-02-21 21:31 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-02-19 18:02 - 2014-02-19 18:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-02-19 18:00 - 2014-02-19 18:00 - 00000000 __RHD () C:\MSOCache
2014-02-19 17:56 - 2014-02-23 21:11 - 00000000 ____D () C:\Users\Lyndon\AppData\Local\Microsoft Help
2014-02-15 07:46 - 2014-02-15 07:46 - 00003326 _____ () C:\Windows\System32\Tasks\{C2DD9A12-482C-4736-98FB-14DD2B03EBE4}
2014-02-12 03:05 - 2014-02-12 03:05 - 00000000 ____D () C:\cabdb581eef04b58c8ec52
2014-02-12 03:04 - 2013-12-20 23:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 03:04 - 2013-12-20 22:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 03:03 - 2014-02-06 02:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 03:03 - 2014-02-06 01:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 03:03 - 2014-02-06 01:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 03:03 - 2014-02-06 01:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 03:03 - 2014-02-06 01:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 03:03 - 2014-02-06 00:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 03:03 - 2014-02-06 00:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 03:03 - 2014-02-06 00:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 03:03 - 2014-02-06 00:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 03:03 - 2014-02-06 00:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 03:03 - 2014-02-06 00:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 03:03 - 2014-02-06 00:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 03:03 - 2014-02-06 00:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 03:03 - 2014-02-06 00:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 03:03 - 2014-02-06 00:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 03:03 - 2014-02-06 00:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 03:03 - 2014-02-05 23:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 03:03 - 2014-02-05 23:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 03:03 - 2014-02-05 23:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 03:03 - 2014-02-05 23:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 03:03 - 2014-02-05 23:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 03:03 - 2014-02-05 23:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 03:03 - 2014-02-05 23:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 03:03 - 2014-02-05 23:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 03:03 - 2014-02-05 22:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 03:03 - 2014-02-05 22:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 03:02 - 2014-02-06 01:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 03:02 - 2014-02-06 00:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 03:02 - 2014-02-06 00:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 03:02 - 2014-02-05 23:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 03:02 - 2014-02-05 23:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 03:02 - 2014-02-05 23:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 03:02 - 2014-02-05 23:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 03:02 - 2014-02-05 23:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 03:02 - 2014-02-05 23:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 03:02 - 2014-02-05 23:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 03:02 - 2014-02-05 22:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 03:02 - 2014-02-05 22:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 03:02 - 2014-02-05 22:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-11 18:43 - 2013-12-31 13:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-11 18:43 - 2013-12-31 13:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-11 18:43 - 2013-12-24 13:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-11 18:43 - 2013-12-24 12:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-11 18:43 - 2013-12-05 16:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-11 18:43 - 2013-12-05 16:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-11 18:43 - 2013-12-05 16:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-11 18:43 - 2013-12-05 16:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-11 18:43 - 2013-12-03 16:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-11 18:43 - 2013-12-03 16:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-11 18:43 - 2013-12-03 16:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-11 18:43 - 2013-12-03 16:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-11 18:43 - 2013-12-03 16:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-11 18:43 - 2013-12-03 16:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-11 18:43 - 2013-12-03 16:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-11 18:43 - 2013-12-03 16:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-11 18:43 - 2013-12-03 16:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-11 18:43 - 2013-12-03 16:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-11 18:43 - 2013-12-03 16:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-11 18:43 - 2013-12-03 16:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-11 18:43 - 2013-12-03 16:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-11 18:43 - 2013-12-03 16:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-11 18:43 - 2013-12-03 15:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-11 18:43 - 2013-12-03 15:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-11 18:43 - 2013-12-03 15:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-11 18:43 - 2013-12-03 15:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-11 18:43 - 2013-11-25 22:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-11 18:43 - 2013-11-22 12:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-09 19:14 - 2014-02-10 06:23 - 00019280 _____ () C:\Users\Lyndon\Documents\Multi-Genre Portfolio.odt
 
