Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhost.exe com surrogate processes


  • This topic is locked This topic is locked
22 replies to this topic

#1 bmflannery

bmflannery

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 27 June 2014 - 09:04 AM

Hello,

 

I believe I have the same issue as posted here - http://www.bleepingcomputer.com/forums/t/514186/30-dllhostexe32-com-surrogate-processes-are-running/

 

I have gone ahead and downloaded the FRST software, ran a scan, and below are the results. Would appreciate any help in getting rid of this issue. Thanks!


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-06-2014
Ran by Scott (administrator) on SCOTT-PC on 27-06-2014 09:19:15
Running from J:\
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\WINDOWS\System32\atiesrxx.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(Lexmark International, Inc.) C:\WINDOWS\System32\LEXBCES.EXE
() C:\WINDOWS\System32\LEXPPS.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\WINDOWS\System32\lxdpcoms.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\WINDOWS\System32\msiexec.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Viewpoint Corporation) C:\Program Files\Viewpoint\Common\ViewpointService.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
() C:\WINDOWS\zHotkey.exe
(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\System32\MDM.EXE
(Google Inc.) C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Microsoft Corporation) C:\WINDOWS\System32\taskmgr.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\WINDOWS\System32\taskmgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [CHotkey] => C:\Windows\zHotkey.exe [547840 2006-11-07] ()
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4702208 2007-10-31] (Realtek Semiconductor)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM\...\Run: [Google Quick Search Box] => C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [126976 2011-11-27] (Google Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-30] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [273544 2011-06-14] (RealNetworks, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [Trend Micro RUBotted V2.0 Beta] => C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe [1103184 2010-12-17] (Trend Micro Inc.)
HKU\S-1-5-21-1716094745-50712745-3220641610-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1716094745-50712745-3220641610-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-1716094745-50712745-3220641610-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1716094745-50712745-3220641610-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs: c:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-06-20] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-1716094745-50712745-3220641610-1003\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1716094745-50712745-3220641610-1002\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {8E21D87F-60F1-4E77-9393-4AD27C1E965B} URL = 
SearchScopes: HKCU - {19774512-107E-4327-825C-D14332CA270D} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=374563&p={searchTerms}
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=-S0OkpNBGFctXUgwvSXGlLDixd0?q={searchTerms}
SearchScopes: HKCU - {8FBD105C-16EC-4672-B644-CE6715DF36D6} URL = http://search.yahoo.com/search?fr=mcafee&type=A010US550&p={SearchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www.freerealms.com/gamedata/FreeRealmsInstaller.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} 
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 19 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.1.1.23 10.1.1.24
 
FireFox:
========
FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\pdpfm60e.default
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.4 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @movenetworks.com/Quantum Media Player - C:\Users\Nathan\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=12.0.1.647 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.647 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.652 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.652 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.647 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF user.js: detected! => C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\pdpfm60e.default\user.js
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-27]
FF HKLM\...\Firefox\Extensions: [{000a9d1c-beef-4f90-9363-039d445309b8}] - C:\Program Files\Google\Google Gears\Firefox
FF Extension: Google Gears - C:\Program Files\Google\Google Gears\Firefox [2010-03-05]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-06-14]
 
Chrome: 
=======
CHR DefaultSearchKeyword: mcafee
CHR DefaultSearchProvider: McAfee
CHR DefaultNewTabURL: 
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-11]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-10-08]
CHR Extension: (Google Wallet) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-08]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-06-14]
 
========================== Services (Whitelisted) =================
 
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [558080 2009-04-11] (Microsoft Corporation) [File not signed]
S3 GameConsoleService; C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe [181800 2007-08-29] (WildTangent, Inc.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-20] (Google)
S2 gupdate1c98c9c1a86e260; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-11] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LexBceS; C:\Windows\System32\LEXBCES.EXE [299008 2002-02-14] (Lexmark International, Inc.)
S2 lxdpCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdpserv.exe [94208 2009-04-28] (Lexmark International, Inc.) [File not signed]
R2 lxdp_device; C:\Windows\system32\lxdpcoms.exe [594600 2007-12-01] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 RpcSs; C:\Windows\system32\rpcss.dll [558080 2009-04-11] (Microsoft Corporation) [File not signed]
R2 RUBotSrv; C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe [439632 2010-12-17] (Trend Micro Inc.)
R2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation) [File not signed]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 ac97intc; C:\Windows\System32\drivers\ac97intc.sys [108032 2006-11-02] (Intel Corporation)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [99344 2010-07-15] (ATI Technologies, Inc.)
S3 JL2005C; C:\Windows\System32\Drivers\jl2005c.sys [68826 2008-07-09] (Windows ® 2000 DDK provider) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2589184 2006-11-02] (Intel® Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
R3 RDPDISPM; C:\Windows\System32\DRIVERS\rdpdispm.sys [15488 2010-09-22] (Microsoft Corporation)
S2 tmrkb; C:\Windows\System32\DRIVERS\tmrkb.sys [131720 2014-06-27] (trend_company_name)
S3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2013-02-11] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\Scott\AppData\Local\Temp\catchme.sys [X]
U5 CDR4_XP; C:\Windows\System32\Drivers\CDR4_XP.sys [9072 2007-06-20] (Sonic Solutions)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 ntcdrdrv; system32\DRIVERS\ntcdrdrv.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SymIM; system32\DRIVERS\SymIM.sys [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-27 09:13 - 2014-06-27 09:20 - 00000000 ____D () C:\FRST
2014-06-27 08:34 - 2014-06-27 09:03 - 00000000 ____D () C:\ComboFix
2014-06-27 08:15 - 2014-06-27 08:15 - 00256904 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-06-26 14:43 - 2014-06-26 14:43 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-06-26 14:33 - 2014-06-27 08:15 - 00131720 _____ (trend_company_name) C:\Windows\system32\Drivers\tmrkb.sys
2014-06-26 14:27 - 2014-06-26 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
2014-06-26 14:27 - 2014-06-26 14:27 - 00000000 ____D () C:\Program Files\Trend Micro
2014-06-26 11:46 - 2014-06-26 11:46 - 00000036 _____ () C:\Users\Scott\AppData\Local\housecall.guid.cache
2014-06-26 11:14 - 2014-06-25 16:46 - 05211571 ____R (Swearware) C:\Users\Scott\Desktop\ComboFix.exe
2014-06-26 10:23 - 2014-06-26 11:33 - 00000795 _____ () C:\Windows\setupact.log
2014-06-26 10:23 - 2014-06-26 10:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-26 10:05 - 2014-06-27 09:23 - 00148329 _____ () C:\Windows\WindowsUpdate.log
2014-06-26 09:52 - 2014-06-27 09:05 - 00026228 _____ () C:\Windows\PFRO.log
2014-06-25 16:49 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-25 16:49 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-25 16:49 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-25 16:49 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-25 16:49 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-25 16:49 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-25 16:49 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-25 16:49 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-25 16:48 - 2014-06-27 08:34 - 00000000 ____D () C:\Qoobox
2014-06-25 16:47 - 2014-06-25 18:21 - 00000000 ____D () C:\Windows\erdnt
2014-06-21 23:32 - 2014-06-27 09:06 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-21 23:28 - 2014-06-21 23:28 - 00000859 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-21 23:28 - 2014-06-21 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-21 23:27 - 2014-06-21 23:28 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-21 23:27 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-21 23:27 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-21 23:27 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-21 16:44 - 2014-06-21 16:44 - 00000000 ____D () C:\Windows\system32\config\Scott
2014-06-21 16:43 - 2014-06-21 16:43 - 00008196 _____ () C:\Users\Scott\DECRYPT_INSTRUCTION.HTML
2014-06-21 16:43 - 2014-06-21 16:43 - 00008196 _____ () C:\Users\DECRYPT_INSTRUCTION.HTML
2014-06-21 16:43 - 2014-06-21 16:43 - 00008196 _____ () C:\DECRYPT_INSTRUCTION.HTML
2014-06-21 16:43 - 2014-06-21 16:43 - 00004142 _____ () C:\Users\Scott\DECRYPT_INSTRUCTION.TXT
2014-06-21 16:43 - 2014-06-21 16:43 - 00004142 _____ () C:\Users\DECRYPT_INSTRUCTION.TXT
2014-06-21 16:43 - 2014-06-21 16:43 - 00004142 _____ () C:\DECRYPT_INSTRUCTION.TXT
2014-06-21 16:43 - 2014-06-21 16:43 - 00000272 _____ () C:\Users\Scott\DECRYPT_INSTRUCTION.URL
2014-06-21 16:43 - 2014-06-21 16:43 - 00000272 _____ () C:\Users\DECRYPT_INSTRUCTION.URL
2014-06-21 16:43 - 2014-06-21 16:43 - 00000272 _____ () C:\DECRYPT_INSTRUCTION.URL
2014-06-21 15:41 - 2014-06-21 15:41 - 00008196 _____ () C:\Users\Scott\Downloads\DECRYPT_INSTRUCTION.HTML
2014-06-21 15:41 - 2014-06-21 15:41 - 00008196 _____ () C:\Users\Scott\Documents\DECRYPT_INSTRUCTION.HTML
2014-06-21 15:41 - 2014-06-21 15:41 - 00004142 _____ () C:\Users\Scott\Downloads\DECRYPT_INSTRUCTION.TXT
2014-06-21 15:41 - 2014-06-21 15:41 - 00004142 _____ () C:\Users\Scott\Documents\DECRYPT_INSTRUCTION.TXT
2014-06-21 15:41 - 2014-06-21 15:41 - 00000272 _____ () C:\Users\Scott\Downloads\DECRYPT_INSTRUCTION.URL
2014-06-21 15:41 - 2014-06-21 15:41 - 00000272 _____ () C:\Users\Scott\Documents\DECRYPT_INSTRUCTION.URL
2014-06-21 15:40 - 2014-06-21 15:40 - 00008196 _____ () C:\Users\Scott\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-06-21 15:40 - 2014-06-21 15:40 - 00008196 _____ () C:\Users\Scott\AppData\DECRYPT_INSTRUCTION.HTML
2014-06-21 15:40 - 2014-06-21 15:40 - 00004142 _____ () C:\Users\Scott\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-06-21 15:40 - 2014-06-21 15:40 - 00004142 _____ () C:\Users\Scott\AppData\DECRYPT_INSTRUCTION.TXT
2014-06-21 15:40 - 2014-06-21 15:40 - 00000272 _____ () C:\Users\Scott\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-06-21 15:40 - 2014-06-21 15:40 - 00000272 _____ () C:\Users\Scott\AppData\DECRYPT_INSTRUCTION.URL
2014-06-21 15:39 - 2014-06-21 15:39 - 00008196 _____ () C:\Users\Scott\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-06-21 15:39 - 2014-06-21 15:39 - 00004142 _____ () C:\Users\Scott\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-06-21 15:39 - 2014-06-21 15:39 - 00000272 _____ () C:\Users\Scott\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-06-21 15:33 - 2014-06-21 15:33 - 00008196 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.HTML
2014-06-21 15:33 - 2014-06-21 15:33 - 00008196 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.HTML
2014-06-21 15:33 - 2014-06-21 15:33 - 00004142 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.TXT
2014-06-21 15:33 - 2014-06-21 15:33 - 00004142 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.TXT
2014-06-21 15:33 - 2014-06-21 15:33 - 00000272 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.URL
2014-06-21 15:33 - 2014-06-21 15:33 - 00000272 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.URL
2014-06-21 15:32 - 2014-06-21 15:32 - 00008196 _____ () C:\Users\Nathan\DECRYPT_INSTRUCTION.HTML
2014-06-21 15:32 - 2014-06-21 15:32 - 00004142 _____ () C:\Users\Nathan\DECRYPT_INSTRUCTION.TXT
2014-06-21 15:32 - 2014-06-21 15:32 - 00000272 _____ () C:\Users\Nathan\DECRYPT_INSTRUCTION.URL
2014-06-21 14:50 - 2014-06-21 14:50 - 00008196 _____ () C:\Users\Nathan\Downloads\DECRYPT_INSTRUCTION.HTML
2014-06-21 14:50 - 2014-06-21 14:50 - 00008196 _____ () C:\Users\Nathan\Documents\DECRYPT_INSTRUCTION.HTML
2014-06-21 14:50 - 2014-06-21 14:50 - 00004142 _____ () C:\Users\Nathan\Downloads\DECRYPT_INSTRUCTION.TXT
2014-06-21 14:50 - 2014-06-21 14:50 - 00004142 _____ () C:\Users\Nathan\Documents\DECRYPT_INSTRUCTION.TXT
2014-06-21 14:50 - 2014-06-21 14:50 - 00000272 _____ () C:\Users\Nathan\Downloads\DECRYPT_INSTRUCTION.URL
2014-06-21 14:50 - 2014-06-21 14:50 - 00000272 _____ () C:\Users\Nathan\Documents\DECRYPT_INSTRUCTION.URL
2014-06-21 14:49 - 2014-06-21 14:49 - 00008196 _____ () C:\Users\Nathan\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-06-21 14:49 - 2014-06-21 14:49 - 00008196 _____ () C:\Users\Nathan\AppData\DECRYPT_INSTRUCTION.HTML
2014-06-21 14:49 - 2014-06-21 14:49 - 00004142 _____ () C:\Users\Nathan\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-06-21 14:49 - 2014-06-21 14:49 - 00004142 _____ () C:\Users\Nathan\AppData\DECRYPT_INSTRUCTION.TXT
2014-06-21 14:49 - 2014-06-21 14:49 - 00000272 _____ () C:\Users\Nathan\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-06-21 14:49 - 2014-06-21 14:49 - 00000272 _____ () C:\Users\Nathan\AppData\DECRYPT_INSTRUCTION.URL
2014-06-21 13:56 - 2014-06-21 13:56 - 00008196 _____ () C:\Users\Nathan\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-06-21 13:56 - 2014-06-21 13:56 - 00004142 _____ () C:\Users\Nathan\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-06-21 13:56 - 2014-06-21 13:56 - 00000272 _____ () C:\Users\Nathan\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-06-21 12:24 - 2014-06-21 12:24 - 00008196 _____ () C:\Users\Mary\DECRYPT_INSTRUCTION.HTML
2014-06-21 12:24 - 2014-06-21 12:24 - 00008196 _____ () C:\Users\Christine\DECRYPT_INSTRUCTION.HTML
2014-06-21 12:24 - 2014-06-21 12:24 - 00004142 _____ () C:\Users\Mary\DECRYPT_INSTRUCTION.TXT
2014-06-21 12:24 - 2014-06-21 12:24 - 00004142 _____ () C:\Users\Christine\DECRYPT_INSTRUCTION.TXT
2014-06-21 12:24 - 2014-06-21 12:24 - 00000272 _____ () C:\Users\Mary\DECRYPT_INSTRUCTION.URL
2014-06-21 12:24 - 2014-06-21 12:24 - 00000272 _____ () C:\Users\Christine\DECRYPT_INSTRUCTION.URL
2014-06-21 12:19 - 2014-06-21 12:19 - 00008196 _____ () C:\Users\Christine\Documents\DECRYPT_INSTRUCTION.HTML
2014-06-21 12:19 - 2014-06-21 12:19 - 00004142 _____ () C:\Users\Christine\Documents\DECRYPT_INSTRUCTION.TXT
2014-06-21 12:19 - 2014-06-21 12:19 - 00000272 _____ () C:\Users\Christine\Documents\DECRYPT_INSTRUCTION.URL
2014-06-21 12:17 - 2014-06-21 12:17 - 00008196 _____ () C:\Users\Christine\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-06-21 12:17 - 2014-06-21 12:17 - 00008196 _____ () C:\Users\Christine\AppData\DECRYPT_INSTRUCTION.HTML
2014-06-21 12:17 - 2014-06-21 12:17 - 00004142 _____ () C:\Users\Christine\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-06-21 12:17 - 2014-06-21 12:17 - 00004142 _____ () C:\Users\Christine\AppData\DECRYPT_INSTRUCTION.TXT
2014-06-21 12:17 - 2014-06-21 12:17 - 00000272 _____ () C:\Users\Christine\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-06-21 12:17 - 2014-06-21 12:17 - 00000272 _____ () C:\Users\Christine\AppData\DECRYPT_INSTRUCTION.URL
2014-06-21 12:13 - 2014-06-21 12:13 - 00008196 _____ () C:\Users\Christine\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-06-21 12:13 - 2014-06-21 12:13 - 00004142 _____ () C:\Users\Christine\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-06-21 12:13 - 2014-06-21 12:13 - 00000272 _____ () C:\Users\Christine\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-06-21 12:09 - 2014-06-21 12:09 - 00008196 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-06-21 12:09 - 2014-06-21 12:09 - 00004142 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-06-21 12:09 - 2014-06-21 12:09 - 00000272 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-06-21 11:59 - 2014-06-22 09:04 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Ulmawur
2014-06-21 11:57 - 2014-06-22 09:01 - 00000000 ____D () C:\ProgramData\IbrixRowje
2014-06-21 08:05 - 2014-06-21 08:05 - 00321486 ____S () C:\Windows\system32\jqzkjl.hbi
2014-06-15 05:41 - 2014-06-21 12:24 - 00000000 ____D () C:\Users\Mary\Kill for Me
2014-06-12 03:52 - 2014-05-28 12:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 03:52 - 2014-05-28 12:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 03:52 - 2014-05-28 12:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 03:52 - 2014-05-28 12:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 03:52 - 2014-05-28 12:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-12 03:52 - 2014-05-28 12:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 03:52 - 2014-05-28 12:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 03:52 - 2014-05-28 12:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-12 03:52 - 2014-05-28 12:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 03:52 - 2014-05-28 12:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 03:52 - 2014-05-28 12:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 03:52 - 2014-05-28 12:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 03:52 - 2014-05-28 12:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-12 03:52 - 2014-05-28 12:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 03:52 - 2014-05-28 12:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-12 03:52 - 2014-05-28 12:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-12 03:52 - 2014-04-26 12:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 03:52 - 2014-04-04 22:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 03:52 - 2014-03-09 21:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 03:52 - 2014-03-09 21:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 03:51 - 2014-05-28 12:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 03:51 - 2014-05-28 12:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 03:51 - 2014-05-28 12:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 03:51 - 2014-05-28 12:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 03:51 - 2014-05-28 12:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
 