==================== One Month Modified Files and Folders =======
 
2014-03-06 19:09 - 2014-03-05 20:35 - 00010198 _____ () C:\Users\Lyndon\Desktop\FRST.txt
2014-03-06 19:05 - 2014-03-05 20:35 - 00000000 ____D () C:\FRST
2014-03-06 19:05 - 2009-07-13 17:20 - 00000000 ____D () C:\Windows\tracing
2014-03-06 19:04 - 2014-03-04 13:41 - 00000336 _____ () C:\Windows\setupact.log
2014-03-06 19:04 - 2011-01-07 21:26 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-03-06 19:03 - 2013-02-02 00:56 - 01562478 _____ () C:\Windows\WindowsUpdate.log
2014-03-06 19:03 - 2010-04-14 09:13 - 00000000 ___RD () C:\Users\Lyndon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-05 20:44 - 2014-03-05 20:42 - 00035606 _____ () C:\Users\Lyndon\Desktop\Addition.txt
2014-03-05 20:34 - 2014-03-05 20:35 - 02156544 _____ (Farbar) C:\Users\Lyndon\Desktop\FRST64.exe
2014-03-04 16:33 - 2009-07-13 18:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-04 16:33 - 2009-07-13 18:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-04 13:41 - 2014-03-04 13:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-03 21:50 - 2011-07-11 21:53 - 00000000 ____D () C:\Users\Lyndon\AppData\Roaming\Media Player Classic
2014-03-03 21:49 - 2010-01-17 01:38 - 00000000 ____D () C:\Windows\Panther
2014-03-03 21:47 - 2014-03-03 21:30 - 00031380 ____H () C:\Users\Lyndon\Documents\~WRL0003.tmp
2014-03-02 13:27 - 2014-03-02 12:00 - 00000000 ____D () C:\AdwCleaner
2014-03-02 12:36 - 2014-03-02 12:36 - 00550371 _____ () C:\Users\Lyndon\Downloads\Autoruns.zip
2014-03-02 11:59 - 2014-03-02 11:59 - 00001071 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-02 11:59 - 2014-03-02 11:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-02 11:59 - 2014-03-02 11:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-02 09:32 - 2014-03-02 09:31 - 01244192 _____ () C:\Users\Lyndon\Downloads\AdwCleaner.exe
2014-03-02 09:31 - 2014-03-02 09:31 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Lyndon\Downloads\mbam-setup.exe
2014-03-02 09:30 - 2014-03-02 09:29 - 01037734 _____ () C:\Users\Lyndon\Downloads\JRT.exe
2014-03-01 20:56 - 2014-02-28 04:02 - 00000000 ____D () C:\Users\Lyndon\AppData\Local\PMB Files
2014-03-01 20:00 - 2014-02-28 04:02 - 00000000 ____D () C:\ProgramData\PMB Files
2014-03-01 17:17 - 2014-03-01 17:14 - 00000000 ____D () C:\Users\Lyndon\AppData\Roaming\LavasoftStatistics
2014-03-01 17:12 - 2014-03-01 17:12 - 00000000 ____D () C:\Users\Lyndon\AppData\Roaming\Winamp
2014-03-01 17:01 - 2014-03-01 17:01 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-28 21:48 - 2012-12-29 00:51 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-28 21:47 - 2009-07-13 19:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-28 21:41 - 2012-12-23 20:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-28 20:47 - 2012-12-29 00:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-28 19:17 - 2014-02-28 19:17 - 00000000 ____D () C:\Riot Games
2014-02-28 04:01 - 2011-04-21 13:21 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-02-27 22:28 - 2011-12-21 00:53 - 00000000 ____D () C:\Users\Lyndon\AppData\Roaming\Skype
2014-02-27 03:10 - 2014-02-27 03:10 - 00000000 ____D () C:\114173e81def8a56ee05
2014-02-27 03:08 - 2013-04-29 05:30 - 00766820 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-27 03:08 - 2009-07-13 19:13 - 00766820 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-26 17:32 - 2014-02-20 19:03 - 00028463 ____H () C:\Users\Lyndon\Documents\~WRL3245.tmp
2014-02-24 22:02 - 2014-02-20 19:03 - 00027085 ____H () C:\Users\Lyndon\Documents\~WRL2037.tmp
2014-02-23 21:11 - 2014-02-19 17:56 - 00000000 ____D () C:\Users\Lyndon\AppData\Local\Microsoft Help
2014-02-22 14:15 - 2014-02-20 19:03 - 00031787 ____H () C:\Users\Lyndon\Documents\~WRL3695.tmp
2014-02-22 06:52 - 2010-04-14 09:14 - 00105848 _____ () C:\Users\Lyndon\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-22 06:51 - 2009-07-13 18:45 - 00410432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-21 21:46 - 2010-01-17 00:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-21 21:31 - 2014-02-19 18:02 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-02-21 21:31 - 2009-07-13 17:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-02-21 21:26 - 2014-02-21 21:26 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-02-21 21:26 - 2010-01-17 00:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-02-20 19:04 - 2014-02-20 19:03 - 00031065 ____H () C:\Users\Lyndon\Documents\~WRL3832.tmp
2014-02-20 15:42 - 2012-12-23 20:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-20 15:41 - 2014-02-20 15:41 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-20 15:41 - 2012-12-23 20:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 15:41 - 2012-01-04 01:11 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-19 20:37 - 2010-01-17 00:44 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-02-19 20:32 - 2014-02-19 18:12 - 00000000 ____D () C:\Windows\AutoKMS
2014-02-19 20:23 - 2013-02-02 00:57 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-02-19 20:22 - 2013-02-02 00:56 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-02-19 20:22 - 2013-02-02 00:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-02-19 20:19 - 2014-02-19 20:19 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-19 20:19 - 2014-02-19 20:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-19 20:19 - 2010-01-17 00:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-02-19 18:04 - 2014-02-19 18:04 - 00000000 ____D () C:\Windows\PCHEALTH
2014-02-19 18:03 - 2014-02-19 18:03 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-02-19 18:02 - 2014-02-19 18:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-02-19 18:02 - 2009-07-13 21:45 - 00000000 ____D () C:\Windows\ShellNew
2014-02-19 18:00 - 2014-02-19 18:00 - 00000000 __RHD () C:\MSOCache
2014-02-19 17:58 - 2009-07-13 16:34 - 00000387 _____ () C:\Windows\win.ini
2014-02-15 08:42 - 2012-12-29 00:51 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-15 08:42 - 2012-12-29 00:51 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-15 07:46 - 2014-02-15 07:46 - 00003326 _____ () C:\Windows\System32\Tasks\{C2DD9A12-482C-4736-98FB-14DD2B03EBE4}
2014-02-15 03:05 - 2013-08-15 03:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-15 03:02 - 2011-02-24 17:33 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-14 15:55 - 2009-07-13 17:20 - 00000000 ____D () C:\Windows\rescache
2014-02-12 17:09 - 2012-11-10 19:36 - 00000056 _____ () C:\Windows\kgt2k.INI
2014-02-12 13:43 - 2011-12-21 00:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-12 13:43 - 2011-12-21 00:52 - 00000000 ____D () C:\ProgramData\Skype
2014-02-12 03:05 - 2014-02-12 03:05 - 00000000 ____D () C:\cabdb581eef04b58c8ec52
2014-02-10 06:23 - 2014-02-09 19:14 - 00019280 _____ () C:\Users\Lyndon\Documents\Multi-Genre Portfolio.odt
2014-02-06 02:16 - 2014-02-12 03:03 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 01:30 - 2014-02-12 03:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 01:30 - 2014-02-12 03:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 01:12 - 2014-02-12 03:02 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 01:07 - 2014-02-12 03:03 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 01:06 - 2014-02-12 03:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 00:57 - 2014-02-12 03:03 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 00:56 - 2014-02-12 03:03 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 00:52 - 2014-02-12 03:03 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 00:49 - 2014-02-12 03:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 00:48 - 2014-02-12 03:03 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 00:48 - 2014-02-12 03:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 00:38 - 2014-02-12 03:02 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 00:32 - 2014-02-12 03:03 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 00:20 - 2014-02-12 03:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 00:17 - 2014-02-12 03:03 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 00:11 - 2014-02-12 03:02 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 00:01 - 2014-02-12 03:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 00:00 - 2014-02-12 03:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-05 23:57 - 2014-02-12 03:03 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 23:57 - 2014-02-12 03:02 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-05 23:52 - 2014-02-12 03:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-05 23:52 - 2014-02-12 03:03 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-05 23:50 - 2014-02-12 03:02 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 23:49 - 2014-02-12 03:03 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-05 23:47 - 2014-02-12 03:03 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-05 23:46 - 2014-02-12 03:03 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-05 23:25 - 2014-02-12 03:03 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-05 23:25 - 2014-02-12 03:02 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-05 23:24 - 2014-02-12 03:02 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 23:22 - 2014-02-12 03:02 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 23:13 - 2014-02-12 03:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-05 23:09 - 2014-02-12 03:02 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-05 23:03 - 2014-02-12 03:02 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-05 22:55 - 2014-02-12 03:02 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 22:41 - 2014-02-12 03:02 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-05 22:40 - 2014-02-12 03:03 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-05 22:36 - 2014-02-12 03:02 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-05 22:34 - 2014-02-12 03:03 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-21 03:30
 