==================== One Month Modified Files and Folders =======
 
2014-06-27 09:23 - 2014-06-26 10:05 - 00148329 _____ () C:\Windows\WindowsUpdate.log
2014-06-27 09:23 - 2009-07-01 13:42 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-27 09:20 - 2014-06-27 09:13 - 00000000 ____D () C:\FRST
2014-06-27 09:06 - 2014-06-21 23:32 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-27 09:06 - 2014-05-09 13:13 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6baa69abbd0.job
2014-06-27 09:06 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-27 09:06 - 2006-11-02 08:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-27 09:06 - 2006-11-02 08:47 - 00003296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-27 09:05 - 2014-06-26 09:52 - 00026228 _____ () C:\Windows\PFRO.log
2014-06-27 09:05 - 2006-11-02 09:01 - 00032548 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-27 09:03 - 2014-06-27 08:34 - 00000000 ____D () C:\ComboFix
2014-06-27 08:50 - 2006-11-02 06:23 - 00000215 _____ () C:\Windows\system.ini
2014-06-27 08:49 - 2008-11-03 21:12 - 00000000 ____D () C:\Users\Nathan
2014-06-27 08:34 - 2014-06-25 16:48 - 00000000 ____D () C:\Qoobox
2014-06-27 08:15 - 2014-06-27 08:15 - 00256904 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-06-27 08:15 - 2014-06-26 14:33 - 00131720 _____ (trend_company_name) C:\Windows\system32\Drivers\tmrkb.sys
2014-06-27 08:07 - 2012-01-29 15:30 - 00000000 ___RD () C:\Users\Nathan\Dropbox
2014-06-27 08:07 - 2011-11-28 14:53 - 00000000 ____D () C:\Users\Nathan\Downloads\PokeGen_full
2014-06-27 08:07 - 2009-10-27 07:17 - 00000000 ____D () C:\Users\Nathan\Desktop\thunder bird
2014-06-27 08:07 - 2009-08-04 18:09 - 00000000 ____D () C:\Users\Nathan\Desktop\Back Up
2014-06-27 08:07 - 2009-06-17 16:50 - 00000000 ___RD () C:\Users\Nathan\Desktop\Stuff
2014-06-27 08:07 - 2009-02-23 15:54 - 00000000 ____D () C:\Users\Nathan\icons
2014-06-27 08:07 - 2008-11-06 19:21 - 00000000 ___RD () C:\Users\Nathan\Desktop\nates
2014-06-27 08:07 - 2008-10-19 19:14 - 00000000 ____D () C:\Users\Scott
2014-06-27 08:07 - 2006-11-02 07:18 - 00000000 ___RD () C:\Users\Public
2014-06-27 08:06 - 2012-05-28 17:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-27 08:06 - 2008-11-06 14:13 - 00000000 ____D () C:\Users\Christine
2014-06-26 14:43 - 2014-06-26 14:43 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-06-26 14:27 - 2014-06-26 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
2014-06-26 14:27 - 2014-06-26 14:27 - 00000000 ____D () C:\Program Files\Trend Micro
2014-06-26 14:27 - 2009-08-07 09:30 - 00000000 ____D () C:\Program Files\WinPcap
2014-06-26 14:27 - 2009-06-11 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-06-26 11:46 - 2014-06-26 11:46 - 00000036 _____ () C:\Users\Scott\AppData\Local\housecall.guid.cache
2014-06-26 11:35 - 2006-11-02 06:33 - 00776074 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-26 11:33 - 2014-06-26 10:23 - 00000795 _____ () C:\Windows\setupact.log
2014-06-26 11:20 - 2010-11-18 19:05 - 00000868 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-06-26 10:56 - 2013-09-24 17:41 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-26 10:55 - 2010-04-16 18:02 - 00000000 ____D () C:\ProgramData\Norton
2014-06-26 10:55 - 2009-01-12 20:35 - 00000000 ____D () C:\Program Files\Norton Security Scan
2014-06-26 10:45 - 2008-10-25 14:45 - 00000000 ____D () C:\ProgramData\McAfee
2014-06-26 10:42 - 2009-11-15 23:12 - 00000000 ____D () C:\Program Files\McAfee
2014-06-26 10:23 - 2014-06-26 10:23 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-26 09:01 - 2008-11-10 10:26 - 00000000 ____D () C:\Windows\Minidump
2014-06-25 18:23 - 2009-04-24 19:47 - 00000000 ____D () C:\Users\Mary
2014-06-25 18:23 - 2006-11-02 07:18 - 00000000 __RHD () C:\Users\Default
2014-06-25 18:21 - 2014-06-25 16:47 - 00000000 ____D () C:\Windows\erdnt
2014-06-25 16:46 - 2014-06-26 11:14 - 05211571 ____R (Swearware) C:\Users\Scott\Desktop\ComboFix.exe
2014-06-22 09:04 - 2014-06-21 11:59 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Ulmawur
2014-06-22 09:01 - 2014-06-21 11:57 - 00000000 ____D () C:\ProgramData\IbrixRowje
2014-06-21 23:29 - 2008-10-20 16:59 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Malwarebytes
2014-06-21 23:28 - 2014-06-21 23:28 - 00000859 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-21 23:28 - 2014-06-21 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-21 23:28 - 2014-06-21 23:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-21 23:27 - 2011-11-07 15:32 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-06-21 23:27 - 2008-10-20 16:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-21 16:44 - 2014-06-21 16:44 - 00000000 ____D () C:\Windows\system32\config\Scott
2014-06-21 16:43 - 2014-06-21 16:43 - 00008196 _____ () C:\Users\Scott\DECRYPT_INSTRUCTION.HTML
2014-06-21 16:43 - 2014-06-21 16:43 - 00008196 _____ () C:\Users\DECRYPT_INSTRUCTION.HTML
2014-06-21 16:43 - 2014-06-21 16:43 - 00008196 _____ () C:\DECRYPT_INSTRUCTION.HTML
2014-06-21 16:43 - 2014-06-21 16:43 - 00004142 _____ () C:\Users\Scott\DECRYPT_INSTRUCTION.TXT
2014-06-21 16:43 - 2014-06-21 16:43 - 00004142 _____ () C:\Users\DECRYPT_INSTRUCTION.TXT
2014-06-21 16:43 - 2014-06-21 16:43 - 00004142 _____ () C:\DECRYPT_INSTRUCTION.TXT
2014-06-21 16:43 - 2014-06-21 16:43 - 00000272 _____ () C:\Users\Scott\DECRYPT_INSTRUCTION.URL
2014-06-21 16:43 - 2014-06-21 16:43 - 00000272 _____ () C:\Users\DECRYPT_INSTRUCTION.URL
2014-06-21 16:43 - 2014-06-21 16:43 - 00000272 _____ () C:\DECRYPT_INSTRUCTION.URL
2014-06-21 16:43 - 2014-01-18 09:13 - 00000000 ____D () C:\Users\Scott\Taxes
2014-06-21 16:43 - 2010-06-21 13:01 - 00000000 ____D () C:\VistaOSX09
2014-06-21 15:41 - 2014-06-21 15:41 - 00008196 _____ () C:\Users\Scott\Downloads\DECRYPT_INSTRUCTION.HTML
2014-06-21 15:41 - 2014-06-21 15:41 - 00008196 _____ () C:\Users\Scott\Documents\DECRYPT_INSTRUCTION.HTML
2014-06-21 15:41 - 2014-06-21 15:41 - 00004142 _____ () C:\Users\Scott\Downloads\DECRYPT_INSTRUCTION.TXT
2014-06-21 15:41 - 2014-06-21 15:41 - 00004142 _____ () C:\Users\Scott\Documents\DECRYPT_INSTRUCTION.TXT
2014-06-21 15:41 - 2014-06-21 15:41 - 00000272 _____ () C:\Users\Scott\Downloads\DECRYPT_INSTRUCTION.URL
2014-06-21 15:41 - 2014-06-21 15:41 - 00000272 _____ () C:\Users\Scott\Documents\DECRYPT_INSTRUCTION.URL
2014-06-21 15:41 - 2013-11-11 22:07 - 00012056 _____ () C:\Users\Scott\Documents\Nathan Trip pay back.xlsx
2014-06-21 15:41 - 2013-05-05 19:15 - 00081176 _____ () C:\Users\Scott\Documents\Top Gun.pptx
2014-06-21 15:41 - 2013-04-15 21:36 - 00006680 _____ () C:\Users\Scott\Documents\march act.TXT
2014-06-21 15:41 - 2012-10-22 19:31 - 00171032 _____ () C:\Users\Scott\Documents\Mexico.pptx
2014-06-21 15:41 - 2012-07-11 20:39 - 00015640 _____ () C:\Users\Scott\Downloads\2012 Softball Raffle.xls
2014-06-21 15:41 - 2012-06-05 21:35 - 00000000 ____D () C:\Users\Scott\NPAA
2014-06-21 15:41 - 2012-05-21 21:37 - 00000000 ____D () C:\Users\Scott\Documents\My Media
2014-06-21 15:41 - 2012-01-28 10:19 - 00011032 _____ () C:\Users\Scott\Documents\Rosters.xlsx
2014-06-21 15:41 - 2011-11-29 22:26 - 00050456 _____ () C:\Users\Scott\Electric Usage.xls
2014-06-21 15:41 - 2011-10-30 19:57 - 00028952 _____ () C:\Users\Scott\Documents\Passwords.xls
2014-06-21 15:41 - 2011-10-08 22:04 - 00034328 _____ () C:\Users\Scott\Documents\Northern Keystone cost split.xls
2014-06-21 15:41 - 2011-08-14 19:46 - 00018968 _____ () C:\Users\Scott\Downloads\new hampshire.xls
2014-06-21 15:41 - 2011-03-20 16:18 - 00014616 _____ () C:\Users\Scott\Documents\list.xls
2014-06-21 15:41 - 2010-10-29 22:16 - 00059416 _____ () C:\Users\Scott\Documents\ERIN BUDGET.xls
2014-06-21 15:41 - 2010-06-15 22:21 - 00687128 _____ () C:\Users\Scott\OBS report.xls
2014-06-21 15:41 - 2008-10-20 20:04 - 00000000 ____D () C:\Users\Scott\Documents\Nate's school work
2014-06-21 15:40 - 2014-06-21 15:40 - 00008196 _____ () C:\Users\Scott\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-06-21 15:40 - 2014-06-21 15:40 - 00008196 _____ () C:\Users\Scott\AppData\DECRYPT_INSTRUCTION.HTML
2014-06-21 15:40 - 2014-06-21 15:40 - 00004142 _____ () C:\Users\Scott\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-06-21 15:40 - 2014-06-21 15:40 - 00004142 _____ () C:\Users\Scott\AppData\DECRYPT_INSTRUCTION.TXT
2014-06-21 15:40 - 2014-06-21 15:40 - 00000272 _____ () C:\Users\Scott\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-06-21 15:40 - 2014-06-21 15:40 - 00000272 _____ () C:\Users\Scott\AppData\DECRYPT_INSTRUCTION.URL
2014-06-21 15:40 - 2013-07-20 21:26 - 00027416 _____ () C:\Users\Scott\colleges.xls
2014-06-21 15:40 - 2011-02-12 11:08 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Real
2014-06-21 15:40 - 2010-05-31 14:24 - 00019992 _____ () C:\Users\Scott\Documents\CRAIG LOAN.xls
2014-06-21 15:40 - 2010-05-31 14:22 - 00003864 _____ () C:\Users\Scott\Documents\CRAIG LOAN.TXT
2014-06-21 15:40 - 2010-02-20 15:35 - 00001560 _____ () C:\Users\Scott\Documents\Basement 2009.TXT
2014-06-21 15:40 - 2010-02-20 15:32 - 00030232 _____ () C:\Users\Scott\Documents\Basement 2006.xls
2014-06-21 15:40 - 2010-02-20 14:54 - 00003608 _____ () C:\Users\Scott\Documents\Basement 2005.TXT
2014-06-21 15:40 - 2010-02-20 14:37 - 00002328 _____ () C:\Users\Scott\Documents\Basement 2007.TXT
2014-06-21 15:40 - 2010-02-20 14:34 - 00005400 _____ () C:\Users\Scott\Documents\Basement 2006.TXT
2014-06-21 15:40 - 2009-08-02 07:08 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Nikon
2014-06-21 15:40 - 2009-02-28 23:12 - 00011288 _____ () C:\Users\Scott\Documents\2009 expenses.xls
2014-06-21 15:40 - 2009-02-28 23:02 - 00029464 _____ () C:\Users\Scott\Documents\2008 expenses.xls
2014-06-21 15:40 - 2009-02-28 22:48 - 00003864 _____ () C:\Users\Scott\Documents\2008 expenses.TXT
2014-06-21 15:40 - 2009-02-28 22:48 - 00002840 _____ () C:\Users\Scott\Documents\2009 expenses.TXT
2014-06-21 15:40 - 2009-01-21 08:23 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Mozilla
2014-06-21 15:40 - 2009-01-18 14:05 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Apple Computer
2014-06-21 15:40 - 2008-11-06 15:54 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\acccore
2014-06-21 15:40 - 2008-10-26 08:20 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Adobe
2014-06-21 15:40 - 2008-10-24 22:41 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Intuit
2014-06-21 15:40 - 2008-10-20 19:19 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Macromedia
2014-06-21 15:40 - 2008-10-19 19:15 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\Spare Backup
2014-06-21 15:39 - 2014-06-21 15:39 - 00008196 _____ () C:\Users\Scott\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-06-21 15:39 - 2014-06-21 15:39 - 00004142 _____ () C:\Users\Scott\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-06-21 15:39 - 2014-06-21 15:39 - 00000272 _____ () C:\Users\Scott\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-06-21 15:39 - 2008-10-21 20:25 - 00000000 ____D () C:\Users\Scott\AppData\Local\Microsoft Games
2014-06-21 15:39 - 2008-10-19 19:15 - 00000000 ____D () C:\Users\Scott\AppData\Local\Google
2014-06-21 15:37 - 2009-01-18 14:05 - 00000000 ____D () C:\Users\Scott\AppData\Local\Apple Computer
2014-06-21 15:34 - 2010-06-15 19:08 - 04400920 _____ () C:\Users\Scott\20080225_BISMAT-nonWAs.xls
2014-06-21 15:34 - 2010-06-15 19:08 - 01024024 _____ () C:\Users\Scott\20080225_BISMAT-WAs.xls
2014-06-21 15:33 - 2014-06-21 15:33 - 00008196 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.HTML
2014-06-21 15:33 - 2014-06-21 15:33 - 00008196 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.HTML
2014-06-21 15:33 - 2014-06-21 15:33 - 00004142 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.TXT
2014-06-21 15:33 - 2014-06-21 15:33 - 00004142 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.TXT
2014-06-21 15:33 - 2014-06-21 15:33 - 00000272 _____ () C:\Users\Public\Documents\DECRYPT_INSTRUCTION.URL
2014-06-21 15:33 - 2014-06-21 15:33 - 00000272 _____ () C:\Users\Public\DECRYPT_INSTRUCTION.URL
2014-06-21 15:33 - 2009-05-21 17:31 - 00000000 ____D () C:\Users\Public\Documents\Stardock
2014-06-21 15:33 - 2009-01-12 21:55 - 00033816 _____ () C:\Users\Scott\2008-09budget8-26.xls
2014-06-21 15:33 - 2006-11-02 08:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-21 15:32 - 2014-06-21 15:32 - 00008196 _____ () C:\Users\Nathan\DECRYPT_INSTRUCTION.HTML
2014-06-21 15:32 - 2014-06-21 15:32 - 00004142 _____ () C:\Users\Nathan\DECRYPT_INSTRUCTION.TXT
2014-06-21 15:32 - 2014-06-21 15:32 - 00000272 _____ () C:\Users\Nathan\DECRYPT_INSTRUCTION.URL
2014-06-21 15:19 - 2012-09-19 06:08 - 00016152 _____ () C:\Users\Nathan\Grades.xlsx
2014-06-21 14:50 - 2014-06-21 14:50 - 00008196 _____ () C:\Users\Nathan\Downloads\DECRYPT_INSTRUCTION.HTML
2014-06-21 14:50 - 2014-06-21 14:50 - 00008196 _____ () C:\Users\Nathan\Documents\DECRYPT_INSTRUCTION.HTML
2014-06-21 14:50 - 2014-06-21 14:50 - 00004142 _____ () C:\Users\Nathan\Downloads\DECRYPT_INSTRUCTION.TXT
2014-06-21 14:50 - 2014-06-21 14:50 - 00004142 _____ () C:\Users\Nathan\Documents\DECRYPT_INSTRUCTION.TXT
2014-06-21 14:50 - 2014-06-21 14:50 - 00000272 _____ () C:\Users\Nathan\Downloads\DECRYPT_INSTRUCTION.URL
2014-06-21 14:50 - 2014-06-21 14:50 - 00000272 _____ () C:\Users\Nathan\Documents\DECRYPT_INSTRUCTION.URL
2014-06-21 14:50 - 2012-05-22 15:34 - 00000000 ____D () C:\Users\Nathan\Documents\My Media
2014-06-21 14:50 - 2011-11-11 19:20 - 00000000 ____D () C:\Users\Nathan\Downloads\redsn0w_win_0.9.9b8
2014-06-21 14:50 - 2011-11-11 19:10 - 00000000 ____D () C:\Users\Nathan\Documents\School
2014-06-21 14:50 - 2009-10-31 10:36 - 00000000 ____D () C:\Users\Nathan\Documents\Music Collector
2014-06-21 14:50 - 2009-08-06 17:18 - 00000000 ____D () C:\Users\Nathan\Documents\LimeWire
2014-06-21 14:50 - 2009-06-24 16:30 - 00000000 ____D () C:\Users\Nathan\Documents\Regensoft
2014-06-21 14:50 - 2009-06-12 07:56 - 00000000 ____D () C:\Users\Nathan\Documents\Cucusoft
2014-06-21 14:50 - 2009-05-28 18:13 - 00000000 __RSD () C:\Users\Nathan\Documents\My Stationery
2014-06-21 14:50 - 2009-05-07 18:57 - 00000280 _____ () C:\Users\Nathan\Documents\signature.txt
2014-06-21 14:50 - 2008-12-09 19:17 - 00017688 _____ () C:\Users\Nathan\Documents\Book1.xls
2014-06-21 14:50 - 2008-12-06 15:36 - 00102936 _____ () C:\Users\Nathan\Documents\db1.mdb
2014-06-21 14:50 - 2008-11-25 18:45 - 00000000 ____D () C:\Users\Nathan\Documents\My Games
2014-06-21 14:50 - 2008-11-15 09:18 - 00008984 _____ () C:\Users\Nathan\Documents\Book1.xlsx
2014-06-21 14:50 - 2008-11-13 19:36 - 00000000 ____D () C:\Users\Nathan\Documents\Nate's school work
2014-06-21 14:49 - 2014-06-21 14:49 - 00008196 _____ () C:\Users\Nathan\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-06-21 14:49 - 2014-06-21 14:49 - 00008196 _____ () C:\Users\Nathan\AppData\DECRYPT_INSTRUCTION.HTML
2014-06-21 14:49 - 2014-06-21 14:49 - 00004142 _____ () C:\Users\Nathan\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-06-21 14:49 - 2014-06-21 14:49 - 00004142 _____ () C:\Users\Nathan\AppData\DECRYPT_INSTRUCTION.TXT
2014-06-21 14:49 - 2014-06-21 14:49 - 00000272 _____ () C:\Users\Nathan\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-06-21 14:49 - 2014-06-21 14:49 - 00000272 _____ () C:\Users\Nathan\AppData\DECRYPT_INSTRUCTION.URL
2014-06-21 14:49 - 2012-01-29 15:27 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Dropbox
2014-06-21 14:49 - 2009-12-09 15:37 - 00098072 _____ () C:\Users\Nathan\Desktop\Cats!.ppt
2014-06-21 14:49 - 2009-08-26 09:27 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\OpenOffice.org
2014-06-21 14:49 - 2009-08-07 09:59 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\MozillaControl
2014-06-21 14:49 - 2009-08-06 17:17 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\LimeWire
2014-06-21 14:49 - 2009-08-03 11:27 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Real
2014-06-21 14:49 - 2009-08-02 07:10 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Nikon
2014-06-21 14:49 - 2009-05-22 20:28 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Stardock
2014-06-21 14:49 - 2009-04-24 07:18 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\TuxPaint
2014-06-21 14:49 - 2009-01-21 18:27 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Flock
2014-06-21 14:49 - 2009-01-21 15:26 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Maxthon2
2014-06-21 14:49 - 2009-01-21 14:14 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Thunderbird
2014-06-21 14:49 - 2009-01-18 14:27 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Apple Computer
2014-06-21 14:49 - 2008-11-23 20:51 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Intuit
2014-06-21 14:49 - 2008-11-07 14:07 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Malwarebytes
2014-06-21 14:49 - 2008-11-04 08:09 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Google
2014-06-21 14:49 - 2008-11-03 21:13 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Spare Backup
2014-06-21 14:43 - 2009-06-16 18:49 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Acoustica
2014-06-21 14:43 - 2008-11-07 14:06 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\AIMPro
2014-06-21 14:43 - 2008-11-07 14:06 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\acccore
2014-06-21 14:43 - 2008-11-06 17:17 - 00000000 ____D () C:\Users\Nathan\AppData\Roaming\Adobe
2014-06-21 13:56 - 2014-06-21 13:56 - 00008196 _____ () C:\Users\Nathan\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-06-21 13:56 - 2014-06-21 13:56 - 00004142 _____ () C:\Users\Nathan\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-06-21 13:56 - 2014-06-21 13:56 - 00000272 _____ () C:\Users\Nathan\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-06-21 13:56 - 2009-11-06 20:18 - 00000000 ____D () C:\Users\Nathan\AppData\Local\Microsoft Games
2014-06-21 12:45 - 2008-10-21 20:44 - 00000000 ____D () C:\ProgramData\Lx_cats
2014-06-21 12:37 - 2008-11-03 21:13 - 00000000 ____D () C:\Users\Nathan\AppData\Local\Google
2014-06-21 12:32 - 2011-02-01 14:38 - 00000000 ____D () C:\Users\Nathan\AppData\Local\Geckofx
2014-06-21 12:32 - 2009-09-22 18:29 - 00000000 ____D () C:\Users\Nathan\AppData\Local\Apple Computer
2014-06-21 12:32 - 2009-07-17 12:35 - 00000280 _____ () C:\Users\Nathan\AppData\Local\DVDPATH.TXT
2014-06-21 12:32 - 2009-07-01 17:01 - 00000000 ____D () C:\Users\Nathan\AppData\Local\BuildAGadget Content
2014-06-21 12:25 - 2008-11-06 17:17 - 00000000 ____D () C:\Users\Nathan\AppData\Local\Adobe
2014-06-21 12:24 - 2014-06-21 12:24 - 00008196 _____ () C:\Users\Mary\DECRYPT_INSTRUCTION.HTML
2014-06-21 12:24 - 2014-06-21 12:24 - 00008196 _____ () C:\Users\Christine\DECRYPT_INSTRUCTION.HTML
2014-06-21 12:24 - 2014-06-21 12:24 - 00004142 _____ () C:\Users\Mary\DECRYPT_INSTRUCTION.TXT
2014-06-21 12:24 - 2014-06-21 12:24 - 00004142 _____ () C:\Users\Christine\DECRYPT_INSTRUCTION.TXT
2014-06-21 12:24 - 2014-06-21 12:24 - 00000272 _____ () C:\Users\Mary\DECRYPT_INSTRUCTION.URL
2014-06-21 12:24 - 2014-06-21 12:24 - 00000272 _____ () C:\Users\Christine\DECRYPT_INSTRUCTION.URL
2014-06-21 12:24 - 2014-06-15 05:41 - 00000000 ____D () C:\Users\Mary\Kill for Me
2014-06-21 12:24 - 2014-03-29 13:54 - 00028440 _____ () C:\Users\Mary\colleges.xls
2014-06-21 12:24 - 2010-01-26 21:06 - 00022552 _____ () C:\Users\Christine\word search.xls
2014-06-21 12:19 - 2014-06-21 12:19 - 00008196 _____ () C:\Users\Christine\Documents\DECRYPT_INSTRUCTION.HTML
2014-06-21 12:19 - 2014-06-21 12:19 - 00004142 _____ () C:\Users\Christine\Documents\DECRYPT_INSTRUCTION.TXT
2014-06-21 12:19 - 2014-06-21 12:19 - 00000272 _____ () C:\Users\Christine\Documents\DECRYPT_INSTRUCTION.URL
2014-06-21 12:19 - 2012-09-19 21:29 - 00015384 _____ () C:\Users\Christine\Grades.xlsx
2014-06-21 12:19 - 2011-05-28 20:07 - 00012568 _____ () C:\Users\Christine\Documents\wheel and axle.wps
2014-06-21 12:19 - 2011-05-22 14:22 - 00019992 _____ () C:\Users\Christine\Documents\Untitled Document.wps
2014-06-21 12:19 - 2011-05-07 16:06 - 00026392 _____ () C:\Users\Christine\Documents\nancy drew.wps
2014-06-21 12:19 - 2011-04-10 18:46 - 00129560 _____ () C:\Users\Christine\Documents\Presentation1.ppt
2014-06-21 12:19 - 2011-04-10 11:46 - 00010776 _____ () C:\Users\Christine\Documents\Persuasive Essay.wps
2014-06-21 12:19 - 2011-03-30 19:38 - 00009752 _____ () C:\Users\Christine\Documents\Pantheon.wps
2014-06-21 12:19 - 2011-03-21 18:33 - 00016152 _____ () C:\Users\Christine\Documents\Written book report.wps
2014-06-21 12:19 - 2011-03-15 19:35 - 00033304 _____ () C:\Users\Christine\Documents\research report winston churchill.wps
2014-06-21 12:19 - 2011-02-17 21:52 - 00009752 _____ () C:\Users\Christine\Documents\wind-powered car.wps
2014-06-21 12:19 - 2011-02-02 17:05 - 00011800 _____ () C:\Users\Christine\Documents\spring poem.wps
2014-06-21 12:19 - 2011-01-27 21:21 - 00011800 _____ () C:\Users\Christine\Documents\volcano.wps