==================== End Of Log ============================


#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 07 March 2014 - 03:18 AM

Hello,

it looks better. :)
How is your computer running now? What problems or symptoms are still present?


Step 1

  • Start Malwarebytes Anti-Malware with administator privileges.
  • Open the tab Update and click on Check for Updates.
  • Open the tab Scanner, select Perform Quick Scan and press the Scan button.
  • When the scan is finished click on Show results.
  • Make sure that all the malware found is checked and click on Remove selected. Allow a reboot if one is required.
  • When finished MBAM shows a log file. (It can also be found under the Logs tab.)
    Please copy and paste the contents of this log file in your next reply.

 

 

 

Step 2

Please download the ESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!



#8 NexuxKitty

NexuxKitty
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 07 March 2014 - 11:19 AM

I'm sorry, but it still seems like I can't download anything. Is there a way to fix this? 



#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 07 March 2014 - 11:33 AM

So what exactly happens when you try to download anything?
We need fresh FRST logs:


Start FRST with administator privileges.
  • Make sure the option Addition.txt (under Optional Scan) is checked.
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.


#10 NexuxKitty

NexuxKitty
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 07 March 2014 - 06:58 PM

I'm not sure what happened, but as of today I can download stuff. Although, I've come up with a bit trouble with Malwarebytes. The following picture shows:

ogjq.png

 