2014-06-21 12:19 - 2011-01-20 19:26 - 00009752 _____ () C:\Users\Christine\Documents\swiss collector.wps
2014-06-21 12:19 - 2011-01-19 09:17 - 00155928 _____ () C:\Users\Christine\Documents\whispers white.wps
2014-06-21 12:19 - 2010-11-22 18:26 - 00010264 _____ () C:\Users\Christine\Documents\Pepsi.wps
2014-06-21 12:19 - 2010-11-13 14:19 - 00011800 _____ () C:\Users\Christine\Documents\Mystery.wps
2014-06-21 12:19 - 2010-10-24 17:30 - 00011800 _____ () C:\Users\Christine\Documents\st. christina.wps
2014-06-21 12:19 - 2010-06-14 16:46 - 00000000 __RSD () C:\Users\Christine\Documents\My Stationery
2014-06-21 12:18 - 2011-09-07 17:13 - 00010776 _____ () C:\Users\Christine\Documents\Interview with Mom.wps
2014-06-21 12:18 - 2011-09-07 16:45 - 00010776 _____ () C:\Users\Christine\Documents\Interview with Nathan.wps
2014-06-21 12:18 - 2011-09-07 16:31 - 00010776 _____ () C:\Users\Christine\Documents\Interview with Ms. Baier.wps
2014-06-21 12:18 - 2011-08-24 11:11 - 00033304 _____ () C:\Users\Christine\Documents\i am regina.wps
2014-06-21 12:18 - 2011-06-04 11:46 - 03211800 _____ () C:\Users\Christine\Documents\Country Report RD +.wps
2014-06-21 12:18 - 2011-06-02 17:25 - 00011800 _____ () C:\Users\Christine\Documents\immigrants.wps
2014-06-21 12:18 - 2011-05-05 18:16 - 00009752 _____ () C:\Users\Christine\Documents\dog shooting.wps
2014-06-21 12:18 - 2011-04-26 18:04 - 00024344 _____ () C:\Users\Christine\Documents\Jesus of Nazareth.wps
2014-06-21 12:18 - 2011-04-19 18:17 - 00010776 _____ () C:\Users\Christine\Documents\current event last supper.wps
2014-06-21 12:18 - 2011-04-06 19:25 - 00012568 _____ () C:\Users\Christine\Documents\Edvard Munch.wps
2014-06-21 12:18 - 2011-03-31 20:45 - 00012568 _____ () C:\Users\Christine\Documents\current event.wps
2014-06-21 12:18 - 2011-03-24 17:39 - 00009752 _____ () C:\Users\Christine\Documents\Japan Current Event.wps
2014-06-21 12:18 - 2011-03-24 07:14 - 00009752 _____ () C:\Users\Christine\Documents\cross report.wps
2014-06-21 12:18 - 2011-01-02 13:22 - 00013080 _____ () C:\Users\Christine\Documents\ghirardelli chocolate.wps
2014-06-21 12:18 - 2010-12-19 16:23 - 00011800 _____ () C:\Users\Christine\Documents\Guitar Boy.wps
2014-06-21 12:18 - 2010-11-22 19:13 - 00012568 _____ () C:\Users\Christine\Documents\Dell.wps
2014-06-21 12:18 - 2010-11-04 17:36 - 00009752 _____ () C:\Users\Christine\Documents\I am Thankful for....wps
2014-06-21 12:18 - 2010-10-20 19:05 - 00018456 _____ () C:\Users\Christine\Documents\current e..wps
2014-06-21 12:18 - 2010-10-08 13:24 - 00905240 _____ () C:\Users\Christine\Documents\mummies.wps
2014-06-21 12:18 - 2009-11-07 10:54 - 00096536 _____ () C:\Users\Christine\Documents\My Puppy.ppt
2014-06-21 12:17 - 2014-06-21 12:17 - 00008196 _____ () C:\Users\Christine\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-06-21 12:17 - 2014-06-21 12:17 - 00008196 _____ () C:\Users\Christine\AppData\DECRYPT_INSTRUCTION.HTML
2014-06-21 12:17 - 2014-06-21 12:17 - 00004142 _____ () C:\Users\Christine\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-06-21 12:17 - 2014-06-21 12:17 - 00004142 _____ () C:\Users\Christine\AppData\DECRYPT_INSTRUCTION.TXT
2014-06-21 12:17 - 2014-06-21 12:17 - 00000272 _____ () C:\Users\Christine\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-06-21 12:17 - 2014-06-21 12:17 - 00000272 _____ () C:\Users\Christine\AppData\DECRYPT_INSTRUCTION.URL
2014-06-21 12:17 - 2011-11-06 12:43 - 00012568 _____ () C:\Users\Christine\Documents\clean up.wps
2014-06-21 12:17 - 2011-08-23 15:31 - 00033304 _____ () C:\Users\Christine\Documents\a wrinkle in time.wps
2014-06-21 12:17 - 2011-08-01 12:30 - 00023576 _____ () C:\Users\Christine\Documents\Because of Winn-Dixie.wps
2014-06-21 12:17 - 2011-05-30 15:56 - 00026904 _____ () C:\Users\Christine\Documents\author study.wps
2014-06-21 12:17 - 2011-04-17 15:47 - 00011288 _____ () C:\Users\Christine\Documents\art piece story.wps
2014-06-21 12:17 - 2011-01-18 19:06 - 00010264 _____ () C:\Users\Christine\Documents\Catholic School.wps
2014-06-21 12:17 - 2010-12-04 15:22 - 00012568 _____ () C:\Users\Christine\Documents\Christmas Traditions.wps
2014-06-21 12:17 - 2010-11-22 18:41 - 00009752 _____ () C:\Users\Christine\Documents\Apple.wps
2014-06-21 12:17 - 2010-11-21 10:27 - 00010776 _____ () C:\Users\Christine\Documents\Coca Cola.wps
2014-06-21 12:17 - 2010-10-03 16:12 - 00026904 _____ () C:\Users\Christine\Documents\book sox.wps
2014-06-21 12:17 - 2008-11-06 14:13 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Spare Backup
2014-06-21 12:14 - 2010-01-01 12:08 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Intuit
2014-06-21 12:14 - 2009-01-19 12:11 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Apple Computer
2014-06-21 12:14 - 2009-01-07 12:37 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Adobe
2014-06-21 12:14 - 2008-11-06 16:12 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\AIMPro
2014-06-21 12:14 - 2008-11-06 16:12 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\acccore
2014-06-21 12:13 - 2014-06-21 12:13 - 00008196 _____ () C:\Users\Christine\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-06-21 12:13 - 2014-06-21 12:13 - 00004142 _____ () C:\Users\Christine\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-06-21 12:13 - 2014-06-21 12:13 - 00000272 _____ () C:\Users\Christine\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-06-21 12:13 - 2008-11-28 16:44 - 00000000 ____D () C:\Users\Christine\AppData\Local\Microsoft Games
2014-06-21 12:13 - 2008-11-06 14:13 - 00000000 ____D () C:\Users\Christine\AppData\Local\Google
2014-06-21 12:12 - 2009-01-19 12:11 - 00000000 ____D () C:\Users\Christine\AppData\Local\Apple Computer
2014-06-21 12:09 - 2014-06-21 12:09 - 00008196 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-06-21 12:09 - 2014-06-21 12:09 - 00004142 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-06-21 12:09 - 2014-06-21 12:09 - 00000272 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-06-21 12:09 - 2010-06-23 07:53 - 00000000 ____D () C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2014-06-21 12:09 - 2009-09-11 18:37 - 00000000 ____D () C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2014-06-21 12:09 - 2009-04-24 15:07 - 00000000 ____D () C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2014-06-21 12:09 - 2009-03-15 18:55 - 00000000 ____D () C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2014-06-21 12:09 - 2009-01-07 12:37 - 00000000 ____D () C:\Users\Christine\AppData\Local\Adobe
2014-06-21 12:09 - 2008-02-06 16:22 - 00000000 ____D () C:\ProgramData\WildTangent
2014-06-21 12:05 - 2009-01-12 20:35 - 00000000 ____D () C:\ProgramData\SiteAdvisor
2014-06-21 12:05 - 2008-10-20 16:51 - 00000000 ____D () C:\ProgramData\SBT
2014-06-21 12:05 - 2008-02-06 16:01 - 00000000 ____D () C:\ProgramData\Symantec
2014-06-21 12:02 - 2009-08-02 07:05 - 00000000 ____D () C:\ProgramData\Nikon
2014-06-21 12:00 - 2008-02-06 16:25 - 00000000 ____D () C:\ProgramData\Napster
2014-06-21 11:57 - 2009-01-28 16:38 - 00000000 ____D () C:\ProgramData\KingsIsle Entertainment
2014-06-21 11:57 - 2008-10-24 20:13 - 00000000 ____D () C:\ProgramData\Intuit
2014-06-21 11:56 - 2014-05-01 18:44 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-06-21 11:56 - 2013-04-06 20:23 - 64442868 _____ () C:\MTD2.mp4
2014-06-21 11:56 - 2010-10-30 08:56 - 00001816 _____ () C:\med4.txt
2014-06-21 11:56 - 2010-10-30 08:55 - 00001816 _____ () C:\med2.txt
2014-06-21 11:56 - 2010-10-30 08:55 - 00001048 _____ () C:\med3.txt
2014-06-21 11:56 - 2010-10-30 08:54 - 00001304 _____ () C:\med1.txt
2014-06-21 11:56 - 2009-11-26 15:04 - 00003608 _____ () C:\loan.TXT
2014-06-21 11:56 - 2009-07-17 16:38 - 00000000 ____D () C:\DVD_VIDEO
2014-06-21 11:56 - 2009-02-17 22:00 - 20383544 _____ () C:\MVI_0228.AVI
2014-06-21 11:56 - 2009-01-18 14:03 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-06-21 11:56 - 2008-11-07 16:52 - 00000000 ____D () C:\ProgramData\AOL OCP
2014-06-21 11:55 - 2010-10-30 09:13 - 00030744 _____ () C:\2010 Medical.xls
2014-06-21 11:55 - 2010-10-20 20:55 - 00000000 ____D () C:\ATI
2014-06-21 11:55 - 2009-06-12 07:56 - 00000000 ____D () C:\ConverterOutput
2014-06-21 11:55 - 2009-01-31 16:38 - 00000000 ____D () C:\.mpr_file_store_32
2014-06-21 08:05 - 2014-06-21 08:05 - 00321486 ____S () C:\Windows\system32\jqzkjl.hbi
2014-06-18 21:23 - 2011-11-07 17:54 - 00002531 _____ () C:\Users\Scott\Desktop\Microsoft Excel 2010.lnk
2014-06-13 03:06 - 2008-02-06 16:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-13 03:05 - 2013-09-27 17:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-13 03:02 - 2006-11-02 06:24 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-06-11 17:24 - 2013-09-29 13:38 - 00001931 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-28 12:48 - 2014-06-12 03:51 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-28 12:39 - 2014-06-12 03:52 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-28 12:38 - 2014-06-12 03:51 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-28 12:33 - 2014-06-12 03:52 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-28 12:32 - 2014-06-12 03:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-28 12:32 - 2014-06-12 03:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-28 12:31 - 2014-06-12 03:52 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-28 12:31 - 2014-06-12 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-28 12:30 - 2014-06-12 03:52 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-28 12:30 - 2014-06-12 03:52 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-28 12:30 - 2014-06-12 03:52 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-28 12:30 - 2014-06-12 03:52 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-28 12:30 - 2014-06-12 03:52 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-28 12:30 - 2014-06-12 03:52 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-28 12:30 - 2014-06-12 03:52 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-28 12:29 - 2014-06-12 03:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-28 12:29 - 2014-06-12 03:52 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-28 12:29 - 2014-06-12 03:52 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-28 12:29 - 2014-06-12 03:51 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-28 12:29 - 2014-06-12 03:51 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-28 12:28 - 2014-06-12 03:51 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
 
Files to move or delete:
====================
C:\ProgramData\PKP_DLdu.DAT
C:\Users\Christine\jagex_runescape_preferences.dat
C:\Users\Nathan\jagex_cl_runescape_LIVE.dat
C:\Users\Nathan\jagex_runescape_preferences.dat
C:\Users\Nathan\jagex_runescape_preferences2.dat
C:\Users\Nathan\jagex__preferences3.dat
C:\Users\Scott\jagex_cl_runescape_LIVE.dat
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll
[2009-06-18 15:29] - [2009-04-11 02:28] - 0558080 ____A (Microsoft Corporation) DCB3FD6351B631F488E53BEFC502305A
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-27 09:13
 
==================== End Of Log ============================

Addition Log Below:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-06-2014
Ran by Scott at 2014-06-27 09:24:29
Running from J:\
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
Acoustica Effects Pack (HKLM\...\Acoustica Effects Pack) (Version: 1.0 - Acoustica, Inc)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 10 Plugin (HKLM\...\{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}) (Version: 10.0.12.36 - Adobe Systems, Inc.)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader 8.3.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A83000000003}) (Version: 8.3.1 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
Age of Mythology Gold (HKLM\...\Age of Mythology Expansion Pack 1.0) (Version: 1.0 - Microsoft)
AnswerWorks 5.0 English Runtime (HKLM\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 4 (HKLM\...\{D45E8C45-B601-4A80-AFD8-E16338744DE1}) (Version:  - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{F34D6DAE-7777-5C40-E143-8A0D6A048F75}) (Version: 3.0.790.0 - ATI Technologies, Inc.)
ATI Catalyst Registration (Version: 3.00.0000 - ATI Technologies Inc.) Hidden
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
BigFix (HKLM\...\{34FF0741-EC67-4C05-AC2A-6D257123DF2E}) (Version: 2.2.0.04 - BigFix)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center Core Implementation (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Czech (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Greek (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2007.0815.2326.40058 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2007.0815.2326.40058 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Czech (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Danish (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Dutch (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help English (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Finnish (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help French (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help German (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Greek (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Hungarian (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Italian (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Japanese (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Korean (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Norwegian (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Polish (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Portuguese (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Russian (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Spanish (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Swedish (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Thai (Version: 2007.0815.2325.40058 - ATI) Hidden
CCC Help Turkish (Version: 2007.0815.2325.40058 - ATI) Hidden
ccc-utility (Version: 2007.0815.2326.40058 - ATI) Hidden
Chicken Invaders: Revenge of the Yolk (Christmas Edition) demo  (HKLM\...\Chicken Invaders: Revenge of the Yolk (Christmas~57683D77_is1) (Version:  - InterAction studios)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)
Digital Media Reader (HKLM\...\InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}) (Version: 2.01.03.01 - AlcorMicro)
Digital Media Reader (Version: 2.01.03.01 - AlcorMicro) Hidden
File Uploader (HKLM\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.1.1 - Nikon)
Gateway Connect (HKLM\...\{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}) (Version: 1.1.0 - Acceller)
Gateway Games (HKLM\...\WildTangent gateway Master Uninstall) (Version: 1.0.0.52 - WildTangent)
Gateway Recovery Center Installer (HKLM\...\{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}) (Version: 1.01.033 - Gateway)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Earth (HKLM\...\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}) (Version: 4.3.7284.3916 - Google)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth (HKLM\...\{548EAC70-EE00-11DD-908C-005056806466}) (Version: 5.0.11337.1968 - Google)
Google Gears (HKLM\...\{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}) (Version: 0.5.3600 - Google)
Google Quick Search Box (HKLM\...\Quick Search Box) (Version: 1.2.1151.245 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
Happyland Adventures - Xmas Edition v1.3 (HKLM\...\Happyland Adventures - Xmas Edition_is1) (Version:  - Free Lunch Design)
HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Icy Tower v1.4 (HKLM\...\Icy Tower v1.4_is1) (Version:  - Free Lunch Design)
inSSIDer 3 (HKLM\...\{A80CEA4E-74C1-4F9F-806B-E1D9AFC01768}) (Version: 3.0.7.48 - MetaGeek, LLC)
iSEEK AnswerWorks English Runtime (HKLM\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java Auto Updater (Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 29 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216013FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
Java™ SE Runtime Environment 6 Update 1 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.0.1826 - CyberLink Corp.)
Lexmark Z2300 Series (HKLM\...\Lexmark Z2300 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Money Essentials (HKLM\...\Money2007b) (Version: 16 - Microsoft)
Microsoft Money Shared Libraries (Version: 16.0.0.705 - Microsoft Corporation) Hidden
Microsoft Office 2000 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.4 (HKLM\...\{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}) (Version: 2.0.3008.0 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Search Enhancement Pack (Version: 3.0.133.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 (x86) (HKLM\...\{A8BD5A60-E843-46DC-8271-ABF20756BE0F}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 (x86) (HKLM\...\{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL LLC) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 2.0 SP3 Runtime (HKLM\...\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}) (Version: 2.0.5050.0 - Microsoft Corp.)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Napster (HKLM\...\{BBBCAE4B-B416-4182-A6F2-438180894A81}) (Version: 4.6.3.4 - Napster)
Napster Burn Engine (Version: 3.5.0000 - Roxio) Hidden
Napster Download Manager (HKLM\...\{3CB4A7B0-007D-4722-AF1D-891B53E04606}) (Version: 1.0.0 - Napster)
Nikon Message Center (HKLM\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Transfer (HKLM\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.3.0 - Nikon)
Norton PC Checkup (HKLM\...\Norton PC Checkup_is1) (Version: 3.0.2.115.0 - NortonLive Services)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OverDrive Media Console (HKLM\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
PhoTags Express  (HKLM\...\PhoTagsExpress) (Version:  - Smith Micro Software, Inc.)
Photo Gadget (HKLM\...\Photo Gadget_is1) (Version:  - XemiComputers)
PlayFLV (HKLM\...\FLVCodec) (Version:  - )
Power2Go 5.0 (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:  - )
PS2 Multimedia Keyboard Driver (HKLM\...\{FF262740-C85A-11D5-BBEC-00D0B740900A}) (Version:  - )
Quicken 2014 (HKLM\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.5.8 - Intuit)
QuickFreedom 1.1.0 (HKLM\...\{676B241C-AED4-400B-98FF-267773B94B11}_is1) (Version:  - Dancool999)
QuickTime (HKLM\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 12.0) (Version:  - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5506 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Safari (HKLM\...\{E56D39F8-2A9F-44B4-B068-A72E45A073E6}) (Version: 4.31.9.1 - Apple Inc.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
SideShow GMail (HKLM\...\{C0B71676-17F8-444B-8A54-314EB4EC1E72}) (Version: 1.0.0 - MSIT)
Skins (Version: 2007.0815.2326.40058 - ATI) Hidden
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_HSF) (Version:  - )
Spare Backup (HKLM\...\{A57C6094-FC5A-4DEC-B1E0-1B2F48EEE8F4}) (Version: 3.2 - Spare Backup, Inc)
SuperTux 0.1.2 (HKLM\...\SuperTux_is1) (Version:  - SuperTux Development Team)
The Lord of the Rings FREE Trial  (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Trend Micro RUBotted 2.0 Beta (HKLM\...\{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1) (Version: 2.0.0.1030 - Trend Micro, Inc.)
TurboTax 2011 (HKLM\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2011 WinPerFedFormset (Version: 011.000.2999 - Intuit Inc.) Hidden
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0495 - Intuit Inc.) Hidden
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0214 - Intuit Inc.) Hidden
TurboTax 2011 wpaiper (Version: 011.000.1684 - Intuit Inc.) Hidden
TurboTax 2011 wrapper (Version: 011.000.0121 - Intuit Inc.) Hidden
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 WinPerFedFormset (Version: 012.000.2114 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (Version: 012.000.0451 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (Version: 012.000.0179 - Intuit Inc.) Hidden
TurboTax 2012 wpaiper (Version: 012.000.1356 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (Version: 012.000.0127 - Intuit Inc.) Hidden
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 WinPerFedFormset (Version: 013.000.1835 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (Version: 013.000.0477 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (Version: 013.000.0164 - Intuit Inc.) Hidden
TurboTax 2013 wpaiper (Version: 013.000.1247 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (Version: 013.000.0135 - Intuit Inc.) Hidden
Uninstall Dual Mode Camera (HKLM\...\Dual Mode Camera_is1) (Version:  - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Verizon High Speed Internet (HKLM\...\Verizon High Speed Internet_is1) (Version:  - Verizon)
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version:  - )
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.1 (HKLM\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
winpcap-nmap 4.02 (HKLM\...\winpcap-nmap) (Version:  - )
WinSCP 4.2.7 (HKLM\...\winscp3_is1) (Version: 4.2.7 - Martin Prikryl)
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - )
Zoo Tycoon: Complete Collection (HKLM\...\Zoo Tycoon 1.0) (Version:  - )
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2006-11-02 06:23 - 2014-06-27 08:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0412C0D8-9449-4E4B-B978-3B8FEE0B5761} - System32\Tasks\RealCreateProcessScheduledTask183443728S-1-5-21-1716094745-50712745-3220641610-1002 => c:\program files\real\realplayer\update\realsched.exe [2011-06-14] (RealNetworks, Inc.)
Task: {0F52BA6C-DB62-4CDC-B2B9-2D84CF002D41} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1716094745-50712745-3220641610-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