The following replies will be the FRST logs and the addition.txt


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-03-2014 02
Ran by Lyndon (administrator) on LYNDON-PC on 07-03-2014 13:51:40
Running from C:\Users\Lyndon\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Advanced Micro Devices) c:\Program Files (x86)\AMD\Fusion Utility for Mobility\FusionSVC.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\Windows\system32\atieclxx.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [3179088 2009-08-07] (Dell Inc.)
HKLM\...\RunOnce: [DSUpdateLauncher] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161008 2009-09-17] ()
HKU\S-1-5-21-920365104-346405113-3152261100-1000\...\MountPoints2: {b081becd-7060-11e2-83c6-a4badb9a8506} - F:\setup.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {04074216-D8B0-4FD2-AFC4-E161D2C7D16B} URL = 
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ED45488D-4444-453B-8D68-FEC628230453}: [NameServer]8.8.8.8,8.8.4.4
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (AVG Internet Security) - C:\Users\Lyndon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll No File
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U38) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.380.5) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Lyndon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-29]
CHR Extension: (YouTube) - C:\Users\Lyndon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-29]
CHR Extension: (Google Search) - C:\Users\Lyndon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-29]
CHR Extension: (Google Calendar) - C:\Users\Lyndon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2012-12-29]
CHR Extension: (AdBlock) - C:\Users\Lyndon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-12-29]
CHR Extension: (Dictionary by Dictionary.com) - C:\Users\Lyndon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikhgcaliglmioibbockkmjknfnepbdh [2012-12-29]
CHR Extension: (Black Black Chrome Theme Dark Blue Highlight) - C:\Users\Lyndon\AppData\Local\Google\Chrome\User Data\Default\Extensions\njpbabhpbnilgchdjbajcbgnnclkaida [2013-03-21]
CHR Extension: (Google Wallet) - C:\Users\Lyndon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Lyndon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-29]
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-11-16] (Advanced Micro Devices, Inc.)
R2 AMDFusionSVC; c:\Program Files (x86)\AMD\Fusion Utility for Mobility\FusionSVC.exe [383544 2009-09-02] (Advanced Micro Devices)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-16] (Dell Inc.)
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-03-07] (Duplex Secure Ltd.)
S1 ahuwvbkt; \??\C:\Windows\system32\drivers\ahuwvbkt.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-07 13:51 - 2014-03-07 13:53 - 00010764 _____ () C:\Users\Lyndon\Desktop\FRST.txt
2014-03-07 13:42 - 2014-03-07 13:42 - 00000000 ____D () C:\Users\Lyndon\AppData\Roaming\Malwarebytes
2014-03-07 13:39 - 2014-03-07 13:40 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Lyndon\Desktop\mbam-setup.exe
2014-03-07 13:36 - 2014-03-07 13:36 - 02347384 _____ (ESET) C:\Users\Lyndon\Desktop\esetsmartinstaller_enu.exe
2014-03-05 20:35 - 2014-03-07 13:51 - 00000000 ____D () C:\FRST
2014-03-05 20:35 - 2014-03-05 20:34 - 02156544 _____ (Farbar) C:\Users\Lyndon\Desktop\FRST64.exe
2014-03-04 13:41 - 2014-03-07 13:44 - 00000560 _____ () C:\Windows\setupact.log
2014-03-04 13:41 - 2014-03-04 13:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-03 21:30 - 2014-03-03 21:47 - 00031380 ____H () C:\Users\Lyndon\Documents\~WRL0003.tmp
2014-03-02 12:00 - 2014-03-02 13:27 - 00000000 ____D () C:\AdwCleaner
2014-03-02 11:59 - 2014-03-02 11:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-01 17:14 - 2014-03-01 17:17 - 00000000 ____D () C:\Users\Lyndon\AppData\Roaming\LavasoftStatistics
2014-03-01 17:12 - 2014-03-01 17:12 - 00000000 ____D () C:\Users\Lyndon\AppData\Roaming\Winamp
2014-03-01 17:01 - 2014-03-01 17:01 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-28 19:17 - 2014-02-28 19:17 - 00000000 ____D () C:\Riot Games
2014-02-28 04:02 - 2014-03-01 20:56 - 00000000 ____D () C:\Users\Lyndon\AppData\Local\PMB Files
2014-02-28 04:02 - 2014-03-01 20:00 - 00000000 ____D () C:\ProgramData\PMB Files
2014-02-27 03:10 - 2014-02-27 03:10 - 00000000 ____D () C:\114173e81def8a56ee05
2014-02-21 21:26 - 2014-02-21 21:26 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-02-20 19:03 - 2014-02-26 17:32 - 00028463 ____H () C:\Users\Lyndon\Documents\~WRL3245.tmp
2014-02-20 19:03 - 2014-02-24 22:02 - 00027085 ____H () C:\Users\Lyndon\Documents\~WRL2037.tmp
2014-02-20 19:03 - 2014-02-22 14:15 - 00031787 ____H () C:\Users\Lyndon\Documents\~WRL3695.tmp
2014-02-20 19:03 - 2014-02-20 19:04 - 00031065 ____H () C:\Users\Lyndon\Documents\~WRL3832.tmp
2014-02-20 15:41 - 2014-02-20 15:41 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-19 20:19 - 2014-02-19 20:19 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-19 20:19 - 2014-02-19 20:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-19 18:12 - 2014-02-19 20:32 - 00000000 ____D () C:\Windows\AutoKMS
2014-02-19 18:04 - 2014-02-19 18:04 - 00000000 ____D () C:\Windows\PCHEALTH
2014-02-19 18:03 - 2014-02-19 18:03 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-02-19 18:02 - 2014-02-21 21:31 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-02-19 18:02 - 2014-02-19 18:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-02-19 18:00 - 2014-02-19 18:00 - 00000000 __RHD () C:\MSOCache
2014-02-19 17:56 - 2014-02-23 21:11 - 00000000 ____D () C:\Users\Lyndon\AppData\Local\Microsoft Help
2014-02-15 07:46 - 2014-02-15 07:46 - 00003326 _____ () C:\Windows\System32\Tasks\{C2DD9A12-482C-4736-98FB-14DD2B03EBE4}
2014-02-12 03:05 - 2014-02-12 03:05 - 00000000 ____D () C:\cabdb581eef04b58c8ec52
2014-02-12 03:04 - 2013-12-20 23:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 03:04 - 2013-12-20 22:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 03:03 - 2014-02-06 02:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 03:03 - 2014-02-06 01:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 03:03 - 2014-02-06 01:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 03:03 - 2014-02-06 01:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 03:03 - 2014-02-06 01:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 03:03 - 2014-02-06 00:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 03:03 - 2014-02-06 00:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 03:03 - 2014-02-06 00:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 03:03 - 2014-02-06 00:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 03:03 - 2014-02-06 00:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 03:03 - 2014-02-06 00:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 03:03 - 2014-02-06 00:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 03:03 - 2014-02-06 00:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 03:03 - 2014-02-06 00:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 03:03 - 2014-02-06 00:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-12 03:03 - 2014-02-06 00:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-12 03:03 - 2014-02-05 23:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 03:03 - 2014-02-05 23:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 03:03 - 2014-02-05 23:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-12 03:03 - 2014-02-05 23:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 03:03 - 2014-02-05 23:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 03:03 - 2014-02-05 23:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-12 03:03 - 2014-02-05 23:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-12 03:03 - 2014-02-05 23:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 03:03 - 2014-02-05 22:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 03:03 - 2014-02-05 22:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 03:02 - 2014-02-06 01:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 03:02 - 2014-02-06 00:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 03:02 - 2014-02-06 00:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 03:02 - 2014-02-05 23:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 03:02 - 2014-02-05 23:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 03:02 - 2014-02-05 23:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 03:02 - 2014-02-05 23:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 03:02 - 2014-02-05 23:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 03:02 - 2014-02-05 23:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 03:02 - 2014-02-05 23:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 03:02 - 2014-02-05 22:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 03:02 - 2014-02-05 22:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 03:02 - 2014-02-05 22:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-11 18:43 - 2013-12-31 13:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-11 18:43 - 2013-12-31 13:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-11 18:43 - 2013-12-24 13:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-11 18:43 - 2013-12-24 12:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-11 18:43 - 2013-12-05 16:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-11 18:43 - 2013-12-05 16:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-11 18:43 - 2013-12-05 16:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-11 18:43 - 2013-12-05 16:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-11 18:43 - 2013-12-03 16:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-11 18:43 - 2013-12-03 16:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-11 18:43 - 2013-12-03 16:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-11 18:43 - 2013-12-03 16:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-11 18:43 - 2013-12-03 16:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-11 18:43 - 2013-12-03 16:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-11 18:43 - 2013-12-03 16:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-11 18:43 - 2013-12-03 16:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-11 18:43 - 2013-12-03 16:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-11 18:43 - 2013-12-03 16:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-11 18:43 - 2013-12-03 16:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-11 18:43 - 2013-12-03 16:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-11 18:43 - 2013-12-03 16:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-11 18:43 - 2013-12-03 16:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-11 18:43 - 2013-12-03 15:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-11 18:43 - 2013-12-03 15:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-11 18:43 - 2013-12-03 15:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-11 18:43 - 2013-12-03 15:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-11 18:43 - 2013-11-25 22:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-11 18:43 - 2013-11-22 12:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-09 19:14 - 2014-02-10 06:23 - 00019280 _____ () C:\Users\Lyndon\Documents\Multi-Genre Portfolio.odt
 
==================== One Month Modified Files and Folders =======
 
2014-03-07 13:53 - 2014-03-07 13:51 - 00010764 _____ () C:\Users\Lyndon\Desktop\FRST.txt
2014-03-07 13:52 - 2013-02-02 00:56 - 01602020 _____ () C:\Windows\WindowsUpdate.log
2014-03-07 13:52 - 2009-07-13 18:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-07 13:52 - 2009-07-13 18:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-07 13:51 - 2014-03-05 20:35 - 00000000 ____D () C:\FRST
2014-03-07 13:44 - 2014-03-04 13:41 - 00000560 _____ () C:\Windows\setupact.log
2014-03-07 13:44 - 2011-01-07 21:26 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-03-07 13:43 - 2009-07-13 17:20 - 00000000 ____D () C:\Windows\tracing
2014-03-07 13:42 - 2014-03-07 13:42 - 00000000 ____D () C:\Users\Lyndon\AppData\Roaming\Malwarebytes
2014-03-07 13:40 - 2014-03-07 13:39 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Lyndon\Desktop\mbam-setup.exe
2014-03-07 13:36 - 2014-03-07 13:36 - 02347384 _____ (ESET) C:\Users\Lyndon\Desktop\esetsmartinstaller_enu.exe
2014-03-07 06:19 - 2013-02-02 00:57 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-03-06 19:03 - 2010-04-14 09:13 - 00000000 ___RD () C:\Users\Lyndon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-05 20:34 - 2014-03-05 20:35 - 02156544 _____ (Farbar) C:\Users\Lyndon\Desktop\FRST64.exe
2014-03-04 13:41 - 2014-03-04 13:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-03 21:50 - 2011-07-11 21:53 - 00000000 ____D () C:\Users\Lyndon\AppData\Roaming\Media Player Classic
2014-03-03 21:49 - 2010-01-17 01:38 - 00000000 ____D () C:\Windows\Panther
2014-03-03 21:47 - 2014-03-03 21:30 - 00031380 ____H () C:\Users\Lyndon\Documents\~WRL0003.tmp
2014-03-02 13:27 - 2014-03-02 12:00 - 00000000 ____D () C:\AdwCleaner
2014-03-02 11:59 - 2014-03-02 11:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-01 20:56 - 2014-02-28 04:02 - 00000000 ____D () C:\Users\Lyndon\AppData\Local\PMB Files
2014-03-01 20:00 - 2014-02-28 04:02 - 00000000 ____D () C:\ProgramData\PMB Files
2014-03-01 17:17 - 2014-03-01 17:14 - 00000000 ____D () C:\Users\Lyndon\AppData\Roaming\LavasoftStatistics
2014-03-01 17:12 - 2014-03-01 17:12 - 00000000 ____D () C:\Users\Lyndon\AppData\Roaming\Winamp
2014-03-01 17:01 - 2014-03-01 17:01 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-28 21:48 - 2012-12-29 00:51 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-28 21:47 - 2009-07-13 19:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-28 21:41 - 2012-12-23 20:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-28 20:47 - 2012-12-29 00:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-28 19:17 - 2014-02-28 19:17 - 00000000 ____D () C:\Riot Games
2014-02-28 04:01 - 2011-04-21 13:21 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-02-27 22:28 - 2011-12-21 00:53 - 00000000 ____D () C:\Users\Lyndon\AppData\Roaming\Skype
2014-02-27 03:10 - 2014-02-27 03:10 - 00000000 ____D () C:\114173e81def8a56ee05
2014-02-27 03:08 - 2013-04-29 05:30 - 00766820 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-27 03:08 - 2009-07-13 19:13 - 00766820 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-26 17:32 - 2014-02-20 19:03 - 00028463 ____H () C:\Users\Lyndon\Documents\~WRL3245.tmp
2014-02-24 22:02 - 2014-02-20 19:03 - 00027085 ____H () C:\Users\Lyndon\Documents\~WRL2037.tmp
2014-02-23 21:11 - 2014-02-19 17:56 - 00000000 ____D () C:\Users\Lyndon\AppData\Local\Microsoft Help
2014-02-22 14:15 - 2014-02-20 19:03 - 00031787 ____H () C:\Users\Lyndon\Documents\~WRL3695.tmp
2014-02-22 06:52 - 2010-04-14 09:14 - 00105848 _____ () C:\Users\Lyndon\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-22 06:51 - 2009-07-13 18:45 - 00410432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-21 21:46 - 2010-01-17 00:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-21 21:31 - 2014-02-19 18:02 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-02-21 21:31 - 2009-07-13 17:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-02-21 21:26 - 2014-02-21 21:26 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-02-21 21:26 - 2010-01-17 00:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-02-20 19:04 - 2014-02-20 19:03 - 00031065 ____H () C:\Users\Lyndon\Documents\~WRL3832.tmp
2014-02-20 15:42 - 2012-12-23 20:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-20 15:41 - 2014-02-20 15:41 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-20 15:41 - 2012-12-23 20:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 15:41 - 2012-01-04 01:11 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-19 20:37 - 2010-01-17 00:44 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-02-19 20:32 - 2014-02-19 18:12 - 00000000 ____D () C:\Windows\AutoKMS
2014-02-19 20:22 - 2013-02-02 00:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-02-19 20:19 - 2014-02-19 20:19 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-19 20:19 - 2014-02-19 20:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-19 20:19 - 2010-01-17 00:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-02-19 18:04 - 2014-02-19 18:04 - 00000000 ____D () C:\Windows\PCHEALTH
2014-02-19 18:03 - 2014-02-19 18:03 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-02-19 18:02 - 2014-02-19 18:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-02-19 18:02 - 2009-07-13 21:45 - 00000000 ____D () C:\Windows\ShellNew
2014-02-19 18:00 - 2014-02-19 18:00 - 00000000 __RHD () C:\MSOCache
2014-02-19 17:58 - 2009-07-13 16:34 - 00000387 _____ () C:\Windows\win.ini
2014-02-15 08:42 - 2012-12-29 00:51 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-15 08:42 - 2012-12-29 00:51 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-15 07:46 - 2014-02-15 07:46 - 00003326 _____ () C:\Windows\System32\Tasks\{C2DD9A12-482C-4736-98FB-14DD2B03EBE4}
2014-02-15 03:05 - 2013-08-15 03:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-15 03:02 - 2011-02-24 17:33 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-14 15:55 - 2009-07-13 17:20 - 00000000 ____D () C:\Windows\rescache
2014-02-12 17:09 - 2012-11-10 19:36 - 00000056 _____ () C:\Windows\kgt2k.INI
2014-02-12 13:43 - 2011-12-21 00:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-12 13:43 - 2011-12-21 00:52 - 00000000 ____D () C:\ProgramData\Skype
2014-02-12 03:05 - 2014-02-12 03:05 - 00000000 ____D () C:\cabdb581eef04b58c8ec52
2014-02-10 06:23 - 2014-02-09 19:14 - 00019280 _____ () C:\Users\Lyndon\Documents\Multi-Genre Portfolio.odt
2014-02-06 02:16 - 2014-02-12 03:03 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 01:30 - 2014-02-12 03:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 01:30 - 2014-02-12 03:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 01:12 - 2014-02-12 03:02 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 01:07 - 2014-02-12 03:03 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 01:06 - 2014-02-12 03:03 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 00:57 - 2014-02-12 03:03 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 00:56 - 2014-02-12 03:03 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 00:52 - 2014-02-12 03:03 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 00:49 - 2014-02-12 03:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 00:48 - 2014-02-12 03:03 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 00:48 - 2014-02-12 03:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 00:38 - 2014-02-12 03:02 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 00:32 - 2014-02-12 03:03 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 00:20 - 2014-02-12 03:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 00:17 - 2014-02-12 03:03 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 00:11 - 2014-02-12 03:02 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 00:01 - 2014-02-12 03:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 00:00 - 2014-02-12 03:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-05 23:57 - 2014-02-12 03:03 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 23:57 - 2014-02-12 03:02 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-05 23:52 - 2014-02-12 03:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-05 23:52 - 2014-02-12 03:03 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-05 23:50 - 2014-02-12 03:02 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 23:49 - 2014-02-12 03:03 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-05 23:47 - 2014-02-12 03:03 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-05 23:46 - 2014-02-12 03:03 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-05 23:25 - 2014-02-12 03:03 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-05 23:25 - 2014-02-12 03:02 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-05 23:24 - 2014-02-12 03:02 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 23:22 - 2014-02-12 03:02 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 23:13 - 2014-02-12 03:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-05 23:09 - 2014-02-12 03:02 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-05 23:03 - 2014-02-12 03:02 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-05 22:55 - 2014-02-12 03:02 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 22:41 - 2014-02-12 03:02 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-05 22:40 - 2014-02-12 03:03 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-05 22:36 - 2014-02-12 03:02 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-05 22:34 - 2014-02-12 03:03 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-21 03:30
 