Task: {11372204-6086-479C-9041-E54CE14AFF1A} - System32\Tasks\RealCreateProcessScheduledTask747587S-1-5-21-1716094745-50712745-3220641610-1002 => c:\program files\real\realplayer\update\realsched.exe [2011-06-14] (RealNetworks, Inc.)
Task: {132A0386-4660-46BB-A845-0DA0C169F82E} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1716094745-50712745-3220641610-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {212483EE-8E63-48D0-89C8-E04EF86232CE} - System32\Tasks\4783 => Wscript.exe C:\Users\Nathan\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {234064C1-5469-47EA-82EE-59EAD15DFF2D} - \EPUpdater No Task File <==== ATTENTION
Task: {2556A304-8554-4A53-AA15-7E76B5F4375D} - System32\Tasks\GoogleUpdateTaskMachineCore1cf6baa69abbd0 => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-11] (Google Inc.)
Task: {2F09A60C-67E3-4CA8-B795-3E5211039612} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {2FA51208-272B-401B-8B60-2633B51F1BA4} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3433CE5D-BAD7-4ADF-B385-CAB2B3D148D3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {352B9A4A-D447-485B-A825-15A8F7E210EC} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {49E20DFC-5C8E-46A6-952F-8042D6966792} - System32\Tasks\Microsoft\Windows\RestartManager\{D96846A4-244A-46bf-838D-74EE3B1E889A} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {5DA24B93-463A-427F-B68C-D3B9C91D188B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {605BFA33-E094-48B2-8449-2BE8E7CC0350} - System32\Tasks\RealCreateProcessScheduledTask52488564S-1-5-21-1716094745-50712745-3220641610-1002 => c:\program files\real\realplayer\update\realsched.exe [2011-06-14] (RealNetworks, Inc.)
Task: {85FD8494-2EA4-4843-90C5-4D7A0A91F5BB} - System32\Tasks\RealCreateProcessScheduledTask104769163S-1-5-21-1716094745-50712745-3220641610-1002 => c:\program files\real\realplayer\update\realsched.exe [2011-06-14] (RealNetworks, Inc.)
Task: {8E99E775-5582-48B6-BA52-1AC20D1BBF20} - System32\Tasks\RealCreateProcessScheduledTask848706731S-1-5-21-1716094745-50712745-3220641610-1002 => c:\program files\real\realplayer\update\realsched.exe [2011-06-14] (RealNetworks, Inc.)
Task: {BA6D4A2A-3B9F-40AD-9D28-32C188B568AC} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1716094745-50712745-3220641610-1002 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
Task: {BB4F8640-31C7-445F-9634-DFB60BD0811D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-11] (Google Inc.)
Task: {C219006E-F778-4892-AD0F-E3D703E980BB} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1716094745-50712745-3220641610-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
Task: {C60D72A4-5620-48ED-A873-F25A2F55C0BF} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1716094745-50712745-3220641610-1002 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
Task: {CB722D47-0465-44A4-ADAA-D1B10A015A46} - System32\Tasks\RealCreateProcessScheduledTask621819S-1-5-21-1716094745-50712745-3220641610-1002 => c:\program files\real\realplayer\realplay.exe [2011-06-14] (RealNetworks, Inc.)
Task: {D1B5F3A2-F635-470A-97C4-521215AAAC8F} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1716094745-50712745-3220641610-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-03-29] (RealNetworks, Inc.)
Task: {D721CCCD-38CA-43C5-BE91-24B1F53C2F5D} - \BitGuard No Task File <==== ATTENTION
Task: {D88C4981-391B-49D3-B888-4BCE26C9B447} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-14] (Google)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {EA63C7C4-186C-4CC5-ADF7-685FE060CDD9} - System32\Tasks\RealCreateProcessScheduledTask882376489S-1-5-21-1716094745-50712745-3220641610-1002 => c:\program files\real\realplayer\update\realsched.exe [2011-06-14] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6baa69abbd0.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2002-01-24 05:09 - 2002-01-24 05:09 - 00174592 _____ () C:\Windows\System32\LEXPPS.EXE
2010-04-07 20:39 - 2009-08-13 13:02 - 00147968 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxdpdrpp.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-26 14:27 - 2010-08-24 19:06 - 00085840 _____ () C:\Program Files\Trend Micro\RUBotted\hc_help.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-06-14 16:30 - 2005-10-31 03:01 - 00286720 ____N () C:\Program Files\PhoTags Express\PTWinExt.dll
2010-06-14 16:30 - 2005-10-31 03:04 - 00360448 ____N () C:\Program Files\PhoTags Express\PWSSearchHandler.dll
2007-05-19 01:59 - 2007-05-19 01:59 - 00356928 _____ () C:\Program Files\Spare Backup\sqlite3.dll
2008-02-06 16:04 - 2006-11-07 18:08 - 00547840 _____ () C:\WINDOWS\zHotkey.exe
2010-10-29 18:11 - 2011-11-27 22:32 - 00103424 _____ () C:\Program Files\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-08-04 01:14 - 2011-11-10 02:11 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:66E02052
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BigFix.lnk => C:\Windows\pss\BigFix.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ATICustomerCare => "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
MSCONFIG\startupreg: EzPrint => "C:\Program Files\Lexmark Z2300 Series\ezprint.exe"
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: Google Quick Search Box => "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe"  /autorun
MSCONFIG\startupreg: Google Updater => "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -check_deprecation
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: lxdpmon.exe => "C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe"
MSCONFIG\startupreg: ModPS2 => ModPS2Key.exe
MSCONFIG\startupreg: NapsterShell => C:\Program Files\Napster\napster.exe /systray
MSCONFIG\startupreg: Nikon Transfer Monitor => C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ShowWnd => ShowWnd.exe
MSCONFIG\startupreg: Spare Backup => "C:\Program Files\Spare Backup\SpareBackup.exe" /silent
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: isatap.domain_not_set.invalid
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/27/2014 09:10:17 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium.  The Windows installer cannot continue.
 
Error: (06/27/2014 09:09:51 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.101.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.101.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/27/2014 09:04:23 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium.  The Windows installer cannot continue.
 
Error: (06/27/2014 08:28:16 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (06/27/2014 08:14:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.101.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.101.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/27/2014 07:32:10 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium.  The Windows installer cannot continue.
 
Error: (06/27/2014 05:11:33 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium.  The Windows installer cannot continue.
 
Error: (06/27/2014 03:54:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0xfeeefeee,
process id 0x185c, application start time 0xsvchost.exe0.
 
Error: (06/27/2014 03:46:51 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium.  The Windows installer cannot continue.
 
Error: (06/27/2014 03:27:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module ieframe.dll, version 9.0.8112.16555, time stamp 0x538610e4, exception code 0xc0000005, fault offset 0x0000ccc9,
process id 0x191c, application start time 0xsvchost.exe0.
 
 
System errors:
=============
Error: (06/27/2014 09:19:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Modules Installer%%1053
 
Error: (06/27/2014 09:19:46 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Modules Installer
 
Error: (06/27/2014 09:19:40 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
Error: (06/27/2014 09:08:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Intuit Update Service v4%%1053
 
Error: (06/27/2014 09:08:58 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Intuit Update Service v4
 
Error: (06/27/2014 09:07:55 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt
ntcdrdrv
 
Error: (06/27/2014 09:07:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: lxdpCATSCustConnectService%%1053
 
Error: (06/27/2014 09:07:55 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000lxdpCATSCustConnectService
 
Error: (06/27/2014 09:07:55 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: tmrkbtmcomm
 
Error: (06/27/2014 09:07:40 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
 
Microsoft Office Sessions:
=========================
Error: (06/27/2014 09:10:17 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium.  The Windows installer cannot continue.(NULL)(NULL)(NULL)(NULL)
 
Error: (06/27/2014 09:09:51 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.101.0"J:\v5.2.6544_reflect_setup_free_x64.exe
 
Error: (06/27/2014 09:04:23 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium.  The Windows installer cannot continue.(NULL)(NULL)(NULL)(NULL)
 
Error: (06/27/2014 08:28:16 AM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (06/27/2014 08:14:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.101.0"J:\v5.2.6544_reflect_setup_free_x64.exe
 
Error: (06/27/2014 07:32:10 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium.  The Windows installer cannot continue.(NULL)(NULL)(NULL)(NULL)
 
Error: (06/27/2014 05:11:33 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium.  The Windows installer cannot continue.(NULL)(NULL)(NULL)(NULL)
 
Error: (06/27/2014 03:54:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.0.6001.1800047918b89unknown0.0.0.000000000c0000005feeefeee185c01cf91dab894038e
 
Error: (06/27/2014 03:46:51 AM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2000 Premium -- Error 1706. No valid source could be found for product Microsoft Office 2000 Premium.  The Windows installer cannot continue.(NULL)(NULL)(NULL)(NULL)
 
Error: (06/27/2014 03:27:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.0.6001.1800047918b89ieframe.dll9.0.8112.16555538610e4c00000050000ccc9191c01cf91d813edd0be
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-06-27 09:24:02.672
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-27 09:24:01.252
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-27 09:23:59.909
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-27 09:23:58.511
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-27 09:23:57.031
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-27 09:23:55.704
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-27 09:23:54.322
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-27 09:23:52.965
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-27 09:22:31.824
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-06-27 09:22:30.436
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


BC AdBot (Login to Remove)

 


m

#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:51 PM

Posted 30 June 2014 - 04:47 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

  • Next please re-run FRST again and type the following in the edit box after Search: rpcss.dll
  • Click the Search button
  • It will make a log (Search.txt)- please post the log into your reply to me.