==================== End Of Log ============================


#11 NexuxKitty

NexuxKitty
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 07 March 2014 - 07:00 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2014 02
Ran by Lyndon at 2014-03-07 13:56:09
Running from C:\Users\Lyndon\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AMD Accelerated Video Transcoding (Version: 12.5.100.21116 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.937.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
AMD Fusion Media Explorer (HKLM-x32\...\{9C3AAC01-10DA-418F-AEBC-F75500220415}) (Version: 1.0.1.0151 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.71116.1554 - Advanced Micro Devices, Inc.) Hidden
AMD USB Filter Driver (HKLM-x32\...\{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}) (Version: 1.0.13.88 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0729.2226 - )
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0729.2227.38498 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Czech (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Danish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Dutch (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help English (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Finnish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help French (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help German (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Greek (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Italian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Japanese (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Korean (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Polish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Russian (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Spanish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Swedish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Thai (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2009.0729.2226.38498 - ATI) Hidden
CCC Help Turkish (x32 Version: 2012.1116.1514.27190 - Advanced Micro Devices, Inc.) Hidden
ccc-core-static (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
ccc-utility64 (Version: 2009.0729.2227.38498 - ATI) Hidden
ccc-utility64 (Version: 2012.1116.1515.27190 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
CDisplayEx 1.8 (HKLM-x32\...\CDisplayEx_is1) (Version:  - Henri Gourvest.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
ClipGrab 3.3.0.4 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
Combined Community Codec Pack 2013-11-27 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2013.11.27.0 - CCCP Project)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version:  - Microsoft)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.31 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.3.44 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.1.0031 - Dell, Inc.)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.104.115.103 - Alps Electric)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 520 Series Printer Uninstall (HKLM\...\EPSON WorkForce 520 Series) (Version:  - SEIKO EPSON Corporation)
Fusion Utility for Mobility (HKLM-x32\...\{83F81F91-7BE9-44D1-98AF-2B87E0B8710C}) (Version: 1.1.1 - AMD)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 30 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416030FF}) (Version: 6.0.300 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 5.1.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 5.1.0 - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - English (HKLM-x32\...\{90150000-001F-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{67635FB6-2F63-4FFB-830B-D4C01597EBA4}) (Version: 1.2.1 - DELL)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.8 - Dell Inc.)
RGSS-RTP Standard (HKLM-x32\...\RGSS-RTP Standard_is1) (Version: 1.04 - Enterbrain)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Roxio Burn (x32 Version: 1.01 - Roxio) Hidden
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
RPGツクール2000 ランタイムパッケージ (HKLM-x32\...\{33F7A957-A66D-45A1-BADF-6576083B14E2}) (Version:  - )
RTP for RM2K (Png, Wav, Midi, Fonts) (HKLM-x32\...\RTP for RM2K (Png, Wav, Midi, Fonts)) (Version:  - )
Skins (x32 Version: 2009.0729.2227.38498 - ATI) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
 
==================== Restore Points  =========================
 
01-03-2014 05:15:14 Installed League of Legends
01-03-2014 05:18:01 Installed DirectX
01-03-2014 07:42:30 Windows Update
01-03-2014 19:57:58 Installed League of Legends
01-03-2014 19:59:13 Installed DirectX
02-03-2014 03:01:51 AA11
02-03-2014 03:14:29 AA11
02-03-2014 03:26:12 Removed Bonjour
02-03-2014 03:27:40 Removed League of Legends
02-03-2014 03:45:17 Installed League of Legends
02-03-2014 03:50:03 Installed DirectX
02-03-2014 06:24:41 Installed League of Legends
02-03-2014 06:25:21 Installed DirectX
02-03-2014 08:37:58 Removed League of Legends
 
==================== Hosts content: ==========================
 
2009-07-13 16:34 - 2009-06-10 11:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {04163593-89DC-4676-BCA6-41D34471C087} - System32\Tasks\D1BN4ZJ1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-16] (Dell Inc.)
Task: {17CBAD22-D622-4DE7-808F-EA13A0513054} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {5C7FEEB9-2745-4427-ADAA-5F63CA53277B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {8B4371CF-18E5-4C5A-A007-77E3CDFE76E0} - System32\Tasks\{54CAA699-E9B6-4490-B95C-12322833F476} => C:\Users\Lyndon\Desktop\FairyFighting.exe
Task: {99E228B9-9525-4680-A28D-E4C5B81CF693} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated)
Task: {B31C1EF0-5BAD-48E2-84DB-90F585D317DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-29] (Google Inc.)
Task: {C306D5C7-21F5-45CB-BD7E-41A633A6F6AB} - \Express FilesUpdate No Task File
Task: {CA0846F7-47E8-4B5A-AEC1-5182CCCFB775} - System32\Tasks\{CC062962-3B14-45ED-A652-64B02B09D137} => C:\Users\Lyndon\Desktop\FairyFighting.exe
Task: {CF75FEF6-106D-451E-B3C4-F0CF6808767E} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {E4E788D5-8433-4A4D-B00B-D60E7FECD96C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-29] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-01-17 00:19 - 2009-07-16 15:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
2010-01-17 00:19 - 2009-07-16 15:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2012-11-16 15:27 - 2012-11-16 15:27 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-05-05 22:32 - 2012-02-17 17:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2010-01-17 00:36 - 2009-09-17 09:14 - 00161008 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-17 00:34 - 2009-09-17 09:04 - 00115952 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-01-17 00:34 - 2009-09-17 09:05 - 00128240 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2014-03-03 21:46 - 2014-03-01 16:35 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
2014-03-03 21:47 - 2014-03-01 16:35 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
2014-03-03 21:47 - 2014-03-01 16:35 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll
2014-03-03 21:47 - 2014-03-01 16:35 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
2014-03-03 21:47 - 2014-03-01 16:35 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
2014-03-03 21:47 - 2014-03-01 16:35 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/07/2014 01:43:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: mbam.exe, version: 1.75.0.1, time stamp: 0x511f8eb2
Faulting module name: OLEAUT32.dll, version: 6.1.7601.17676, time stamp: 0x4e58702a
Exception code: 0xc0000005
Fault offset: 0x0001604c
Faulting process id: 0x13c0
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
 
Error: (03/07/2014 01:40:38 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (03/07/2014 01:40:33 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (03/06/2014 07:08:22 PM) (Source: Application Hang) (User: )
Description: The program FRST64.exe version 3.3.10.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: f00
 
Start Time: 01cf39c2df3da4a5
 
Termination Time: 41
 
Application Path: C:\Users\Lyndon\Desktop\FRST64.exe
 
Report Id: 714746b6-a5b6-11e3-88f9-a4badb9a8506
 
Error: (03/04/2014 01:46:05 PM) (Source: ESENT) (User: )
Description: DllHost (3744) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\Lyndon\AppData\Local\Microsoft\Windows\WebCache\V010001E.log.
 
Error: (03/04/2014 01:41:34 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/04/2014 01:41:34 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/04/2014 01:41:34 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/04/2014 01:41:34 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (03/04/2014 01:41:33 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (03/07/2014 01:45:28 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer MYNETN600
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{ED45488D-4444-453B-8D68-FEC628230453}.
The master browser is stopping or an election is being forced.
 
Error: (03/07/2014 01:45:15 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: 490@01010004
 
Error: (03/07/2014 01:44:57 PM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT AUTHORITY)
Description: A fatal hardware error has occurred.
 
Reported by component: Processor Core
Error Source: 3
Error Type: 256
Processor ID: 0
 
The details view of this entry contains further information.
 
Error: (03/07/2014 01:35:18 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer MYNETN600
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{ED45488D-4444-453B-8D68-FEC628230453}.
The master browser is stopping or an election is being forced.
 
Error: (03/07/2014 06:11:53 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer MYNETN600
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{ED45488D-4444-453B-8D68-FEC628230453}.
The master browser is stopping or an election is being forced.
 
Error: (03/07/2014 06:11:36 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: 490@01010004
 
Error: (03/07/2014 06:11:31 AM) (Source: Microsoft-Windows-WHEA-Logger) (User: NT AUTHORITY)
Description: A fatal hardware error has occurred.
 
Reported by component: Processor Core
Error Source: 3
Error Type: 256
Processor ID: 0
 
The details view of this entry contains further information.
 
Error: (03/07/2014 06:11:09 AM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error: 
%%5
 
Error: (03/07/2014 06:11:09 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:59:23 PM on ‎3/‎6/‎2014 was unexpected.
 