 

Regards,

Georgi


cXfZ4wS.png


#3 bmflannery

bmflannery
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 01 July 2014 - 08:15 AM

Thank you for your help. I am running FRST now and will post the logs when it finishes.



#4 bmflannery

bmflannery
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 01 July 2014 - 09:24 AM

Attached are the FRST, Addition, and Search log files from FRST.

Attached File  Addition.txt   48.04KB   2 downloads

Attached File  FRST.txt   67.62KB   2 downloads

Attached File  Search.txt   2.09KB   2 downloads



#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:51 PM

Posted 01 July 2014 - 02:31 PM

Hi,
 
 
Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 
Regards,
Georgi


cXfZ4wS.png


#6 bmflannery

bmflannery
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 01 July 2014 - 04:04 PM

Attached is fixlog from FRST

 

Attached File  Fixlog.txt   16.33KB   5 downloads



#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:51 PM

Posted 01 July 2014 - 04:15 PM

Hi,

 

Nice work. How are things now?

 

 

Regards,

Georgi


cXfZ4wS.png


#8 bmflannery

bmflannery
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 02 July 2014 - 07:16 AM

There are still over 30 dllhost.exe processes shown in task manager and it is causing 100% cpu and memory usage.

 

 

 



#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:51 PM

Posted 02 July 2014 - 07:22 AM

Hi,

 

  • Please re-run FRST again and type the following in the edit box after Search: wow.dll;dllhost.exe
  • Click the Search button
  • It will make a log (Search.txt) - please post the log into your reply to me.

 

Regards,

Georgi


cXfZ4wS.png


#10 bmflannery

bmflannery
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 02 July 2014 - 09:46 AM

Attached is the the search log file from FRST

Attached File  Search.txt   650bytes   7 downloads

 

Also during the scan I received a popup in the system tray from FRST that C:\$Mft is corrupt and unreadable and to run the chkdsk utility. The message disappeared after a few seconds so it is possible that I missed others. Should I run chkdsk? 



#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:51 PM

Posted 02 July 2014 - 10:43 AM

Hello,

 

Yes, it's a good idea to run chkdsk then.

 

Run CHKDSK to check for disk errors
 

  • Click Start => go to RUN and type in cmd and then hit Enter.
  • At the command prompt, type the following command chkdsk c: /x /f /r and then press Enter.
  • If you are prompted to schedule CHKDSK to run the next time the computer restarts (because CHKDSK may be unable to gain exclusive access to the drive under Windows), type the following text y, and then press Enter.
  • At the command prompt, type exit and then press Enter.
  • Restart your computer. While Windows is loading, CHKDSK should automatically run and check the drive that you specified earlier.
    This process can take up to an hour!
  • When all is one and you are back into normal mode click Start => Run and type in eventvwr.msc and then hit Enter.
  • Once Event Viewer is open, select Windows logs => Application  => The 3th column of information in the right-hand pane is titled Source, click on the word Source at the top of the column to sort by that column.
  • Scroll through the Source column to find the most recent entry titled Winlogon and event id of 1001 (WinInit and id of 1001 for Windows Vista/7).
  • Double-click Winlogon to open the CHKDSK results.
  • Click on the Copy button and post the result in your next reply.

 

Also please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
     
  • Click the Start Scan button.
     
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
     
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#12 bmflannery

bmflannery
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 03 July 2014 - 08:40 AM

Sorry we had a power outage yesterday and I was not able to perform the scans. Below are the log files, they were to large to attach. I am also splitting them across two posts. 

WinInit:
 

 
Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          7/2/2014 10:49:50 PM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Scott-PC
Description:
 
 
Checking file system on C:
The type of the file system is NTFS.
 
One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                         
  819392 file records processed.                                  
 
  4393 large file records processed.                            
 
  0 bad file records processed.                              
 
  0 EA records processed.                                    
 
  90 reparse records processed.                               
 
  907418 index entries processed.                                 
 
  0 unindexed files processed.                               
 
  819392 security descriptors processed.                          
 
  44014 data files processed.                                    
 
CHKDSK is verifying Usn Journal...
  34921496 USN bytes processed.                                     
 
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  819376 files processed.                                         
 
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  80931229 free clusters processed.                                 
 
Free space verification is complete.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
 
 476793134 KB total disk space.
 151758396 KB in 769387 files.
    365424 KB in 44015 indexes.
         4 KB in bad sectors.
    944394 KB in use by the system.
     65536 KB occupied by the log file.
 323724916 KB available on disk.
 
      4096 bytes in each allocation unit.
 119198283 total allocation units on disk.
  80931229 allocation units available on disk.
 
Internal Info:
c0 80 0c 00 66 69 0c 00 f4 57 15 00 00 00 00 00  ....fi...W......
86 13 00 00 5a 00 00 00 00 00 00 00 00 00 00 00  ....Z...........
42 00 00 00 e2 73 ed 76 08 5b 05 00 08 53 05 00  B....s.v.[...S..
 
Windows has finished checking your disk.
Please wait while your computer restarts.
 
 
Checking file system on C:
The type of the file system is NTFS.
 
A disk check has been scheduled.
Windows will now check the disk.                         
  819392 file records processed.                                  
 
  4393 large file records processed.                            
 
  0 bad file records processed.                              
 
  0 EA records processed.                                    
 
  90 reparse records processed.                               
 
  907418 index entries processed.                                 
 
  0 unindexed files processed.                               
 
  819392 security descriptors processed.                          
 
  44014 data files processed.                                    
 
CHKDSK is verifying Usn Journal...
  34921848 USN bytes processed.                                     
 
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  819376 files processed.                                         
 
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  80931227 free clusters processed.                                 
 
Free space verification is complete.
Windows has checked the file system and found no problems.
 
 476793134 KB total disk space.
 151758404 KB in 769388 files.
    365424 KB in 44015 indexes.
         4 KB in bad sectors.
    944394 KB in use by the system.
     65536 KB occupied by the log file.
 323724908 KB available on disk.
 
      4096 bytes in each allocation unit.
 119198283 total allocation units on disk.
  80931227 allocation units available on disk.
 
Internal Info:
c0 80 0c 00 67 69 0c 00 f5 57 15 00 00 00 00 00  ....gi...W......
86 13 00 00 5a 00 00 00 00 00 00 00 00 00 00 00  ....Z...........
42 00 00 00 e2 73 4c 77 08 5b 16 00 08 53 16 00  B....sLw.[...S..
 
Windows has finished checking your disk.
Please wait while your computer restarts.
 
Event Xml:
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-07-03T02:49:50.000Z" />
    <EventRecordID>84072</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Scott-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>
 
Checking file system on C:
The type of the file system is NTFS.
 
One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.                         
  819392 file records processed.                                  
 
  4393 large file records processed.                            
 
  0 bad file records processed.                              
 
  0 EA records processed.                                    
 
  90 reparse records processed.                               
 
  907418 index entries processed.                                 
 
  0 unindexed files processed.                               
 
  819392 security descriptors processed.                          
 
  44014 data files processed.                                    
 
CHKDSK is verifying Usn Journal...
  34921496 USN bytes processed.                                     
 
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  819376 files processed.                                         
 
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  80931229 free clusters processed.                                 
 
Free space verification is complete.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
 
 476793134 KB total disk space.
 151758396 KB in 769387 files.
    365424 KB in 44015 indexes.
         4 KB in bad sectors.
    944394 KB in use by the system.
     65536 KB occupied by the log file.
 323724916 KB available on disk.
 
      4096 bytes in each allocation unit.
 119198283 total allocation units on disk.
  80931229 allocation units available on disk.
 
Internal Info:
c0 80 0c 00 66 69 0c 00 f4 57 15 00 00 00 00 00  ....fi...W......
86 13 00 00 5a 00 00 00 00 00 00 00 00 00 00 00  ....Z...........
42 00 00 00 e2 73 ed 76 08 5b 05 00 08 53 05 00  B....s.v.[...S..
 
Windows has finished checking your disk.
Please wait while your computer restarts.
 
 
Checking file system on C:
The type of the file system is NTFS.
 
A disk check has been scheduled.
Windows will now check the disk.                         
  819392 file records processed.                                  
 
  4393 large file records processed.                            
 
  0 bad file records processed.                              
 
  0 EA records processed.                                    
 
  90 reparse records processed.                               
 
  907418 index entries processed.                                 
 
  0 unindexed files processed.                               
 
  819392 security descriptors processed.                          
 
  44014 data files processed.                                    
 
CHKDSK is verifying Usn Journal...
  34921848 USN bytes processed.                                     
 
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  819376 files processed.                                         
 
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  80931227 free clusters processed.                                 
 
Free space verification is complete.
Windows has checked the file system and found no problems.
 
 476793134 KB total disk space.
 151758404 KB in 769388 files.
    365424 KB in 44015 indexes.
         4 KB in bad sectors.
    944394 KB in use by the system.
     65536 KB occupied by the log file.
 323724908 KB available on disk.
 
      4096 bytes in each allocation unit.
 119198283 total allocation units on disk.
  80931227 allocation units available on disk.
 
Internal Info:
c0 80 0c 00 67 69 0c 00 f5 57 15 00 00 00 00 00  ....gi...W......
86 13 00 00 5a 00 00 00 00 00 00 00 00 00 00 00  ....Z...........
42 00 00 00 e2 73 4c 77 08 5b 16 00 08 53 16 00  B....sLw.[...S..
 
Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>


#13 bmflannery

bmflannery
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:51 AM

Posted 03 July 2014 - 08:46 AM

Attached is the TDSSKiller log

Attached File  TDSSKiller.3.0.0.39_03.07.2014_08.49.32_log.txt   349.93KB   3 downloads



#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:51 PM

Posted 03 July 2014 - 09:21 AM

Hi,

 

No worry about the delay. Hmm nothing suspicious in the TDSSKiller log. This should be a new version of Alureon.

 

 

STEP 1

 

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

STEP 2

 

 

  • Please download RogueKillerX64.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - click here
  • This is the mirror - click here
  • For 64-bit Operating System - click here
  • This is the mirror - click here

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 4

 

 

I'd like us to scan your machine with ESET OnlineScan

 

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Run ESET Online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is  checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

 

 

Regards,

Georgi


cXfZ4wS.png


#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,285 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:04:51 PM

Posted 07 July 2014 - 12:18 AM

Hi,

 

Are you still around?

 

 

Regards,

Georgi


cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users