Error: (03/06/2014 09:34:43 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: 490@01010004
 
 
Microsoft Office Sessions:
=========================
Error: (03/07/2014 01:43:24 PM) (Source: Application Error)(User: )
Description: mbam.exe1.75.0.1511f8eb2OLEAUT32.dll6.1.7601.176764e58702ac00000050001604c13c001cf3a5efaa6269cC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Windows\syswow64\OLEAUT32.dll455023d6-a652-11e3-97e9-a4badb9a8506
 
Error: (03/07/2014 01:40:38 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Lyndon\Desktop\esetsmartinstaller_enu.exe
 
Error: (03/07/2014 01:40:33 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Lyndon\Downloads\esetsmartinstaller_enu.exe
 
Error: (03/06/2014 07:08:22 PM) (Source: Application Hang)(User: )
Description: FRST64.exe3.3.10.2f0001cf39c2df3da4a541C:\Users\Lyndon\Desktop\FRST64.exe714746b6-a5b6-11e3-88f9-a4badb9a8506
 
Error: (03/04/2014 01:46:05 PM) (Source: ESENT)(User: )
Description: DllHost3744WebCacheLocal: C:\Users\Lyndon\AppData\Local\Microsoft\Windows\WebCache\V010001E.log-1811
 
Error: (03/04/2014 01:41:34 PM) (Source: Windows Search Service)(User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/04/2014 01:41:34 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/04/2014 01:41:34 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (03/04/2014 01:41:34 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
 
Error: (03/04/2014 01:41:33 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 49%
Total physical RAM: 4094.39 MB
Available physical RAM: 2076.39 MB
Total Pagefile: 8186.95 MB
Available Pagefile: 5845.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:98.23 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 983F7C98)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 08 March 2014 - 02:37 PM

Ok. Please download and execute mbam-clean and try to reinstall Malwarebytes Anti-Malware afterwards as it is described here.
Does it work now?

#13 NexuxKitty

NexuxKitty
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 08 March 2014 - 09:43 PM

I've done as your post said, but it still comes up with the same error message that was shown in my previous post. Sorry for the trouble. Thank you so very much for bearing with me for this long though, I really appreciate it. 



#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 11 March 2014 - 05:46 AM

Not sure yet what the problem is.

Please skip the MBAM scan then and continue with step 2 from the previous instructions (ESET Online Scanner).



#15 NexuxKitty

NexuxKitty
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 12 March 2014 - 01:58 AM

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f8ec0c796ceee742826db27678369ed4
# engine=17406
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-12 06:42:40
# local_time=2014-03-11 08:42:40 (-1000, Hawaiian Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1023 16777215 0 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 0 146150010 0 0
# scanned=171274
# found=13
# cleaned=0
# scan_time=20898
sh=E4D5509EFA14DFFC9E735CF02DC78983B9D0FD3F ft=1 fh=8b3fc29d778dd3b8 vn="a variant of Win32/YourFileDownloader.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\yourfiledownloader\YourFileUpdater.exe.vir"
sh=806043854DBA08409D093C986B3208A5D4A512BA ft=1 fh=d6daed42d6889765 vn="Win32/Toolbar.DefaultTab.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Lyndon\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll.vir"
sh=05F6A850B69FEB5A81D63A78AA7A009F3EBDE534 ft=1 fh=3203a2453a39aa8b vn="a variant of MSIL/Injector.CWQ trojan" ac=I fn="C:\FRST\Quarantine\315load32.exe06-03-2014_19-03-12"
sh=05F6A850B69FEB5A81D63A78AA7A009F3EBDE534 ft=1 fh=3203a2453a39aa8b vn="a variant of MSIL/Injector.CWQ trojan" ac=I fn="C:\FRST\Quarantine\315load32.exe06-03-2014_19-03-14"
sh=05F6A850B69FEB5A81D63A78AA7A009F3EBDE534 ft=1 fh=3203a2453a39aa8b vn="a variant of MSIL/Injector.CWQ trojan" ac=I fn="C:\FRST\Quarantine\load32.exe06-03-2014_19-02-51"
sh=05F6A850B69FEB5A81D63A78AA7A009F3EBDE534 ft=1 fh=3203a2453a39aa8b vn="a variant of MSIL/Injector.CWQ trojan" ac=I fn="C:\FRST\Quarantine\NTKernel06-03-2014_19-03-15\nt32.exe"
sh=74E572FEF88B6F77DA2492D47D69B1F4665BDAE1 ft=1 fh=1e0562f21fd4ef8a vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"
sh=BF0A150E5AB26FA963D7CC1A82B0100C4ECA272B ft=1 fh=cb5579ec92a15bda vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"
sh=74E572FEF88B6F77DA2492D47D69B1F4665BDAE1 ft=1 fh=1e0562f21fd4ef8a vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe"
sh=285082ED0169C4B76CC500960FE5969C3E413923 ft=1 fh=d9861dad21b13fe2 vn="a variant of Win32/DomaIQ.BA potentially unwanted application" ac=I fn="C:\Users\Lyndon\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000"
sh=05F6A850B69FEB5A81D63A78AA7A009F3EBDE534 ft=1 fh=3203a2453a39aa8b vn="a variant of MSIL/Injector.CWQ trojan" ac=I fn="C:\Users\Lyndon\AppData\Local\Temp\58177"
sh=05F6A850B69FEB5A81D63A78AA7A009F3EBDE534 ft=1 fh=3203a2453a39aa8b vn="a variant of MSIL/Injector.CWQ trojan" ac=I fn="C:\Users\Lyndon\AppData\Local\Temp\75416"
sh=13EE8C9FCE6F74512DCD188CCA0655C5EDE37612 ft=1 fh=756c61b76c471ca8 vn="MSIL/HackKMS.A potentially unsafe application" ac=I fn="C:\WINDOWS\AutoKMS\AutoKMS.exe"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users